The 'Privacy' Jihad

[R. A. Hettinga]

<http://online.wsj.com/article_print/0,,SB108079540145771406,00.html>

The Wall Street Journal

      April 1, 2004

 COMMENTARY


The 'Privacy' Jihad

By HEATHER MAC DONALD
April 1, 2004; Page A14


The 9/11 Commission hearings have focused public attention again on the
intelligence failures leading up to the September attacks. Yet since 9/11,
virtually every proposal to use intelligence more effectively -- to connect
the dots -- has been shot down by left- and right-wing libertarians as an
assault on "privacy." The consequence has been devastating: Just when the
country should be unleashing its technological ingenuity to defend against
future attacks, scientists stand irresolute, cowed into inaction.

The privacy advocates -- who range from liberal groups focused on
electronic privacy, such as the Electronic Privacy Information Center, to
traditional conservative libertarians, such as Americans for Tax Reform --
are fixated on a technique called "data mining." By now, however, they have
killed enough different programs that their operating principle can only be
formulated as this: No use of computer data or technology anywhere at any
time for national defense, if there's the slightest possibility that a
rogue use of that technology will offend someone's sense of privacy. They
are pushing intelligence agencies back to a pre-9/11 mentality, when the
mere potential for a privacy or civil liberties controversy trumped
security concerns.

* * *

The privacy advocates' greatest triumph was shutting down the Defense
Department's Total Information Awareness (TIA) program. Goaded on by New
York Times columnist William Safire, the advocates presented the program as
the diabolical plan of John Poindexter, the former Reagan national security
adviser and director of Pentagon research, to spy on "every public and
private act of every American" -- in Mr. Safire's words.

The advocates' distortion of TIA was unrelenting. Most egregiously, they
concealed TIA's purpose: to prevent another attack on American soil by
uncovering the electronic footprints terrorists leave as they plan and
rehearse their assaults. Before terrorists strike, they must enter the
country, receive funds, case their targets, buy supplies, and send phone
and e-mail messages. Many of those activities will leave a trail in
electronic databases. TIA researchers hoped that cutting-edge computer
analysis could find that trail in government intelligence files and,
possibly, in commercial databases as well.

TIA would have been the most advanced application yet of "data mining," a
young technology which attempts to make sense of the explosion of data in
government, scientific and commercial databases. Through complex
algorithms, the technique can extract patterns or anomalies in data
collections that a human analyst could not possibly discern. Public health
authorities have mined medical data to spot the outbreak of infectious
disease, and credit-card companies have found fraudulent credit-card
purchases with the method, among other applications.

But according to the "privacy community," data mining was a dangerous,
unconstitutional technology, and the Bush administration had to be stopped
from using it for any national-security or law-enforcement purpose. By
September 2003, the hysteria against TIA had reached a fevered pitch and
Congress ended the research project entirely, before learning the
technology's potential and without a single "privacy violation" ever having
been committed.

The overreaction is stunning. Without question, TIA represented a radical
leap ahead in both data-mining technology and intelligence analysis. Had it
used commercial data, it would have given intelligence agencies
instantaneous access to a volume of information about the public that had
previously only been available through slower physical searches. As with
any public or private power, TIA's capabilities could have been abused --
which is why the Pentagon research team planned to build in powerful
safeguards to protect individual privacy. But the most important thing to
remember about TIA is this: It would have only used data to which the
government was already legally entitled. It differed from existing
law-enforcement and intelligence techniques only in degree, not kind.
Pattern analysis -- the heart of data mining -- is conventional
crime-solving, whether the suspicious patterns are spotted on a crime pin
map, on a city street, or in an electronic database.

The computing world watched TIA's demolition and rationally concluded:
Let's not go there. "People and companies will no longer enter into
technology research [involving national-security computing] because of the
privacy debates," says a privacy officer for a major information retrieval
firm.

