Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page R1
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
PROTECTING INDIVIDUAL PRIVACY IN THE STRUGGLE AGAINST TERRORISTS
A Framework for Program Assessment
Committee on Technical and Privacy Dimensions of Information for Terrorism Prevention and Other National Goals
Committee on Law and Justice and Committee on National Statistics
Division on Behavioral and Social Sciences and Education
Computer Science and Telecommrunications Board
Division on Engineering and Physical Sciences
NATIONAL RESEARCH COUNCIL OF THE NATIONAL ACADEMIES
THE NATIONAL ACADEMIES PRESS
Washington, D.C.
www.nap.edu
OCR for page R2
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
THE NATIONAL ACADEMIES PRESS
500 Fifth Street, N.W. Washington, DC 20001
NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance.
Support for this project was provided by the Bureau of Transportation Statistics, with assistance from the National Science Foundation under sponsor award number SES-0112521; the Department of Homeland Security, with assistance from the National Science Foundation under sponsor award number SES-0411897; the National Center for Education Statistics, with assistance from the National Science Foundation under sponsor award number SBR-0453930; and the National Science Foundation under sponsor award numbers SRS-0632055 and IIS-0441216. Additional funding was provided by the Presidents’ Circle Communications Initiative of the National Academies.
Library of Congress Cataloging-in-Publication Data
Protecting individual privacy in the struggle against terrorists : a framework for program assessment.
p. cm.
Includes bibliographical references.
ISBN 978-0-309-12488-1 (pbk.) — ISBN 978-0-309-12489-8 (pdf) 1. Terrorism—United States—Prevention. 2. Surveillance detection—United States. 3. Privacy, Right of—United States. 4. Technological innovations—Law and legislation—United States.
HV6432.P76 2008
363.325′163--dc22
2008033554
This report is available from
Committee on Law and Justice or
Computer Science and Telecommunications Board
National Research Council
500 Fifth Street, N.W.
Washington, DC 20001
Additional copies of this report are available from the
National Academies Press,
500 Fifth Street, N.W., Lockbox 285, Washington, DC 20055; (800) 624-6242 or (202) 334-3313 (in the Washington metropolitan area); Internet, http://www.nap.edu.
Copyright 2008 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America
OCR for page R3
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
THE NATIONAL ACADEMIES
Advisers to the Nation on Science, Engineering, and Medicine
The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences.
The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Charles M. Vest is president of the National Academy of Engineering.
The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine.
The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. Charles M. Vest are chair and vice chair, respectively, of the National Research Council.
www.national-academies.org
OCR for page R4
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
This page intentionally left blank.
OCR for page R5
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
COMMITTEE ON TECHNICAL AND PRIVACY DIMENSIONS OF INFORMATION FOR TERRORISM PREVENTION AND OTHER NATIONAL GOALS
WILLIAM J. PERRY,
Stanford University,
Co-chair
CHARLES M. VEST,
National Academy of Engineering,
Co-chair
W. EARL BOEBERT,
Sandia National Laboratories
MICHAEL L. BRODIE,
Verizon Communications
DUNCAN A. BROWN,
Johns Hopkins University
FRED H. CATE,
Indiana University
RUTH A. DAVID,
Analytic Services, Inc.
RUTH M. DAVIS,
Pymatuning Group, Inc.
WILLIAM H. DuMOUCHEL,
Lincoln Technologies, Inc.
CYNTHIA DWORK,
Microsoft Research
STEPHEN E. FIENBERG,
Carnegie Mellon University
ROBERT J. HERMANN,
Global Technology Partners, LLC
R. GIL KERLIKOWSKE,
Seattle Police Department
ORIN S. KERR,
George Washington University Law School
ROBERT W. LEVENSON,
University of California, Berkeley
TOM M. MITCHELL,
Carnegie Mellon University
TARA O’TOOLE,
University of Pittsburgh Medical Center
DARYL PREGIBON,
Google, Inc.
