The privacy industry has been rehearsing for its post-9/11 triumph for a long time. One 1999 battle with the Clinton administration is key.
The government proposed to monitor break-ins to government computer systems, well knowing that foreign intelligence services and al-Qaida were (and still are) developing tools to attack the country’s cyber-infrastructure. Every day, hackers hit crucial transportation, energy, and defense networks thousands of times. A big coordinated attack on national computer systems could be as crippling as an atom bomb.
The Clinton cyber-security team hypothesized that cyber-terrorists would practice their skills in small, discrete break-ins that would not draw much attention, before staging a full-scale strategic assault. Although individual agencies monitored their own computer break-ins, no one tracked hacking across all government systems to look for emerging patterns. Doing so would make it easier to find the criminals and to take the measure of any systemic threats.
Privacy advocates and anti-Clinton House Republicans portrayed this reasonable proposal as a stratagem to spy on law-abiding Internet users. Their rhetorical flourishes foreshadowed the TIA mania. “Mr. President, stay out of my in-box,” roared House Majority leader Dick Armey. Armey predicted an “Orwellian” scenario in which government bureaucrats could “read our personal e-mail.” EPIC’s Marc Rotenberg testified to the Senate Judiciary Committee that the proposed Federal Intrusion Detection Network (FIDNet) constituted an unconstitutional search under the Fourth Amendment that gave the government “extensive surveillance authority.” Jim Dempsey of the Center for Democracy and Technology called FIDNet a “Trojan Horse for civil liberties incursions.” The ACLU’s Barry Steinhardt said it was “quite clear” that federal law enforcement agencies “will abuse whatever power is given to them” to monitor government websites. Newspapers fulminated about the “daddy of all government monitoring schemes.”
All balderdash, of course. Though the advocates claimed that the government would keep logs of private citizens’ browsing of government web pages, in fact only unauthorized break-ins (which are federal felonies) would be recorded. Though advocates said that the government would monitor individual e-mails, in fact only patterns of hacking would be monitored. The advocates claimed that by bringing intrusion information from a range of agencies together in one place, the government was turning into Big Brother. Untrue: the government may quite legitimately study patterns of criminal activity across its domain. And finally, the privocrats charged that the Clinton administration planned to force private-sector computers into this network. False again: private participation would be voluntary.
Typically, the privacy fanatics ignored competing interests, even competing privacy interests, such as that of protecting the IRS or Social Security databases from hackers. And if terrorists bring down the electrical grid right before setting off a bomb, attack victims will be left only with the privacy of the grave. But under pressure, the Clinton administration withdrew the FIDNet plan. The government still has no central capacity for monitoring its computer systems, even though intrusion-detection tools are standard in the private sector. Says a former cyber-security official: “We’ve been hit badly over the last couple of years.” What those hits could add up to in the future, no one can say.
This is a hard rhetorical technique to counter. One must defend not only what a program is, but also what it isn’t. If program developers say, “We’re not going to perform pattern analysis,” critics respond, “Oh, but you could if you changed the entire structure of the program.” But infinite changes could be wrought in any program. At some point, a citizen must take his government at its word. While mistrust of government is a healthy instinct, the assumption that everything a public official says is a lie leads to complete paralysis.
Every proposed national security technology is a Rorschach test of the viewer’s special paranoia. If the ACLU sees racial discrimination in CAPPS II, the libertarian Right sees the hand of left-wing busybodies. Grover Norquist, whose Americans for Tax Reform has been a regular signatory of anti–CAPPS II propaganda, wants to know “who put together the terrorist watch list.” “Does it contain gun ownership or evangelical Christians?” he asked me rhetorically. Steve Lilienthal, director of the Free Congress Foundation’s Center for Privacy and Technology Policy, speculates that the anti-terror intelligence databases may target the “committed property rights advocate.” I asked TSA spokesman Mark Hatfield whether the agency would look at gun ownership to evaluate risk. “That is the most far-out suggestion I have heard,” he responded incredulously. “It is totally beyond the scope of what CAPPS II is supposed to do.”
