Skip to main content

Currently Skimming:

3 Conclusions and Recommendations
Pages 67-102

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 67...
... society. The second is from the possibility of inappropriate or disproportionate responses to the terrorist threat that can do more damage to the fabric of society than terrorists would be likely to do.
From page 68...
... The terrorist threat to the United States, serious and real though it is, does not justify goernment authorities conducting actiities or operations that contraene existing law. The longevity of the United States as a stable political entity is rooted in large measure in the respect that government authorities have had for the rule of law.
From page 69...
... By making the government stop and justify its effort to a senior official, a congressional committee, or a federal judge, warrant requirements and other privacy protections often help bring focus and precision to law enforcement and national security efforts. In point of fact, courts rarely refuse requests for judicial authorization to conduct surveillance.
From page 70...
... New technological circumstances may necessitate an update of existing privacy laws and policy, but privacy and surveillance law already includes means of dealing with national security matters as well as criminal law investigations. As new technologies become more commonly used, these means will inevitably require extension and updating, but greater government access to private information does not trump the commitment to the bedrock civil liberties of the nation.
From page 71...
... In such an effort, identification of terrorists before they act becomes an important task, one that requires the accurate collection and analysis of their personal information. However, an imperfect understanding of which characteristics to search for, not to mention imperfect and inaccurate data, will necessarily draw unwarranted attention to many innocent individuals.
From page 72...
... In particular, restrictions on the use of personal information ensure that innocent individuals are strongly protected during the examination of their personal information, and strong and vigorous oversight and audit mechanisms can help to ensure that these restrictions are obeyed. How much privacy protection is afforded by technical and procedural mechanisms depends on critical design features of both the technology and the organization that uses it.
From page 73...
... In other words, powerful investigative techniques with significant privacy impact proceed in full compliance with existing law -- but with signifi‑ cant unanswered privacy questions and associated concerns about data quality. Analytical techniques that may be justified for the purpose of national security or counterterrorism investigations, even given their potential power for privacy intrusion, must come with assurances that the infer‑ ences drawn against an individual will not then be used for normal domestic criminal law enforcement purposes.
From page 74...
... used in identifying potential terrorists are likely to increase security by enhancing the effectiveness of information-based programs to identify terrorists and to decrease the adverse consequences that may occur due to confidentiality violations for the vast majority of innocent individuals. In addition, strong audit controls that record the details of all accesses to sensitive personal information serve both to protect the privacy of individuals and to reduce barriers to information sharing between agencies or analysts.
From page 75...
... This does not mean that government authorities should be categorically proscribed from examining indicators of intent under all circumstances -- only that special precautions should be taken when such examination is deemed necessary. 3.3 CONCLUSIONS REGARDING THE ASSESSMENT OF COUNTERTERRORISM PROGRAMS Conclusion 4.
From page 76...
... The current policy regime does not adequately address iolations of priacy that arise from information-based programs using adanced analytical techniques, such as state-of-the-art data mining and record linkage. The current privacy policy regime was established prior to today's world of broadband communications, networked computers, and enormous databases.
From page 77...
... notes that data mining covers a wide variety of analytical approaches for using large databases for counterterrorist purposes, and in particular it should be regarded as being much broader than the common notion of a technology underlying automated terrorist identification. Conclusion 6.
From page 78...
... Ground truth is rarely available in tracking terrorists, in large part because terrorists and terrorist activity are rare. Data specifically associated with terrorists (targeted collection efforts)
From page 79...
... For these reasons, the desirability of technology development efforts aimed at automated terrorist identification is highly questionable. Other kinds of pattern-based data mining may be useful in helping analysts to search for known patterns of interest (i.e., when they have a basis for believing that such a pattern may signal terrorist intent)
From page 80...
... Conclusion 9. Research and deelopment on data mining techniques using real population data are inherently inasie of priacy to some extent.
From page 81...
... For example, large population databases can be seeded with data created to resemble data associated with real terrorist activity. Although such data are, by definition, based on assumptions about the nature and character of terrorist activities, the expert judgment of experienced counterterrorism analysts can provide such data with significant face validity.9 By testing various algorithms in this environment, the simulated terrorist signatures provide a measure of ground truth against which various data mining approaches can be tested.
From page 82...
... . The status of the scientific evidence, the risk of false positives, and vulnerability to countermeasures argue for behavioral observation and physiological monitoring to be used at most as a preliminary screening method for identifying individuals who merit additional follow-up investigation.
From page 83...
... It would not be unreasonable to suppose that most individuals would be far less bothered and concerned by searches aimed at finding tangible objects that might be weapons or by queries aimed at authenticating their identity than by technologies and techniques whose use will inevitably force targeted individuals to explain and justify their mental and emotional states. Even if behavioral observation and physiological monitoring are used only as a preliminary screening methods for identifying individuals who merit additional follow-up investigation,
From page 84...
... • The census long form, which has been collected on a sample basis (and its successor program, the American Community Survey, ACS) have more information but still very little that is directly relevant to predicting terrorist activity.
From page 85...
... While these derived data sets are currently protected by pledges of 11At times, even the use of nonpersonally identifiable information collected by the statisti cal agencies for counterterrorism purposes can lead to public protest and endanger the cooperation of the public in providing information to statistical agencies. For example, in August 2002 and December 2003, the U.S.