LOUISE RICHARDSON,
Harvard University
BEN A. SHNEIDERMAN,
University of Maryland
DANIEL J. WEITZNER,
Massachusetts Institute of Technology
Staff
BETTY M. CHEMERS,
Committee on Law and Justice
CAROL PETRIE,
Committee on Law and Justice
JULIE ANNE SCHUCK,
Committee on Law and Justice
MICHAEL L. COHEN,
Committee on National Statistics
HERBERT S. LIN,
Computer Science and Telecommunications Board
JANICE M. SABUDA,
Computer Science and Telecommunications Board (through April 2008)
OCR for page R6
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
COMMITTEE ON LAW AND JUSTICE (DBASSE)
JAMES Q. WILSON,
University of California, Los Angeles (Emeritus),
Chair
PHILIP J. COOK,
Terry Sanford Institute of Public Policy, Duke University,
Vice Chair
DAVID H. BAYLEY,
University of Albany, State University of New York
RICHARD J. BONNIE,
University of Virginia Law School
MARTHA CRENSHAW,
Wesleyan University
ROBERT D. CRUTCHFIELD,
University of Washington
JOHN J. DIIULIO, JR.,
University of Pennsylvania
STEVEN N. DURLAUF,
University of Wisconsin, Madison
JOHN A. FEREJOHN,
Stanford University
ARTHUR S. GOLDBERGER,
University of Wisconsin, Madison
BRUCE HOFFMAN,
RAND Corporation
ROBERT L. JOHNSON,
New Jersey Medical School
JOHN H. LAUB,
University of Maryland
TRACEY L. MEARES,
University of Chicago
TERRIE E. MOFFITT,
University of London
MARK H. MOORE,
Harvard University
RUTH PETERSON,
Ohio State University
RICHARD ROSENFELD,
University of Missouri–St. Louis
ROBERT J. SAMPSON,
Department of Sociology, Harvard University
JEREMY TRAVIS,
Jay College of Criminal Justice, New York
CHRISTY VISHER,
The Urban Institute
CAROL PETRIE, Director
BETTY CHEMERS, Senior Program Officer
LINDA DePUGH, Program Associate
OCR for page R7
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
COMMITTEE ON NATIONAL STATISTICS (DBASSE)
WILLIAM F. EDDY,
Department of Statistics, Carnegie Mellon University,
Chair
KATHARINE ABRAHAM,
University of Maryland
ROBERT BELL,
AT&T Research Laboratories
WILLIAM DuMOUCHEL,
Lincoln Technologies, Inc.
JOHN HALTIWANGER,
University of Maryland
V. JOSEPH HOTZ,
University of California, Los Angeles
KAREN KAFADAR,
University of Colorado, Denver, and Health Sciences Center
DOUGLAS MASSEY,
Princeton University
VIJAY NAIR,
University of Michigan, Ann Arbor
JOSEPH NEWHOUSE,
Harvard University
SAMUEL H. PRESTON,
University of Pennsylvania
KENNETH PREWITT,
Columbia University
LOUISE RYAN,
Harvard University
NORA CATE SCHAEFFER,
University of Wisconsin, Madison
ALAN ZASLAVSKY,
Harvard University Medical School
CONSTANCE F. CITRO, Director
OCR for page R8
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD (DEPS)
JOSEPH F. TRAUB,
Columbia University,
Chair
PRITHVIRAJ BANERJEE,
Hewlett Packard Company
FREDERICK R. CHANG,
University of Texas, Austin
WILLIAM DALLY,
Stanford University
MARK E. DEAN,
IBM Almaden Research Center
DEBORAH ESTRIN,
University of California, Los Angeles
KEVIN KAHN,
Intel Corporation
JAMES KAJIYA,
Microsoft Corporation
RANDY H. KATZ,
University of California, Berkeley
JOHN E. KELLY III,
IBM
SARA KIESLER,
Carnegie Mellon University
PETER LEE,
Carnegie Mellon University
TERESA H. MENG,
Stanford University
WILLIAM H. PRESS,
University of Texas, Austin
PRABHAKAR RAGHAVAN,
Yahoo! Research
ALFRED Z. SPECTOR,
Google, Inc.
