News21 A Journalism Initiative of the Carnegie and Knight Foundations

Project Banner

Medill Privacy in an Age of Security

Northwestern University's News21 fellows look at America's new system of surveillance, developed by the government with the help of private data mining firms after 9/11. One story reports on how the Social Security Administration's massive databases are being used in homeland security investigations; another uncovers new details about a secretive program in which the Department of Education shared personal information on hundreds of student loan applicants with the FBI. Two immersive interactive presentations explore the digital trails we leave behind in our daily lives and government data-mining initiatives that might incorporate information about you.

Failed Homeland Security Programs

By Laura Spadanuta, Kathryn Heinz, Faith Okpotor, August 29, 2006

Program: Operation TIPS (Terrorism Information and Prevention System)

Funding Agency: Developed by the Department of Justice in coordination with the Department of Homeland Security, the Department of Labor, the FBI and FEMA, as part of the Citizen Corps initiative.

Start Date: Announced in concept in January 2002; was slated to start in August 2002.

What It Did/Would Have Done: The stated purpose of this program was to create “a national information sharing system for specific industry groups to report on publicly observable activity” that seemed suspicious or could be related to terrorism. Per the initial plan, postal and utility workers, some of whom had access to citizens’ homes, would have been encouraged to report on any “potentially dangerous activity.”

The Department of Justice did not spell out how it would train the volunteers, or how the information reported and gathered would be used.

Then-Attorney General John Ashcroft said the information gathered would have been kept in databases by various law enforcement agencies.

Civil liberties groups spoke out against the program. Their concerns included: whether citizens would be aware the information was collected about them, whether citizens would be able to access the information and whether the databases might include false information.

Date Funding Discontinued:
Homeland Security Act of 2002 (signed into law by President Bush on November 25, 2002), specifically forbid the creation of TIPS.

Funds: None

Program: MATRIX (Multistate Anti-Terrorism Information Exchange) pilot project

Funding Agency: Federal funding from DHS (Office of Domestic Preparedness) and DOJ (Bureau of Justice Assistance).

Start Date: According to Mark Zadra of Florida Department of Law Enforcement: MATRIX discussions began in January 2002, the Board of Directors was appointed in October of 2002 and the grant was received from DOJ in December 2002

What It Did/Would Have Done: According to Mark Zadra of the Florida Department of Law Enforcement, which served as security agent for the program, MATRIX used a computer system called Factual Analysis Criminal Threat Solution (FACTS) to link public and commercially available information with the following state-owned information: drivers licenses, vehicle registration files, department of corrections records, criminal histories and sexual offenders.

The pilot project allowed participating states to link with each other and speed up search processes on criminal leads.

The information would sit in different sources, although it was initially planned to be in a central database.

There was concern from privacy groups that the project “echoed” TIA. Additional fears surrounded the idea of law enforcement actions being taken on the basis of algorithms and other analytics developed by a private corporation without public or governmental input, as well as the use of those formulas and data mining to examine individuals who were not suspects prior to the use of the program.

There were concerns about the level of government involvement. It was believed the program could give the government access to large amounts of public and private data, for purposes other than law enforcement (mission creep).

There were also concerns about the quality of the data and the ability for redress, should data become incorrectly linked with an individual.

Date Funding Discontinued: Funding was discontinued in April 2005

Funding: $8 million from DHS (Office of Domestic Preparedness)
$4 million from DOJ Bureau of Justice Assistance.

Program: CAPPS (Computer Assisted Passenger Prescreening System) II

Funding Agency: Transportation Security Administration

Started Date: Started in March 2003

What It Did/Would Have Done: The TSA would be responsible for prescreening all passengers flying into, out of and within the United States for potential terrorists.

According to the GAO, CAPPS II would analyze data from government and commercial databases, to classify passengers according to their level of risk (i.e., acceptable risk, unknown risk, or unacceptable risk), which would be used to determine the level of security screening each passenger would receive.

CAPPS II plans revealed an attempt to violate the use limitation and data limitation practices of the Privacy Act, which require that personal information should be relevant to purpose for which it is collected, thereby raising concerns that the information collected could be put to other uses in the future.

