Slashdot pointed out an interesting article from The Guardian about a proposal in the UK to create a kind of master database "that will keep track of everyone's calls, emails, texts and Internet use." However, it won't store making content making it a sort of pen register for Internet traffic. The goal is to provide an easy reference for law enforcement to tie an IP address or e-mail to an actual person when a crime is suspected.
This calls to mind programs like Total Information Awareness proposed by former National Security Advisor John Poindexter a few years back that proposed a massive data mining effort to look for patterns in information that could be used to identify potential terrorists and learn about possible threats. The program was killed in 2003 due in large part to the controversy it generated. More recently, but on a smaller scale, the Einstein program, which is focused collection and analysis of the federal government's Internet traffic and mainly intended to serve as a warning for network-based attacks. However, such capabilities could be extended to monitoring outbound traffic, including encrypted traffic accessible via proxies, to ensure that sensitive data is not being sent out without authorization.
Privacy advocates are quick to point that collection and aggregation of massive amounts of information from diverse sources, even if the government already possesses it, raises serious concerns about potential abuse. That, in essence, was the reason behind the Privacy Act of 1974. At the time, the Nixon Administration had been assembling data on US citizens in an effort to discredit individuals opposed to the Administration's policies. The Privacy Act required that the federal government System of Records Notices (SORN) prior to collection of personal information indicating the purpose of the collection, who would be given access to the data, and any other agencies that would make use of that data. Later laws, including the E-Government Act of 2002 required additional privacy assessments to ensure that the terms of the SORN were being followed.
But that raises a real practical issue with things like data mining. The whole purpose of that activity is to identify relationships and infer new knowledge that you didn't know was there. It's one thing to say I need Bob Smith's home address, so I can send him his quarterly Social Security statement. It's another thing to say I need Bob Smith's address, employment data, and international travel information so I can draw conclusions about potential terrorist activities. Law enforcement officials can credibly say that they couldn't have identified someone as a suspect until correlations were made using massive amounts of data spanning multiple investigations and government databases. The traditional approach was that police first identify someone as a suspect and then seek to gather information about him/her to prove their suspicions correct. In the complex international drug and terrorist network, it's not that simple.
The easy answer from a civil libertarian's point of view would be to say that police should just do their job like they've always done and get warrants based on probable cause. The response is that isn't what they always done as much as it's been what's feasible. Through Internet searches and public records database, the average citizen already has access to an immense amount of personal information without even a subpoena. Law enforcement should be expected to use these same resources. It's a bit unrealistic to expect law enforcement and intelligence agencies to not search information not already possessed by the federal government with a few exceptions (e.g., Census data, grand jury information, etc.). (Note: Where the information is securely held by a third party, such as a telecommunications provider, in the British example, the rules would necessarily be different.) After that, the real issue should be one of oversight. I don't want some overzealous cop snooping through my tax records any more than anyone else. But more than privacy concerns, my concern is one of productivity and governmental effectiveness. Every minute someone spends peering at someone's personal information for entertainment or personal gain is a minute not spent tracking down a terrorist, rapist, or pedophile. That's the real tragedy, and that's where oversight comes in. The same technology that allows us to search across vast amounts of information also allows us to track the searches down and the individuals doing the searches. Spending some of those funds dedicated for identifying unusual network activity, suspicious financial transactions, and questionable international travel on identifying and reporting suspiciousness "investigations" would be money worth spent. As the saying goes: "Sunlight is the best disinfectant."
No comments:
Post a Comment