US plans massive data sweep
Little-known data-collection system could troll news, blogs, even e-mails. Will it go too far?
(Page 2 of 3)
Starlight has already helped foil some terror plots, says Jim Thomas, one of its developers and director of the government's new National Visualization Analytics Center in Richland, Wash. He can't elaborate because the cases are classified, he adds. But "there's no question that the technology we've invented here at the lab has been used to protect our freedoms - and that's pretty cool."Skip to next paragraph
Subscribe Today to the Monitor
As envisioned, ADVISE and its analytical tools would be used by other agencies to look for terrorists. "All federal, state, local and private-sector security entities will be able to share and collaborate in real time with distributed data warehouses that will provide full support for analysis and action" for the ADVISE system, says the 2004 workshop report.
Yet the scope of ADVISE - its stage of development, cost, and most other details - is so obscure that critics say it poses a major privacy challenge.
"We just don't know enough about this technology, how it works, or what it is used for," says Marcia Hofmann of the Electronic Privacy Information Center in Washington. "It matters to a lot of people that these programs and software exist. We don't really know to what extent the government is mining personal data."
Even congressmen with direct oversight of DHS, who favor data mining, say they don't know enough about the program.
"I am not fully briefed on ADVISE," wrote Rep. Curt Weldon (R) of Pennsylvania, vice chairman of the House Homeland Security Committee, in an e-mail. "I'll get briefed this week."
Privacy concerns have torpedoed federal data-mining efforts in the past. In 2002, news reports revealed that the Defense Department was working on Total Information Awareness, a project aimed at collecting and sifting vast amounts of personal and government data for clues to terrorism. An uproar caused Congress to cancel the TIA program a year later.
ADVISE "looks very much like TIA," Mr. Tien of the Electronic Frontier Foundation writes in an e-mail. "There's the same emphasis on broad collection and pattern analysis."
But Mr. Sand, the DHS official, emphasizes that privacy protection would be built-in. "Before a system leaves the department there's been a privacy review.... That's our focus."
Some computer scientists support the concepts behind ADVISE.
"This sort of technology does protect against a real threat," says Jeffrey Ullman, professor emeritus of computer science at Stanford University. "If a computer suspects me of being a terrorist, but just says maybe an analyst should look at it ... well, that's no big deal. This is the type of thing we need to be willing to do, to give up a certain amount of privacy."
Others are less sure.
"It isn't a bad idea, but you have to do it in a way that demonstrates its utility - and with provable privacy protection," says Latanya Sweeney, founder of the Data Privacy Laboratory at Carnegie Mellon University. But since speaking on privacy at the 2004 DHS workshop, she now doubts the department is building privacy into ADVISE. "At this point, ADVISE has no funding for privacy technology."
She cites a recent request for proposal by the Office of Naval Research on behalf of DHS. Although it doesn't mention ADVISE by name, the proposal outlines data-technology research that meshes closely with technology cited in ADVISE documents.
Neither the proposal - nor any other she has seen - provides any funding for provable privacy technology, she adds.