Congress Should Not Overregulate Data Mining Efforts, Panel Says

By Catherine Hubbard, M.A., CCH Washington News Bureau.

Congress should give law enforcement agencies and the private sector ample time to develop data mining techniques that both detect security threats and protect the privacy of innocent people, according to panelists who spoke at a recent congressional hearing. “We need to be slow about coming in and overregulating,” said Rep. Tom Davis, R-Va., adding that the government should first let the industry develop its own privacy protocols. Congress should err “on the go slow side,” he said. He opined that, with better use of data mining, the government could have thwarted the terrorist attacks of 9/11.

PROTECTING PRIVACY

“While data mining may have many legitimate and worthwhile uses, we must always be vigilant of any potential encroachment on the privacy of the American public,” said Subcommittee Chairman Adam Putnam, R-Fla.

Jeffrey Rosen, an associate professor at the George Washington University Law School, said Congress must ensure that “the most invasive searches are focused on the most serious crimes.” The Defense Department’s Total Information Awareness (TIA) program, for which Congress has voted to block funding, violates the privacy of “millions of innocent people in the hope of finding a handful of unknown and unidentified terrorists,” he said. This “fishing expedition” poses great threats to privacy while promising dubious benefits in increased security, according to Rosen. The program analyzes financial records, educational records, travel records and medical records, as well as criminal and other governmental records to create risk profiles of millions of Americans and visitors, looking for suspicious patterns of behavior.

Rosen suggested Congress ensure that general data searches are constructed in ways that make the data traceable, but not easily identifiable. The data should remain “generally anonymous unless officials receive permission to link the data with a particular individual,” he asserted. He noted that TIA is developing this type of architecture for general data searches in its Genisys program, which seeks new ways to design ultralarge information repositories. Rosen also recommended that Congress create a special oversight court with the authority to decide when identifying data obtained during mass data surveillance may be connected to transactional information.

Mark Forman, Associate Director, Information Technology and Electronic Government, Office of Management and Budget, said federal data mining activities must be implemented in a way that is consistent with privacy laws, such as the Privacy Act of 1974. But he warned that the risk for improper disclosure rises when agencies use aggregated information and analyze data across databases, a practice called “virtual data warehousing.”

“When information can be accessed or exchanged at numerous locations by many users, a potential exists for inadvertent disclosure of personal information or misuse of personal information, by alteration or for unauthorized purposes,” Forman said in written testimony. He assured the committee that the administration is “strongly committed to protecting the privacy of citizens” when it uses any data mining techniques.