The rights abuses attributed to CAPPS II are equally fanciful. EPIC told the European Parliament that the program violates the Fourth Amendment’s prohibition on “unwarranted government searches.” In other words, by asking your name, address, birth date, and phone number, the government is conducting a “search” of your private effects for which it should obtain a warrant based on probable cause that you have committed a crime. Only the most hypersensitive libertarian will feel that his privacy has been violated by giving the same information (with the exception of birth date) that is usually required to purchase an airline ticket, information that is in wide circulation and that the government already has about most of us on our driver’s licenses. But even if having to give your name is deemed a “search,” the Fourth Amendment only prohibits “unreasonable searches.” In the context of airline safety, having to give this minimal identifying information in exchange for using the airline’s services is clearly reasonable.
Being an advocate means never having to say, “Here’s my solution.” None of the few alternatives advocates will offer when pressed inspires much confidence. Lee Tien of the Electronic Frontier Foundation, who rejects identity verification, supports instead making sure a passenger gets on the same flight as his luggage, a quaint procedure from the days before anyone thought someone would blow himself up along with his fellow passengers. He also okays intrusive hand searches of carry-on bags. Beyond those measures, he says, there is no need to check a passenger’s identity or possible terror ties. So you wouldn’t mind sitting next to an al-Qaida operative? I asked. “Is he armed?” Tien responded. He has gone through the same physical screening as everyone else, I replied. Tien refused to answer the question. But with weapons getting past airport screeners regularly, and with terrorists working on hard-to-detect biological weapons, exclusive reliance on such physical checks seems reckless.
Other privocrats offer even less workable alternatives. Harvard privacy researcher Richard Sobel, for example, thinks the government should focus on finding terrorists, not screening air passengers. So you support better intelligence?
I asked. Yes, he replied—but not by using the Patriot Act’s provisions allowing law enforcement agencies greater intelligence sharing, or by surveilling mosques, or by canvasing flight schools for Arabs, or even cultivating stronger relations with Arab and Muslim communities in the U.S., unless FBI agents also cultivated stronger relationships equally with all communities. And fingerprinting and screening foreign visitors? No and no.
The most promising alternative to CAPPS II—a voluntary trusted-traveler program—drives the privacy advocates wild, because it would expose them as mountebanks. Passengers who wanted to avoid extensive security screening would submit to TSA background checks to get a permanent, fraud-proof biometric ID card that would zip them past security. Passengers who prefer not to give their name to a TSA computer in favor of waiting in line for toiletries inspection would get the full physical screen. The ACLU’s Barry Steinhardt opposes the trusted-traveler concept because it “creates two classes of airline traveler.” Well, yes: the class of low security risks and the class of unknown security risks, not serfs and aristos, or blacks and whites. Of course Americans, especially frequent business fliers, would freely join the low-risk class in droves, thus revealing the “privacy community’s” minuscule base. Indeed, Frankfurt’s airport is pushing ahead with iris scans to clear passengers, and US Airways already screens its personnel by their irises at Charlotte/Douglas International Airport.
With CAPPS II already under attack, an imaginary privacy scandal ginned up by the advocates and amplified in the press threatens to topple it entirely. Here’s what really happened:
Following 9/11, private companies and research outfits showered the government with offers of help and expertise. Among them, Northwest Airlines offered several million passenger records to NASA’s Ames Research Center to test whether data mining could identify terrorist fliers. NASA promised to keep the data confidential, guarded in a secured lab that could only be entered by pre-screened employees with a personal identification number. Likewise, JetBlue Airways gave Pentagon contractor Torch Concepts 1.5 million passenger records for data-mining research to safeguard Defense Department facilities. To protect privacy, Torch stripped passengers’ names and other unique identifiers out of the records, and at the project’s end, destroyed the data.
At a security conference in February 2003, Torch showed a slide of a passenger’s multiple addresses and fraudulent Social Security numbers (whose possession is a crime) to illustrate how pattern analysis could spot suspicious travelers. The passenger’s name was not shown. The slide ended up on the Internet.
