 |
|
All counterterrorism programs that collect and mine data should be evaluated for effectiveness
October 08, 2008All counterterrorism programs that collect and mine data should be evaluated for effectiveness, privacy impacts; Congress should consider new privacy safeguards
WASHINGTON - All U.S. agencies with counterterrorism programs that collect or "mine" personal data -- such as phone, medical, and travel records or Web sites visited -- should be required to systematically evaluate the programs' effectiveness, lawfulness, and impacts on privacy, says a new report from the National Research Council. Both classified and unclassified programs should be evaluated before they are set in motion and regularly thereafter for as long as they are in use, says the report. It offers a framework agencies can use to assess programs, including existing ones.
The report also says that Congress should re-examine existing law to assess how privacy can be protected in such programs, and should consider restricting how personal data are used. And it recommends that any individuals harmed by violations of privacy be given a meaningful form of redress.
"The danger of terror attacks on the U.S. is real and serious, and we should use the information technologies at our disposal to combat this threat," said William Perry, co-chair of the committee that wrote the report, former U.S. secretary of defense, and Michael and Barbara Berberian Professor at Stanford University. "However, the threat does not justify government activities that violate the law, or fundamental changes in the level of privacy protection to which Americans are entitled."
At the request of the U.S. Department of Homeland Security and the National Science Foundation, the report examines the technical effectiveness and privacy impacts of data-mining and behavioral surveillance techniques. Each time a person makes a telephone call, uses a credit card, pays taxes, or takes a trip, he or she leaves digital tracks, records that often end up in massive corporate or government databases. Through formal or informal agreements, government has access to much of the data owned by private-sector companies. Agencies use sophisticated techniques to mine some of these databases -- searching for information on particular suspects, and looking for unusual patterns of activity that may indicate a terrorist network.
The Reality of a Serious Terrorist Threat
The terrorist threat to the United States is all too real, the committee said. Terrorist acts are possible that could inflict enormous damage on the nation. Such acts could cause, and have caused, major casualties as well as severe economic and social disruption.
The most serious threat today comes from terrorist groups that are international in scope; these groups use the Internet to recruit, train, and plan operations and use public channels to communicate. Intercepting and analyzing these information streams might provide important clues about the nature of the threat they pose, the report says. Key clues might also be found in commercial and government databases that record a wide range of information about individuals, organizations, and their behavior. But successfully identifying signs of terrorist activity in these masses of data is extremely difficult, the committee said.
Pattern-Seeking Data-Mining Methods Are of Limited Usefulness
Routine forms of data mining can provide important assistance in the fight against terrorism by expanding and speeding traditional investigative work, the report says. For example, investigators can quickly search multiple databases to learn who has transferred money to or communicated with a suspect. More generally, if analysts have a historical basis for believing a certain pattern of activity is linked to terrorism, then mining for similar patterns may generate useful investigative leads.
Far more problematic are automated data-mining techniques that search databases for unusual patterns of activity not already known to be associated with terrorists, the report says. Although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism precisely because so little is known about what patterns indicate terrorist activity; as a result, they are likely to generate huge numbers of false leads. Such techniques might, however, have some value as secondary components of a counterterrorism system to assist human analysts. Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result, the report adds.
The committee also examined behavioral surveillance techniques, which try to identify terrorists by observing behavior or measuring physiological states. There is no scientific consensus on whether these techniques are ready for use at all in counterterrorism, the report says; at most they should be used for preliminary screening, to identify those who merit follow-up investigation. Further, they have enormous potential for privacy violations because they will inevitably force targeted individuals to explain and justify their mental and emotional states.
Oversight Needed to Protect Privacy, Prevent "Mission Creep"
Collecting and examining data to try to identify terrorists inevitably involves privacy violations, since even well-managed programs necessarily result in some "false positives" where innocent people are flagged as possible threats, and their personal information is examined. A mix of policy and technical safeguards could minimize these intrusions, the report says. Indeed, reducing the number of false positives also improves programs' effectiveness by focusing attention and resources on genuine threats.
Policymakers should consider establishing restrictions on the use of data, the committee said. Although some laws limit what types of data the government may collect, there are few legal limits on how agencies can use already-collected data, including those gathered by private companies. An agency could obtain and mine a database of financial records for counterterrorism purposes, for example, and then decide to use it for an entirely different purpose, such as uncovering tax evaders. Restrictions on use can help ensure that programs stay focused on the particular problems they were designed to address, and guard against unauthorized or unconsidered expansion of government surveillance power.