ROBERT F. SPROULL,
Sun Microsystems, Inc.
PETER SZOLOVITS,
Massachusetts Institute of Technology
ANDREW J. VITERBI,
Viterbi Group, LLC
PETER WEINBERGER,
Google, Inc.
JON EISENBERG, Director
KRISTEN R. BATCH, Associate Program Officer
RENEE HAWKINS, Financial and Administrative Manager
HERBERT S. LIN, Chief Scientist
LYNETTE I. MILLETT, Senior Program Officer
MORGAN R. MOTTO, Program Associate
ERIC WHITAKER, Senior Program Assistant
For more information on CSTB, see its Web site at http://www.cstb.org, write to CSTB, National Research Council, 500 Fifth Street, N.W., Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at cstb@nas.edu.
OCR for page R9
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
Preface
In late 2005, the National Research Council (NRC) convened the Committee on Technical and Privacy Dimensions of Information for Terrorism Prevention and Other National Goals. Supported by the U.S. Department of Homeland Security and the National Science Foundation, the committee was charged with addressing information needs of the government that arise in its deployment of various forms of technology for broad access to and analysis of data as it faces the challenges of terrorism prevention and threats to public health and safety. Specifically of interest was the nexus between terrorism prevention, technology, privacy, and other policy issues and the implications and issues involved in deploying data mining, information fusion, and behavioral surveillance technologies. The study sought to develop a conceptual framework that policy makers and the public can use to consider the utility, appropriateness, and empirical validity of data generated and analyzed by various forms of technology currently in use or planned in the near future. The committee notes that the development of this framework did not include the development of systems for preventing terrorism. By design and in response to the charge for the study, this report focuses on data mining and behavioral surveillance as the primary techniques of interest.
The committee interpreted its charge as helping government policy makers to evaluate and make decisions about information-based programs to fight terrorism or serve other important national goals, and it thus sought to provide a guide for government officials, policy makers, and technology developers as they continue to explore new surveillance
OCR for page R10
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
tools in the service of important national security goals. Chapter 1 scopes the issues involved and introduces key concepts that are explored in much greater depth in the appendixes. Chapter 2 outlines a framework for a systematic assessment of information-based programs being considered or already in use for counterterrorist purposes (and other important national needs, such as law enforcement and public health) in terms of each program’s effectiveness and its consistency with U.S. laws and values. Chapter 3 provides the committee’s conclusions and recommendations. The appendixes elaborate extensively on the scientific and technical foundations that underpin the committee’s work and the legal and organizational context in which information-based programs necessarily operate. The committee regards the appendixes as essential elements of the report.
Note that although the committee heard from representatives from many government agencies, this report does not evaluate or critique any specific U.S. government program. Rather, it is intended to provide policy makers with a systematic framework for thinking about existing and future operational information-based programs, especially in a counterterrorist context.
Nowhere is the need for this study and the framework it proposes more apparent than in the history of the Total Information Awareness (TIA) program. Indeed, the TIA program and the issues it raised loomed large in the background when this committee was appointed, and although the TIA program was terminated in September 2003, it is safe to say that the issues raised by this program have not been resolved in any fundamental sense. Moreover, many other data mining activities supported by the U.S. government continue to raise the same issues: the potential utility of large-scale databases containing personal information for counterterrorist and law enforcement purposes and the potential privacy impact of law enforcement and national security authorities using such databases. A brief history of the TIA program is contained in Appendix J.
