the National Aeronautics and Space Administration obtain passenger names and records from airlines; the Justice Department obtains Web search terms, URLs, and other records from the information technology (IT) and telecommunications industries; the National Security Agency obtains phone call records from communications providers; and the Treasury Department obtains suspicious activity reports from the financial community.
In addition, employers, retailers, banks, and travel and telecommunications companies collect data directly from customers as well as from many other government and private sources. The largest databases in the world are click-streams collected from Web interactions, second only to retail and scientific databases. For example, it is conventional practice for companies to collect extensive information on prospective employees from financial and educational institutions, law enforcement, former employers, and so forth. Information collection is a significant and growing sector of the information economy.
Finally, the government obtains a great deal of data from private data brokers, who aggregate data on individuals from all legally available sources. Because the data are collected by private parties, much of the data are not subject to existing restrictions on government collection efforts.
A significant practical and research challenge is to ensure that the information is correct, accurate, and reliable. This is aided by ensuring reliable information provenance and the use of automated and human data validation techniques. For example, automated techniques could be used easily to recognize as anomalous an indicator of pregnancy in the medical records of a male.
Moreover, in certain instances, laws govern the rights of an individual to correct information errors in commercial applications, for example in one’s credit report. If the individual finds what he or she believes to be an error, documentation of that error can be provided and the error corrected. If the party providing the data does not agree that it made an error, the individual has the right to insert into the record a statement of limited length providing his side of the story.
To the best of the committee’s knowledge, individuals negatively affected by counterterrorism programs as the result of data errors have no comparable ability. Indeed, for national security reasons, individuals are not permitted to review the data on which adverse decisions are based, even though they may experience the negative consequences (e.g., by being denied boarding a plane).