Internaut: Data drillers: Watch the fault lines on personal data

Shawn P. McCarthy

The controversial Total Information Awareness project may be gone, but multiple data-mining projects continue to flourish within the federal government, the General Accounting Office has found.

GAO basically confirmed suspicions that have been voiced by many, including this columnist. It polled 128 federal departments and agencies, of which 52 are mining or planning to mine data in 199 projects. More than 130 of them are already operational.

Whether this is a good thing depends on your perspective. The top reason for data mining, listed for 65 percent of the projects, is to improve agency service or performance; 29 projects are dedicated to finding criminal or terrorist activities.

If data mining helps us catch criminals and terrorists, it's good. If personal information is exploited, then it's bad.

Unfortunately, many such operations by necessity go unmonitored, and few regulations cover the whole range of collection activities. Under circumstances such as these, who can say whether proper procedures are being followed?

Shortly after GAO's report came the Homeland Security Department's selection of Accenture LLP as prime contractor for the U.S. Visitor and Immigrant Status Indicator Technology project, which is supposed to strengthen border security by requiring digital photos and finger scans of most foreign visa applicants. That data would be checked against watch lists and security databases'another example of new information that will be shared in multiple ways.

The privacy issue is very real. But bear in mind that much of this information is already in the government's hands. The new data-mining projects in some cases are just intended to get the proper data to the proper experts.

Fact is, the federal government's data collection activities aren't much different from those of Las Vegas casinos or your local supermarket and drugstore. Intelligence agencies can buy credit records on purchasing habits on the open market just like any other organization. At least one intelligence agency has even hired Las Vegas experts to find similarities in data records about people who use multiple aliases.

The paramount issue is knowing how the knowledge gained by data drilling is going to be used, and by whom. Stopping a terrorist by data drilling is certainly legitimate.

Indiscriminate sharing of private information about phone calls, prescription drugs and personal e-mail without security-related reasons will step over an important line that should be pointed out very clearly to all government employees.

GAO acknowledged that many questions remain unanswered about who gets access to private information and why. For example, how can citizens confirm the quality and accuracy of their mined data? How can they know if or when it is used in a way that differs from what they agreed to when they released it?

Such two-way interaction could actually enhance the quality of the data, while spotlighting errors that hint at illegal activity. We need to spell this out formally.

Shawn P. McCarthy is senior analyst and program manager for government IT opportunities at IDC of Framingham, Mass. E-mail him at smccarthy@idc.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above