The committee consisted of 21 people with a broad range of expertise, including national security and counterterrorism, intelligence and counterintelligence, privacy law and information protection, organizations and organizational structure, law enforcement, statistics, information technology, cognitive psychology, terrorism, database architecture, public health, artificial intelligence, databases, cryptography, machine learning and statistics, and information retrieval.
From 2005 to 2007, the committee held six meetings, most of which were intended to enable it to explore a wide range of points of view. For example, briefings and other inputs were obtained from government officials at all levels, authorities on international law and practice relat-
OCR for page R11
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
ing to policy, social scientists and philosophers concerned with collection of personal data, experts on privacy-enhancing technologies, business representatives concerned with the gathering and uses of personal data, and researchers who use personal data in their work. Several papers were commissioned and received, as well as a number of contributed white papers.
Preparation of the report was undertaken on an unclassified basis. Although a number of classified programs of the U.S. government make use of data mining, the fundamental principles of data mining themselves are not classified, and these principles apply to both classified and unclassified applications. Thus, at the level of analysis presented in this report, the fact that some of the U.S. government’s counterterrorist programs are classified does not materially affect the analysis provided here. In addition, the U.S. government operates a variety of classified programs intended to collect data that may be used for counterterrorist purposes. However, as collection programs, they are out of the scope of this report, and all that need be noted is that they produce data relevant to the counterterrorist mission and that data mining and information fusion technologies must process.
This study could not have been undertaken without the support of the government project officers, Larry Willis, U.S. Department of Homeland Security, and Larry Brandt and Brian D. Humes, National Science Foundation, who recognize the complex issues involved in developing and using new technologies to respond to terrorism and other national efforts, such as law enforcement and public health, and the need to think through how this might best be done.
Given the scope and breath of the study, the committee benefited greatly from the willingness of many individuals to share their perspectives and expertise. We are very grateful to the following individuals for their helpful briefings on technologies for data mining and detection of deception: Paul Ekman, University of California, San Francisco; Mark Frank, University of Buffalo; John Hollywood, RAND Corporation; David Jensen, University of Massachusetts; Jeff Jonas, IBM; David Scott, Rice University; John Woodward, RAND Corporation; and Thomas Zeffiro, Georgetown University. Useful insights on the use of these technologies in the private sector were provided by Scott Loftnesness, Glenbrook Partners, and Dan Schutzer, Financial Services Technical Consortium. William Winkler, Census Bureau, helped the committee understand the technologies’ potential impact on federal statistical agencies.
Background briefings on relevant privacy law and policy were provided by Henry Greely, Stanford University; Barry Steinhardt, American Civil Liberties Union; Kim Taipale, Center for Advanced Studies in Science and Technology Policy; and Lee Tien, Electronic Frontier Founda-
OCR for page R14
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
Acknowledgment of Reviewers
This report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the National Research Council’s Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this report:
Steve M. Bellovin, Columbia University,
R. Stephen Berry, University of Chicago,
David L. Carter, Michigan State University,
Richard F. Celeste, Colorado College,
Hermann Habermann, Bureau of the U.S. Census (retired),
David Jensen, University of Massachusetts, Amherst,
Alan F. Karr, National Institute of Statistical Sciences,
Diane Lambert, Google, Inc.,
Butler Lampson, Microsoft Corporation,
Michael D. Larsen, Iowa State University,
Lance Liebman, Columbia Law School,
Patricia Quinlisk, State of Iowa,
Jerome Reiter, Duke University,
OCR for page R15
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
Andrew P. Sage, George Mason University,
Paul Schwartz, University of California, Berkeley,
Eugene Spafford, Purdue University,
Robert D. Sparks, California Medical Association Foundation,
William O. Studeman, Northrop Grumman Mission Systems, and
Peter Weinberger, Google, Inc.
Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the conclusions or recommendations, nor did they see the final draft of the report before its release. The review of this report was overseen by William H. Press, University of Texas at Austin, and James G. March, Stanford University. Appointed by the National Research Council, they were responsible for making certain that an independent examination of this report was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the authoring committee and the institution.
