Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Narus Not in the Know
Spy Machine Capabilities?
Ex-AT&T Employee on NSA Wiretap Room
Hitchens And Bamford Sue Bush Administration! No Really!
Web 2.0 Data Mining
Able Data Mining?
ChoicePoint Intelligence Agency?
TSA "Refreshes" Website, Removes Critical Report
No Flying Nun
Advisory Panel Report Made Public
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
Data Mining Archives Main
April 12, 2006 | Narus Not in the Know

Elise Ackerman at the San Jose Mercury News has some great follow-up reporting today on ex-AT&T employee-cum-whistleblower Mark Klein's public statement last week, which included allegations that a secret NSA spying room wired into to AT&T's internet switching station in San Francisco was home to a piece of data-mining equipment known as a Narus STA 6400.

The engineers at Narus weren't intending to create Big Brother's dream machine when they began writing software a decade ago to help phone companies send out more detailed bills.

But as the Mountain View company's code became more and more sophisticated, customers began to discover new uses for software that was originally designed to monitor and analyze network traffic.

Now Narus finds itself at the center of a legal fight over domestic spying.

[...]

Narus executives confirm AT&T is a customer but say they do not know how the telecommunications giant uses its software. ``Once our customers buy our product, it's relatively opaque to us,'' said Steve Bannerman, vice president of marketing.

Narus CEO Greg Oslan said the company's software is designed to allow carriers to monitor all Internet traffic, including Web searches, e-mail content and attachments, and Internet phone calls.

Full story here.

Posted by Ryan Singel at 12:39 PM | TrackBack

April 10, 2006 | Spy Machine Capabilities?

A blogger named bewert over at Daily Kos follows up on allegations made by ex-AT&T employee Mark Klein that AT&T installed equipment at an AT&T Internet switching facility that feeds the NSA a copy of every Internet packet that flowing from or to AT&T customers or across AT&T's expansive Internet backbone network. I covered Klein's public statement for Wired News on Friday and his full statement can also be found here.

bewert looked into the machine alleging Narus STA 6400, did a little math and parsing of some public statements to find that the machine was capable of monitoring 39,000 DSL lines at any one time.

Prior to 9/11 Narus worked on building carrier-grade tools to analyze IP network traffic for billing purposes, to prevent what they term "revenue leakage". Post-9/11 they have continued down that path while adding more semantic monitoring abilities for surveillance purposes. They even brought in former Deputy Director of the NSA William P. Crowell as an addition to their Board of Directors. [...]

Remember that semantics is not just the data, but rather the meaning of the data. It looks at the data in a more comprehensive way than looking for keywords. Each NarusInsight machine does this at 2500 million bits per second, in real-time.[...]

These capabilities include playback of streaming media (i.e. VoIP), rendering of web pages, examination of e-mail and the ability to analyze the payload/attachments of e-mail or file transfer protocols. Narus partner products offer the ability to quickly analyze information collected by the Directed Analysis or Lawful Intercept modules. When Narus partners' powerful analytic tools are combined with the surgical targeting and real-time collection capabilities of Directed Analysis and Lawful Intercept modules, analysts or law enforcement agents are provided capabilities that have been unavailable thus far.[...]

Posted by Ryan Singel at 10:17 AM | TrackBack

April 07, 2006 | Ex-AT&T Employee on NSA Wiretap Room

An ex-At&T employee has made public a summary of his statement he provided in support of a lawsuit against AT&T, alleging that the telecom giant has built out secret wiretap rooms that funnel internet and phone call data to the National Security Agency.

AT&T provided NSA eavesdroppers with full access to its customers' phone calls, and shunted its customers' internet traffic to data mining equipment installed in a secret room in its San Francisco switching center, according a former AT&T worker cooperating in the Electronic Frontier Foundation's lawsuit against the company.

Mark Klein, a retired AT&T communications technician, submitted an affidavit in support of the EFF's lawsuit this week. That class action lawsuit, filed in federal court in San Francisco last January, alleges that AT&T violated federal and state laws by surreptiously allowing the government to monitor phone and internet communications of AT&T customers without warrants.

On Wednesday, the EFF asked the court to issue an injunction prohibiting AT&T from continuing the alleged wiretapping, and filed a number of documents under seal, including three AT&T documents that purportedly explain how the wiretapping system works.

According to a statement released by Klein's attorney, an NSA agent showed up at the San Francisco switching center in 2002 to interview a management-level technician for a special job. In January 2003, Klein observed a new room being built adjacent to the room housing AT&T's #4ESS switching equipment, which is responsible for routing long distance and international calls.

"I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room," Klein wrote. "The regular technician workforce was not allowed in the room."

Klein's job eventually included connecting internet circuits to a splitting cabinet that led to the secret room. During the course of that work, he learned from a co-worker that similar cabinets were being installed in other cities, including Seattle, San Jose, Los Angeles and San Diego.

"While doing my job, I learned that fiber optic cables from the secret room were tapping into the WorldNet (AT&T's internet service) circuits by splitting off a portion of the light signal," Klein said wrote.

The split circuits included traffic from peering links connecting to other internet backbone providers, meaning that AT&T's was also diverting traffic routed from its network to or from other domestic and international providers, according to Klein's statement.

The secret room also included data-mining equipment called a Narus STA 6400, "known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets," according to Klein's statement.

Full story here. Justin Scheck of The Recorder had the story first, and has some great info on the story and Klein's lawyer, Miles Ehrlich, a former U.S. attorney, over at the CalLaw's blog, Legal Pad.

Posted by Ryan Singel at 11:52 AM | TrackBack

January 16, 2006 | Hitchens And Bamford Sue Bush Administration! No Really!

It was going to be the journalistic equivalent of Cagney and Lacey, but better. Well, better, but with fewer lesbians.

James Bamford, the studious and diligent one who has written books on the NSA, who has a soft spot for conspiracy theoeires was cast as the soul-searching, muckraking honest journalist who just might find out things he doesn't want to know are true..

Christopher Hitchens, the wild one prone to lighting up in elevators and putting whiskey in his oatmeal, would play the bitter, lost journalist who thinks all his colleagues are sellouts and pansies, but he has a soft side and spell checks his byline.

Together the duo would fight injustice, drink and smoke and make fun of editors, and have secret Meet-Ups, IM Department of Agriculture whistleblowers and wage the war on terror and anti-terror (the plan was to alternate weeks) with word processors! Word processors with byline spell checkers, of course.

And their first case?

Here's the shocker -- they don't write anything in the pilot episode. Instead, Bamford hears immediate clicks on the phone when he calls Mossad sources. For his part Hitchens hears clinks in his the highball glass when he calls on his sources.

Both suspect the government is wiretapping them.

So they sign up to have the ACLU sue the government, claiming the government probably eavesdropped on their phone calls (Hitchens vaguely recalls a late night international booty call from some months back, while Bamford claims not to have known that the NSA could intercept his calls to his sources in Israel., No really, he has at least one source there. No really some of his best friends are high level Israeli spooks.).

Too bad reality just scooped me.

No really, it did.

I swear on Echelon, reality bit me.

My blockbuster is in the New York Times. The news section of the NYT.

