Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] 10.01.03: Sens Leahy et al TIA request,

FAS Note: The following letter, dated January 10, 2003, was co-signed by 
Senators Patrick Leahy, Russell Feingold and Maria Cantwell.


CONTACT: Office of Senator Leahy, 202-224-4242

The Honorable John Ashcroft
Attorney General
United States Department of Justice
Main Justice Building, Room 5137
950 Pennsylvania Avenue, N.W.
Washington, D.C.  20530

Dear Attorney General Ashcroft:

I am writing to inquire about the current "data mining" operations, 
practices and policies at the Department of Justice.  Improved access to 
and the sharing of information among intelligence and law enforcement 
agencies at the federal, state and local levels is crucial in promoting our 
national security interests.  These national security interests are most 
effectively and efficiently served, however, when the information being 
collected and shared is relevant, reliable, timely and accurate.  As one 
recent expert report observed, "Data mining, like any other government data 
analysis, should occur where there is a focused and demonstrable need to 
know, balanced against the dangers to civil liberties.  It should be 
purposeful and responsible."  (Protecting America's Freedom in the 
Information Age, A Report of the Markle Foundation Task Force, October, 
2002, p. 27.)

Adequate oversight by the Congress, and especially by the appropriate 
committees of jurisdiction, is essential in helping to ensure that adequate 
standards are set and met, so that these activities can be both effective 
and respectful of the constitutional rights of the American 
people.  Accordingly, I am interested in learning the extent to which the 
Department is relying on data mining to deal with the terrorism threat or 
other criminal activity, and how this technology is being used.

I raise this inquiry against the backdrop of public concern over the Total 
Information Awareness System (TIA) being developed under the supervision of 
Admiral Poindexter within the Defense Advanced Research Project Agency 
(DARPA).  TIA is intended, according to Department of Defense officials, to 
generate tools for monitoring the daily personal transactions by Americans 
and others, including tracking the use of passports, driver's licenses, 
credit cards, airline tickets, and rental cars.  The Administration's goal 
is to turn these tools over to law enforcement agencies.  According to 
press reports, one such tool, a software program called "Genoa," has 
already been delivered by DARPA to the Department of Justice.

Advances in the technological capability to search, track or "mine" 
commercial and government databases and Americans' consumer transactions 
have provided powerful tools that have dramatically changed the ways that 
companies market their products and services.  Collection and use by 
government law enforcement agencies of such commercial transactional data 
on law-abiding Americans poses unique issues and concerns, however.  These 
concerns include the specter of excessive government surveillance that may 
intrude on important privacy interests and chill the exercise of First 
Amendment-protected speech and associational rights.

Moreover, as Federal law enforcement agencies obtain public source and 
proprietary data for mining, the sheer volume of information may make 
updating the data and checks for reliability and accuracy difficult, if not 
impossible.  Reliance on data mining by law enforcement agencies may 
produce an increase in false leads and law enforcement mistakes.  While the 
former is a waste of resources, the latter may result in mistaken arrests 
or surveillance.  Such mistakes do occur, even without data-mining.1  In 
short, while the only ill effect of business reliance on outdated or 
incorrect information may be misdirected marketing efforts, data mining 
mistakes made by a law enforcement agency may result in misdirection or 
misallocation of limited government resources and devastating consequences 
for mistakenly targeted Americans.

I am interested in determining the extent to which the Justice Department 
is relying on data-mining and how the Department is addressing these 
concerns with appropriate safeguards on the collection, use and 
dissemination of information obtained through data mining.  Specifically, I 
ask for and would appreciate your responses to the following questions.

     1.                  Data-Mining Operations Underway Within the 
Department of Justice.

(A) Please identify any private sector or proprietary databases obtained or 
being used by the Department of Justice for data-mining or 
pattern-recognition activities.

(B) Have any private sector or proprietary databases referred to in (A) 
above been aggregated by the Department with any data from government 
agency databases for data-mining or pattern-recognition activities?

(C) Is the Department using any data-mining tools to obtain information for 
law enforcement purposes unrelated to the detection and prosecution of 

(D) To the extent that the Department is using proprietary data provided by 
private intermediaries, (i) what procedures are you using to preserve the 
confidentiality policies of these intermediaries?  (ii) Is the Department 
compensating the private intermediaries for assisting in the data 
mining?  (iii) Has the Department taken any steps to shield the private 
intermediaries from liability for their cooperation with the government?

(E) What procedures, if any, does the Department follow to ensure the 
accuracy and reliability of  information currently collected and stored in 
databases used for data-mining?

(F) By contrast to the use of private sector or proprietary databases, in 
the search for proper data mining tools, to what extent is the Department 
of Justice developing new tools and to what extent is it making use of 
existing tools developed in the private sector or used by other government 
agencies (such as search engines and data mining software)? What are the 
pros and cons of these differing approaches?

