PROTECTING INDIVIDUAL PRIVACY IN THE STRUGGLE AGAINST TERRORISTS
A Framework for Program Assessment
THE NATIONAL ACADEMIES PRESS
Washington, D.C.
www.nap.edu
THE NATIONAL ACADEMIES PRESS
500 Fifth Street, N.W. Washington, DC 20001
NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance.
Support for this project was provided by the Bureau of Transportation Statistics, with assistance from the National Science Foundation under sponsor award number SES-0112521; the Department of Homeland Security, with assistance from the National Science Foundation under sponsor award number SES-0411897; the National Center for Education Statistics, with assistance from the National Science Foundation under sponsor award number SBR-0453930; and the National Science Foundation under sponsor award numbers SRS-0632055 and IIS-0441216. Additional funding was provided by the Presidents’ Circle Communications Initiative of the National Academies.
Library of Congress Cataloging-in-Publication Data
Protecting individual privacy in the struggle against terrorists : a framework for program assessment.
p. cm.
Includes bibliographical references.
ISBN 978-0-309-12488-1 (pbk.) — ISBN 978-0-309-12489-8 (pdf) 1. Terrorism—United States—Prevention. 2. Surveillance detection—United States. 3. Privacy, Right of—United States. 4. Technological innovations—Law and legislation—United States.
HV6432.P76 2008
363.325′163--dc22
2008033554
This report is available from
Committee on Law and Justice or
Computer Science and Telecommunications Board
National Research Council
500 Fifth Street, N.W.
Washington, DC 20001
Additional copies of this report are available from the
National Academies Press,
500 Fifth Street, N.W., Lockbox 285, Washington, DC 20055; (800) 624-6242 or (202) 334-3313 (in the Washington metropolitan area); Internet, http://www.nap.edu.
Copyright 2008 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America
THE NATIONAL ACADEMIES
Advisers to the Nation on Science, Engineering, and Medicine
The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences.
The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Charles M. Vest is president of the National Academy of Engineering.
The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine.
The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. Charles M. Vest are chair and vice chair, respectively, of the National Research Council.
COMMITTEE ON TECHNICAL AND PRIVACY DIMENSIONS OF INFORMATION FOR TERRORISM PREVENTION AND OTHER NATIONAL GOALS
WILLIAM J. PERRY,
Stanford University,
Co-chair
CHARLES M. VEST,
National Academy of Engineering,
Co-chair
W. EARL BOEBERT,
Sandia National Laboratories
MICHAEL L. BRODIE,
Verizon Communications
DUNCAN A. BROWN,
Johns Hopkins University
FRED H. CATE,
Indiana University
RUTH A. DAVID,
Analytic Services, Inc.
RUTH M. DAVIS,
Pymatuning Group, Inc.
WILLIAM H. DuMOUCHEL,
Lincoln Technologies, Inc.
CYNTHIA DWORK,
Microsoft Research
STEPHEN E. FIENBERG,
Carnegie Mellon University
ROBERT J. HERMANN,
Global Technology Partners, LLC
R. GIL KERLIKOWSKE,
Seattle Police Department
ORIN S. KERR,
George Washington University Law School
ROBERT W. LEVENSON,
University of California, Berkeley
TOM M. MITCHELL,
Carnegie Mellon University
TARA O’TOOLE,
University of Pittsburgh Medical Center
DARYL PREGIBON,
Google, Inc.
