Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment

Two specific technologies are examined: data mining and behavioral surveillance. Regarding data mining, the book concludes that although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism because so little is known about what patterns indicate terrorist activity. Regarding behavioral surveillance in a counterterrorist context, the book concludes that although research and development on certain aspects of this topic are warranted, there is no scientific consensus on whether these techniques are ready for operational use at all in counterterrorism.

Contents
EXECUTIVE SUMMARY
1 SCOPING THE ISSUE: TERRORISM, PRIVACY, AND TECHNOLOGY
1.1 The Nature of the Terrorist Threat to the United States
1.2 Counterterrorism and Privacy as an American Value
1.3 The Role of Information
1.4 Organizational Models for Terrorism and the Intelligence Process
1.5 Activities of the Intelligence Community and of Law Enforcement Agencies
1.6 Technologies of Interest in This Report
1.6.1 Data Mining
1.6.2 Behavioral Surveillance
1.7 The Social and Organizational Context
1.8 Key Concepts
1.8.1 The Meaning of Privacy
1.8.2 Effectiveness
1.8.3 Law and Consistency with Values
1.8.4 False Positives, False Negatives, and Data Quality
1.8.5 Oversight and Prevention of Abuse 1
1.9 The Need for a Rational Assessment Process
2 A FRAMEWORK FOR EVALUATING INFORMATION-BASED PROGRAMS TO FIGHT TERRORISM OR SERVE OTHER IMPORTANT NATIONAL GOALS
2.1 The Need for a Framework for Evaluating Information-Based Programs
2.2 Evaluating Effectiveness
2.3 Evaluating Consistency with U.S. Law and Values
2.3.1 Data
2.3.2 Programs
2.3.3 Administration and Oversight
2.4 A Note for Policy Makers: Applying the Framework in the Future
2.5 Summary of Framework Criteria
2.5.1 For Evaluating Effectiveness
2.5.2 For Evaluating Consistency with Laws and Values
2.5.3 For Developing New Laws and Policies
3 CONCLUSIONS AND RECOMMENDATIONS
3.1 Basic Premises
3.2 Conclusions Regarding Privacy
3.2.1 Protecting Privacy
3.2.2 Distinctions Between Capability and Intent
3.3 Conclusions Regarding the Assessment of Counterterrorism Programs
3.4 Conclusions Regarding Data Mining
3.4.1 Policy and Law Regarding Data Mining
3.4.2 The Promise and Limitations of Data Mining
3.5 Conclusions Regarding Deception Detection and Behavioral Surveillance
3.6 Conclusions Regarding Statistical Agencies
3.7 Recommendations
3.7.1 Systematic Evaluation of Every Information-Based Counterterrorism Program
3.7.2 Periodic Review of U.S. Law, Policy, and Procedures for Protection of Privacy
APPENDIXES
A Acronyms
B Terrorism and Terrorists
B.1 The Nature of Terrorism
B.2 Some Tactics of Terrorism
B.3 A Historical Perspective on Terrorism
B.4 Explaining Terrorism
B.5 Al Qaeda and the Terrorist Threat to the United States
B.6 Terrorists and Their Supporting Technologies
B.7 Looking to the Future
C Information and Information Technology
C.1 The Information Life Cycle
C.1.1 Information Collection
C.1.2 Information Correction and Cleaning
C.1.3 Information Storage
C.1.4 Information Analysis and Use
C.1.5 Information Sharing
C.1.6 Information Monitoring
C.1.7 Information Retention
C.1.8 Issues Related to Data Linkage
C.1.9 Connecting the Information Life Cycle to the Framework
C.2 The Underlying Communications and Information Technology
C.2.1 Communications Technology
C.2.2 Information Technology
C.2.3 Managing Information Technology Systems and Programs
D The Life Cycle of Technology, Systems, and Programs
E Hypothetical and Illustrative Applications of the Framework to Various Scenarios
E.1 Airport Security
E.1.1 The Threat
E.1.2 A Possible Technological Approach to Addressing the Threat
E.1.3 Possible Privacy Impacts
E.1.4 Applying the Framework
E.2 Syndromic Surveillance
E.2.1 The Threat
E.2.2 A Possible Technological Approach to Addressing the Threat
E.2.3 Possible Privacy Impacts
E.2.4 Applying the Framework
F Privacy-Related Law and Regulation: The State of the Law and Outstanding Issues
F.1 The Fourth Amendment
F.1.1 Basic Concepts
F.1.2 Machine-Aided Searches
F.1.3 Searches and Surveillance for National Security and Intelligence Purposes That Involve U.S. Persons Connected to a Foreign Power or That Are Conducted Wholly Outside the United States
F.1.4 The Miller-Smith Exclusion of Third-Party Records
F.2 The Electronic Communications Privacy Act
F.3 The Foreign Intelligence Surveillance Act
F.4 The Privacy Act
F.5 Executive Order 12333 (U.S. Intelligence Activities)
F.6 The Adequacy of Today’s Electronic Surveillance Law
