Even as the government increasingly relies on of data mining -- scouring databases in search of clues about terrorism and everyday waste and fraud -- there aren't clear rules about the practice. Privacy activists say it's like the wild West, dangerously unregulated.
When the head of the Transportation Security Administration recently disclosed that four airlines and two reservation systems shared personal data on passengers without their consent, privacy activists predictably cried foul.
But they weren't alone. Sen. Joe Lieberman, top Democrat on the Governmental Affairs Committee, said the agency may have broken the 1974 Privacy Act.
The key phrase is "may have."
The data mining frontier could finally be seeing some civilizing influences take shape, particularly in the recommendations of a panel headed by former Federal Communications Commission chief Newton Minow that are getting particular praise.
The panel's report, released in early June, acknowledged the importance of data mining in fighting terrorism. But it also said broad searches through reams of records and commercial files, on citizens who have done nothing to warrant individual suspicion, threaten fundamental protections in the Bill of Rights.
Call to 'anonymize' data
To strike a balance, the group, known as the Technology and Privacy Advisory Committee (TAPAC), called for technological changes that would "anonymize" data so investigators could hunt for suspicious activities and associations without immediately knowing whom they were probing.
To query personally identifiable information, investigators would need authorization from the Foreign Intelligence Surveillance Court. That court has a rotating group of judges, chosen by the U.S. chief justice, who review applications for electronic surveillance.
TAPAC said its restrictions should apply only to general data mining on U.S. citizens. Analysis of government employees and airplane passenger lists, presumably including the developing CAPPS II airport security program, could continue unchanged. Foreign suspects and overseas intelligence data also would not be covered by the new restrictions.
Overall, TAPAC said the government needs to make data privacy and accuracy a bigger priority. It called for a reworking of U.S. data laws, which are "disjointed and often outdated, and as a result may compromise the protection of privacy, public confidence, and the nation's ability to craft effective and lawful responses to terrorism."
The clarity and compromise that define good laws have not been easy to find on this issue.
Conservative and liberal opponents fear data mining is a slippery slope to a Big Brother future, and say the use of privately accumulated data skirts prohibitions against the government's keeping of such files itself.
Supporters say the technology is essential for efficient government and national security. Some contend better use of data mining could have identified and perhaps prevented the 19 hijackers of Sept. 11, 2001.
While privacy activists have objected to several data mining programs, only a few systems have been affected, such as the Pentagon's now-shuttered Total Information Awareness project, which sought to sift through virtually as much data as possible. TAPAC was empaneled by Secretary of Defense Donald Rumsfeld to seek lessons from that debacle.
Most government use not aimed at terrorism
A slew of federal bodies have been drawn to data mining.
A report in May from the General Accounting Office, the investigative arm of Congress, found 199 examples of data mining programs in government agencies, including 54 that sift through information purchased from private-sector aggregators.
Most of the programs aren't aimed at terrorism. Several work to ensure federal employees aren't misusing government credit cards. The Internal Revenue Service plumbs databases to look for clues about potential tax cheats.
"There's a growing realization that data mining is a fact of life in the government and that we need to begin to get a handle on it, develop some rules," said Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union.
He called the TAPAC report "a good starting point."
Sen. Ron Wyden, an Oregon Democrat who has proposed steep curbs on government data mining, said he believed the TAPAC report would support his position, in part because the panel was independent and bipartisan. Its membership is listed at www.sainc.com/tapac/members.htm.
TAPAC's report also was received favorably at ChoicePoint Inc., a database aggregator that feeds information to many government systems.
"Between this and the report of the 9/11 Commission, these two together are going to be great points to begin the rational dialogue," said ChoicePoint's marketing director, James Lee.
No action expected until 2005
TAPAC was not the first to recommend information-anonymizing technology as a bridge in the security vs. privacy debate. Similar recommendations have come in analyses by the Markle Foundation, the Center for Democracy and Technology and the conservative Heritage Foundation.
Still, big agreements on data mining won't be easy. Even one of TAPAC's own members, William Coleman Jr., an attorney who served as Transportation Secretary in the Ford administration, disagreed with much of the report, saying it underestimated the terrorist threat.
Observers don't expect Congress to issue new data mining rules until 2005, partly because the subject is touchy in an election year. That disappoints privacy watchers who believe this is a crucial period.