Privacy advocates went berserk, and dug up the Northwest case as well. The two airlines now face hundreds of billions of dollars in class action lawsuits. EPIC has filed a Federal Trade Commission complaint against Northwest that, naturally, says not one word about terrorism or 9/11 as the cause of Northwest’s cooperation with NASA. Even though the TSA workers who brokered JetBlue’s cooperation with Torch did nothing wrong, they have received a public rebuke from the Department of Homeland Security’s chief privacy officer and have been sent to “substantial” privacy sensitivity training.
Not surprisingly, no other airline has been willing to provide TSA with passenger data for testing CAPPS II. At present, TSA possesses only 32 simulated passenger records—created from the itineraries of its employees who volunteered the data—to stress-test a system that at peak load will need to process 300 transactions per second. Development of the program has come to a standstill, with no resolution in sight. And private-sector cooperation with the War on Terror has evaporated.
Expanding their dragnet, the privacy crusaders have now targeted a dazzling state-run law enforcement program called “Multistate Anti-Terrorism Information Exchange” (MATRIX). MATRIX allows police officers to search multiple law enforcement databases and public records in the blink of an eye after a crime has been committed. If a child is abducted, for example, and witnesses say the license plate of the abductor’s brown van contained an A and a 4, MATRIX can instantaneously provide a list of all possible vehicle matches and their owners’ addresses within a given radius. Since 74 percent of abducted children who are murdered are killed within three hours, speed is critical. Phil Ramer, special agent in charge of statewide intelligence in Florida, where MATRIX was developed, told the Washington Post that he had never seen so powerful a system in his many years in law enforcement.
The databases MATRIX uses contain only information that law enforcement can routinely access: its own records on suspects, convicts, and sexual offenders, as well as publicly available information from county courthouses, telephone directories, and business filings, which have been compiled by Florida-based data aggregator Seisint. MATRIX users must be specifically authorized police personnel, who may enter the system only for ongoing criminal or terror investigations. Searches are recorded for auditing against abuse. An officer searching MATRIX by someone’s name, address, Social Security number, or partial license plate will get back his criminal history, as well as information to help locate him—current and past residences, previous residents at those addresses, family relations, business addresses and publicly listed business associates, pilot’s licenses or registered vessels, and other state licenses—most of which any Internet user could find. And that’s it.
MATRIX elegantly solves law enforcement’s notorious, long-standing problem of non-communicating databases. Los Angeles Police detective Jeff Godown explains: “The predicament we’re in is we deal in an enormous amount of data. We have 50 databases to query from. If a detective tries to track down a suspect’s arrest reports, he needs to go to five different systems, then decipher the linkages. It’s physically impossible. He gets frustrated and says: ‘I’ll just wait for another arrest of the guy.’ ” MATRIX can search multiple databases and produce a single result—fast—before the suspect strikes again.
MATRIX developers had hoped to create a nationwide system, so that if an Arizona highway patrolman were trying to solve a fatal hit-and-run, he could type in the killer’s partial Kansas license tag to identify possible suspects quickly. Had national databases on shootings and fingerprints been available and fully utilized, D.C. snipers John Muhammad and Lee Malvo could have been found long before their fatal tally reached double digits. “It was almost as if these guys operated knowing that if they crossed state and local jurisdictional lines there would be no way we would put the clues together,” a Maryland officer told the New York Times.
For a while, it looked like local law enforcement would, in fact, connect the dots across jurisdictions. Every state police agency that saw MATRIX in action said: I’ve gotta have it. Orange County, California, sheriff Michael S. Carona has said that if he had had access to MATRIX, he could have prevented the murder of five-year-old Samantha Runnion, abducted from outside her home in July 2002, and found, raped, along a mountain road the next day. After MATRIX’s debut, 13 states signed on.
Then the privacy advocates struck—with by now excruciatingly familiar tactics: 1. tie MATRIX to Total Information Awareness and John Poindexter; 2. misrepresent its features; and 3. demagogue about nonexistent privacy abuses.