F.7 Further Reflections from the Technology and Privacy Advisory Committee Report
G The Jurisprudence of Privacy Law and the Need for Independent Oversight
G.1 Substantive Privacy Rules
G.1.1 Privacy Challenges Posed by Advanced Surveillance and Data Mining
G.1.2 Evolution of Regulation of New Technologies
G.1.3 New Surveillance Techniques That Raise Privacy Questions Unaddressed by Constitutional or Statutory Privacy Rules
G.1.4 New Approaches to Privacy Protection: Collection Limitation Versus Use Limitation
G.2 Procedural Privacy Rules and the Need for Oversight
G.2.1 Oversight Mechanisms of the U.S. Government
G.2.2 A Framework for Independent Oversight 79
G.2.3 Applying Independent Oversight for Government Agencies to Protect Privacy
G.2.4 Collateral Benefits of Oversight
H Data Mining and Information Fusion
H.1 The Need for Automated Techniques for Data Analysis
H.2 Preparing the Data to Be Mined
H.3 Subject-Based Data Mining as an Extension of Standard Investigative Techniques
H.4 Pattern-Based Data Mining Techniques as Illustrations
of More Sophisticated Approaches
H.5 The Evaluation of Data Mining Techniques
H.5.1 The Essential Difficulties of Evaluation
H.5.2 Evaluation Considerations
H.6 Expert Judgment and Its Role in Data Mining
H.7 Issues Concerning the Data Available for Use with Data Mining and the Implications for Counterterrorism and Privacy
H.8 Data Mining Components in an Information-Based Counterterrorist System
H.9 Information Fusion
H.10 An Operational Note
H.11 Assessment of Data Mining for Counterterrorism
I Illustrative Government Data Mining Programs and Activity
I.1 Total/Terrorism Information Awareness (TIA)
I.2 Computer-Assisted Passenger Prescreening System II (CAPPS II) and Secure Flight
I.3 Multistate Anti-Terrorism Information Exchange (MATRIX)
I.4 Able Danger
I.5 Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement (ADVISE)
I.6 Automated Targeting System (ATS)
I.7 The Electronic Surveillance Program
I.8 Novel Intelligence from Massive Data (NIMD) Program
I.9 Enterprise Data Warehouse (EDW)
I.10 Law Enforcement Analytic Data System (NETLEADS)
I.11 ICE Pattern Analysis and Information Collection System (ICEPIC)
I.12 Intelligence and Information Fusion (I2F)
I.13 Fraud Detection and National Security Data System (FDNS-DS)
I.14 National Immigration Information Sharing Office (NIISO)
I.15 Financial Crimes Enforcement Network (FinCEN) and BSA Direct
I.16 Department of Justice Programs Involving Pattern-Based Data Mining
J The Total/Terrorist Information Awareness Program
J.1 A Brief History
J.2 A Technical Perspective on TIA’s Approach to Protecting Privacy
J.3 Assessment
K Behavioral-Surveillance Techniques and Technologies
K.1 The Rationale for Behavioral Surveillance
K.2 Major Behavioral-Detection Methods
K.2.1 Facial Expression
K.2.2 Vocalization
K.2.3 Other Muscle Activity
K.2.4 Autonomic Nervous System
K.2.5 Central Nervous System
K.3 Assessing Behavioral-Surveillance Techniques
K.4 Behavioral and Data Mining Methods: Similarities and Differences
L The Science and Technology of Privacy Protection
L.1 The Cybersecurity Dimension of Privacy
L.2 Privacy-Preserving Data Analysis
L.2.1 Basic Concepts
L.2.2 Some Simple Ideas That Do Not Work in Practice
L.2.3 Private Computation
L.2.4 The Need for Rigor
L.2.5 The Effect of Data Errors on Privacy
L.3 Enhancing Privacy Through Information-System Design
L.3.1 Data and Privacy
L.3.2 Information Systems and Privacy
L.4 Statistical Agency Data and Approaches
L.4.1 Confidentiality Protection and Public Data Release
L.4.2 Record Linkage and Public Use Files
M Public Opinion Data on U.S. Attitudes Toward Government Counterterrorism Efforts
M.1 Introduction
M.2 Data and Methodology
M.3 Organization of This Appendix
M.4 General Privacy Attitudes
M.5 Government Surveillance
M.5.1 Trends in Attitudes Toward Surveillance Measures
M.5.2 Communications Monitoring
M.5.3 Monitoring of Financial Transactions
M.5.4 Video Surveillance
M.5.5 Travel Security
M.5.6 Biometric Identification Technologies
M.5.7 Government Use of Databases and Data Mining
M.5.8 Public Health Uses of Medical Information
M.6 The Balance Between Civil Liberties and Terrorism Investigation
M.6.1 Civil Liberties Versus Terrorism Prevention
M.6.2 Privacy Costs of Terrorism Investigation
M.6.3 Personal Willingness to Sacrifice Freedoms
M.6.4 Concerns About Uses of Expanded Powers
M.7 Conclusions
M.8 Annex
M.8.1 Details of Cited Surveys
M.8.2 Research of Organization/Sponsor Name
M.8.3 List of Surveys
M.8.4 References
N Committee and Staff Biographical Information
O Meeting Participants and Other Contributors