"There's almost a feeling of déjà vu with this program," said James Bamford, an author and journalist who is one of five individual plaintiffs in the A.C.L.U. lawsuit who say they suspect that the program may have been used to monitor their international communications.

"It's a return to the bad old days of the N.S.A.," said Mr. Bamford, who has written two widely cited books on the intelligence agency.

Although the program's public disclosure last month has generated speculation that it may have been used to monitor journalists or politicians, no evidence has emerged to support that idea. Bush administration officials point to a secret audit by the Justice Department last year that reviewed a sampling of security agency interceptions involving Americans and that they said found no documented abuses.

[...]

Also named as plaintiffs in the A.C.L.U. lawsuit are the journalist Christopher Hitchens, who has written in support of the wars in Iraq and Afghanistan; ...

Wiretap Lawsuit.

Remember this isn't old-school Trotskyite Hitchens; this is the post-9/11 Hitchens.

I guess we should have seen the re-reversal coming after he threw this bomb after the government decided to start confiscating his lighter when he gets on planes ((no I don't know how he lit the fuse after they took away his lighter) and yes, yes, I and You know that wasn't the administration pushing the lighter ban and we know that Michael Moore and Byron Dorgan are to blame but Hitchens doesn't know that and like Blutarsky, he's on a roll so don't interrupt him.)

I guess that while Hitchens made good friends with the Neo-Cons (who are Trotskyites of a sort), they weren't kind enough to give him a get-out-of-surveillance free card.

Now those neo-cons are going to hear from his ACLU lawyer.

All I can say to that is God help the Kurds if they ever even think one mean thing about Hitchens.

Posted by Ryan Singel at 10:09 PM | Comments (1) | TrackBack

January 04, 2006 | Web 2.0 Data Mining

Following on the story about the NSA's recently disclosed data-mining project, Tom Owad launched his own data mining program targeting folks with a common first name who had Amazon Wishlists.

He pulled down all 260,000 lists using a couple of old computers, a few lines of code and two DSL lines. Then he searched for folks who liked books by Michael "I hate lighters" Moore and Rush "Jail is for poor drug users" Limbaugh.

(I wonder if Owad started this before or after the very predictable debunking of the Homeland Security monitors Inter-Library Loans of Mao's Red Book story?)

He then mashed up the hits with, oh yes, you Web 2.0 kids saw this coming, Google Maps.

All the tools used in this project are standard and free. The services, likewise, are all free. The technical skills required to implement this project are well within the abilities of anybody who has done any programming. The network connection used to download these files was a standard home DSL connection. The computer that processed the data was a 1.5 GHz PowerBook G4. The operating system is Mac OS X 10.4, though everything could have been done just as easily with Linux (and probably with Windows). Not a penny was spent in the writing of this article, just 30 hours of time.

This is what's possible with publicly available information, but imagine if one had access to Amazon's entire database - which still contains every sale dating back to 1999 by the way. Under Section 251 of the Patriot Act, the FBI can require Amazon to turn over its records, without probable cause, for an "authorized investigation . . . to protect against international terrorism or clandestine intelligence activities." Amazon is forbidden to disclose that they have turned over any records, so that you would never know that the government is keeping records of your book purchases. And obviously it is quite simple to crossreference this info with data available in other databases.

Very impressive experiment.

Good thing places like Google and ISPs don't keep track of your searches and internet travels for years, or somebody with a self-issued subpoena might decide to ask for that information from them in bulk, and do some mashing up on their own.

It's also a very visual illustration of the implications of 30,000 National Security Letters a year and the Bush Administration policy of allowing that information to all go into a central database that can even be shared with private companies.

For that latter story see Barton Gellman's November story in the Washington Post:

The FBI now issues more than 30,000 national security letters a year, according to government sources, a hundredfold increase over historic norms. The letters -- one of which can be used to sweep up the records of many people -- are extending the bureau's reach as never before into the telephone calls, correspondence and financial lives of ordinary Americans.

Issued by FBI field supervisors, national security letters do not need the imprimatur of a prosecutor, grand jury or judge. They receive no review after the fact by the Justice Department or Congress. The executive branch maintains only statistics, which are incomplete and confined to classified reports. The Bush administration defeated legislation and a lawsuit to require a public accounting, and has offered no example in which the use of a national security letter helped disrupt a terrorist plot.

The burgeoning use of national security letters coincides with an unannounced decision to deposit all the information they yield into government data banks -- and to share those private records widely, in the federal government and beyond. In late 2003, the Bush administration reversed a long-standing policy requiring agents to destroy their files on innocent American citizens, companies and residents when investigations closed. Late last month, President Bush signed Executive Order 13388, expanding access to those files for "state, local and tribal" governments and for "appropriate private sector entities," which are not defined.


Posted by Ryan Singel at 05:19 PM | Comments (1) | TrackBack

December 07, 2005 | Able Data Mining?

Able Danger. TIA. Al Qaeda. Curt Weldon. John Poindexter. Slobodan Milosevic. Data mining. Information Dominance. Raytheon. Condoleezza Rice.

Shane Harris's feature at National Journal has them all.

In the spring of 2000, a year and a half before the 9/11 attacks, Erik Kleinsmith made a decision that history may judge as a colossal mistake.

Then a 35-year-old Army major assigned to a little-known intelligence organization at Fort Belvoir in Virginia, Kleinsmith had compiled an enormous cache of information -- most of it electronically stored -- about the Al Qaeda terrorist network. It described the group's presence in countries around the world, including the United States.

It was of great interest to military planners eager to strike the terrorists' weak spots. And it may have contained the names of some of the 9/11 hijackers, including the ringleader, Mohamed Atta.

The intelligence data totaled 2.5 terabytes, equal to about 12 percent of all printed pages held by the Library of Congress. Neither the FBI nor the CIA had ever seen the information. And that spring, Kleinsmith destroyed every bit of it.

[...]

But Able Danger, for all its intrigue, is just one piece of the unusual intelligence practices that Kleinsmith was engaged in, years before 9/11. In the late 1990s, Kleinsmith was the chief of intelligence for the Army's Land Information Warfare Activity, a support unit assigned to the Intelligence and Security Command. LIWA had broad authority to assist the Army and all military commands in conducting "information operations," a broad discipline that includes information warfare, public deception in combat, and intelligence analysis.

The Army's hub in this effort was the aptly named Information Dominance Center, based at Fort Belvoir. Since the late 1990s, the IDC has been home to some of the most innovative, unconventional, and controversial minds in the intelligence business. In its futuristic-style building -- its interior spaces designed by a Hollywood set artist to mimic the bridge of the starship Enterprise, complete with a large captain's chair in the center of the main room -- the IDC covered a range of topics.

Analysts tracked computer hackers who were targeting military networks, watched for potential avenues of Chinese government espionage, and charted the working relationships among foreign terrorists. To do this, the IDC relied heavily on a novel technique called "data mining."

On a recent afternoon at a coffee shop in Springfield, Va., not far from the IDC, Kleinsmith explained how data mining works. Putting pen to paper, Kleinsmith sketched clumps of circles, then surrounded some with concentric, wavy perimeters, until he'd drawn a crude version of a topographical map.