The Michigan ACLU proclaimed that MATRIX is “an end-run around the Pentagon’s ‘Total Information Awareness’ program that Congress rightly put a stop to. . . . In essence, the government is replacing an unpopular Big Brother initiative with a lot of Little Brothers.” The ACLU’s Barry Steinhardt insists that MATRIX is a “data mining” program, resulting in the “mass surveillance of the American people.”
Though for the advocates anything that involves data seems indistinguishable from data mining, MATRIX is not a data-mining program. It does not search for patterns in data in order to create new knowledge or make predictions. It merely retrieves information associated with a person, address, or vehicle, like any garden-variety database query. Its innovation is its ability to link discrete databases and the extraordinary speed with which it does so.
MATRIX foes also misrepresent its contents. The ACLU says the system could access “such areas as purchasing habits, magazine subscriptions, demographic information, and lifestyle categorizations.” It could, but it doesn’t. Again, law enforcement is forced to defend not only the program that exists, but any number of possible variants that don’t exist. Though the MATRIX database does contain information from data aggregator Seisint, on such publicly recorded transactions as business liens or corporation filings, it includes no personal consumer information. Undeterred by MATRIX’s frequent descriptions of the program, journalist and privacy advocate Jeffrey Rosen warned in the New York Times that MATRIX combines “significant amounts of consumer data.”
Most absurd are the Orwellian potentialities attributed to MATRIX. Former Georgia congressman Bob Barr successfully led the charge to force Georgia to withdraw from the information-sharing pact. The issue, said Barr, was whether “we want to live in [George Orwell’s] 1984, or . . . in the kind of society that America has always been.” It is hard to see how allowing law enforcement to get vehicle-registration information on a homicide suspect immediately after a drive-by shooting leads to totalitarianism. In the same vein, Bill Scannell, president of Don’t Spy on US, told the Washington Times that MATRIX is an “end-run around the Fourth Amendment to outsource our constitutional rights,” a catchy but meaningless phrase, since MATRIX searches no documents covered by the Fourth Amendment.
Despite their falsehood, the attacks worked. MATRIX is disintegrating. Nearly two-thirds of the original states have pulled out of the pact, with New York and Wisconsin most recently announcing their withdrawal. The remaining members—Florida, Connecticut, Michigan, Ohio, and Pennsylvania—are under steady fire from their local ACLUs. Other states that had expressed interest have gone silent.
The significance of this string of defeats is dire. Antiquated information retrieval and the inability to share intelligence among agencies are among the greatest impediments to better crime solving. The fate of MATRIX reveals that the privacy battalions oppose not just particular technologies, but technological innovation itself. Any effort to use computerized information more efficiently will be tarred with the predictable buzzwords: “dossiers,” “surveillance,” “Orwellian,” “Poindexter.”
In a telling formulation, the ACLU charges that “what officials blandly describe as database integration is really the mass compilation of dossiers about citizens, criminal and innocent alike.” This is pure fabrication: database integration does not result in “dossiers.” But how many agencies will make their systems more efficient if the ACLU and its cronies always stigmatize the venture this way? Many databases contain information on “criminal and innocent alike”—license-plate databases mingle plates of saintly drivers with those of armed robbers who run red lights; title-deed registries contain addresses of neighborhood benefactors as well as of sex offenders. A computer cannot search those databases for information about a criminal suspect without also scanning car or property information on the innocent, though in doing so, it intrudes not at all on the record holder’s “privacy.” But if a computer run now amounts to compiling “dossiers” on innocent citizens, the ACLU is really saying there should be no scans of databases at all. And it is very close to saying that any police investigation is illegitimate.
Nor is there any sign of impending rationality in the public discourse about privacy and national security. A panel named by the secretary of defense to review TIA is set to recommend that the Defense Department seek permission from a court every time it wants to employ data mining to detect terrorism—even on intelligence in the government’s own files. In other words, the government may collect anti-terror information but can’t analyze it electronically unless a court approves.
This proposal, by such veteran establishmentarians as Floyd Abrams and Lloyd Cutler, represents a level of blind hysteria about data mining that even the ACLU could admire. The volume of information in government intelligence files long ago overwhelmed the capacity of human agents to understand it. Analysts don’t have a clue what’s in the full range of relevant databases; they miss connections between people and events every day. Machine analysis is essential if we are to stay on top of the intelligence tidal wave. But if the Defense Department must seek court approval every time it wants to search its own files electronically, national security protection will grind to a halt.