Poor-quality data are a major concern in protecting privacy because inaccuracies may cause data-mining algorithms to identify innocent people as threats, the report says. Linking data sources together tends to compound the problem; current literature suggests that a "mosaic" of data assembled from multiple databases is likely to be error-prone. Analysts and officials should be aware of this tendency toward errors and the consequent likelihood of false positives.
All information-based programs should be accompanied by robust, independent oversight to ensure that privacy safeguards are not bypassed in daily operations, the report says. Systems should log who accesses data, thus leaving a trail that can itself be mined to monitor for abuse.
The report notes that another area ripe for congressional action is legislation to clarify private-sector rights, responsibilities, and liability in turning over data to the government -- areas that are currently unclear. Although the committee did not recommend specific content for this legislation, it noted that private companies should not be held liable simply for complying with government requirements to turn over data.
A Framework to Assess Effectiveness, Privacy Impacts
The report offers two sets of criteria and questions to help agencies and policymakers evaluate data-based counterterrorism programs. One set is designed to determine whether a program is likely to be effective. For example, a system should be tested with a data set of adequate size to see if it will work when used on a large scale, and should be resistant to countermeasures. A second set of criteria assesses likely privacy impacts and helps ensure that, if implemented, the program protects privacy as much as possible. Each program should operate with the least amount of personal data consistent with its objective, for instance, and should have a process in place for the reporting and redress of privacy harms due to false positives.
These evaluations should involve independent experts, and the results should be made available to the broadest audience possible, the report says. Evaluations may result in a program being modified or even cancelled, it notes.
"We hope this framework will help agencies and policymakers determine whether new programs are likely to be effective and consistent with our nation's laws and values and continually improve programs in operation," said Charles Vest, committee co-chair and president of the National Academy of Engineering. "Decisions to use or continue programs need to be based on criteria more stringent than 'it's better than doing nothing.'"
The report was sponsored by the U.S. Department of Homeland Security and the National Science Foundation. The National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council make up the National Academies. They are private, nonprofit institutions that provide science, technology, and health policy advice under a congressional charter. The Research Council is the principal operating agency of the National Academy of Sciences and the National Academy of Engineering. A committee roster follows.
National Academy of Sciences
"The danger of terror attacks on the U.S. is real and serious, and we should use the information technologies at our disposal to combat this threat," said William Perry, co-chair of the committee that wrote the report, former U.S. secretary of defense, and Michael and Barbara Berberian Professor at Stanford University. "However, the threat does not justify government activities that violate the law, or fundamental changes in the level of privacy protection to which Americans are entitled."
At the request of the U.S. Department of Homeland Security and the National Science Foundation, the report examines the technical effectiveness and privacy impacts of data-mining and behavioral surveillance techniques. Each time a person makes a telephone call, uses a credit card, pays taxes, or takes a trip, he or she leaves digital tracks, records that often end up in massive corporate or government databases. Through formal or informal agreements, government has access to much of the data owned by private-sector companies. Agencies use sophisticated techniques to mine some of these databases -- searching for information on particular suspects, and looking for unusual patterns of activity that may indicate a terrorist network.
The Reality of a Serious Terrorist Threat
The terrorist threat to the United States is all too real, the committee said. Terrorist acts are possible that could inflict enormous damage on the nation. Such acts could cause, and have caused, major casualties as well as severe economic and social disruption.
The most serious threat today comes from terrorist groups that are international in scope; these groups use the Internet to recruit, train, and plan operations and use public channels to communicate. Intercepting and analyzing these information streams might provide important clues about the nature of the threat they pose, the report says. Key clues might also be found in commercial and government databases that record a wide range of information about individuals, organizations, and their behavior. But successfully identifying signs of terrorist activity in these masses of data is extremely difficult, the committee said.
Pattern-Seeking Data-Mining Methods Are of Limited Usefulness
Routine forms of data mining can provide important assistance in the fight against terrorism by expanding and speeding traditional investigative work, the report says. For example, investigators can quickly search multiple databases to learn who has transferred money to or communicated with a suspect. More generally, if analysts have a historical basis for believing a certain pattern of activity is linked to terrorism, then mining for similar patterns may generate useful investigative leads.
Far more problematic are automated data-mining techniques that search databases for unusual patterns of activity not already known to be associated with terrorists, the report says. Although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism precisely because so little is known about what patterns indicate terrorist activity; as a result, they are likely to generate huge numbers of false leads. Such techniques might, however, have some value as secondary components of a counterterrorism system to assist human analysts. Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result, the report adds.