While the piece doesn't come to any firm conclusions on the quality of Able Danger's work or whether the program actually found Mohammed Atta, it's more than worth a few minutes of your time.

Full story here.

Posted by Ryan Singel at 03:27 PM

November 14, 2005 | ChoicePoint Intelligence Agency?

The FBI and the Defense Department have long subscribed to private commercial data broker ChoicePoint, for use in investigations.

But since 2002, the agencies have also been relying on ChoicePoint's data to fuel data mining operations in one of the least understood post 9/11 operations, known as the Foreign Terrorist Tracking Task Force, according to Shane Harris of the National Journal.

The article, which relies on heavily redacted documents acquired through an open government request, raises questions about whether the Privacy Act -- which largely prevents secret databases on American citizens -- means anything if the government can simply outsource that data collection to a company like ChoicePoint (best known now for selling information on 145,000 citizens to identity theft scammers).

To help the government track suspected terrorists and spies who may be visiting or residing in this country, the FBI and the Defense Department for the past three years have been paying a Georgia-based company for access to its vast databases that contain billions of personal records about nearly every person -- citizens and noncitizens alike -- in the United States.

[...]

A set of contract documents, obtained under the Freedom of Information Act, and which the government sought to withhold for almost two years, reveals details not previously reported about ChoicePoint's work for the FBI's Foreign Terrorist Tracking Task Force, called FTTTF or "F tre F." This task force was set up soon after the 9/11 attacks to assist law enforcement and intelligence agencies in locating foreign terrorists and their supporters in the United States. Because the task force can't maintain records on U.S. persons without opening an official investigation, it relies on ChoicePoint to augment the intelligence that the government collects through legal channels.

[...]

But the documents indicate that ChoicePoint may have gone beyond simply offering its commercially available products to the government. In 2003, ChoicePoint agreed to provide access to an "exclusive" system used to help identify terrorism suspects. Although much of the description of the system has been redacted from the documents -- on the grounds that it would reveal law enforcement tactics and operations -- the portions that were released indicate that ChoicePoint's work involves continuously tracking a "subject of interest" and notifying the government when new information has surfaced on that person.

After a string of redacted text about this exclusive service, the document states, "When this new information is added and identified as relevant new data for a subject of interest, the FTTTF will receive electronic notification.... Additional information beyond the identity and address data can be provided to the FTTTF with a subpoena." In releasing the contract documents, the government said it could not elaborate on the system, because doing so "could certainly assist ... terrorists in circumventing detection." The government also redacted the dollar amount of the contracts, making it harder to assess costs and scope.

According to an outside expert on ChoicePoint who reviewed the documents for National Journal, the exclusive service looks like something ChoicePoint built specifically for federal agencies, and the arrangement raises questions about whether the company is effectively becoming an arm of the federal government.

"The language [of the contract], and ChoicePoint making their full system available to the government and [performing] custom-tailored searches for the government, show a high degree of cooperation," says Chris Hoofnagle, a researcher with the Electronic Privacy Information Center, who has obtained ChoicePoint contracts and corporate documents through other legal filings.

Full ChoicePoint/FBI story here.

Posted by Ryan Singel at 10:03 AM | TrackBack

November 11, 2005 | TSA "Refreshes" Website, Removes Critical Report

The Transportation Security Administration has removed a link from its website to an internal report highly critical of its newest airline passenger screening proposal, while simultaneously adding rebuttals to it.

The scathing report was written by a group of privacy experts and technologists appointed to the Secure Flight Working Group, which was tasked by the TSA with evaluating the effectiveness and privacy risks of its proposed upgrade to the current passenger watchlist system, now dubbed "Secure Flight."

Frustrated by incomplete briefings, the group recommended that Congress ban live testing of the program until the Department of Homeland Security clarifies how it will work.

When asked about the delinking of the report, TSA spokesman Nico Melendez said by email the delinking was part of a "'scrub' of our website."

"Several items have been refreshed to ensure appropriate information for public consumption is available," Melendez said.

The report was posted in full to the TSA's website in mid-September to the surprise of several group members who did not expect the critical report would be allowed to be made public.

"Based on the limited test results presented to us, we cannot assess whether even the general goal of evaluating passengers for the risk they represent to aviation security is a realistic or feasible one or how TSA proposes to achieve it," the report said. "We do not know how much or what kind of personal information the system will collect or how data from various sources will flow through the system. Until TSA answers these questions, it is impossible to evaluate the potential privacy or security impact of the program..."

The group's membership included security expert Bruce Schneier, noted technologist Ed Felten, corporate privacy lawyer Martin Abrams, and Steve Lilienthal of the conservative Free Congress Foundation.

The TSA has since delinked the report, replacing it with an executive summary of the report (.doc) that simply summarizes the nature of the working group and the Secure Flight program. It contains none of the report's findings.

The revision seems to have been done by a TSA employee named Jose Carrao on October 12.

Oddly, the full report (.pdf) remains on the TSA's servers, though there are no links to it. A saved copy can also be found here.

The TSA also added two rebuttals from aviation groups (Word docs here and here) and one clarification (.pdf) from the Terrorist Screening Center, which is responsible for creating the centralized terrorist watchlist.

One of rebuttals itself has been revised to remove original comments about the size of the TSA watchlists, saying that information "has been determined by TSA/DHS to be Sensitive Security Information (SSI)." SSI is not classified information, but the TSA uses the designation to withhold information from the public, such as airport security plans and the fact it requires airlines to ask for identification from passengers. One federal judge has already ruled that the TSA uses SSI designation frivolously.

The working group's report discusses the watchlist's composition and length, relying on information provided to it by a TSA employee and other information found in a Justice Department report on the watchlist(.pdf).

In part, the working group wrote that "As of spring 2005, there were about 270,000 entries in the TSDB [Terrorist Screening Database], many of them aliases of the same individual. Of these, about 30,000-40,000 were on the No-Fly list, and 30,000-40,000 were on the Selectee list, for a combined total of about 70,000. As the TSDB and TSA lists are further scrubbed, TSA officials predict that the number of No-Flys might be reduced to as few as 20,000. However, the number of Selectees was expected to increase substantially, so that the total of the No-Fly and Selectee lists might be about 160,000 persons."

Melendez did not reply to a follow-up email asking if the report contained sensitive information inappropriate for public consumption.

If the document does contain information that is too sensitive for the public to know about, it is unclear why the TSA simply delinked the document without removing it from their servers, since the report is easily available through search engines.

Melendez also declined to say why the TSA uses the word "refresh" to refer to the removal of information from its website.

Posted by Ryan Singel at 10:25 AM | TrackBack

September 26, 2005 | No Flying Nun

Sister Glenn Anne McPhee, the Church's leading official for education in America, spent 9 months being caught by the No Fly list, until her boss wrote Karl Rove.

Sister Glenn Anne McPhee with Secretary of Education Margaret Spellings
Sister Glenn Anne McPhee (C) and Reverend Robert J. McManus at the Congressional Advocacy Days conference of the U.S. Conference of Catholic Bishops meeting with Secretary of Education Margaret Spellings.

And she's none too happy about it.