2.       Foreign Terrorist Tracking Task Force.  On October 29, 2001, the 
President directed the Department to establish the Foreign Terrorist 
Tracking Task Force (FTTTF) to "ensure that, to the maximum extent 
permitted by law, Federal agencies coordinate programs to . . . 1) deny 
entry into the United States of aliens associated with, suspected of being 
engaged in, or supporting terrorist activity; and 2) locate, detain, 
prosecute, or deport any such aliens already present in the United 
States."  Your April 11, 2002, order establishing the FTTTF would do more 
than ensure that agencies "coordinate programs" and requires the FTTTF to 
have "electronic access to large sets of data, including the most sensitive 
material from law enforcement and intelligence sources."   In response to 
my request for more detailed description of the mission and activities of 
the FTTTF, you stated in response to written questions that:

"The FTTTF has identified a number of specific projects which it can 
coordinate or run to fill gaps in existing government efforts relating to 
prevention of terrorist activities.  For example, the FTTTF is pursuing 
projects to: 1) create a unified, cohesive lookout list; 2) identify 
foreign terrorists and their supporters who have entered or seek to enter 
the U.S. or its territories; and 3) detect such factors as violations of 
criminal or immigration law which would permit exclusion, detention or 
deportation of such individuals.  In addition, the FTTTF is in the process 
of identifying other intelligence-related projects that it can support 
through its collaborative capability to co-locate data from multiple agency 

(A) Redundancy within government programs can be both expensive and 
ineffective.  The "projects" of the FTTTF appear to overlap other 
initiatives underway within the Department.  For example, the FBI has an 
Information Sharing Task Force and participates in 47 Joint Terrorism Task 
Forces (JTTF) to unify all levels and branches of law enforcement in 
preventing and investigating terrorist activity and helps coordinate the 
JTTF in Regional Terrorism Task Forces (RTTF).  Director Mueller has also 
created a permanent Terrorism Watch List, a new Office of Intelligence, a 
new Integrated Intelligence Information Application (IIIA) database, and 
new hiring and recruiting initiatives.  Please explain how the Department's 
FTTTF "lookout list" differs in substance and use from the FBI's Terrorism 
Watch List and how the FTTTF's "other intelligence-related projects" will 
differ from the functions of the FBI's JTTF, and IIIA database, and new 
Office of Intelligence.

(B) The FBI's new Office of Intelligence is intended to provide strategic 
analysis and gather information from current and past cases and other 
agencies, to look for patterns and analyze risks, and to meet the needs of 
other organizations responsible for homeland security.   The separate FTTTF 
supervised by the Deputy Attorney General is required, with a budget of 
over $20 million, to conduct its own intelligence analysis projects and 
create and maintain its own databases and lookout list.  Since Director 
Mueller routinely briefs the President with the CIA Director on terrorist 
threats, please explain why you decided to place the FTTTP in the Deputy 
Attorney General's office rather than within the FBI as part of its new 
Office of Intelligence? 2

(C) The FBI has traditionally performed the critical intelligence-gathering 
mission under the supervision of a Director appointed for a ten-year term 
in a structure designed, in part, to insulate the exercise of Bureau powers 
from political considerations, and pursuant to formal guidelines and 
Congressional oversight. Are the investigative restrictions applicable to 
FBI agents also applicable to employees conducting data mining and 
operating the FTTTF under the guidance of the Deputy Attorney General?

(D) What information is necessary to trigger a data-mining inquiry on a 
particular individual or targeted activity to ensure that this technique is 
only being used for purposes relevant to detecting, preventing or punishing 
terrorism or other criminal activity?

3.        Admiral Poindexter's Total Information Awareness Project 
(TIA).  According to the Department of Defense, the Defense Advanced 
Research Project Agency (DARPA) has established the Total Information 
Awareness (TIA) Project to develop technologies for rapid language 
translation, commercial transaction data mining, and interagency analysis 
and decision-making tools.

(A) To what extent are you and the Department of Justice consulting or 
collaborating with Admiral Poindexter or the Department of Defense in 
designing and implementing TIA surveillance tools and related programs?

(B) Have any TIA generated or developed technologies been delivered to the 
Department of Justice and, if so, (i) are any being used? (ii) describe the 
purposes for which they are being used; and (iii) are any of the tools for 
data mining and pattern recognition?

(C)   TIA has programs called Genoa I and II.  Has this program been 
delivered in whole or in part to the Department of Justice and, if so, (i) 
is it being used? (ii) Describe the purposes for which it is being used; 
and (iii) is this a tool for data mining or pattern recognition?

(D) TIA has a program called EELD (Evidence Extraction and Link 
Discovery).  Has this program been delivered in whole or in part to the 
Department of Justice and, if so, (i) is it being used? (ii) Describe the 
purposes for which it is being used; and (iii) is this a tool for data 
mining or pattern recognition?

