Balancing security and privacy during wartime

(Washington, D.C.): The following is one of a series of occasional papers that adds to the debate about striking the correct — and necessary — balance between security and privacy in the United States during wartime. The Center for Security Policy does not necessarily agree with every one of the points contained therein but believes that these observations contribute importantly to an understanding of how anti-terror legislation can protect the security of this country without unduly eroding American freedoms we all hold dear.

The 9/11 Commission hearings have focused public attention again on the intelligence failures leading up to the September attacks. Yet since 9/11, virtually every proposal to use intelligence more effectively — to connect the dots — has been shot down by left- and right-wing libertarians as an assault on “privacy.” The consequence has been devastating: Just when the country should be unleashing its technological ingenuity to defend against future attacks, scientists stand irresolute, cowed into inaction.

The privacy advocates — who range from liberal groups focused on electronic privacy, such as the Electronic Privacy Information Center, to traditional conservative libertarians, such as Americans for Tax Reform — are fixated on a technique called “data mining.” By now, however, they have killed enough different programs that their operating principle can only be formulated as this: No use of computer data or technology anywhere at any time for national defense, if there’s the slightest possibility that a rogue use of that technology will offend someone’s sense of privacy. They are pushing intelligence agencies back to a pre-9/11 mentality, when the mere potential for a privacy or civil liberties controversy trumped security concerns.

The privacy advocates’ greatest triumph was shutting down the Defense Department’s Total Information Awareness (TIA) program. Goaded on by New York Times columnist William Safire, the advocates presented the program as the diabolical plan of John Poindexter, the former Reagan national security adviser and director of Pentagon research, to spy on “every public and private act of every American” — in Mr. Safire’s words.

The advocates’ distortion of TIA was unrelenting. Most egregiously, they concealed TIA’s purpose: to prevent another attack on American soil by uncovering the electronic footprints terrorists leave as they plan and rehearse their assaults. Before terrorists strike, they must enter the country, receive funds, case their targets, buy supplies, and send phone and e-mail messages. Many of those activities will leave a trail in electronic databases. TIA researchers hoped that cutting-edge computer analysis could find that trail in government intelligence files and, possibly, in commercial databases as well.

TIA would have been the most advanced application yet of “data mining,” a young technology which attempts to make sense of the explosion of data in government, scientific and commercial databases. Through complex algorithms, the technique can extract patterns or anomalies in data collections that a human analyst could not possibly discern. Public health authorities have mined medical data to spot the outbreak of infectious disease, and credit-card companies have found fraudulent credit-card purchases with the method, among other applications.

But according to the “privacy community,” data mining was a dangerous, unconstitutional technology, and the Bush administration had to be stopped from using it for any national-security or law-enforcement purpose. By September 2003, the hysteria against TIA had reached a fevered pitch and Congress ended the research project entirely, before learning the technology’s potential and without a single “privacy violation” ever having been committed.

The overreaction is stunning. Without question, TIA represented a radical leap ahead in both data-mining technology and intelligence analysis. Had it used commercial data, it would have given intelligence agencies instantaneous access to a volume of information about the public that had previously only been available through slower physical searches. As with any public or private power, TIA’s capabilities could have been abused — which is why the Pentagon research team planned to build in powerful safeguards to protect individual privacy. But the most important thing to remember about TIA is this: It would have only used data to which the government was already legally entitled. It differed from existing law-enforcement and intelligence techniques only in degree, not kind. Pattern analysis — the heart of data mining — is conventional crime-solving, whether the suspicious patterns are spotted on a crime pin map, on a city street, or in an electronic database.

The computing world watched TIA’s demolition and rationally concluded: Let’s not go there. “People and companies will no longer enter into technology research [involving national-security computing] because of the privacy debates,” says a privacy officer for a major information retrieval firm.

