Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Screening Wrap-Ups
What's in a Name?
Civil Liberties Board
Privacy Act
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
August 2004 Archives Main | September 2004 »
August 30, 2004 | Screening Wrap-Ups

Last week's stories for Wired News concerned two new anti-terrorism programs, one a high-tech screening machine being tested on the southern border. It sounds almost too 22nd century to be true. Read more about PFNA, gamma-ray goodness here.

The other program is less high-tech, but probably more likely to play a role in Americans' everyday lives.

The branding division at the Transportation Security Administration calls it "Secure Flight," but it's really CAPPS v. 3.0 or so.

"Secure Flight" differs from CAPPS II in a few significant ways, which you can find in my article here.

But I think it's fair to note how political the timing of the announcement was.

The TSA had only just recently killed off CAPPS II and haven't even finished the autopsy report before they announced the next program.

Either the TSA is getting pushed really hard by Congress and the Administration to introduce something new, no matter how full their current plans are, or the TSA is using the pressure from the 9/11 commission as cover to get as much of CAPPS II introduced as it can.

And for some stellar, behind-the-scenes reporting on where "Secure Flight" might really be going, see Robert O'Harrow and Sara Goo's piece from Wednesday in the Washington Post,

Unfortunately, the Post's editors buried the story on A16. (At least, they will be in good company, since that's about where the byline of the indomitable Walter Pincus seems to land often too.)

Notice also "Secure Flight" drops the idea of using the airline counters to check for those wanted for outstanding warrants for violent crimes, one of the most controversial parts of CAPPS II.

That's not a tough one for the TSA to drop, I don't think, since 1) it didn't have anything to do with airline security (despite TSA spokesperson's comments about sitting next to axe murderers on planes) and 2) the idea was probably a concession given to the FBI when the TSA wanted more terrorist info from them back in the day.

Now with the Terrorist Screening Center online trying to create a centralized watchlist, they don't have to appease the FBI.

I'd tell you more about that but the TSA redacted all the emailed documents from the FBI to TSA.

And coming up tomorrow on Wired News, the 9/11 Commission's Civil Liberties board recommendation as interpreted by the Bush Administration.

Posted by Ryan Singel at 09:21 PM | TrackBack

August 23, 2004 | What's in a Name?

The Army Inspector General, relying on a technicality in the Privacy Act, decided that the Army did not violate the Privacy Act when one of its contractors tested a data-mining algorithm on JetBlue's passenger database.

Read more here in my story in today's Wired News.

The redacted report (in searchable PDF form) can be downloaded here.

The IG took seven months to complete the review and then decided not to release it publicly. I was able to get a copy only after filing a FOIA.

I'd been trying to get a copy of this report and the related Army documents since October. I got nowhere with these requests, since the Army decided it would not release any documents until the IG finished its investigation.

I finally got some redacted documents (not the report) in early August, which indicated that the IG investigation was done, though no one at the Army would confirm that.

I'll have more on the other FOIA documents here later this week, but first I'd like to pose the question: What is the point of classifying Inspector General reports?

Well, in this case, it looks like the Army IG wrote a report that clears the Army of wrongdoing, sends a couple of redacted copies to the Hill in order to mollify some senators and then declined to make the report public.

It's not too tough to infer why the IG didn't publish the report.

But more importantly, the Army IG's reading of the Privacy Act sets a precedent on how the government interprets the law.

The Privacy Act was meant to prevent secret databases and to prevent databases from being used for purposes other than what they were set up for. For example, they prevent the FBI from searching the IRS's databases for information on a suspect, unless the FBI has a warrant.

But roughly speaking, there are now two advanced ways of finding information in a database. One is known as "link analytics." Under this method, a database investigation would start with a suspect and then look for hidden links to other people or transactions.

In short, you start with a name and end up with a list of other names or transactions.

The other is what people refer to as "data mining." While data mining encompasses a wide range of ways to make sense of masses of data, in the anti-terrorism context it is usually thought of as a process of discovering terrorist plots or terrorists by looking for patterns of activity.

This was the idea behind the Total Information Awareness program, which generated enough heat to be shut down publicly. (Large chunks of this project got moved into the DoD's black budget.)

Notice that this technique starts with a pattern and results in names.

This technique isn't necessarily wrong and is useful for finding patterns of securities fraud and money laundering in the morass of financial data generated daily in our economy.

But the reasoning in the IG ruling means that these databases aren't subject to the Privacy Act, so long as an investigator never searches directly for a person's name.

There's no reason to exempt these kinds of databases from the Privacy Act. It's really not that stringent of a law. It simply requires notice of its existence, its uses and requires the government to inform people when it collects information from them.

Posted by Ryan Singel at 09:52 AM | Comments (1) | TrackBack

August 21, 2004 | Civil Liberties Board

For those who haven't gotten a copy of this summer's bestseller, The 9/11 Commission Report, let me now suggest you get a copy. It is an historic document that will be a key reference point in anti-terrorism debates over the next five or ten years.