OCR for page R16
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
This page intentionally left blank.
OCR for page R17
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
Contents
EXECUTIVE SUMMARY
1
1
SCOPING THE ISSUE: TERRORISM, PRIVACY, AND TECHNOLOGY
7
1.1 The Nature of the Terrorist Threat to the United States,
7
1.2 Counterterrorism and Privacy as an American Value,
8
1.3 The Role of Information,
11
1.4 Organizational Models for Terrorism and the Intelligence Process,
15
1.5 Activities of the Intelligence Community and of Law Enforcement Agencies,
17
1.6 Technologies of Interest in This Report,
19
1.6.1 Data Mining,
20
1.6.2 Behavioral Surveillance,
24
1.7 The Social and Organizational Context,
26
1.8 Key Concepts,
27
1.8.1 The Meaning of Privacy,
27
1.8.2 Effectiveness,
29
1.8.3 Law and Consistency with Values,
30
1.8.4 False Positives, False Negatives, and Data Quality,
35
1.8.5 Oversight and Prevention of Abuse,
41
1.9 The Need for a Rational Assessment Process,
42
OCR for page R18
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
2
A FRAMEWORK FOR EVALUATING INFORMATION-BASED PROGRAMS TO FIGHT TERRORISM OR SERVE OTHER IMPORTANT NATIONAL GOALS
44
2.1 The Need for a Framework for Evaluating Information-Based Programs,
44
2.2 Evaluating Effectiveness,
47
2.3 Evaluating Consistency with U.S. Law and Values,
52
2.3.1 Data,
53
2.3.2 Programs,
54
2.3.3 Administration and Oversight,
56
2.4 A Note for Policy Makers: Applying the Framework in the Future,
57
2.5 Summary of Framework Criteria,
59
2.5.1 For Evaluating Effectiveness,
59
2.5.2 For Evaluating Consistency with Laws and Values,
61
2.5.3 For Developing New Laws and Policies,
63
3
CONCLUSIONS AND RECOMMENDATIONS
67
3.1 Basic Premises,
67
3.2 Conclusions Regarding Privacy,
71
3.2.1 Protecting Privacy,
71
3.2.2 Distinctions Between Capability and Intent,
75
3.3 Conclusions Regarding the Assessment of Counterterrorism Programs,
75
3.4 Conclusions Regarding Data Mining,
76
3.4.1 Policy and Law Regarding Data Mining,
76
3.4.2 The Promise and Limitations of Data Mining,
77
3.5 Conclusions Regarding Deception Detection and Behavioral Surveillance,
82
3.6 Conclusions Regarding Statistical Agencies,
84
3.7 Recommendations,
86
3.7.1 Systematic Evaluation of Every Information-Based Counterterrorism Program,
86
3.7.2 Periodic Review of U.S. Law, Policy, and Procedures for Protection of Privacy,
95
APPENDIXES
A Acronyms
105
B Terrorism and Terrorists
111
B.1 The Nature of Terrorism,
111
OCR for page R19
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
B.2 Some Tactics of Terrorism,
113
B.3 A Historical Perspective on Terrorism,
114
B.4 Explaining Terrorism,
114
B.5 Al Qaeda and the Terrorist Threat to the United States,
115
B.6 Terrorists and Their Supporting Technologies,
118
B.7 Looking to the Future,
119
C Information and Information Technology
120
C.1 The Information Life Cycle,
120
C.1.1 Information Collection,
120
C.1.2 Information Correction and Cleaning,
121
C.1.3 Information Storage,
122
C.1.4 Information Analysis and Use,
122
C.1.5 Information Sharing,
122
C.1.6 Information Monitoring,
123
C.1.7 Information Retention,
124
C.1.8 Issues Related to Data Linkage,
126
C.1.9 Connecting the Information Life Cycle to the Framework,
126
C.2 The Underlying Communications and Information Technology,
128
C.2.1 Communications Technology,
128
C.2.2 Information Technology,