But the national-security carnage was just beginning. Next on the block: a biometric camera to protect embassies and other critical government buildings from terrorist attack; and an artificial intelligence program to help battlefield commanders analyze engagements with the enemy. In the summer of 2003, New York Times columnists Maureen Dowd and Mr. Safire sneered at the programs, portraying them as — once again — the personal toys of the evil Mr. Poindexter to invade the privacy of innocent Americans. The Dowd-Safire depictions of the projects were fantastically inaccurate; but Pentagon researchers, already reeling from the public-relations disaster of TIA, cancelled both projects without a fight. Special forces leaders in Afghanistan and embassies in terror-sponsoring states will just have to make do.

The privacy vigilantes now have in their sights an airline-passenger screening system and an interstate network to share law-enforcement and intelligence information. Both projects could soon go down in flames. As to whether that would be in the national interest, readers should ask themselves if they would be happy to fly seated next to Mohamed Atta. If yes, they needn’t worry about the cancellation of the Computer Assisted Passenger Prescreening System (known as Capps II). And if they don’t care whether police can track down a child abductor within minutes of his crime, then they shouldn’t care about the crippling of the Multistate Anti-Terrorism Information Exchange, either.

Capps II seeks to verify that an airline passenger is who he says he is and has no terrorist ties. To that end, the program would ask passengers to supply their name, address, phone number and date of birth upon purchasing a plane ticket. A commercial databank would cross-check those four identifiers against its own files to see if they match up. Next, Capps II would run the passenger’s name through anti-terror intelligence files. Depending on the results of both checks, the system would assign a risk score to air travelers — acceptable, unknown, or unacceptable.

Privacy zealots have mischaracterized Capps II as a sinister rerun of TIA — which it is not, since it has nothing to do with data mining — and as a plot to trample the privacy rights of Americans. They argue that, by asking your name and other minimal identifying information already available on the Internet and in countless commercial and government databases, aviation officials are conducting a Fourth Amendment “search” of your private effects for which they should obtain a warrant based on probable cause that you have committed a crime. Such a broad reading of the Constitution is groundless, but even were the collecting of publicly available information a “search,” it is clearly reasonable as a measure to protect airline safety.

Development of Capps II has come to a halt, due to specious privacy crusading. Air passengers can only hope that when the next al Qaeda operative boards a plane, baggage screeners are having a particularly good day, free of the human errors that regularly let weapons on board.

Also under a death sentence: a state-run law-enforcement program called “Multistate Anti-Terrorism Information Exchange.” Known as Matrix, it allows police officers to search multiple law-enforcement databases and public records in the blink of an eye after a crime has been committed. It uses only information that law enforcement can already routinely access: its own records on suspects, convicts and sexual offenders, as well as publicly available data from county courthouses, telephone directories and business filings. Strong protections against abuse are built into the system.

Matrix developers had hoped to allow law-enforcement agencies nationwide to instantaneously connect the dots about itinerant felons like the D.C. snipers. That won’t happen, however, thanks to the lies of the privacy community. Using the familiar tactic of tying the hated program to TIA and data mining, and of invoking Big Brother totalitarianism, the advocates have browbeaten nearly two-thirds of the states that had originally joined the data-sharing pact into withdrawing from it.

The bottom line is clear: The privacy battalions oppose not just particular technologies, but technological innovation itself. Any effort to use computerized information more efficiently will be tarred with the predictable buzzwords: “surveillance,” “Orwellian,” “Poindexter.” This Luddite approach to counterterrorism could not be more ominous. The volume of information in government intelligence files long ago overwhelmed the capacity of humans to understand it. Agents miss connections between people and events every day. Machine analysis is essential in an intelligence tidal wave.

Before the privacy onslaught, scientists and intelligence officials were trying to find ways of identifying those fanatics who seek to destroy America before they strike again. Now many avenues are closed to them. This despite the fact that proposals for assessing risk in such areas as aviation do not grow out of an omnivorous desire to “spy on citizens” but out of a concrete need to protect people from a clear threat. And since 9/11, no one’s “privacy rights” have been violated by terror pre-emption research.

The “privocrats” will rightly tell you that eternal vigilance is the price of liberty. Trouble is, they’re aiming their vigilance at the wrong target.

Ms. Mac Donald is a fellow at the Manhattan Institute. This is adapted from the forthcoming issue of City Journal.