LOUISE RICHARDSON,
Harvard University
BEN A. SHNEIDERMAN,
University of Maryland
DANIEL J. WEITZNER,
Massachusetts Institute of Technology
Staff
BETTY M. CHEMERS,
Committee on Law and Justice
CAROL PETRIE,
Committee on Law and Justice
JULIE ANNE SCHUCK,
Committee on Law and Justice
MICHAEL L. COHEN,
Committee on National Statistics
HERBERT S. LIN,
Computer Science and Telecommunications Board
JANICE M. SABUDA,
Computer Science and Telecommunications Board (through April 2008)
COMMITTEE ON LAW AND JUSTICE (DBASSE)
JAMES Q. WILSON,
University of California, Los Angeles (Emeritus),
Chair
PHILIP J. COOK,
Terry Sanford Institute of Public Policy, Duke University,
Vice Chair
DAVID H. BAYLEY,
University of Albany, State University of New York
RICHARD J. BONNIE,
University of Virginia Law School
MARTHA CRENSHAW,
Wesleyan University
ROBERT D. CRUTCHFIELD,
University of Washington
JOHN J. DIIULIO, JR.,
University of Pennsylvania
STEVEN N. DURLAUF,
University of Wisconsin, Madison
JOHN A. FEREJOHN,
Stanford University
ARTHUR S. GOLDBERGER,
University of Wisconsin, Madison
BRUCE HOFFMAN,
RAND Corporation
ROBERT L. JOHNSON,
New Jersey Medical School
JOHN H. LAUB,
University of Maryland
TRACEY L. MEARES,
University of Chicago
TERRIE E. MOFFITT,
University of London
MARK H. MOORE,
Harvard University
RUTH PETERSON,
Ohio State University
RICHARD ROSENFELD,
University of Missouri–St. Louis
ROBERT J. SAMPSON,
Department of Sociology, Harvard University
JEREMY TRAVIS,
Jay College of Criminal Justice, New York
CHRISTY VISHER,
The Urban Institute
CAROL PETRIE, Director
BETTY CHEMERS, Senior Program Officer
LINDA DePUGH, Program Associate
COMMITTEE ON NATIONAL STATISTICS (DBASSE)
WILLIAM F. EDDY,
Department of Statistics, Carnegie Mellon University,
Chair
KATHARINE ABRAHAM,
University of Maryland
ROBERT BELL,
AT&T Research Laboratories
WILLIAM DuMOUCHEL,
Lincoln Technologies, Inc.
JOHN HALTIWANGER,
University of Maryland
V. JOSEPH HOTZ,
University of California, Los Angeles
KAREN KAFADAR,
University of Colorado, Denver, and Health Sciences Center
DOUGLAS MASSEY,
Princeton University
VIJAY NAIR,
University of Michigan, Ann Arbor
JOSEPH NEWHOUSE,
Harvard University
SAMUEL H. PRESTON,
University of Pennsylvania
KENNETH PREWITT,
Columbia University
LOUISE RYAN,
Harvard University
NORA CATE SCHAEFFER,
University of Wisconsin, Madison
ALAN ZASLAVSKY,
Harvard University Medical School
CONSTANCE F. CITRO, Director
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD (DEPS)
JOSEPH F. TRAUB,
Columbia University,
Chair
PRITHVIRAJ BANERJEE,
Hewlett Packard Company
FREDERICK R. CHANG,
University of Texas, Austin
WILLIAM DALLY,
Stanford University
MARK E. DEAN,
IBM Almaden Research Center
DEBORAH ESTRIN,
University of California, Los Angeles
KEVIN KAHN,
Intel Corporation
JAMES KAJIYA,
Microsoft Corporation
RANDY H. KATZ,
University of California, Berkeley
JOHN E. KELLY III,
IBM
SARA KIESLER,
Carnegie Mellon University
PETER LEE,
Carnegie Mellon University
TERESA H. MENG,
Stanford University
WILLIAM H. PRESS,
University of Texas, Austin
PRABHAKAR RAGHAVAN,
Yahoo! Research
ALFRED Z. SPECTOR,
Google, Inc.
ROBERT F. SPROULL,
Sun Microsystems, Inc.
PETER SZOLOVITS,
Massachusetts Institute of Technology
ANDREW J. VITERBI,
Viterbi Group, LLC
PETER WEINBERGER,
Google, Inc.
JON EISENBERG, Director
KRISTEN R. BATCH, Associate Program Officer
RENEE HAWKINS, Financial and Administrative Manager
HERBERT S. LIN, Chief Scientist
LYNETTE I. MILLETT, Senior Program Officer
MORGAN R. MOTTO, Program Associate
ERIC WHITAKER, Senior Program Assistant
For more information on CSTB, see its Web site at http://www.cstb.org, write to CSTB, National Research Council, 500 Fifth Street, N.W., Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at cstb@nas.edu.
Preface
In late 2005, the National Research Council (NRC) convened the Committee on Technical and Privacy Dimensions of Information for Terrorism Prevention and Other National Goals. Supported by the U.S. Department of Homeland Security and the National Science Foundation, the committee was charged with addressing information needs of the government that arise in its deployment of various forms of technology for broad access to and analysis of data as it faces the challenges of terrorism prevention and threats to public health and safety. Specifically of interest was the nexus between terrorism prevention, technology, privacy, and other policy issues and the implications and issues involved in deploying data mining, information fusion, and behavioral surveillance technologies. The study sought to develop a conceptual framework that policy makers and the public can use to consider the utility, appropriateness, and empirical validity of data generated and analyzed by various forms of technology currently in use or planned in the near future. The committee notes that the development of this framework did not include the development of systems for preventing terrorism. By design and in response to the charge for the study, this report focuses on data mining and behavioral surveillance as the primary techniques of interest.