The committee also examined behavioral surveillance techniques, which try to identify terrorists by observing behavior or measuring physiological states. There is no scientific consensus on whether these techniques are ready for use at all in counterterrorism, the report says; at most they should be used for preliminary screening, to identify those who merit follow-up investigation. Further, they have enormous potential for privacy violations because they will inevitably force targeted individuals to explain and justify their mental and emotional states.
Oversight Needed to Protect Privacy, Prevent "Mission Creep"
Collecting and examining data to try to identify terrorists inevitably involves privacy violations, since even well-managed programs necessarily result in some "false positives" where innocent people are flagged as possible threats, and their personal information is examined. A mix of policy and technical safeguards could minimize these intrusions, the report says. Indeed, reducing the number of false positives also improves programs' effectiveness by focusing attention and resources on genuine threats.
Policymakers should consider establishing restrictions on the use of data, the committee said. Although some laws limit what types of data the government may collect, there are few legal limits on how agencies can use already-collected data, including those gathered by private companies. An agency could obtain and mine a database of financial records for counterterrorism purposes, for example, and then decide to use it for an entirely different purpose, such as uncovering tax evaders. Restrictions on use can help ensure that programs stay focused on the particular problems they were designed to address, and guard against unauthorized or unconsidered expansion of government surveillance power.
Poor-quality data are a major concern in protecting privacy because inaccuracies may cause data-mining algorithms to identify innocent people as threats, the report says. Linking data sources together tends to compound the problem; current literature suggests that a "mosaic" of data assembled from multiple databases is likely to be error-prone. Analysts and officials should be aware of this tendency toward errors and the consequent likelihood of false positives.
All information-based programs should be accompanied by robust, independent oversight to ensure that privacy safeguards are not bypassed in daily operations, the report says. Systems should log who accesses data, thus leaving a trail that can itself be mined to monitor for abuse.
The report notes that another area ripe for congressional action is legislation to clarify private-sector rights, responsibilities, and liability in turning over data to the government -- areas that are currently unclear. Although the committee did not recommend specific content for this legislation, it noted that private companies should not be held liable simply for complying with government requirements to turn over data.
A Framework to Assess Effectiveness, Privacy Impacts
The report offers two sets of criteria and questions to help agencies and policymakers evaluate data-based counterterrorism programs. One set is designed to determine whether a program is likely to be effective. For example, a system should be tested with a data set of adequate size to see if it will work when used on a large scale, and should be resistant to countermeasures. A second set of criteria assesses likely privacy impacts and helps ensure that, if implemented, the program protects privacy as much as possible. Each program should operate with the least amount of personal data consistent with its objective, for instance, and should have a process in place for the reporting and redress of privacy harms due to false positives.
These evaluations should involve independent experts, and the results should be made available to the broadest audience possible, the report says. Evaluations may result in a program being modified or even cancelled, it notes.
"We hope this framework will help agencies and policymakers determine whether new programs are likely to be effective and consistent with our nation's laws and values and continually improve programs in operation," said Charles Vest, committee co-chair and president of the National Academy of Engineering. "Decisions to use or continue programs need to be based on criteria more stringent than 'it's better than doing nothing.'"
The report was sponsored by the U.S. Department of Homeland Security and the National Science Foundation. The National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council make up the National Academies. They are private, nonprofit institutions that provide science, technology, and health policy advice under a congressional charter. The Research Council is the principal operating agency of the National Academy of Sciences and the National Academy of Engineering. A committee roster follows.
National Academy of Sciences
Terrorism: What the next president will face
On the seventh anniversary of the September 11th attacks, what is the nature of the terrorist threat against the United States and other nations of the world and how should the next President address that threat upon taking office in January 2009?
Security from chaos
There's safety (and security) in numbers - especially when those numbers are random. That's the lesson learned from a DHS-sponsored research project out of the University of Southern California (USC).