But the national-security carnage was just beginning. Next on the block: a
biometric camera to protect embassies and other critical government
buildings from terrorist attack; and an artificial intelligence program to
help battlefield commanders analyze engagements with the enemy. In the
summer of 2003, New York Times columnists Maureen Dowd and Mr. Safire
sneered at the programs, portraying them as -- once again -- the personal
toys of the evil Mr. Poindexter to invade the privacy of innocent
Americans. The Dowd-Safire depictions of the projects were fantastically
inaccurate; but Pentagon researchers, already reeling from the
public-relations disaster of TIA, cancelled both projects without a fight.
Special forces leaders in Afghanistan and embassies in terror-sponsoring
states will just have to make do.

The privacy vigilantes now have in their sights an airline-passenger
screening system and an interstate network to share law-enforcement and
intelligence information. Both projects could soon go down in flames. As to
whether that would be in the national interest, readers should ask
themselves if they would be happy to fly seated next to Mohamed Atta. If
yes, they needn't worry about the cancellation of the Computer Assisted
Passenger Prescreening System (known as Capps II). And if they don't care
whether police can track down a child abductor within minutes of his crime,
then they shouldn't care about the crippling of the Multistate
Anti-Terrorism Information Exchange, either.

Capps II seeks to verify that an airline passenger is who he says he is and
has no terrorist ties. To that end, the program would ask passengers to
supply their name, address, phone number and date of birth upon purchasing
a plane ticket. A commercial databank would cross-check those four
identifiers against its own files to see if they match up. Next, Capps II
would run the passenger's name through anti-terror intelligence files.
Depending on the results of both checks, the system would assign a risk
score to air travelers -- acceptable, unknown, or unacceptable.

Privacy zealots have mischaracterized Capps II as a sinister rerun of TIA
-- which it is not, since it has nothing to do with data mining -- and as a
plot to trample the privacy rights of Americans. They argue that, by asking
your name and other minimal identifying information already available on
the Internet and in countless commercial and government databases, aviation
officials are conducting a Fourth Amendment "search" of your private
effects for which they should obtain a warrant based on probable cause that
you have committed a crime. Such a broad reading of the Constitution is
groundless, but even were the collecting of publicly available information
a "search," it is clearly reasonable as a measure to protect airline safety.

Development of Capps II has come to a halt, due to specious privacy
crusading. Air passengers can only hope that when the next al Qaeda
operative boards a plane, baggage screeners are having a particularly good
day, free of the human errors that regularly let weapons on board.

Also under a death sentence: a state-run law-enforcement program called
"Multistate Anti-Terrorism Information Exchange." Known as Matrix, it
allows police officers to search multiple law-enforcement databases and
public records in the blink of an eye after a crime has been committed. It
uses only information that law enforcement can already routinely access:
its own records on suspects, convicts and sexual offenders, as well as
publicly available data from county courthouses, telephone directories and
business filings. Strong protections against abuse are built into the
system.

Matrix developers had hoped to allow law-enforcement agencies nationwide to
instantaneously connect the dots about itinerant felons like the D.C.
snipers. That won't happen, however, thanks to the lies of the privacy
community. Using the familiar tactic of tying the hated program to TIA and
data mining, and of invoking Big Brother totalitarianism, the advocates
have browbeaten nearly two-thirds of the states that had originally joined
the data-sharing pact into withdrawing from it.

The bottom line is clear: The privacy battalions oppose not just particular
technologies, but technological innovation itself. Any effort to use
computerized information more efficiently will be tarred with the
predictable buzzwords: "surveillance," "Orwellian," "Poindexter." This
Luddite approach to counterterrorism could not be more ominous. The volume
of information in government intelligence files long ago overwhelmed the
capacity of humans to understand it. Agents miss connections between people
and events every day. Machine analysis is essential in an intelligence
tidal wave.

Before the privacy onslaught, scientists and intelligence officials were
trying to find ways of identifying those fanatics who seek to destroy
America before they strike again. Now many avenues are closed to them. This
despite the fact that proposals for assessing risk in such areas as
aviation do not grow out of an omnivorous desire to "spy on citizens" but
out of a concrete need to protect people from a clear threat. And since
9/11, no one's "privacy rights" have been violated by terror pre-emption
research.

The "privocrats" will rightly tell you that eternal vigilance is the price
of liberty. Trouble is, they're aiming their vigilance at the wrong target.

Ms. Mac Donald is a fellow at the Manhattan Institute. This is adapted from
the forthcoming issue of City Journal.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com