From page 86...
... audit of TIA concluded that the failure to consider privacy adequacy during the early development of TIA led DOD to "risk spending funds to develop systems that may not be either deployable or used to their fullest potential without costly revision."12 The DOD-IG report noted that this was particularly true with regard to the potential deployment of TIA for law enforcement: "DARPA need[ed] to consider how TIA will be used in terms of law enforcement to ensure that privacy is built into the developmental process."13 Greater consideration of how the technology might be used not only would have served privacy but also would probably have contributed to making TIA more useful.
From page 87...
... Failure to adopt such a systematic approach is likely to result in reduced operational effectiveness, wasted resources, privacy violations, mission creep, and diminished political support, not only for those programs but also for similar and perhaps for not-so-similar programs across the board. To facilitate accountability, such evaluations (and the data on which they are based)
From page 88...
... For these reasons, a policy regime is necessary that provides for periodic reassessment and reevaluation of a program after initial deployment, at the same time promoting and fostering necessary changes -- whether technological, procedural, legal, ethical, or other. Recommendation 1a is important to programs currently in existence -- that is, programs in existence today, and especially programs that are operationally deployed today should be evaluated against the framework.
From page 89...
... Furthermore, because it is difficult to create from entirely synthetic data large databases that are useful for testing and (partially) validating data mining techniques and algorithms, a partial substitute for entirely synthetic data is data derived from real population data in such a way that the individual identities of nonterrorists are masked 14 D.B.
From page 90...
... It also becomes feasible to test new capabilities offered by small changes in parallel with the baseline version, so that ground 15 Note, however, that to the best of the committee's knowledge, current data mining programs for counterterrorist purposes have not been evaluated for operational effectiveness in such a manner, either with synthetic data or with real data.
From page 91...
... Such judges must also be trained in or experienced with evasion or obfuscation techniques. For synthetic population data, every use must be made of known techniques for confidentiality protection and statistical disclosure limitation17 to reduce the likelihood that the privacy of individuals is compromised, and further research on the creation of better synthetic data to represent large-scale populations is certainly warranted.
From page 92...
... Experience and history indicate that in many programs that collect or use personal information, some individuals may violate safeguards intended to protect individual privacy. Hospital clerks have been known to exam
From page 93...
... 18An initial description of CAPPS II by Deputy Secretary of DHS Admiral James Loy, then administrator of the Transportation Security Administration, assured Congress that CAPPS II was intended to be an aviation security tool, not a law enforcement tool. Testimony of Admiral James Loy before House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census (May 6, 2003)
From page 94...
... Counterterrorism programs should provide meaningful redress to any individuals inappropriately harmed by their operation. Programs that are designed to balance competing interests (in the case of counterterrorism, collective security and individual privacy and civil liberties)
From page 95...
... In one ver sion of the Total Information Awareness program, the number of important and plausible terrorist targets was estimated at a few hundred, while other informed estimates place the number at a few thousand. Still other analysts argue that the number is virtually unlimited, since terrorists could, in principle, seek to strike anywhere in their attempts to sow terror.
From page 96...
... Usage restrictions could be an important and useful supplement to access and collection limitation rules in an era in which much of the personal information that can be the basis for privacy intrusion is already either publicly available or easily accessible on request without prior judicial oversight. Privacy protection in the form of information usage restrictions can provide a helpful tool that balances the need to use powerful investigative tools, such as data mining, for counterterrorism purposes and the imperative to regulate privacy intrusions of such techniques through accountable adherence to clearly stated privacy rules.
From page 97...
... A coherent, comprehensive legal regime regulating informationintensive surveillance such as government data mining, would do much to reduce such uncertainty. As one example, such a regime might address the issue of liability limitation for private-sector data sources (database providers, etc.)
From page 98...
... Today, these third-party transactional records are available to the government subject to a very low threshold -- through subpoenas that can be written by almost any government agency without prior judicial oversight -- and are one of the primary data feeds for a variety of counterterrorist data mining activities. Thus, the public policy response to privacy erosion as a result of data mining used with these records will have to address some combination of the scope of use for the data mining results, the legal standards for access to and use of transactional information, or both.26 (See also Appendix G for 22 A U.S.
From page 99...
... Greater clarity and coherence in the legal regime governing information-based programs would have many benefits, both for privacy protection and for the counterterrorist mission. It is perhaps obvious that greater clarity helps to protect privacy by eliminating what might be seen as loopholes in the law -- ambiguities that can be exploited by wellmeaning national security authorities, thereby overturning or circumventing the intent of previously established policy that balanced competing interests.
From page 100...
... . In August 2003, the Department of Homeland Security exempted the TSA's passenger screening database from the Privacy Act's requirements that government records include only "relevant and necessary" personal information, Priacy Act of : Implementation of Exemption, 68 Federal Register 49410 (2003)
From page 101...
... Finally, a clear and coherent legal framework will almost certainly be necessary to realize the potential of new technologies to fight terrorism. Because such technologies will operate in the political context of an American public concerned about privacy, the public -- and congressional decision makers -- will have to take measures that protect privacy when new technologies are deployed.


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.