Sister McPhee's chronicle of frustration began in mid-October 2003, after she was stopped at Baltimore Washington International airport on her way to Providence, Rhode Island.

Unable to check in using the airline's kiosks, McPhee handed her driver's license and reservation to an airline employee, who keyed her name into the computer system and then disappeared with her license into an internal door.

When he returned an hour later, he was accompanied by two police officers.

The officers flanked the 62-year-old Dominican nun, one standing with his hand on his gun, the other using a cell phone to run a security check.

Three hours later, having missed two planes, Sister McPhee was cleared to enter the security line, where she was wanded from head to toe with a magnometer.

"This was the beginning of nine months of hell," McPhee said.

Before flying back to Washington, D.C., McPhee called a family connection who works at an airline and who had access to the watch lists provided by the government to the airlines.

Sister McPhee was being stopped because the list said that an Afghani man was using the last name McPhee as an alias. The list had no first name for him, and the intensive checks would continue until she cleared her name with the ombudsman at the Transportation Security Administration, according to this family connection.

Full story here.

There's lots of other TSA/Secure Flight news and commentary floating around, mostly about the report I mentioned here on Friday.

Noah's great wrap-up is a fine place to start.

The esteemed security guru Bruce Schneier, a member of that panel, has some words here.

Dan Solove, a smart professor with a good blawg, chimes in here.

And for those who prefer their media paid, rather than volunteer, check out Sara Kehaulani Goo's article in the Washington Post or Leslie Miller's take for the Associated Press.


Posted by Ryan Singel at 09:59 AM | TrackBack

September 23, 2005 | Advisory Panel Report Made Public

The Secure Flight Working Group, a set of security and privacy experts that was tasked in January with evaluating Secure Flight for the Transportation Security Administration's Aviation Security Advisory Committee, has released its report, which questions whether recommends that Congress stop any live testing until the TSA has adequately developed a plan for a new system to screen the nation's air travelers.

The TSA published the report -- perhaps inadvertently -- to their website this morning.

Despite having security clearances and signing NDAs, the group was left with more questions than answers and recommended that major changes happen before any operational testing, such as that proposed by the TSA to start in October.


The group consisted of

  • Jim Dempsey, Center for Democracy & Technology/Markle Foundation

  • Bruce Schneier, Counterpane Internet Security

  • Steve Lilienthal, Free Congress Foundation

  • Martin Abrams, Hunton & Williams

  • Daniel Gallington, Potomac Institute

  • Edward Felten, Princeton University

  • Linda Ackerman, Privacy Activism

  • Anna Slomovic, SRA International

  • Lauren Gelman, Stanford University

They wrote:

II. Questions

The SFWG found that TSA has failed to answer certain key questions about Secure Flight: First and foremost, TSA has not articulated what the specific goals of Secure Flight are. Based on the limited test results presented to us, we cannot assess whether even the general goal of evaluating passengers for the risk they represent to aviation security is a realistic or feasible one or how TSA proposes to achieve it. We do not know how much or what kind of personal information the system will collect or how data from various sources will flow through the system.

Until TSA answers these questions, it is impossible to evaluate the potential privacy or security impact of the program, including:
􀂃 Minimizing false positives and dealing with them when they occur.
􀂃 Misuse of information in the system.
􀂃 Inappropriate or illegal access by persons with and without permissions.
􀂃 Preventing use of the system and information processed through it for purposes other than airline passenger screening.

The following broadly defined questions represent the critical issues we believe TSA must address before we or any other advisory body can effectively evaluate the privacy and security impact of Secure Flight on the public.

1. What is the goal or goals of Secure Flight? The TSA is under a Congressional mandate to match domestic airline passenger lists against the consolidated terrorist watch list. TSA has failed to specify with consistency whether watch list matching is the only goal of Secure Flight at this stage. The Secure Flight Capabilities and Testing Overview, dated February 9, 2005 (a non-public document given to the SFWG), states in the Appendix that the program is not looking for unknown terrorists and has no intention of doing so. On June 29, 2005, Justin Oberman (Assistant Administrator, Secure Flight/Registered Traveler) testified to a Congressional committee that “Another goal proposed for Secure Flight is its use to establish “Mechanisms for … violent criminal data vetting.”2 Finally, TSA has never been forthcoming about whether it has an additional, implicit goal - the tracking of terrorism suspects (whose presence on the terrorist watch list does not necessarily signify intention to commit violence on a flight).
While the problem of failing to establish clear goals for Secure Flight at a given point in time may arise from not recognizing the difference between program definition and program evolution, it is clearly an issue the TSA must address if Secure Flight is to proceed.

2. What is the architecture of the Secure Flight system? The Working Group received limited information about the technical architecture of Secure Flight and none about how software and hardware choices were made. We know very little about how data will be collected, transferred, analyzed, stored or deleted. Although we are charged with evaluating the privacy and security of the system, we saw no statements of privacy policies and procedures other than Privacy Act notices published in the Federal Register for Secure Flight testing. No data management plan either for the test phase or the program as implemented was provided or discussed.

3. Will Secure Flight be linked to other TSA applications? Linkage with other screening programs (such as Registered Traveler, Transportation Worker Identification and Credentialing (TWIC), and Customs and Border Patrol systems like U.S.-VISIT) that may operate on the same platform as Secure Flight is another aspect of the architecture and security question. Unanswered questions remain about how Secure Flight will interact with other vetting programs operating on the same platform; how it will ensure that its policies on data collection, use and retention will be implemented and enforced on a platform that also operates programs with significantly different policies in these areas; and how it will interact with the vetting of passengers on international flights?

4. How will commercial data sources be used? One of the most controversial elements of Secure Flight has been the possible uses of commercial data. TSA has never clearly defined two threshold issues: what it means by “commercial data;” and how it might use commercial data sources in the implementation of Secure Flight. TSA has never clearly distinguished among various possible uses of commercial data, which all have different implications.

Possible uses of commercial data sometimes described by TSA include: (1) identity verification or authentication; (2) reducing false positives by augmenting passenger records indicating a possible match with data that could help distinguish an innocent passenger from someone on a watch list; (3) reducing false negatives by augmenting all passenger records with data that could suggest a match that would otherwise have been missed; (4) identifying sleepers, which itself includes: (a) identifying false identities; and (b) identifying behaviors indicative of terrorist activity. A fifth possibility has not been discussed by TSA: using commercial data to augment watch list entries to improve their fidelity. Assuming that identity verification is part of Secure Flight, what are the consequences if an identity cannot be verified with a certain level of assurance?

It is important to note that TSA never presented the SFWG with the results of its commercial data tests. Until these test results are available and have been independently analyzed, commercial data should not be utilized in the Secure Flight program.

5W5. Which matching algorithms work best? TSA never presented the SFWG with test results showing the effectiveness of algorithms used to match passenger names to a watch list. One goal of bringing watch list matching inside the government was to ensure that the best available matching technology was used uniformly. The SFWG saw no evidence that TSA compared different products and competing solutions. As a threshold matter, TSA did not describe to the SFWG its criteria for determining how the optimal matching solution would be determined. There are obvious and probably not-so-obvious tradeoffs between false positives and false negatives, but TSA did not explain how it reconciled these concerns.