Tropical medicine: a brittle tool of the new imperialism (p 1087)
This week's Lancet editorial is strongly critical of the way that tropical medicine remains structured on outdated colonial lines and calls for the discipline to 'resist contemporary imperialistic forces that hide under the folded veils of counterterrorism and corporate colonialism'. THE LANCET charges tropical medicine with rewriting its history to suggest that it is 'an emblem of social enlightenment, individual sacrifice, and scientific altruism', whereas it has instead 'accepted prevailing policies of colonialism, militarism, and violence'. Tropical medicine has been living through a 'century of shame'. The editorial reflects on the contemporary problems that tropical medicine has to fac
More Counterterrorism Current Events and Counterterrorism News Articles
 | Ghost: Confessions of a Counterterrorism Agent by Fred Burton For decades, Fred Burton, a key figure in international counterterrorism and domestic spycraft, has secretly been on the front lines in the fight to keep Americans safe around the world. Now, in this hard-hitting memoir, Burton emerges from the shadows to reveal who he is, what he has accomplished, and the threats that lurk unseen except by an experienced, world-wise few.In the mid-eighties, the... |
 | Terrorism and Counterterrorism: Understanding the New Security Environment, Readings and Interpretations (Textbook) by Brigadier General USA (Ret),Russell Howard, Major USA,Reid Sawyer, Natasha Bajema In this new edition of TERRORISM AND COUNTERTERRORISM: UNDERSTANDING THE NEW SECURITY ENVIRONMENT, READINGS AND INTERPRETATIONS, Brigadier General (Retired) Russell Howard, Major Reid Sawyer and Natasha Bajema have collected original and previously published seminal articles and essays by political scientists, government officials, and members of the nation�s armed forces. The editors and... |
 | Counterterrorism Law (Elective Series) (Elective Series) by Stephen Dycus; William C. Banks; Peter Raven-Hansen Counterterrorism Law is a detailed survey of United States law governing the definition, detection, detention, interrogation, and prosecution of terrorists. Also covered is the availability and legal use of armed force, civil liability, and economic sanctions against terrorism and its state sponsors. A solid fit for an advanced course in National Security Law, Constitutional Law, or Civil Rights,... |
 | Human Intelligence, Counterterrorism, and National Leadership: A Practical Guide by Gary Berntsen The next president of the United States faces innumerable complex problems, from a possible prolonged recession to climate change. An immediate difficulty for the president will be the global conflict between the West and Islamic jihadists and state sponsors of terrorism. The creation of the Department of Homeland Security and the recommendations of the 9/11 Commission notwithstanding, the... |
 | Terrorism and Counterterrorism (2nd Edition) (MySearchLab Series 15% off) by Brigitte L Nacos Focusing on the phenomenon of terrorism in the post-Cold War and post-9/11 era, Terrorism and Counterterrorism looks at this form of political violence in an international and American context and in light of new and historical trends. Broadly addressing the question “What is terrorism?,” Brigitte Nacos, a renowned expert in the field, clearly defines and discusses terrorism’s many causes,... |
 | Blind Spot: The Secret History of American Counterterrorism by Tim Naftali "Masterful.... Blind Spot is an excellent reminder of the value of unbiased scholarship in an environment of poisonous political partisanship." (The New Republic) In this revelatory new account, national security expert Timothy Naftali relates the full story of America's decades-long attempt to fight terrorism. On September 11, 2001, a long history of failures and missteps came to a head, with... |
| Counter-Terrorism after 9/11: Justice, Security and Ethics Reconsidered by John P. Crank, Patricia E. Gregor | |
 | Counter-Terrorism for Emergency Responders, Second Edition by Robert Burke Terrorism is no longer something that only happens to other countries. Attacks on US soil in the 1990’s brought the reality of terrorism home and the Sept 11th tragedy let us know that the United States is a high priority target. The goal of today’s terrorist is body count, and while traditional bombings have served them in the past, the allure of killing thousands of people with a very... |
 | Democracy and Counterterrorism: Lessons from the Past by Robert J. Art, Louise Richardson Combating terrorism is nothing new for democracies. Over the course of decades, a wide range of democratic states has encountered an array of terrorist groups--and, moreover, has often prevailed against them. As this timely and stimulating volume makes clear, the United States can learn much from fellow democracies to help it in its current war against al Qaeda and affiliated groups. ... |
 | The Counterterrorism Handbook: Tactics, Procedures, and Techniques, Third Edition (Practical Aspects of Criminal and Forensic Investigations) by Jr., Frank Bolz, Kenneth J. Dudonis, David P. Schulz On September 11, 2001, the world was put on notice: terrorism can strike anytime…anywhere…anyone. You are told to go about your daily life - but to be vigilant of your surroundings. You are told that trying to do a cursory profile on potential terrorists is futile because their commonality goes deeper than the surface. With this in mind, what do you look for in a potential situation, how do... |
| © 2009 BrightSurf.com |