Panel: Government data-mining programs need more scrutiny

The federal government should systematically evaluate the effectiveness and lawfulness of homeland security-related data mining and behavioral surveillance programs before deployment, according to a new report from a committee of the National Research Council of the National Academies.

“Protecting Individual Privacy in the Struggle Against Terrorists,” a 300-plus page report released today by a committee of privacy, national security and intelligence experts, lays out an extensive framework for how the government should assess and oversee data and information-based programs being used to fight terrorism.


The Committee on Technical and Privacy Dimensions of Information for Terrorism Prevention and Other National Goals also recommends that Congress reexamine existing laws to consider how privacy should be protected in current information-based counterterrorism programs.

"The framework is not designed simply, if you will, balance privacy and security, but rather with the intention of accomplishing both privacy and security," said Fred Cate, a commissioner and director of the Indiana University’s Center for Applied Cybersecurity Research.

The committee, which was supported by the Homeland Security Department and the National Science Foundation, was first convened in late 2005. The group sought to provide guidance to policy-makers, government officials and industry as they explore new surveillance tools for use in national security.


The years since the 2001 terrorist attacks have seen a proliferation of data mining and surveillance programs by government agencies. Some privacy advocates have questioned whether current laws adequately address the issues posed by these programs.

The committee’s findings stem from analysis of unclassified government programs and interviews with officials. However, members of the committee said that its conclusions apply to classified programs as well.

The report recommends evaluating proposed programs by the following criteria:



  • The program’s objective is clearly stated.

  • The program fully complies with applicable law.

  • The program’s false positive rate is acceptably low.

  • The program is audited at least annually.

  • Uses of personally identifiable information have received proper approval.


The report also emphasized the importance of data quality when it comes to protecting the privacy of people who are not terrorists.

"Individuals claimed by law enforcement officials to match prints found at a crime scene have sometimes turned out not to match upon further investigation," the report states. "Also, matching names or other forms of record linkage are error-prone operations, generally because of data quality issues."

According to the report, committee members believe current policies do not adequately address concerns with the shortcomings in current analytic techniques. The committee also concluded that automated terrorist identification through data mining was not feasible.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.