Privacy advocates: Congress must police data gathering

Assurances of "limited scope" aren't enough

TSA officials have described CAPPS II as a data analysis tool that would run an airline passenger's name, address, phone number and birth date through a sophisticated data analysis process to determine if that passenger presented a terrorism risk. Passengers would then get a score, ranging from green (safe to fly) to yellow (warrants more surveillance) to red (take into custody).

Steinhardt and Paul Rosenzweig, a senior legal research fellow at the Heritage Foundation, both called on Congress to keep a close eye on TIA and CAPPS II. "What will you be doing to examine whether or not it's being used appropriately or inappropriately?" Rosenzweig asked the subcommittee members. "Congress is going to need absolute, unfettered access to information about the operation of a system like CAPPS II."

A 116-page report detailing the TIA program was released to Congress Tuesday, as required under a spending bill amendment authored by Senator Ron Wyden, an Oregon Democrat. The report is available at http://www.darpa.mil/body/tia/tia_report_page.htm. A Wyden spokeswoman said the report confirms the senator's concern that Congress should oversee the project. Wyden will need to be assured that privacy protections are in place, she added.

The name of TIA was changed because Total Information Awareness "created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens," the report said. Instead, DARPA intends to use data that is either foreign intelligence legally gained by the U.S. government or "wholly synthetic (artificial) data that has been generated, for research purposes only, to resemble and model real-world patterns of behavior." DARPA officials have described TIA as a program that would build models of terrorist activities, based on assumptions from intelligence officials, that could be used to identify terrorism suspects.

Some in Congress didn't accept the DARPA explanation. "Renaming this may make it sound less Orwellian, but it does not change the intent and scope of this $53 million program," Senator Patrick Leahy, a Vermont Democrat, said in a written statement. "Before we start pulling people off airplanes and denying them jobs based on large-scale data mining, we need to know whether this technology will generate too few solid investigative leads at the cost of too many false alarms and ruined reputations."

The DARPA report said the right to privacy was a "bedrock principle," but Leahy and Representative William Lacy Clay, a Missouri Democrat, complained that Congress has been given little information about government data-gathering projects. "Congress still doesn't know what data is going to be used in CAPPS II or what rights the citizens will have," Clay said at the subcommittee hearing.

A TSA spokesman said CAPPS II criteria was still being developed, but the agency was "absolutely committed" to briefing Congress once more details were available. "We've got to create the criteria before we can brief them on it," he said.

Both agencies have changed their stories over time when asked to explain their data analysis projects, Steinhardt charged. He showed the subcommittee two DARPA charts explaining TIA, the earlier one saying transactional data such as medical, travel and financial records would be fed into the TIA database, and the second not including those details.