Data Mining and Domestic Security

The Columbia SCIENCE AND TECHNOLOGY LAW REVIEW
www.stlr.org
DATA MINING AND DOMESTIC SECURITY:

CONNECTING THE DOTS TO MAKE SENSE OF DATA
By K. A. Taipale*

Abstract
Official U.S. Government policy calls for the research, development, and implementation of advanced information technologies for aggregating and analyzing data, including data mining, in the effort to protect domestic security. Civil libertarians and libertarians alike have decried and opposed these efforts as an unprecedented invasion of privacy and a threat to our freedoms.
This Article examines these technologies in the context of domestic security. The purpose of this Article is not to critique or endorse any particular proposed use of these technologies but, rather, to inform the debate by elucidating the intersection of technology potential and development with legitimate privacy concerns. This Article argues that security with privacy can be achieved by employing value-sensitive technology development strategies that take privacy concerns into account during development, in particular, by building in rule-based processing, selective revelation, and strong credential and audit features. This Article does not argue that these technical features alone can eliminate privacy concerns but, rather, that these features can enable familiar, existing privacy protecting oversight and control mechanisms, procedures and doctrines (or their analogues) to be applied in order to control the use of these new technologies.
* B.A., J.D., New York University, M.A., Ed.M., LL.M., Columbia University; Executive Director, Center for Advanced Studies in Science and Technology Policy.
The author would like to thank the editorial board of the Columbia Science and Technology Law Review and Eben Moglen, Daniel Solove, Paul Rosenzweig, Daniel Gallington, Usama Fayyad, and David Jensen, whose insights, comments, or work helped inform this Article. The views and any errors are solely those of the author.
Vol. V The Columbia Science and Technology Law Review 2003 Further, this Article argues that not proceeding with government funded research and development of these technologies will ultimately lead to a diminution in privacy protection as alternative technologies developed without oversight are employed in the future since those technologies may lack the technical features to protect privacy through legal and procedural mechanisms.
Even if it were possible, controlling technology through law alone, for example, by outlawing the use of certain technologies or shutting down any particular research project, is likely to provide little or no security and only brittle privacy protection.

Table of Contents

Part I. Data Mining: The Automation of Traditional Investigative Techniques…………..21
A. Data Mining: An Overview………………………………………………………………………22
B. Data Mining and The Knowledge Discovery Process…………………………………..24
1. Pre-Processing……………………………………………………………………………………..25
2. Data Mining: Descriptive and Predictive Modeling………………………………….28
3. Post-Processing……………………………………………………………………………………30
C. Data Mining and Domestic Security………………………………………………………….33
Part II. Data Aggregation and Data Mining: An Overview of Two Recent Initiatives…35
A. CAPPS II: An Overview…………………………………………………………………………..37
B. Terrorism Information Awareness: An Overview………………………………………..39
1. Massive Database or Distributed Architecture?………………………………………..42
2. TIA and Data Mining……………………………………………………………………………45
3. TIA related programs: Summary…………………………………………………………….48
4. TIA related programs: Epilogue – A Pyrrhic “Victory”……………………………..48
Part III. Data Aggregation and Analysis: Privacy Concerns…………………………………….50
A. Privacy Concerns: An Overview……………………………………………………………….50
1. Information Privacy Law………………………………………………………………………51
2. Privacy Interests in Information……………………………………………………………..55
3. Privacy concerns relating to Information Technology and Domestic Security57
B. Data Aggregation: The Demise of “Practical Obscurity”………………………………58
C. Data Analysis: The “Non-particularized” Search…………………………………………60
D. Data Mining: “Will Not Work.”………………………………………………………………..67
E. Security Risks: Rogue Agents and Attackers………………………………………………73
F. Summary of Privacy Concerns………………………………………………………………….74
Part IV. Building in Technological Constraints – Code is Law…………………………………74
A. Rule-based Processing……………………………………………………………………………..75
1. Proof Carrying Code…………………………………………………………………………….76
2. Data Labeling………………………………………………………………………………………76
3. Analytic Filtering…………………………………………………………………………………77
B. Selective Revelation………………………………………………………………………………..79
C. Strong Credentialing and Audit…………………………………………………………………80
D. Additional Research Areas……………………………………………………………………….81
E. Development Imperative………………………………………………………………………….81
Part V. Conclusion……………………………………………………………………………………………..81

The Columbia Science and Technology Law Review 2003

data-mining-and-domestic-security.pdf