The committee interpreted its charge as helping government policy makers to evaluate and make decisions about information-based programs to fight terrorism or serve other important national goals, and it thus sought to provide a guide for government officials, policy makers, and technology developers as they continue to explore new surveillance
tools in the service of important national security goals. Chapter 1 scopes the issues involved and introduces key concepts that are explored in much greater depth in the appendixes. Chapter 2 outlines a framework for a systematic assessment of information-based programs being considered or already in use for counterterrorist purposes (and other important national needs, such as law enforcement and public health) in terms of each program’s effectiveness and its consistency with U.S. laws and values. Chapter 3 provides the committee’s conclusions and recommendations. The appendixes elaborate extensively on the scientific and technical foundations that underpin the committee’s work and the legal and organizational context in which information-based programs necessarily operate. The committee regards the appendixes as essential elements of the report.
Note that although the committee heard from representatives from many government agencies, this report does not evaluate or critique any specific U.S. government program. Rather, it is intended to provide policy makers with a systematic framework for thinking about existing and future operational information-based programs, especially in a counterterrorist context.
Nowhere is the need for this study and the framework it proposes more apparent than in the history of the Total Information Awareness (TIA) program. Indeed, the TIA program and the issues it raised loomed large in the background when this committee was appointed, and although the TIA program was terminated in September 2003, it is safe to say that the issues raised by this program have not been resolved in any fundamental sense. Moreover, many other data mining activities supported by the U.S. government continue to raise the same issues: the potential utility of large-scale databases containing personal information for counterterrorist and law enforcement purposes and the potential privacy impact of law enforcement and national security authorities using such databases. A brief history of the TIA program is contained in Appendix J.
The committee consisted of 21 people with a broad range of expertise, including national security and counterterrorism, intelligence and counterintelligence, privacy law and information protection, organizations and organizational structure, law enforcement, statistics, information technology, cognitive psychology, terrorism, database architecture, public health, artificial intelligence, databases, cryptography, machine learning and statistics, and information retrieval.
From 2005 to 2007, the committee held six meetings, most of which were intended to enable it to explore a wide range of points of view. For example, briefings and other inputs were obtained from government officials at all levels, authorities on international law and practice relat-
ing to policy, social scientists and philosophers concerned with collection of personal data, experts on privacy-enhancing technologies, business representatives concerned with the gathering and uses of personal data, and researchers who use personal data in their work. Several papers were commissioned and received, as well as a number of contributed white papers.
Preparation of the report was undertaken on an unclassified basis. Although a number of classified programs of the U.S. government make use of data mining, the fundamental principles of data mining themselves are not classified, and these principles apply to both classified and unclassified applications. Thus, at the level of analysis presented in this report, the fact that some of the U.S. government’s counterterrorist programs are classified does not materially affect the analysis provided here. In addition, the U.S. government operates a variety of classified programs intended to collect data that may be used for counterterrorist purposes. However, as collection programs, they are out of the scope of this report, and all that need be noted is that they produce data relevant to the counterterrorist mission and that data mining and information fusion technologies must process.
This study could not have been undertaken without the support of the government project officers, Larry Willis, U.S. Department of Homeland Security, and Larry Brandt and Brian D. Humes, National Science Foundation, who recognize the complex issues involved in developing and using new technologies to respond to terrorism and other national efforts, such as law enforcement and public health, and the need to think through how this might best be done.
Given the scope and breath of the study, the committee benefited greatly from the willingness of many individuals to share their perspectives and expertise. We are very grateful to the following individuals for their helpful briefings on technologies for data mining and detection of deception: Paul Ekman, University of California, San Francisco; Mark Frank, University of Buffalo; John Hollywood, RAND Corporation; David Jensen, University of Massachusetts; Jeff Jonas, IBM; David Scott, Rice University; John Woodward, RAND Corporation; and Thomas Zeffiro, Georgetown University. Useful insights on the use of these technologies in the private sector were provided by Scott Loftnesness, Glenbrook Partners, and Dan Schutzer, Financial Services Technical Consortium. William Winkler, Census Bureau, helped the committee understand the technologies’ potential impact on federal statistical agencies.
