CONGRESS WILL soon hold hearings on the National Security Agency's domestic spying program, secretly authorized by President Bush in 2002. But that program is just the tip of the iceberg.
Since 9/11, the expansion of efforts to gather and analyze information on U.S. citizens is nothing short of staggering. The government collects vast troves of data, including consumer credit histories and medical and travel records. Databases track Americans' networks of friends, family and associates, not just to identify who is a terrorist but to try to predict who might become one.
Remember Total Information Awareness, retired Adm. John Poindexter's effort to harness all government and commercial databases to preempt national security threats? The idea was that disparate, seemingly mundane behaviors can reveal criminal intent when viewed together. More disturbing, it assumed that deviance from social norms can be an early indicator of terrorism. Congress killed that program in 2003, but according to the Associated Press, many related projects continued.
The Defense Advanced Research Projects Agency runs a data-mining program called Evidence Extraction and Link Discovery, which connects pieces of information from vast amounts of data sources. The Defense Intelligence Agency trawls intelligence records and the Internet to identify Americans connected to foreign terrorists. The CIA reportedly runs Quantum Leap, which gathers personal information on individuals from private and public sources. In 2002, Congress authorized $500 million for the Homeland Security Department to develop "data mining and other advanced analytical tools." In 2004, the General Accounting Office surveyed 128 federal departments and agencies to determine the extent of data mining. It found 199 operations, 14 of which related to counterterrorism.
What type of information could these mine? Your tax, education, vehicle, criminal and welfare records for starters. But also other digital data, such as your travel, medical and insurance records -- and DNA tests. Section 505 of the Patriot Act (innocuously titled "Miscellaneous National Security Authorities") extends the type of information the government can obtain without a warrant to include credit card records, bank account numbers and information on Internet use.
Your checking account may tell which charities or political causes you support. Your credit card statements show where you shop, and your supermarket frequent-buyer-card records may indicate whether you keep kosher or follow an Islamic halal diet. Internet searches record your interests, down to what, exactly, you read. Faith forums or chat rooms offer a window into your thoughts and beliefs. E-mail and telephone conversations contain intimate details of your life.
A University of Illinois study found that in the 12 months following 9/11, federal agents made at least 545 visits to libraries to obtain information about patrons. This isn't just data surveillance. It's psychological surveillance.
Many Americans might approve of data mining to find terrorists. But not all of the inquiries necessarily relate to terrorism. The Patriot Act allows law enforcement officers to get "sneak and peek" warrants to search a home for any suspected crime -- and to wait months or even years to tell the owner they were there. Last July, the Justice Department told the House Judiciary Committee that only 12% of the 153 "sneak and peek" warrants it received were related to terrorism investigations.
The FBI has used Patriot Act powers to break into a judge's chambers and to procure records from medical clinics. Documents obtained by the American Civil Liberties Union recently revealed that the FBI used other new powers to eavesdrop on environmental, political and religious organizations.
When Congress looks into domestic spying in the "war on terror," it should ask a series of questions:
First, what information, exactly, is being collected? Are other programs besides the president's NSA initiative ignoring traditional warrant requirements? Are federal agencies dodging weak privacy laws by outsourcing the job to private contractors?
Second, who has access to the data once it is collected, and what legal restrictions are set on how it can be used or shared?
Third, who authorized data mining, and is its use restricted to identifying terrorists?
Fourth, what is the collective effect of these programs on citizens' rights? Privacy certainly suffers, but as individuals begin to feel inhibited in what they say and do, free speech and freedom of assembly also erode.
Fifth, how do these data collection and mining operations deal with error? As anyone who's tried to dispute an erroneous credit report can attest, once computer networks exchange data, it may be difficult to verify its accuracy or where it entered the system. Citizens who do not know they are under surveillance cannot challenge inaccurate information that may become part of their secret digital dossier.
What will Congress do to ensure that the innocent remain so?