And to the commission's immense credit, the report is crisply written in plain language. You do not need a law degree or two years experience as a Congressional staffer to understand it.

But that same plain language also means that the specific recommendations (PDF) are unspecific.

Though both the Republicans and Democrats have signed on to the Commission's recommendations, the task of translating those recommendations into legislative language (currently being handled by Senators Joe Lieberman and John McCain) is complicated by differences in what legislators and interest groups understand the recommendations mean.

The recommendation that there should be a National Intelligence Director (NID) to coordinate domestic and foreign intelligence gathering and have budgetary authority over the sprawling intelligence bureaucracy is the prime example. It is by far the most contentious and important of the Commission's recommendations.

Civil liberties groups fear that a centralized director, especially one in the executive office, would lead to politicized intelligence and would inevitably lead to Hoover and Reagan-era abuses.

Agencies, including the Justice Department and the Pentagon, fear such centralization would lead to loss of control (and turf) and lead to inflexibility in the fight against an enemy whose structure and methods change rapidly.

But even those who agree that the idea is a good one don't necessarily agree what that position looks like in practice. Should the NID be in the cabinet? Or should the NID have a fixed term (along the lines of the Fed chief) that insulates her from political pressure? How much control should the chief have over how the FBI divies up money to various intelligence agencies or what information it decides to share with other agencies?

As my article in Wired News shows, similar problems exist with the commission's recommendation that the government should create a national civil liberties board to oversee anti-terrorism information sharing.

However, I think I failed to convey in the article how historic and important this proposal is.
Regardless of one's position on the Patriot Act and the necessity of increased anti-terrorism powers, it is impossible to ignore that many people fear that the government is abusing its newfound powers.

That perception is only strengthened by the Bush Administration's unwillingness to share information.

How often and for what reasons has the FBI used the National Security Letters provisions of the Patriot Act? That provision gives the FBI wide authority to issue itself administrative subpoenas in order to compel businesses (including ISPs) to provide evidence and business documents to investigators.

How many times has the FBI used that provision? We don't know, since the FBI has decided that even aggregate statistics about the use of NSLs are classified. The ACLU, which is suing the FBI over the use of NSLs, has heavily redacted FBI documents that indicate the NSLs are widely used. Now just because they are widely used, that does not mean the FBI is abusing that power.

But how are we to know, given the Attorney General has decided to share as little information as possible? We know how often the government uses wiretaps, but that is only because a 25 year old law forces the FBI to report to Congress about how it is using that power every year.

Yet, Congress has been unwilling to require similar public reports about other powers and programs. Their oversight of anti-terrorism programs and powers has been abysmal and the executive branch has continually stonewalled and resisted their meager efforts.

This is exactly why an independent, powerful and balanced civil liberties board is necessary.

There is no real debate that the government should be fighting militant Islamic extremism (which is how I think the government defines the war on terrorism, explicitly excluding domestic right-wing anti-abortion, anti-federal government militants).

If that movement is left unchecked and allowed to grow, millions around the world could lose their lives and liberty to religious extremists who hate modernity.

Our civil liberties, not our economic system, are what should define us as a nation -- the right to petition for the redress of grievances, the right to travel without undue restriction, the right to worship any or no god, the right to be safe in our homes and papers from unjustified government searches, our right to walk the streets without the fear of a cop demanding identification and our right to speak freely in opposition to government.

So to the extent the government needs expanded powers to fight terrorists, so too do we need expanded powers to protect our civil liberties.

Part of the function of a truly independent board is to lend credence to legitimate government efforts to thwart religious extremists who find glory in killing 3,000 Americans going about their daily lives and in the beheading of civilians such as journalist Daniel Pearl.

But the board should also be there to ensure we never need another Church Committee report and to ensure that all-too widespread beliefs that the government is monitoring our every move be confined to the schizophrenic, and not the loyal opposition.

Posted by Ryan Singel at 12:37 PM | TrackBack

August 19, 2004 | Privacy Act

The Congress finds that --

(1) the privacy of an individual is directly affected by the collection, maintenance, use, and dissemination of personal information by Federal agencies;

(2) the increasing use of computers and sophisticated information technology, while essential to the efficient operations of the Government, has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information;

(3) the opportunities for an individual to secure employment,insurance, and credit, and his right to due process, and other legal protections are endangered by the misuse of certain information systems;

(4) the right to privacy is a personal and fundamental right protected by the Constitution of the United States; and

(5) in order to protect the privacy of individuals identified in information systems maintained by Federal agencies, it is necessary and proper for the Congress to regulate the collection, maintenance, use, and dissemination of information by such agencies.

Posted by Ryan Singel at 12:43 AM

Powered by
Movable Type 3.2