Background briefings on relevant privacy law and policy were provided by Henry Greely, Stanford University; Barry Steinhardt, American Civil Liberties Union; Kim Taipale, Center for Advanced Studies in Science and Technology Policy; and Lee Tien, Electronic Frontier Founda-
tion. We also benefited from the expert testimony of Whitfield Diffie, Sun Microsystems; John Pike, Global Security; and Jody Westby, Global Cyber Risk, on the role of information technologies in counterterrorism. In addition to counterterrorism, the impact and implications of data mining for law enforcement and public health were important foci of the committee’s work. In the public health area, the following persons contributed to the committee’s understanding: James Lawler, Homeland Security Council, White House; Farzad Mostashari, New York City Public Health Department; Patricia Quinlisk, State of Iowa; and Barry Rhodes and Lynn Steele, Centers for Disease Control and Prevention. Useful insights on the role of law enforcement in counterterrorism were provided in presentations made by Roy Apseloff, National Media Exploitation Center; Michael Fedarcyk, Federal Bureau of Investigation (retired); and Philip Reitinger, Microsoft. We found extremely helpful the international perspectives of Joe Connell, New Scotland Yard (retired), and Ravi Ron, former head of Israel’s Ben Gurion Airport.
This study also benefited considerably from briefings by government officials involved on a daily basis with the issues at the heart of the study. We particularly want to thank Randy Ferryman and Admiral Scott Redd from the National Counter Terrorism Center and Clint C. Brooks (retired) from the National Security Agency, who shared their vision of how the nation should conduct its counterterrorism activities while maintaining its democratic ideals. Numerous staff members from the Department of Homeland Security (DHS) also shed important light on government activities relating to terrorism prevention, including Mel Bernstein, Timothy Keefer, Hyon Kim, Sandy Landsberg, John V. Lawler, Tiffany Lightbourn, Grace Mastalli, Allison Smith, and Lisa J. Walby. Toby Levin was particularly helpful in sharing timely and relevant information on the work of the DHS Privacy Office, and the committee appreciated the interest of the DHS Data Privacy and Integrity Advisory Committee in its work and their willingness to keep members abreast of their activities and role in protecting privacy.
The committee also thanks Michael D. Larsen of Iowa State University and Peter Swire of Ohio State University, who responded to its request for white papers, and Amy Corning and Eleanor Singer, University of Michigan, who prepared an informative paper on public opinion.
This study involved NRC staff from three different NRC units. We would like to thank them for their valuable assistance to this project as well as for their collegiality, which contributed to a far richer experience for all involved. Betty Chemers of the NRC’s Committee on Law and Justice served as study director and organized and facilitated the meetings, Michael Cohen of the Committee on National Statistics provided technical expertise on statistical and data mining issues, and Herbert
Lin of the Computer Science and Telecommunications Board undertook the difficult job of turning the committee’s writing contributions into a coherent whole and working with the co-chairs to mediate and resolve intellectual disagreements within the committee. Carol Petrie provided guidance and support throughout the study process. We would also like to thank Julie Schuck and Ted Schmitt for their research assistance and Jennifer Bishop, Barbara Boyd, Linda DePugh, and Janice Sabuda for their administrative support. Finally, we greatly appreciate the efforts undertaken by Eugenia Grohman, Susan Maurizi, Kirsten Sampson Snyder, and Yvonne Wise to complete the review and editing processes and bring this report to fruition.
Charles M. Vest and William J. Perry, Co-chairs
Committee on Technical and Privacy Dimensions of Information for Terrorism Prevention and Other National Goals
Acknowledgment of Reviewers
This report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the National Research Council’s Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this report:
Steve M. Bellovin, Columbia University,
R. Stephen Berry, University of Chicago,
David L. Carter, Michigan State University,
Richard F. Celeste, Colorado College,
Hermann Habermann, Bureau of the U.S. Census (retired),
David Jensen, University of Massachusetts, Amherst,
Alan F. Karr, National Institute of Statistical Sciences,
Diane Lambert, Google, Inc.,
Butler Lampson, Microsoft Corporation,
Michael D. Larsen, Iowa State University,
Lance Liebman, Columbia Law School,
Patricia Quinlisk, State of Iowa,
Jerome Reiter, Duke University,
Andrew P. Sage, George Mason University,
Paul Schwartz, University of California, Berkeley,
Eugene Spafford, Purdue University,
Robert D. Sparks, California Medical Association Foundation,
William O. Studeman, Northrop Grumman Mission Systems, and
Peter Weinberger, Google, Inc.
Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the conclusions or recommendations, nor did they see the final draft of the report before its release. The review of this report was overseen by William H. Press, University of Texas at Austin, and James G. March, Stanford University. Appointed by the National Research Council, they were responsible for making certain that an independent examination of this report was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the authoring committee and the institution.