129
C.2.3 Managing Information Technology Systems and Programs,
131
D The Life Cycle of Technology, Systems, and Programs
133
E Hypothetical and Illustrative Applications of the Framework to Various Scenarios
137
E.1 Airport Security,
137
E.1.1 The Threat,
137
E.1.2 A Possible Technological Approach to Addressing the Threat,
138
E.1.3 Possible Privacy Impacts,
139
E.1.4 Applying the Framework,
140
E.2 Syndromic Surveillance,
141
E.2.1 The Threat,
141
E.2.2 A Possible Technological Approach to Addressing the Threat,
141
E.2.3 Possible Privacy Impacts,
142
E.2.4 Applying the Framework,
144
OCR for page R20
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
F Privacy-Related Law and Regulation: The State of the Law and Outstanding Issues
150
F.1 The Fourth Amendment,
150
F.1.1 Basic Concepts,
150
F.1.2 Machine-Aided Searches,
151
F.1.3 Searches and Surveillance for National Security and Intelligence Purposes That Involve U.S. Persons Connected to a Foreign Power or That Are Conducted Wholly Outside the United States,
152
F.1.4 The Miller-Smith Exclusion of Third-Party Records,
153
F.2 The Electronic Communications Privacy Act,
154
F.3 The Foreign Intelligence Surveillance Act,
155
F.4 The Privacy Act,
156
F.5 Executive Order 12333 (U.S. Intelligence Activities),
159
F.6 The Adequacy of Today’s Electronic Surveillance Law,
160
F.7 Further Reflections from the Technology and Privacy Advisory Committee Report,
164
G The Jurisprudence of Privacy Law and the Need for Independent Oversight
166
G.1 Substantive Privacy Rules,
167
G.1.1 Privacy Challenges Posed by Advanced Surveillance and Data Mining,
167
G.1.2 Evolution of Regulation of New Technologies,
172
G.1.3 New Surveillance Techniques That Raise Privacy Questions Unaddressed by Constitutional or Statutory Privacy Rules,
175
G.1.4 New Approaches to Privacy Protection: Collection Limitation Versus Use Limitation,
175
G.2 Procedural Privacy Rules and the Need for Oversight,
176
G.2.1 Oversight Mechanisms of the U.S. Government,
177
G.2.2 A Framework for Independent Oversight,
179
G.2.3 Applying Independent Oversight for Government Agencies to Protect Privacy,
182
G.2.4 Collateral Benefits of Oversight,
184
H Data Mining and Information Fusion
185
H.1 The Need for Automated Techniques for Data Analysis,
185
H.2 Preparing the Data to Be Mined,
189
OCR for page R21
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
H.3 Subject-Based Data Mining as an Extension of Standard Investigative Techniques,
192
H.4 Pattern-Based Data Mining Techniques as Illustrations of More Sophisticated Approaches,
193
H.5 The Evaluation of Data Mining Techniques,
198
H.5.1 The Essential Difficulties of Evaluation,
199
H.5.2 Evaluation Considerations,
200
H.6 Expert Judgment and Its Role in Data Mining,
205
H.7 Issues Concerning the Data Available for Use with Data Mining and the Implications for Counterterrorism and Privacy,
207
H.8 Data Mining Components in an Information-Based Counterterrorist System,
208
H.9 Information Fusion,
209
H.10 An Operational Note,
211
H.11 Assessment of Data Mining for Counterterrorism,
213
I Illustrative Government Data Mining Programs and Activity
218
I.1 Total/Terrorism Information Awareness (TIA),
219
I.2 Computer-Assisted Passenger Prescreening System II (CAPPS II) and Secure Flight,
219
I.3 Multistate Anti-Terrorism Information Exchange (MATRIX),
222
I.4 Able Danger,
224