(E) TIA has a program called Genisys.  Has this program been delivered in 
whole or in part to the Department of Justice and, if so, (i) is it being 
used? (ii) Describe the purposes for which it is being used; and (iii) is 
this a tool for data mining or pattern recognition?

(F) TIA has a program called TIDES (Translingual Information Detection, 
Extraction and Summarization.  Has this program been delivered in whole or 
in part to the Department of Justice and, if so, (i) is it being used? (ii) 
Describe the purposes for which it is being used; and (iii) is this a tool 
for data mining or pattern recognition?

(G)  Is the FTTTF coordinating its work in any way with the TIA?

(H) What safeguards, if any, do you believe should be included in any data 
mining tools developed by TIA to ensure the accuracy and reliability of the 
information collected and stored in databases?  Have you recommended such 
safeguards to the Department of Defense?

     4.                  Compliance With The Privacy Act

(A) Does the Privacy Act impose any restriction on data-mining activities 
by the Department and, if so, what are those restrictions?

(B) Does the Department employ any outside contractors to perform data 
mining services and, if so, how does the Privacy Act apply, if at all, to 
the out-sourcing of data mining activities?

(C) The Privacy Act, 5 U.S.C. §552a(e)(4), requires agencies to "publish in 
the Federal Register upon establishment or revision a notice of the 
existence and character of the system of records."  Have you promulgated 
any regulations regarding the FTTTF?

(D) The Privacy Act, 5 U.S.C. §552a(e)(4)(E), requires publication of the 
policies and practices of the agency regarding storage, retrievability, 
access, controls, retention and disposal of the records.  Have you 
published such policies and practices regarding the FTTTF?

(E) Generally, the Privacy Act prohibits governmental agencies from 
disclosing records to another agency, unless it falls under the "routine 
use" exception.  5 U.S.C. §552a(b)(3).  Does the Department rely on this 
"routine use" exception to obtain databases from other agencies for 
aggregation in the FTTTF and other databases within the Department?

(F) The Privacy Act, 5 U.S.C. §552a(e)(4)(D), requires Federal Register 
publication of "each routine use of the records contained in the system, 
including the categories of users and the purpose of such use."  If the 
answer to (E) above is affirmative, has the Department published any 
Federal Register notice required by the Privacy Act?  If so, please provide 
a copy of any such notice and, if not, please explain why.

(G) The Privacy Act imposes restrictions on "matching" programs conducted 
by the government or the private sector on behalf of the government, unless 
the matching is conducted "subsequent to the initiation of a specific 
criminal or civil law enforcement investigation" or "for foreign 
counterintelligence purposes."  How does the Department ensure that the 
FTTTF and other Department databases comprised of aggregated data from 
other agencies are operated within these restrictions?

(H) Does the Department believe that any amendments to the Privacy Act 
would be helpful to facilitate data mining by the Department and, if so, 
does the Department intend to transmit to the Congress any amendments to 
the Privacy Act to clarify the legality of data-mining by Federal agencies?

     5.                  Coordination With the Department of Homeland Security.

(A) The Homeland Security Act expressly authorizes the new department to 
request, access, receive, analyze and integrate information from government 
agencies and private sector entities, and to establish and utilize "a 
secure communications and information technology infrastructure, including 
data-mining and other advanced analytical tools, in order to assess, 
receive and analyze data and information. . . ." [P.L. 107-296, Sections 
201(d)(1), (13), (14)].  Does the Department of Justice have any such 
express statutory authority to conduct data mining?  If so, please describe 
that authority.

(B) Do you anticipate the Department of Justice's data mining operations 
being transferred to the new Department of Homeland Security? If not, 
please explain why.

(C) Do you believe it is valuable to have a coordinated data mining effort 
with one agency clearly held accountable for setting guidelines of data 
uniformity and reliability and, if so, which agency do you believe should 
take this primary position in order to avoid duplication of effort?

I appreciate your attention to this important matter.




             1 A recently declassified FBI memorandum, dated April 14, 
2000, makes this point with startling details about incidents of mistaken 
surveillance activity, including a Foreign Intelligence Surveillance Act 
(FISA) order being improperly implemented with unauthorized videotaping of 
a meeting; wiretapping a cellular telephone that had been dropped by the 
target and assigned to an innocent user, who "was therefore the target of 
unauthorized electronic surveillance for a substantial period of time;" 
unauthorized monitoring of an e-mail account; and "unauthorized searches, 
incorrect addresses, incorrect interpretation of a FISA order and overruns 
of ELSUR [electronic surveillance]."

             2 This question was originally directed to Deputy Attorney 
General Thompson in May 2002, but no response has been provided.


Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.