News21 A Journalism Initiative of the Carnegie and Knight Foundations

Project Banner

Medill Privacy in an Age of Security

Northwestern University's News21 fellows look at America's new system of surveillance, developed by the government with the help of private data mining firms after 9/11. One story reports on how the Social Security Administration's massive databases are being used in homeland security investigations; another uncovers new details about a secretive program in which the Department of Education shared personal information on hundreds of student loan applicants with the FBI. Two immersive interactive presentations explore the digital trails we leave behind in our daily lives and government data-mining initiatives that might incorporate information about you.

Anti-terrorism program mines IRS' records

Privacy advocates are concerned that tax data and other information may be used improperly.
By Dalia Naamani-Goldman, January 16, 2007

Special to The Los Angeles Times
January 15, 2007

WASHINGTON Federal intelligence and law enforcement agencies increasingly rely on the Internal Revenue Service and other government repositories of personal financial information as an important source for leads in terrorism investigations.

The masses of detailed data give investigators broad power to sift through the finances of people, charities and businesses suspected of illegal activities. But they also worry privacy advocates who fear that tax and other financial records may be used improperly.

In 2002, in the wake of the Sept. 11 terrorist attacks, the IRS and the Social Security Administration made 12,236 emergency disclosures of personal tax information to intelligence and law enforcement agencies, according to a count obtained through a Freedom of Information Act request.

Image: Test

These emergency requests are granted only when investigators cite imminent danger or death and after 2002 became much less common. Since then, the IRS has made only 180 emergency disclosures to the Federal Bureau of Investigation and other agencies, but thousands more to intelligence and law enforcement agencies using new powers written into the U.S. Tax Code after 9/11.

Federal investigators, armed with otherwise confidential taxpayer information, have used these records to prosecute some individuals and deport others.

After receiving a tip from a high-level Al Qaeda operative in Pakistan in 2003, the FBI began investigating an alleged plot to poison prepackaged Meals Ready to Eat bound for U.S. troops overseas. McAllen, Texas-based Wornick Co. had a $47.2-million contract with the Department of Defense for packaged meals for troops in Iraq.

Federal investigators screened Wornick employees, relying on confidential taxpayer information, including Social Security numbers. The FBI also reviewed employee records for the temporary employment agency Remedy Intelligent Staffing, which supplied workers to Wornick.

In January 2005, Remedy pleaded guilty to hiring illegal immigrants and falsifying hundreds of employee eligibility verification forms. Twenty-eight illegal immigrants and a Remedy vice president paid fines or served jail time although none had any ties to terrorism.

To help the IRS increase its ability to organize and share sensitive financial information, the agency's law enforcement arm began in 2002 building a sophisticated data-mining system it named Reveal. Current and former IRS officials say this system has been invaluable in building cases against suspected terrorists and money launderers.

"What we're finding in our work is the majority of counterterrorism mostly has to do with charitable organizations that have been established in the United States that are sending money back to countries that support terrorism," said IRS spokeswoman Patti Reid.

One of the IRS databases mined by Reveal includes tax returns for nonprofit organizations and charities, according to government documents. Some attachments on these returns include lists of major donors.

Reveal also searches IRS databases of individual and corporate tax returns, and the records of financial institutions, accountants, banks and casinos, all of which are required to file reports with the Treasury Department and the IRS.

The system uses a powerful software program that allows investigators to combine at least 16 Treasury and IRS databases with counterterrorism information, according to public documents. One unpublished government description of Reveal claims it also searches personal information the agency buys from data aggregators ChoicePoint Inc. and LexisNexis.

Using this system, the IRS can search massive amounts of information quickly, sifting through account numbers and balances and analyzing financial transactions over time. It matches these records with individual, corporate and charity tax filings. It also can search for suspicious activities and lead investigators to new suspects.

With so much aggregated data, the IRS can see connections and patterns, something the agency misses when it's focused only on individuals, according to Jesus Mena, a former computer researcher at the IRS who pushed the agency to expand its data-mining operations.

"It refines the way they're able to view and identify people," said Mena, who is now a consultant to the Department of Homeland Security's inspector general. "There [are] red flags that data mining can discover. It's a process that makes you more efficient, more effective."

Using programs called VisuaLinks and the Digital Information Gateway, Reveal can detect and visually depict connections buried in mountains of tax documents, linking employees with employers and charities with donors, by cutting and grouping data using defined models, according to Kevin Hohn, Reveal's founding project manager.

It uses large quantities of data and finds common patterns among databases, organizing it in a diagram that shows links established among individuals, addresses, Social Security numbers and other personal and financial information.

That power concerns some.

"The starting point of this kind of thing is going to be for terrorism and we are all going to be in favor of fighting the terrorists," said Jim Harper, at the libertarian Cato Institute. "The finishing point of this is going to be for catching deadbeat dads and enforcing student loans and unpaid parking tickets. It's basically the beginning of comprehensive financial surveillance."

Rules and legislation require agencies such as the IRS to disclose how the personal information they collect is used and analyzed. In the case of Reveal, the IRS failed to disclose the system's use in anti-terrorism investigations to the public. A 2005 Government Accountability Office report criticized the IRS for this lack of transparency.

"At some level that's probably going to make it more difficult to ensure local oversight in making sure the IRS is doing what it claims to be doing," said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington.

An inaccurate public description that does not tell taxpayers how their information is used could lead to abuse, Rotenberg said. Departing from privacy laws deprives taxpayers of the full protection once available, he added.

A privacy impact assessment that provided a detailed list of the databases mined by Reveal was removed recently from the IRS' website after several inquiries from a reporter. Although federal law requires privacy assessments to describe how new technologies use personal information, the IRS did not inform taxpayers that the Reveal system was used for counter-terrorism investigations.

The law that requires agencies to create privacy impact assessments can be waived to protect classified, sensitive or private information, according to the E-Government Act of 2002. Hohn, who composed the privacy assessment, said it left out some information so tax evaders and terrorists wouldn't know how law enforcement is targeting them.

The point, Hohn said, is "not to reveal your strategy."

Hohn, who has since left the IRS, said the system also is used in probes of money laundering, tax fraud and criminal activity, and added that commercial databases about consumers are not included in Reveal.

But in a May 2004 report to the GAO that was not made public, the IRS acknowledged that it used Reveal for counterterrorism investigations and made use of two large commercial databases that track consumer behavior.

The IRS spent at least $15.7 million with ChoicePoint during 2002-05, according to an analysis of a federal contract database by OMB Watch in Washington. It also spent at least $10.6 million during the same period with Reed Elsevier Group, owner of LexisNexis, according to the analysis. A more specific breakdown was not available. ChoicePoint and LexisNexis, both commercial data aggregators, comb public records and compile large databases of home purchases, credit histories and employment.

If these private data are combined with tax information collected by the IRS, it would allow investigators to quickly create detailed financial profiles of hundreds of millions of Americans, privacy experts said.

Agents working in lead development centers track suspicious financial trails buried in the data and then pass these leads to agents in the field to further investigate, according to Hohn.

Though Reveal can turn up many false positives identifying individuals as possibly being related to criminal or terrorist activity when in fact they are not backers said these tips were just a starting point.

"We're not saying who's naughty or who's nice," said Chris Westphal, chief executive of Visual Analytics Inc., which developed Reveal's software. "We're saying, 'That doesn't make sense.' I need to look at that and I am going to interpret what I look at, and if I like it, I push the red button. I sic the dogs. I shut down the account. I do whatever my decision-making process allows me to do."

Carlos Roig and Christopher Kriva contributed to this report.

Blog Reactions

See all results ...

Meta