6. What is the oversight structure and policy for Secure Flight? TSA has not produced a comprehensive policy document for Secure Flight that defines oversight or governance responsibilities.

Their conclusion?

We, the SFWG were not provided adequate information about the proposed program for Secure Flight. Therefore, we are unable to make any substantive recommendations at this time. We do, however, suggest the following actions:

Congress should prohibit live testing of Secure Flight until it receives the following from the Secretary of the Department of Homeland Security.

First, a written statement of the goals of Secure Flight signed by the Secretary of DHS that only can be changed on the Secretary’s order. Accompanying documentation should include: (1) a description of the technology, policy and processes in place to ensure that the system is only used to achieve the stated goals; (2) a schematic that describes exactly what data is collected, from what entities, and how it flows through the system; (3) rules that describe who has access to the data and under what circumstances; and (4) specific procedures for destruction of the data. There should also be an assurance that someone has been appointed with sufficient independence and power to ensure that the system development and subsequent use follow the documented procedures.

Full report can be found here on the TSA web site (pdf), or here on this site.

(Thanks to Edward Hasbrouck of the Practical Nomad for the tip. See also his comprehensive rundown of recent Secure Flight news here.)

Posted by Ryan Singel at 09:58 AM | TrackBack

September 22, 2005 | TSA Chief Nixes Commercial Databases

The new head of the Transportation Security Administration, Kip Hawley, is shelving long held plans to use commercial databases as part of a new airline passenger screening system, according to the Wall Street Journal's Laura Meckler.

The TSA has been considering using commercial data for Secure Flight, but came under intense criticism from privacy advocates, the Government Accountability Office and others. In response, the agency has decided to launch the program without using commercial data, said TSA chief Kip Hawley. "There's no question it would be helpful, but it brings with it a lot of privacy concerns," Mr. Hawley said.

Secure Flight is now expected to launch by early next year, according to one person interested in the program who was briefed by a top TSA official. According to this account, regulations governing it will be issued in the next few weeks, with the program set to begin with at least a handful of airlines as early as November -- or if it can't get off the ground before Thanksgiving, then in early 2006.

The idea is that Secure Flight will do a better job of identifying would-be terrorists than the existing system does. Since the Sept. 11, 2001, terrorist attacks and the stepped-up security that followed, many innocent travelers have been wrongly flagged as flight risks. Getting one's name off the watch list has proved difficult.
Under Secure Flight, the airlines would collect passengers' names and birth dates and turn them over to the TSA, which would run the names against the terrorist watch list. If someone shows up on the "no fly" list, that person would be barred from boarding the plane; other suspicious names would be flagged for extra screening.

Collecting full names and birth dates will reduce false matches by 60%, Justin Oberman, who runs the program, told Congress this summer. But to further increase accuracy, the TSA considered the commercial data, which could include information culled from marriage and birth certificates, credit-card records, court filings, newspaper clippings and other sources.

The TSA secretly tested this procedure without informing the public -- hiring a contractor that collected 100 million records -- which brought sharp rebukes from the GAO and privacy advocates. The agency apologized and reissued its privacy statement.

But it remains unclear what commercial data would be used for. Mr. Oberman suggested to a congressional committee that the data could be used to find people who aren't on the watch list -- members of "sleeper cells" that the FBI doesn't know about -- as well as to better match travelers to known names. "If we just rise and fall on the watch list, it's not adequate," he said in July.

Full story here.

This isn't too much of a surprise, given that the GAO found that TSA violated the Privacy Act when it collected data on 100,000 Americans without giving them notice and that Congress is still debating (in conference) whether or not to prohibit TSA from using commercial data.

Without the data, the question that has to be answered is whether the system can accurately match passengers against the watch list without having some outside source to verify a passenger's age.

That information is supposed to be self-reported by passengers in the future when they make a reservation, according to the TSA. However, TSA needs to figure out how to get that data from the first round of passengers or do without and possibly risk have a huge number of false hits on a 120,000 name-long watch list.


Posted by Ryan Singel at 03:05 PM | TrackBack

August 12, 2005 | Data Mining the Able Danger Allegations

There's much time table ado about Congressman Curt Weldon's assertion that a Pentagon data mining program identified Mohamed Atta and three other 9/11 hijackers as members of a terrorist cell in 1999 but declined to share the information with the FBI over a perceived legality.

Many, including myself, are skeptical of the claim, though I think there's a very interesting story in here. I just don't think it has come out yet.

Eric Umansky points to a Dan Eggen Washington Post story, which includes this information:

Commission officials confirmed a report in yesterday's New York Times that two staff members interviewed a uniformed military officer, who alleged in July 2004 that a secret program called "Able Danger" had identified Atta as a potential terrorist threat in 1999 or early 2000.

Panel investigators viewed the claim as unlikely, in part because Atta was not recruited as an al Qaeda operative until a trip to Afghanistan in 2000 and did not enter the United States until June of that year, officials said.

Umansky also raises the question of whether the list of names was actually quite large, perhaps in the range of thousands, which might explain why Atta's name wasn't noticed on the list until fairly recently.

Over at Intel Dump, Jon Holdaway, a veteran with experience in military intel operations, has a rundown on the laws controlling data mining and an insider's take on the Pentagon's capabilities. But he also thinks something about this story doesn't pass the smell test.

Able Danger appears to be the codename to the forerunner of the Information Dominance Center, or at least IDC-type tools were being applied to the Able Danger mission, but analysis presumes collection, or investigation. If Able Danger was conducting an investigation in to Atta et. al., it would have no jurisdiction to conduct collection or investigative activities in Brooklyn - that would fall under FBI.

To say that the "wall" prevented DOD from talking to FBI doesn't make sense. The "wall" existed between FBI-Criminal Division and FBI-Intelligence Division and was managed by the DOJ Office of Intelligence Policy and Review (OIPR). DOD was free, in fact required, to discuss counterintelligence and counterterrorism investigations taking place in the United States (or even taking place outside the United States if they involved US persons or potential prosecutions) with FBI-Intelligence officials.

Regardless, as I noted before, data mining raises some serious questions that need to be thought through publicly.


Posted by Ryan Singel at 08:46 AM | TrackBack

August 09, 2005 | The Pentagon's Computers Knew, Congressman Says

A Congressman and an unnamed former defense official say that a secret Pentagon intelligence group used data-mining software in 2000 that fingered Mohammed Atta and three other September 11 hijackers as terrorists and considered turning over their information to the FBI, according to New York Times reporter Douglas Jehl's front page bombshell.

The information never made it into the 9/11 commission report and a Pentagon spokesman claims not to know about the program (which does not mean it didn't exist).

I'm skeptical of this report for a number of reasons, including that Weldon's new book about the dangers of Iran relies mostly on information funneled to him by Manucher Ghorbanifar, perhaps best known as a shadowy arms dealer from the Iran-Contra affair and whom the CIA has dismissed as a fabricator.

Mr. Weldon has long been a champion of the kind of data-mining analysis that was the basis for the work of the Able Danger team.