Such sweeping overreaction seems to come more from arcane academic theory rather than from empirical reality. Dismayingly, the TIA panel reverentially quotes Michel Foucault, one of the biggest academic frauds of the late twentieth century, for the proposition that “ ‘modern society increasingly functions like a super Panopticon’ [prison watchtower] in which government constrains individual behavior by the threat of surveillance.” One should hope that this is the first and last time that a Defense Department advisory board has invoked Foucault, since this French poseur, who presented Western culture as one big plot to suppress dissent, difference, and minority rights, has less than nothing to contribute to the national defense. Like Foucault, who never troubled himself with evidence, the Washington wise men offer no backup for their claim that government increasingly “constrains individual behavior by the threat of surveillance.”
Yes, we can think of abuses in the past: McCarthy witch-hunters, J. Edgar Hoover’s political snooping, illegal break-ins by minions of columnist Safire’s old boss, President Nixon, and various presidential abuses of the power of the IRS. Yes, we can understand how the emanations and penumbras of the Supreme Court’s Griswold and Roe v. Wade decisions have surrounded the supposed right to privacy with a talismanic mystique. And yes, no doubt people who have paid by credit card for afternoons at the No Tell Motel have a moment’s anxiety that data mining could deliver their receipts to their spouses or bosses. But the abuses are rare aberrations and, after Nixon, triggered sweeping reforms. In fact, American society is probably the least “constrained” in world history, and its government the most obedient to the rule of law. Anyone who thinks that Americans are skulking around inhibited by the possibility of government surveillance should take a stroll through any public street, mall, or Internet chat room. Individual choice of “lifestyle” is virtually free from traditional taboos; public discourse is wide open.
But the philosophers of government repression leave such observable details far behind. Journalist and law professor Jeffrey Rosen provides a peerless example of the disconnect between the hothouse rhetoric of the privacy crusade and the mundane reality of government action. Data mining, he says in The Naked Crowd, his post-9/11 book, is a “technolog[y] of state surveillance and discrimination.” Through it, the Bush administration wants to rank people “based on the government’s estimation of the citizens’ trustworthiness.” The government has no business, he says, trying to predict people’s behavior based on their actions in the past: “In America individuals are supposed to be free to define and redefine their own reality, free from government efforts to predict their behavior.” Oddly, he is particularly exercised about anti-shoplifting cameras, since they deny shoplifters the right to return to the scene of their crime without being recognized—or, as Rosen would put it, “to define and redefine their own reality.” But even in this trivial case, Rosen mystifies the role of technology. Any merchant would properly ban known shoplifters if he had the manpower and memory to do so; cameras are not the source of that “classification and exclusion,” in Rosen’s phrase, but merely an aid to them.
But we are not talking about shoplifters. The United States was attacked by fanatics who have never stopped expressing a fervent hope to destroy the entire society. Before the onslaught of the privacy brigades, scientists and intelligence officials were trying to find ways of identifying those fanatics before they strike again. Proposals for assessing risk in such areas as aviation do not grow out of an omnivorous desire to “rank citizens” but out of a concrete need to protect people from a clear threat. If the government assigns different security risks to an Iowa music teacher traveling to her high school reunion and to a Pakistani-American funder of Islamic madrassas and host to radical sheiks from Morocco, it is not out of a passion for “hierarchy” but because of the reality of Islamic terrorism.
Information technology can help government in its constitutional responsibilities to protect the nation; indeed the congressional jo int inquiry into September 11 found that “a reluctance to develop and implement new technical capabilities aggressively” was a cause of the pre-9/11 intelligence failures. The report added: “While technology remains one of this nation’s greatest advantages, it has not been fully and most effectively applied in support of U.S. counterterrorism efforts.”
The privocrats will rightly tell you that eternal vigilance is the price of liberty; trouble is, they are aiming their vigilance at the wrong target.