US Researchers Decide Spying On Citizens Is Bad
You remember back in 2006 when there was all this controversy over the US Dept. of Justice subpoenaing search results from Google, Microsoft, Yahoo, and AOL? Remember how AT&T and Verizon sold their customers out by making telephone records an open surveillance buffet for the government? Remember how just this summer Congress decided nobody could sue them for helping out the government?
Remember how people got all mad and said that was unconstitutional and a major invasion of privacy, and they told us they had to so they could protect us against terrorists?
Yeah, well, never mind. A government report on the effectiveness of data mining that, in hindsight and all that, should have been done before just taking data and preventing oversight or recompense, has been released saying the government’s method of data mining is an invasion of privacy and is likely to produce lots of false positives. The report, commissioned by the Department of Homeland Security and the National Science foundation, suggests Congress should consider stricter privacy safeguards and better oversight.
You know, instead of just signing off on immunity and continued government spying like they did this past summer. Can’t be seen as soft on terror during an election year, right? If only there were some document meant to prevent stuff like this. . .
The study was done by a pack of independent A-list researchers with the National Research Council. Engineers, research scientists, lawyers, computer scientists, law enforcement officials, and statisticians made up the study’s list of authors, hailing from Stanford, Harvard, MIT, Google, Verizon, and Microsoft, just to name a few.
As a result of the study, the authors conclude that all US agencies involved in counterterrorism programs that mine personal data—phone, medical and travel records, websites visited, etc.—should be required to evaluate their program’s effectiveness, lawfulness, and impacts on privacy. The report suggests that Congress reexamine existing laws and look for better ways to protect privacy, restrict use of personal data, and offer victims of privacy violations “a meaningful form of redress.”
The danger of terror attacks on the U.S. is real and serious, and we should use the information technologies at our disposal to combat this threat," said William Perry, co-chair of the committee that wrote the report, former U.S. secretary of defense, and Michael and Barbara Berberian Professor at Stanford University.
"However, the threat does not justify government activities that violate the law, or fundamental changes in the level of privacy protection to which Americans are entitled."
The researchers criticize the government’s assertion it can successfully identify signs of terrorism via massive data mining. Successfully doing so would be extremely difficult and likely to lead to false positives. The government obtains this data from its own databases and via formal and informal agreements with corporations to access corporate databases.
‘Member when you found out the NSA had a special room at AT&T headquarters for intercepting Internet traffic? That would be one of those agreements.
Thanks to extensive access to private databases, the US government has been able to track phone calls, credit card purchases, travel, or anything leaving a digital fingerprint.
“Far more problematic,” said the NRC in a statement, “are automated data-mining techniques that search databases for unusual patterns of activity not already known to be associated with terrorists, the report says. Although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism precisely because so little is known about what patterns indicate terrorist activity; as a result, they are likely to generate huge numbers of false leads. Such techniques might, however, have some value as secondary components of a counterterrorism system to assist human analysts. Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result.”
That’s because algorithms, which are used to mine massive amounts of data, can be wrong and can identify innocent people as terrorist threats. Algorithms create “a mosaic” of data from multiple databases, a technique the NRC warns is error-prone.
The only extra-political-sounding part of the report (to me) was where the NRC stopped short of recommending that private companies should be held liable for complying with the government. I think denying the public’s right to sue private organizations also deprives them of due process and a day in court where right and wrong should be decided, rather than, in this case, preemptively determined it’s okay for companies to break the law if the government asks them to.
Nonetheless, the researchers do recommend more liability on the part of the government, so it’s a step back toward the quaint, seemingly old-world idea of “checks and balances.”
"We hope this framework will help agencies and policymakers determine whether new programs are likely to be effective and consistent with our nation’s laws and values and continually improve programs in operation," said Charles Vest, committee co-chair and president of the National Academy of Engineering. "Decisions to use or continue programs need to be based on criteria more stringent than ‘it’s better than doing nothing.’"