Last modified: Wednesday, October 8, 2008
Report co-authored by IU professor casts doubt on anti-terrorism tools
FOR IMMMEDIATE RELEASE
Oct. 8, 2008
BLOOMINGTON, Ind. -- A new report from the National Academy of Sciences, part of which was co-authored by an Indiana University School of Law--Bloomington professor, casts doubt on the effectiveness, lawfulness and appropriateness of using data-based tools such as data-mining and biometrics to fight terrorism.
The report, "Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment," is the product of a three-year study by the Academy's Committee on Technical and Privacy Dimensions of Information for Terrorism Prevention and Other National Goals.
According to the report, automated data-mining techniques that search databases for unusual patterns of activity -- widely used in the private sector for spotting consumer fraud -- "will be extremely difficult" to use successfully for counterterrorism because of legal, technological and logistical problems.
The report notes that there is "no scientific consensus" about whether behavioral surveillance techniques, which try to identify terrorists by observing behavior or measuring physiological states, are ready for use at all in counterterrorism. At most, the committee concluded, behavioral surveillance techniques should be used for preliminary screening to identify those who merit follow-up investigation.
According to the report, counterterrorism programs that use personal data inherently raise privacy issues, and if those programs don't work, privacy invasions are likely to be unwarranted.
The report offered two specific recommendations. The first is that all counterterrorism programs that rely on personal data should be evaluated for their effectiveness, lawfulness, and impact on privacy. The second recommendation is for Congress to examine and update privacy laws to reflect dramatic technological changes.
The report provided a detailed framework for performing that analysis, primarily authored by Fred H. Cate, Distinguished Professor and C. Ben Dutton Professor of Law, and director of the Center for Applied Cybersecurity Research at the Indiana University School of Law--Bloomington. Cate also served as a committee member.
The committee's framework divides the analysis of data-based programs into two sets of inquiries: those designed to determine whether a program is or will be effective, and those designed to determine whether it complies with legal requirements and is consistent with American values.
In the wake of the terrorist attacks of Sept. 11, 2001, the U.S. government has conducted intelligence gathering programs -- some classified, some not -- that are designed to thwart any future attacks. But the NRC's report argues that such tactics often bring innocent people into the process, whether being screened at the airport, or being put on a watch list because of a Web site the individual has visited.
Although the report does not comment on any specific data-based programs currently in use, many involve the same data mining and biometric monitoring techniques about which the committee expressed such skepticism. For example, the U.S. government's Advanced Targeting System analyzes personal data in an effort to identify which airline passengers entering or leaving the country pose risks to national security. The Transportation Security Administration announced Monday that it would begin deploying body heat sensors at airports to attempt to determine which people entering airport buildings were carrying explosives.
Cate said the call for such programs to be evaluated prior to and after their implementation can allow the government to be proactive in its counterterrorism efforts while maintaining the civil liberties of its citizens.
"This report highlights the importance of not letting the pressure to 'do something' in response to terrorist threats cause us to ignore the science, testing, and legal measures necessary to ensure that we do something that works, that will be effective in protecting our nation, and that is consistent with our laws and values," Cate said.
The committee, whose work was requested by the Department of Homeland Security and the National Science Foundation, presented its report in Washington, D.C.
"The danger of terror attacks on the U.S. is real and serious, and we should use the information technologies at our disposal to combat this threat," said former Secretary of Defense William Perry, the co-chair of the committee that wrote the report and the Michael and Barbara Berberian Professor at Stanford University. "However, the threat does not justify government activities that violate the law, or fundamental changes in the level of privacy protection to which Americans are entitled."
Cate said the committee's recommendations aren't necessarily new.
"Almost all of the report's recommendations have appeared before," Cate said. "The real force of the report is its call on Congress, the executive branch, and the courts to do what they have long known that they should to protect our security and our privacy. This isn't rocket science; it is a question of political will."