TechWeb

Congress Urged Not To Put Privacy Ahead Of Data Mining For Potential Terrorists

Mar 24, 2003 (07:03 PM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=8700081


Congress shouldn't rush into adopting new privacy laws that could limit the government's use of data mining to identify potential terrorists, the chairman of the House Government Reform Committee says.

Speaking at an oversight hearing on current and future uses of data mining by the government held Tuesday by the committee's subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, Rep. Tom Davis, R.-Va., said overregulating the government's use of data mining could stifle its potential as a weapon to identify possible terrorists as well as a tool to eradicate government fraud and make government more efficient.

"We're just at the beginning of a whole revolution," Davis said, adding that he hasn't yet figured out the right balance between protecting citizens' privacy and using available tools to track down terrorists. Rules written now might not even apply to the technology as it evolves, he said. "We're working our way through a brand-new territory for all of us," he said. "Who knows what the technologies will be tomorrow or what their application will be?"

But a George Washington University law professor testified that Congress has a special obligation to provide technical and legal oversight of data mining to ensure that the executive branch doesn't abuse citizens' constitutional rights. Jeffrey Rosen, who's also the legal affairs editor of The New Republic, said it's possible to design data-mining technologies that protect privacy rights, but "there's no guarantee that the executive branch or the technologists, left to their own devices, will demand and provide technologies that strike the balance in a reasonable way."

Rosen cited the Defense Department's proposed Total Information Awareness program as an example. Congress refused to fund TIA--a program that would use technology to hunt terrorists--because of potential privacy concerns. TIA is an example of what Australian IT privacy consultant Roger Clarke calls "mass dataveillance"--the suspicionless surveillance of large groups of people--as opposed to "personal dataveillance," which Clarke defines as the targeted surveillance of individuals who've been identified in advance as suspicious or dangerous, Rosen said. Mass dataveillance, he said, would allow "fishing expeditions in which the government is trolling for crimes rather than particular criminals, violating the privacy of millions of innocent people in hope of finding a handful of unknown or unidentified terrorists."

He suggested that Congress could create a special oversight court with authority to decide when information gathered through mass dataveillance could be used.

The White House's point man on IT, Mark Forman, told the panel that the potential exists for inadvertent disclosure of personal information or misuse of personal information, but agencies adhering to existing laws and regulations can protect personal information in their possession even as they participate in data-mining activities. "These statutes do not address data mining per se," said Forman, the Office of Management and Budget's associate director for IT and E-government, "but they outline privacy principles the government must follow in data collection."