In today's Boston Globe is a piece co-written by Carol Rose and Michael German, who are, respectively, the head of the ACLU in MA and a former FBI agent who is a policy counsel at the ACLU. They begin their piece like this:
INFORMATION is power and law enforcement seems hungry for both. A recent report that police in Massachusetts pried into personal information about movie stars and sports heroes by trolling the Criminal Offender Record Information system is the latest example of the abuse that occurs when police and other government agencies have unchecked power to collect, use, and even share personal data about citizens.
. In Stopping the snooping of police databases they explore the exposure of our privacy in the current setup of "fusion centers," 70 intelligence-sharing centers set up around the nation
operating with little or no independent oversight and with overlapping lines of authority between federal and state agencies, under the auspices of a National Strategy for Information Sharing.
What does this mean?
Let me dispose of the "sexy" or attention-getting words, in which the authors remind us
he report that Matt Damon, Tom Brady, John Henry, and others have been subject to unauthorized snooping by local law enforcement is just the latest in a series of scandals involving these centers.
You can read the op ed for more examples.
The audit report that is the occasion for the op ed should give people pause. Among the records included in such fusion centers?
state and federal criminal records
FBI National Crime Information Center records
probation records
motor vehicle records
firearms purchase records
Perhaps in that list you see no threat? But what if those records are just the beginning? What if there are also unverified "terror tip sheets" filled out police officers, or even informants? The authors give several examples to illustrate, some of which may be familiar.
You may remember that John Poindexter wanted the inclusion of data bases with tons of other information, but his Total Information Awareness program was blocked - or so we thought - by the Congress. That is, the military was barred from spending funds to set up such a system. But the door was left open for them to purchase similar collections from commercial sources, and anyone competent with a computer knows how much is out there.
I think people have not been paying close enough attention to this issue. Perhaps I do because I spent 20 years of my life in computers in a variety of positions in private business, local government and consulting to Federal agencies including FBI, CIA and NSA. I know how supposedly innocuous information can be construed, and how much information is readily available. Let me illustrate if I can.
We all know that the FBI has, under the USA Patriot Act, the right to issue on its own authority National Security Letters which enable them to obtain records of your book purchases and library checkouts with those receiving the letters neither able to resist nor to inform you that your records were turned over. Those of us paying attention during the Reagan administration may remember how Robert Bork was smeared by the release of his video rental records, something which I thought abominable, no matter how much I opposed his nomination to SCOTUS.
So let's consider public libraries. I helped install and modify a complete library system for Arlington County Virginia public libraries. In order to ensure the system was working properly I had to have complete access to all records. There are a lot of famous and/or important people (not always identical, by the way) who live in Arlington, and who at some point take advantage of our superb library system. Many have unlisted phone numbers, yet thought nothing of giving their phone number to the Library. Through those records, if I knew someone lived in Arlington it was a simple matter to access that information, as well as their book habits. To demonstrate to the director of the library system that we needed to make some modifications I showed how easily I could obtain such information, using as examples Oliver North (from when he had lived in Arlington), William Rehnquist, James Webb, five members of the US House of Representatives, two ambassadors of small nations, and every single elected public official in Arlington. We realized that we needed to modify the system so that we had some control over who could see what information, and not have it available to every parttime worker at a circulation desk.
We also decided that we would not keep information on circulation by patron once books had been returned or paid for. Thus should law enforcement come looking, even with a warrant, we could truthfully say we could not tell you what Patron X had previously taken out, or provide a list of names of who had previously read any book, whether Mein Kampf or The Communist Manifesto.
And yet, many public records are not managed so carefully. Having worked in local government I know how much information may be on file. If you own property in your own name, in most jurisdictions real estate assessment records are public data, and anyone can pay to purchase a copy of the data base containing those records which enables them to find where people live. Now perhaps things like expensive houses and cars owned by an Aldrich Ames enables the FBI to realize that this key agent was living way beyond his means as an FBI agent, but once you have the contents and structure of data bases everything contained therein is accessible, information from one easily connected with information in others.
I left data processing in 1994 to become a teacher. The technology of searching and matching is so much more advanced than what I encountered, or even what I knew through friends was being developed in various government agencies and in some corporate labs. And many of those data bases do not have full audit trails and proper controls to ensure that an inquiry about someone's information can be restricted and unauthorized attempts to obtain information can be punished.
We have had multiple stories of information that should be secure being breached. Right now in Virginia we have some hackers trying to blackmail the Commonwealth claiming they have records on millions of people through the data base that tracks prescriptions and medical records. Our state government has initiated an investigation to see what if any jeopardy exists - because they don't know, they cannot immediately say there is jeopardy or there is not.
The op ed addresses specifically law enforcement data bases, but I would suggest what we have seen Rumsfeld's Defense Department do to get around the ban on Poindexter's TIA program means we have to expand oversight and control. Certainly all government databases should be secure, auditable, and controlled, both as to those people with access to obtain information and what information is entered thereto. But if we truly believe that we are entitled to privacy, perhaps we need to rethink how uncontrolled our personal information outside of the government, how few restrictions there are on what corporations and the like can do with the information they obtain about us. Even ensuring accurate and up to date information is a problem, as anyone who has ever attempted to have an erroneous or out of date entry in one's credit records removed has found out. And that is even before we consider the jeopardy of identity theft.
Identity theft. Imagine this. Imagine law enforcement or intelligence personnel who want to 'get' someone, perhaps to put them into a situation to be blackmailed. They have uncontrolled access to sufficient information to destroy someone's credit, or to order in that person's name material that might be obscene, or raise flags about terrorism or crime. Right now far too many of us face that possibility, because if your identity can be stolen by high school students (and there are multiple cases of HS students hacking credit card records) then it is also vulnerable to mean-spirited people in law enforcement and intelligence.
Soon I will leave for work. I will be driving in a car registered in Virginia, whose maintenance records are available to any Honda dealer in the nation, with a driver's license issued by Virginia. Were I to go through a toll, it would be paid with a transponder that ties back to me and my car. I often use credit or debit cards to make purchases. If using my debit card, that identifies my bank account. If I pay balances electronically the payee has a record of my bank account, and if by check they still have the information.
My house is assessed by the local government. The real estate assessment records are public. So are any building permits - for redoing the kitchen in 1995, or replacing the roof a few years later, or tearing down the old car port.
We all have tax records. Many have passports (mine is expired). Increasingly our medical records are computerized, with a push to move more in this direction to hold down costs.
Ask yourself this - how little of your life is not available in a computer some place? How much would be known about you if all that information could be connected?
We are now a quarter century past Orwell's feared year of 1984. We are far more vulnerable than ever was Winston Smith.
We need police and intelligence to protect us to be sure. yet I must return to an ancient warning, from the Roman poet Juvenal:
Quis custōdiet ipsōs custōdēs? Who watches the watchers? How can we still have some semblance of privacy? Upon what controls can we insist?
Or is it already too late?
I do not have a certain answer to that last question. That should scare you. It certainly scares me.
Peace?