GAO Report Reveals Four Potential Government Data-Surveillance Programs, ACLU Says
Group Calls for Investigation, New Laws to Restrict Data Surveillance
FOR IMMEDIATE RELEASE
NEW YORK--A new report on "data mining" by the General Accounting Office reveals at least four programs that may be accessing and analyzing private-sector databases in ways that approach the "data surveillance" of ordinary citizens, the American Civil Liberties Union said today.
"We always knew that the Pentagon's 'Total Information Awareness' program was not the only data-surveillance program out there, but it now appears possible that such activities are even more widespread than we imagined," said Barry Steinhardt, Director of the ACLU's Technology and Liberty Program. "We need to find out right away whether these programs are indeed threatening, or whether their use of information is benign. We can only tell so much from the program descriptions in the GAO report."
The GAO's investigation uncovered 199 government uses of the statistical analysis techniques known as data mining, 54 of which use private-sector data. Such information could include any data held in corporate or other private hands, including credit-card records and Internet logs.
In an appendix to its report, the investigators listed those programs, providing a brief description of each and indicating its purpose and whether it contained personal information, or made use of private-sector data and data from other government agencies.
"This troubling report illustrates the need for Congress to enact legislation like Senator Wyden's Citizens Protection in Federal Databases Act to address the privacy implications of government data mining," said Gregory T. Nojeim, Associate Director of the ACLU Washington Legislative Office. "Government use of private-sector databases should not become an end-run around the intent of the Privacy Act," Nojeim added.
The programs flagged by the ACLU were:
- Verity K2 Enterprise - Defense Intelligence Agency (DIA). Mines data "to identify foreign terrorists or U.S. citizens connected to foreign terrorism activities." (Page 30 of GAO report)
- Analyst Notebook I2 - Department of Homeland Security. "Correlates events and people to specific information." (p. 44)
- PATHFINDER - DIA. "Can compare and search multiple large databases quickly" and "analyze government and private sector databases." (p. 30)
- Case Management Data Mart - DHS. "Assists in managing law enforcement cases" Using private-sector data. (p. 44)
According to the GAO descriptions, all four programs draw on private-sector databases, contain personally identifiable information, and appear to constitute dragnets on the general population in efforts to detect wrongdoing.
The ACLU also noted that many other programs listed by the GAO also raise questions about how they are using information, including private-sector information - and that the GAO's list did not include programs run by the Central Intelligence Agency and the National Security Agency, which did not respond to the GAO's requests for information.
"Statistical analysis itself is of course not the problem," Steinhardt said. "It is the construction of systems that systematically aggregate information about the private activities of innocent individuals on a mass scale, and the computerized scrutiny of those activities for allegedly suspicious patterns that is at issue."
The ACLU, together with the Electronic Privacy Information Center and the Center for Democracy and Technology, today sent a joint letter to Senator Akaka praising his efforts and the report.
"The GAO and Senator Daniel Akaka, who requested this report, have performed a very valuable service in bringing us this report," said Nojeim, of the ACLU Legislative Office. "Whatever your ultimate views on these programs, it can only help our nation to place these practices before the public so they can be honestly evaluated and discussed."
The joint letter to Sen. Akaka is online at /cpredirect/15233
The GAO report is online at http://www.gao.gov/new.items/d04548.pdf