By prohibiting passenger access to information that would be collected on them, CAPPS II violated the individual limitation practice of the Privacy Act, which states that individuals should have the right to know about the collection of personal information, to access that information, and request correction when necessary. This raised concerns that not only would incorrect information be kept on individuals but would be used within CAPPS II to prevent them from boarding airplanes.

Date Funding Discontinued: Discontinued in August 2004

Funding: At least $41.5 million by early 2004, according to GAO.

Program: Secure Flight

Funding Agency: Transportation Security Administration

Start Date: DHS announced the SF initiative in August 2004

What It Did/Would Have Done:
*Secure Flight was supposed to be the mechanism through which TSA/DHS would prescreen domestic airline passengers for terrorists by comparing passenger information received from the airlines with a consolidated federal government watch list. Secure Flight would also verify passenger information against commercial database information.

*According to the GAO, TSA collected and stored commercial data records even though TSA stated in its initial privacy notices that it would not do so. As a result of TSA’s actions, the public was unaware of and could not comment on the agency’s use of their data. “Specifically, a TSA contractor, acting on behalf of the agency, collected more than 100 million commercial data records containing personal information such as name, date of birth and telephone number without informing the public.”

*As of March 2005 (and more recently in its June 2006 report) the GAO reported that the TSA had yet to determine what information it will be collecting is relevant. The TSA released a privacy notice in which it claimed several exemptions to the Privacy Act without giving valid reasons for doing so. When asked by the GAO (in March 2005) TSA officials claimed they were reviewing the issue and will release a more detailed privacy notice in June 2005.

*Privacy advocates are concerned that passengers can neither access nor correct any erroneous information that may be in that database. There is only redress for those who are unduly and frequently delayed but none for those who are wrongfully denied boarding because criteria for putting someone on a watch list is classified and not available to the general public.

*A June 2005 DOJ/OIG audit found a number of errors in the Terrorist Screening database being used in the program. *As of its June 2006 report, the GAO noted that while “TSA had made some progress in developing and testing the Secure Flight program,” it “had not issued the privacy notices that described how it would protect passenger data once Secure Flight became operational.” The report went on to state that Secure Flight officials plan to address privacy issues and finalize redress policies during the program’s “rebaselining.”

Date Funding Discontinued: It was suspended by TSA in February 2006. TSA is currently “rebaselining” the program.

Funding: $144 million, according to congressional testimony. The TSA has also requested additional $40 million in funding for FY 2007.

Program: Total Information Awareness (TIA), later known as Terrorism Information Awareness

Funding Agency: DARPA (Defense Advanced Research Projects Agency), an agency of Department of Defense.

Start Date: DoD announced that DARPA would develop the TIA program through its Information Awareness Office in June 2002.

What It Did/Would Have Done: TIA was an attempt to integrate information technologies into a system that could search large amounts of data and determine links or patterns in the data that were indicative of terrorists with the goal of preempting future attacks. There were several component programs of TIA and several other research efforts in the Information Awareness Office and elsewhere that could potentially be integrated by the TIA system.

TIA would create a database and “connect” the dots to prevent future terrorist attacks. TIA planned to join programs that examined transactions, worked across agencies, discovered links between people, quickly analyzed data and provided risk analysis. TIA would also involve the use of terrorist attack scenarios.

There were concerns about the access to private information by the federal government and fear that agencies would also be permitted to share an individual’s records without consent. There were exemptions to the Privacy Act surrounding the disclosure of personal records in federal government systems without the individual’s consent. There was concern over a large database integrating various sources of information, as well as the analysis of personal information. There were fears about potential adverse consequences of government data mining.

Date Funding Discontinued: On September 24, 2003, the National Defense Appropriations act for Fiscal 2004 (Public Law 108-87) “eliminated funding for the majority of the TIA program components.”

Funding: According to Congressional Research Service: $317 million was budgeted for TIA and its related programs for FY2001-FY2003.

Blog Reactions

See all results ...