I.5 Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement (ADVISE),
226
I.6 Automated Targeting System (ATS),
228
I.7 The Electronic Surveillance Program,
229
I.8 Novel Intelligence from Massive Data (NIMD) Program,
230
I.9 Enterprise Data Warehouse (EDW),
231
I.10 Law Enforcement Analytic Data System (NETLEADS),
232
I.11 ICE Pattern Analysis and Information Collection System (ICEPIC),
232
I.12 Intelligence and Information Fusion (I2F),
233
I.13 Fraud Detection and National Security Data System (FDNS-DS),
233
I.14 National Immigration Information Sharing Office (NIISO),
234
I.15 Financial Crimes Enforcement Network (FinCEN) and BSA Direct,
234
I.16 Department of Justice Programs Involving Pattern-Based Data Mining,
235
OCR for page R22
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
J The Total/Terrorist Information Awareness Program
239
J.1 A Brief History,
239
J.2 A Technical Perspective on TIA’s Approach to Protecting Privacy,
243
J.3 Assessment,
247
K Behavioral-Surveillance Techniques and Technologies
250
K.1 The Rationale for Behavioral Surveillance,
250
K.2 Major Behavioral-Detection Methods,
251
K.2.1 Facial Expression,
252
K.2.2 Vocalization,
254
K.2.3 Other Muscle Activity,
255
K.2.4 Autonomic Nervous System,
255
K.2.5 Central Nervous System,
257
K.3 Assessing Behavioral-Surveillance Techniques,
258
K.4 Behavioral and Data Mining Methods: Similarities and Differences,
259
L The Science and Technology of Privacy Protection
263
L.1 The Cybersecurity Dimension of Privacy,
263
L.2 Privacy-Preserving Data Analysis,
266
L.2.1 Basic Concepts,
266
L.2.2 Some Simple Ideas That Do Not Work in Practice,
268
L.2.3 Private Computation,
269
L.2.4 The Need for Rigor,
270
L.2.5 The Effect of Data Errors on Privacy,
273
L.3 Enhancing Privacy Through Information-System Design,
275
L.3.1 Data and Privacy,
275
L.3.2 Information Systems and Privacy,
276
L.4 Statistical Agency Data and Approaches,
277
L.4.1 Confidentiality Protection and Public Data Release,
278
L.4.2 Record Linkage and Public Use Files,
279
M Public Opinion Data on U.S. Attitudes Toward Government Counterterrorism Efforts
281
M.1 Introduction,
281
M.2 Data and Methodology,
284
M.3 Organization of This Appendix,
287
M.4 General Privacy Attitudes,
288
M.5 Government Surveillance,
291
OCR for page R23
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
M.5.1 Trends in Attitudes Toward Surveillance Measures,
291
M.5.2 Communications Monitoring,
294
M.5.3 Monitoring of Financial Transactions,
300
M.5.4 Video Surveillance,
301
M.5.5 Travel Security,
302
M.5.6 Biometric Identification Technologies,
303
M.5.7 Government Use of Databases and Data Mining,
304
M.5.8 Public Health Uses of Medical Information,
306
M.6 The Balance Between Civil Liberties and Terrorism Investigation,
310
M.6.1 Civil Liberties Versus Terrorism Prevention,
311
M.6.2 Privacy Costs of Terrorism Investigation,
315
M.6.3 Personal Willingness to Sacrifice Freedoms,
316
M.6.4 Concerns About Uses of Expanded Powers,
317
M.7 Conclusions,
319
M.8 Annex,
322
M.8.1 Details of Cited Surveys,
322
M.8.2 Research of Organization/Sponsor Name Abbreviations,
322
M.8.3 List of Surveys,
324
M.8.4 References,
334
N Committee and Staff Biographical Information
335
O Meeting Participants and Other Contributors
OCR for page R24
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment
This page intentionally left blank.