The former intelligence official spoke on the condition of anonymity, saying he did not want to jeopardize political support and the possible financing for future data-mining operations by speaking publicly. He said the team had been established by the Special Operations Command in 1999, under a classified directive issued by Gen. Hugh Shelton, then the chairman of the Joint Chiefs of Staff, to assemble information about Al Qaeda networks around the world.

"Ultimately, Able Danger was going to give decision makers options for taking out Al Qaeda targets," the former defense intelligence official said.

[...]

"We knew these were bad guys, and we wanted to do something about them," the former intelligence official said.

[...]

In the summer of 2000, the military team, known as Able Danger, prepared a chart that included visa photographs of the four men and recommended to the military's Special Operations Command that the information be shared with the Federal Bureau of Investigation, the congressman, Representative Curt Weldon of Pennsylvania, and the former intelligence official said Monday.

The recommendation was rejected and the information was not shared, they said, apparently at least in part because Mr. Atta, and the others were in the United States on valid entry visas. Under American law, United States citizens and green-card holders may not be singled out in intelligence-collection operations by the military or intelligence agencies. That protection does not extend to visa holders, but Mr. Weldon and the former intelligence official said it might have reinforced a sense of discomfort common before Sept. 11 about sharing intelligence information with a law enforcement agency.

Maybe that was the institutional culture at the time and certainly the 9/11 Commission report demonstrated that agencies were reluctant to share information or do so efficiently.

But not passing on the information because of visa issues?

I don't buy it.

I think there may be a really interesting story here, but I think Weldon is getting taken, quite willfully, on a ride.

Update: Phillip Carter of Intel Dump shares my skepticism, but adds that regardless of the story's veracity, the story should spark some further debate.

First, it shows that the U.S. has been actively engaged with data-mining for some time, at least since 2000. Second, notwithstanding the spectacular death of Total Information Awareness some time ago, it appears likely that the U.S. continues to engage in data mining work - both R&D and operational work. Third, I think this story demonstrates the promise of data mining techniques, which fuse the disciplines of artificial intelligence, relational databases, and non-obvious relationship analysis (NORA).

Of course, pitfalls remain for the use of these systems. The U.S. must implement robust control measures to ensure systems like Able Danger don't evolve into an extra-Constitutional menace. Some of those control measures might include the use of ex ante and ex post judicial review for these programs; the appointment of a bipartisan commission to monitor these systems; and a procedural mechanism which would allow citizens to learn of the data held by the government about them (similar to what exists now under FOIA, but better).

Ultimately, however, I think the potential promise outweighs the risk. The government's primitive passenger screening system in place on 9/11 identified 9 of the 19 hijackers, according to the 9/11 Commission report. Other data mining systems have helped big time in the efforts to combat terrorism financing. We need these systems, and we need to find ways to mitigate the legal, policy and political risks so that we can put them into action

.
Link.
A couple of things:
1. It shouldn't be a surprise to anyone that intelligence agencies have been using data mining prior to and after the 2001 terrorist attacks. Data mining techniques are a way of making some sense of a piles of data. I used them to make sense of search logs prior to 9/11 and of course, intelligence agencies were using them to make sense of open source, intelligence and signals data.

2. Carter is right that data mining will be a big issue again soon. There's been several signs of this over the last few months, but I don't feel like giving too much away until I get a good story or two out.

3. Carter skips over what will be the salient points in the coming debate.

Should data mining tools respect the difference between U.S. persons and foreigners?

Should that respect apply only to predictive data mining -- the kind that tries to figure out who is a terrorist before they strike or also to data mining to track down criminals after they've committed a crime?

What kind of data should government data mining programs have access to? Commercial data it buys? Commercial data that it subpoenas? Commercial data it asks for? Your phone records? Your medical history? The list of web sites you visit or people you email? The contents of your email?

If encryption shields personal information in databases (your name becomes X3$FSG, for instance) and the government can only see the uncoded results of data mining after proving to a judge that the data mining results might be important to an investigation, does that change what kind of data mining should be allowed?

These will be the real questions that need to be debated.


Posted by Ryan Singel at 09:06 AM | TrackBack

August 03, 2005 | JetBlue Lawsuit Dismissed

I haven't kept up with the lawsuits filed against JetBlue et. al. for violations of their privacy policies even though I broke the initial secret data transfer story, but I did notice today that a New York City judge dismissed a class action lawsuit against the airline.

(I should note part of my laziness in following that news stems from a lack of conviction that automatic damages and huge lawsuits are always an appropriate remedy to privacy policy violations or security lapses.)

Some details of that can be found here in a vaguely accurate story by Martin H. Bosworth in ConsumerAffairs.com. (I think Bruce Schneier should have told more people he changed his name to Bill)

The saga of JetBlue secretly turning over its records to the government for an anti-terrorism data-mining study is mired in plot twists (such as the participation of the commercial data giant Acxiom) and acronyms, but everyone involved admits that JetBlue massively violated its stated privacy policy when it handed over its entire passenger database to a minor, Alabama-based defense contractor called Torch Technologies (née Torch Concepts) that was looking to cash in on post-9/11 anti-terrorism money.

So if class-action lawsuits can't go forward against a company that violated privacy promises made to 1.5 million people unless the plaintiffs can prove they were harmed, how should we enforce privacy policies?

The Federal Trade Commission?

Just today the FTC announced it had settled a case with Advertising.com, which the government caught secretly installed spyware on the computers of people who thought they were installing an anti-spyware application.

The company, which tried to scare users into installing its SpyBlast software through ads blaring that a customer's computer was broadcasting an IP address (the online equivalent of saying you are naked under your clothes), was not fined.

Instead, the FTC got Advertising.com, a company acquired by AOL for nearly a half a billion dollars, to agree to show future customers an end-user license agreement -- you know the other long legalese thing no one ever reads on their computer.

That's the same FTC that never made a move on JetBlue, perhaps because the company apologized and announced it had hired a big name accounting firm to audit its privacy practices.

The same FTC that didn't find out that JetBlue had also violated its privacy policies two other times by turning over passenger records to the government and its contractors.

That had to come out from sworn Senate testimony by Transportation Security Administration honcho David Stone.

The same FTC that never did anything after that revelation.

To this day, JetBlue has never admitted these other transfers occurred or that it lied in the aftermath of the original disclosure when company officials, including CEO David Neeleman, swore to me and dozens of other reporters, that the Torch transfer was a one-time mistake.

Now, I like flying in JetBlue's wide seats, eating their fine selection of snacks and watching Animal Cops re-runs at 32,000 ft.

But that doesn't mean they should get a pass on promises they make to their customers or false statements they make to the media.

Yet save for a short bit of intense media attention, the company has escaped closer scrutiny or any penalty.

So, I'm still wondering, who should be in charge of enforcing privacy policies?

Or should we just all admit that they are simply a corporate charade?

Let's be honest.

In reality, strongly-worded privacy polices don't mean anything since no one will enforce their terms.

And companies not interested in even tempting the FTC fates have their policies written by a team of overpaid mercenary lawyers so that anything that company does with your private info is legal, even though the fool who bothers to click through to read the policy mistakenly thinks the company has made a binding promise to them to treat their data well.

Posted by Ryan Singel at 04:18 PM | Comments (1) | TrackBack

May 19, 2005 | Data Report Report Card

It's long been known that commercial data records, such as those Choicepoint uses as part of its background check service, contain inaccurate or plainly incorrect information.

Linda Ackerman and Deborah Pierce, the minds behind PrivacyActivism, just released a very small study confirming this, finding that 73% of ChoicePoint's biographical reports and 67% of Acxiom's have errors.

Even more telling is that Acxiom still doesn't care about serving citizens. While Choicepoint responded to 100% of Privacy Activism's request and provided reports in an average of 19 days.

For its part, Acxiom took an average of 89 days to deliver a report when it did so. But almost half the time (45%) it failed to respond at all.

This is very consistent with my experience from last year when Acxiom took months to respond to requests and though they claimed to have responded to my request, they only did do so after repeated calls to their chief privacy officer, Jennifer Barret.

Acxiom also claims to allow you to opt out of one of their databases, but only after sending you a bevy of forms intended to tell you how stupid a decision that would be.

If you persist and send in the form, it goes to a post office box. For all I know, it just sits there, since the company sends no confirmation.

If you want to test the system yourself (costs $5 for your report from Acxiom), contact their Consumer Advocate Hotline at 1-877-774-2094 (more info here). Once you get someone on the phone, you can ask for an opt-out form or a "Reference Information Report" form.

Once that's done, start in on a couple of Russian novels so you'll have something to distract you for three months, while Acxiom bureaucrats decide when and if to fulfill your request.

I wonder if it takes that long for Acxiom to deliver your name, purchase history, social security number and family details to marketers and government agencies?


Posted by Ryan Singel at 09:15 AM | TrackBack

May 19, 2005 | First Responders Captured on Surveillance Camera

Cities are using millions of dollars in federal first responder grants to install surveillance camera networks and buy data-mining software.

Homeland security officials say the purchases fall within first-responder grant guidelines and are important tools in the war on terrorism. But privacy advocates say the technology is no deterrent to terrorism and can be used to violate civil liberties.

"Big Brother is using his extended family as surrogates to develop and implement technology that is very invasive on privacy," said former Rep. Bob Barr, Georgia Republican and former U.S. attorney.

New York City has the largest and oldest system, with more than 7,000 public and private surveillance cameras. Baltimore, Chicago and New Orleans are installing camera surveillance networks with federal homeland security dollars.

Chicago financed its 2,250 cameras with a $5.1 million grant and is adding more cameras over the next two years with another $48 million first-responder grant. The cameras, which cost up to $60,000 each, are controlled remotely by police to zoom and rotate, and are equipped with night vision.

In 2004, homeland security funds bought $193 million worth of surveillance cameras. Similar "physical security enhancement equipment" for large cities is to be used primarily for ports, said Homeland Security Department spokesman Marc Short. "I can't imagine a more logical expenditure of funds," he said. [...]

Under a separate first-responder grant, $470,000 was awarded to North Carolina to develop facial imaging technology, which identifies people by measuring distances between points on a face. Federal officials want to use this technology for passport identification, but critics say the system won't work.

The rest of Audrey Hudson's Washington Times story is here.

Posted by Ryan Singel at 08:58 AM | TrackBack

May 05, 2005 | Statistically Improbable Story

Amazon's got a corpus, engineers with degrees and computers with powerful processors, and as today's story in Wired News shows, they aren't afraid to use them.

Name that famous book from just these phrases: "pagan harpooneers," "stricken whale," "ivory leg." Or how about this one: "old sport."

Yes, it's Herman Melville's Moby Dick and F. Scott Fitzgerald's The Great Gatsby, respectively, but the words aren't just a game. They are Statistically Improbable Phrases, the result of a new Amazon.com feature that compares the text of hundreds of thousands of books to reveal an author's signature constructions.

The haiku-like SIPs are not the only word toys on the site. Customers can also see the 100 most common words in a book. Penny pinchers -- or those with back problems -- can check stats on how many words a volume delivers per dollar or per ounce. (Bargain hunters will love the Penguin Classics edition of War and Peace that delivers 51,707 words per dollar.)

Customers can also see how complicated the writing is (yes, post-structuralist Michel Foucault's prose is foggier than Immanuel Kant's), and how much education you need to understand a book. (To understand French philosopher Pierre Bourdieu, you'll need a second Ph.D.)

While such services seem to have little value and have generated scant publicity, except from bibliophilic thrill seekers, web watchers say the madcap stats aren't just for kicks.

"(Amazon CEO) Jeff Bezos was born on numbers," said Nathan Torkington, an editor and conference coordinator for O'Reilly Media. "Before starting Amazon.com, he was a Wall Street analyst. They will be looking at this thinking, 'What can we do to drive the bottom line?' There's no way they will be regarding this as, 'We are math geeks and you will enjoy the numbers, too.'"

Really it's pretty fascinating what Amazon (and Google Scholar) might be able to pull off once their corpus includes millions of books. Hell, its pretty impressive -- all jokes aside -- what Amazon is doing with classification and phrases with the corpus they have now.

At risk of sounding too 1999, score one for the web here. This is pretty astounding. Even better is when Amazon opens an API for researchers so they can start testing natural language processing theories that are starving for books to test themselves on.

Posted by Ryan Singel at 09:22 AM | TrackBack

May 04, 2005 | Total Information Awareness, Inc.

The new head of the Department of Homeland Security suggested that private industry should start fishing in databases for potential terrorists and send those names on to the government, according to National Journal's Siobhan Gorman.

Homeland Security Secretary Michael Chertoff this week floated an idea to start a nonprofit group that would collect information on private citizens, flag suspicious activity, and send names of suspicious people to his department.

The idea, which Chertoff tossed out at an April 27 meeting with security-industry officials, is reminiscent of the Defense Department's now-dead Total Information Awareness program that sought to sift though heaps of foreign intelligence information to root out potential terrorist activity.

According to one techie who attended the April 27 meeting, Chertoff told the group, "Maybe we can create a nonprofit and track people's activities, and an algorithm could red-flag individuals. Then, the nonprofit could give us the names."

Full story here.

(Note: a correction to Gorman's fine reporting. TIA did seek to "sift through heaps of foreign intelligence information," but that is not what infuriated the public and Congress. Program researchers were building a predictive tool (think "pre-crime") that would sift through every possible commercial and government database that included records on American citizens. That included phone records , health records, veterinary records and credit card purchase data. The "foreign intelligence information" is certainly still being data-mined, if not by a black budget TIA, then by the intelligence community.)

What are the drawbacks to having a private company use unknown algorithms to search through the records of American citizens daily lives to find the names of potential terrorists so the group can give those names to a government entity with the name "Homeland" in its title? That's not Big Brother. That's not even distributed Big Brother. As Daniel Solove argues persuasively in his book The Digital Person, that's Kafka.

Here's the thing about the government. It has procedures and rules it must follow, if only perfunctorily.

So when I filed a Freedom of Information Act request to find out about the testing of TIA, DARPA had to respond.

It tried not to, dragging its feet, losing the file, but eventually they had to give me something. Granted what they gave me 18 months later was a public report to Congress and a privacy study already wrung out of the agency two years previous by the Electronic Privacy and Information Center, but I got something.

As per the law, I appealed their flimsy search. And if I don't win that administrative battle, I have the right to take the matter to a federal court.

Its ugly and slow and unglamorous, but if you are determined, you can find out, at least in outline, what the government is up to. The procedure is democratic with small d. (I can't say the same for DARPA's behavior.)

Still, if TIA were run by Lockheed Martin or some super-secret consortium of companies, how far do I get with a FOIA or even with a phone call or with a written Privacy Act request to know what information its database holds on me?

Nowhere. That's the procedure.

Let's hope Chertoff was simply doing his evil Captain Kirk impression, and his audience just didn't understand.

Posted by Ryan Singel at 09:23 AM | Comments (1) | TrackBack

April 25, 2005 | Matrix Reloaded

The MATRIX, a controversial law enforcement database designed to collate states' public records and commercial records, ran out of money April 15.

Civil liberties groups targeted the system as a state run successor to the Total Information Awareness system. The ACLU used FOIA to acquire documents showing the system was designed to use predictive data-mining (think pre-crime).

Florida officials now say that this capability was never given to the 13 participating states.

Even though federal funding has run out, Florida wants to begin anew, this time with a few changes.

Instead of a central database, Florida wants a system that can search databases remotely. This should improve accuracy and cut down on costs for other states -- though it will significantly impact the system's speed.

Florida is also looking to add data it did not have before -- specifically insurance data. What that actually means is hard to know.

There's more for those of you interested in my story in today's Wired News.

Posted by Ryan Singel at 09:35 AM | TrackBack

April 13, 2005 | Putting Chief in Chief Privacy Officer

Nuala O'Connor Kelly, Homeland Security's chief privacy officer, needs some better tools in her tool box -- at least according to News.com's Declan McCullagh.

McCullagh makes a convincing argument that Congress needs to give O'Connor Kelly the power to subpoena Homeland Security officials to turn over documents so she can investigate appropriately.

When politicians were concocting the massive bureaucracy a few years ago, they handed the privacy officer impressive-sounding tasks such as "assuring" that new technologies do not erode privacy and "evaluating" the impact of new government programs.

But Congress also neglected to give the job holder the power to twist arms and actually investigate privacy violations.

Nuala O'Connor Kelly, who got the post in April 2003, seems to be honestly trying to report on the sprawling bureaucracy's privacy performance.

O'Connor Kelly started looking into the TSA's role in convincing JetBlue to turn over its entire passenger database -- in total violation of its privacy promises to its customers -- to an Army contractor working on a data mining project, a story I broke for Wired News in September 2003.

For those keeping score at home, the TSA denied to me, the public and Congress that it had any role in that secret transfer or that any of its own contractors got data. That house of outright falsities fell little by little, as O'Connor Kelly finally reported that the TSA actually did ask JetBlue to help and almost a year later, the TSA admitted to Congress that 6 of the nation's largest airlines and a number of airline reservation companies had given data to the agency and its contractors.

Another internal DHS document (PDF)--obtained by the Electronic Privacy Information Center--reveals the difficulties that Kelly has encountered when asking recalcitrant bureaucrats to disgorge potentially embarrassing information.

Kelly was looking into how the Transportation Security Administration was involved with the transfer of passenger data from JetBlue Airways to the Defense Department. She started asking questions. She was rebuffed.

"I had sent my first inquiry to TSA public affairs, my second to (the agency's risk assessment office), but information has not been forthcoming," Kelly said in e-mail to Carol DiBattiste, the transportation security agency's deputy administrator, in November 2003. "This is particularly disturbing...We're getting better information from outside then we have from our own folks at this time."

DiBattiste sounded like she was replying to a pesky reporter when she wrote back: "TSA Public Affairs has no information in response to your request."

How fitting, then, that DiBattiste landed a plum $500,000-a-year job last month with privacy-impaired company ChoicePoint.

In a uncharacteristic fit of generosity, Declan omits the fact that on top of the half million salary, DiBattiste also gets a minimum bonus of $350,000 for 2005 and another $100,000 if she manages to stick around for a year.

At the same time, DiBattiste had no answers for O'Connor Kelly, she had only false ones for Congress. She was then the chief of staff for then-TSA boss Admiral James Loy, who was up for a promotion. He had to get through Senate confirmation and privacy conscious Senators Joe Lieberman and Susan Collins asked Loy about the TSA and JetBlue and its contractors.

His sworn answers to their written questions were flat out false.

Don't take my word for it -- look at page 44 of the Homeland Security Inspector General's cautious and overly redacted report (.pdf) on the data transfers.

TSA employees assisted in preparing responses to a pre-hearing questionnaire for the DHS Deputy Secretary’s November 18, 2003, confirmation hearing before the U.S. Senate Committee on Governmental Affairs.55 One question sought information about TSA’s role in the transfer of JetBlue passenger information to Torch Concepts. The November 18, 2003, response to the question stated that TSA provided assistance "…only in the form of an introduction for DOD to JetBlue Airlines [sic]."

In late November or early December 2003, TSA staff located a July 30, 2002, memorandum from the CAPPS II program manager to JetBlue’s security director requesting that the airline provide PNR data to Torch Concepts. Because this memo contradicted the Deputy Secretary’s November 18, 2003, response to the Committee on Governmental Affairs, on February 23, 2004, the Deputy Secretary sent a letter to the Chairman of the Committee amending his prior statement. His statement was amended to read, “In a July 30, 2002 memorandum, TSA requested that JetBlue provide archived passenger data to the DOD.” TSA staff did not provide a clear explanation as to why this memorandum was not brought to the Deputy Secretary’s attention before the November 18, 2003, hearing.

In another confirmation pre-hearing question, the U.S. Senate Committee on Governmental Affairs asked whether contractors working on CAPPS II had used any real world data for testing purposes. The Deputy Secretary’s response was that “TSA has not used any PNR data to test any of the functions of
CAPPS II. TSA is using certain information provided by volunteers, many are DHS employees,” including senior DHS officials. TSA did use volunteered information to test CAPPS II; however, PNR data also was used to test some of the system’s functions.

Now, I reported on these false statements, here and here.

But note, two very interesting things about the defanged IG report, one of the first after Inspector General Clark Kent Ervin was kicked to the curb by the Bush Administration.

One, to preserve the "privacy" of Admiral Loy and his staff, the report omits all names from its report.

Two, note that the report says that one of the statements was corrected. It mentions the other false statement, but neglects to point out or criticize the department for not correcting false sworn testimony to Congress. Neither Loy nor the TSA can claim they don't know about the statement since I reported it in April of 2004, almost a full year before the IG report. I tried to call Loy for clarification, but his office did not deign to respond to my phone call.

And, finally, to come full circle, ChoicePoint's Derek Smith should be very happy to have DiBattiste as his privacy overseer.

She was then Loy's chief of staff. Nothing that went for his signature, especially something that would be signed under penalty of perjury, could have gotten to Loy without her seeing and vetting it first.

But still, it seems her desire to protect her employer and her organization trumped her commitment to the truth and the rule of law.

Nowadays, that seems to be a laudable quality in any high level empl