Privacy SOS

Introducing: the digital Stasi

If you make the haystack bigger, the needle will be harder to find, right?

Wrong, the government says. We are no longer on the farm. In the National Counterterrorism Center (NCTC), the bigger the electronic mound of data, the easier to detect any shard aimed at the vitals of the “homeland.” So pile it on!

In this spirit, Attorney General Holder on March 22 signed new “Guidelines for Access, Retention, Use, and Dissemination by the National Counterterrorism Center and Other Agencies of Information in Datasets Containing Non-Terrorism Information.”

“Datasets Containing Non-Terrorism Information”: that’s information about you and me (“US person information”) that can now be copied in its entirety and held by the NCTC for five years (the “temporary retention period”) for data mining purposes (“pattern-based queries and analyses”). And if there is a digital path of some sort connecting you to a friend of a friend of a suspect you can be in there for life: “United States person information that is reasonably believed to constitute terrorism information may be permanently retained.”  

The 2004 Intelligence Reform and Terrorism Prevention Act established the NCTC to be the government’s go-to agency for terrorism information. By 2009, it held some 550,000 identities in its Terrorist Identities Datamart Environment (TIDE) system.

It also had access to 30 or so data sets across the government, including information about refugees, foreign students and international travel. Some data sets were reportedly difficult to deal with because of privacy restrictions. If it inadvertently collected information about “US persons” (citizens and legal residents) that had nothing to do with terrorism, the NCTC was required to purge that information within 180 days.

 For Congressmen like Mike Rogers (R-MI), such limitations were self-defeating.  “NCTC’s success depends on having full access to all of the data that the U.S. has lawfully collected. I don’t want to leave any possibility that another catastrophic attack was not prevented because an important piece of information was hidden in some filing cabinet.”

The Obama Administration has now thrown open the digital filing cabinets, while giving plentiful lip service in the new Guidelines to civil liberties and the protection of privacy.   

But it’s hard to see privacy being protected given the enhanced ability of the NCTC to copy and store all sorts of records about us for five years, and to share them with the dozen or so “partner agencies” that are stationed within the NCTC – including the NSA, CIA, FBI and state agencies. If it “is reasonably believed to be necessary” to protect the safety of persons, property or foreign intelligence sources or prevent a crime or threat to national security or determine “the suitability or credibility of persons who are reasonably believed to be potential sources or contacts” the NCTC can even disseminate this information to its “foreign partners.” 

Why this more intense embrace of Total Information Awareness-style data mining when a multi-year study by the National Research Council has found that data mining is not an effective terrorist-hunting tool and will lead to innocent people being wrongly identified as terrorists?  

Here is the reason given by James Clapper, the Director of National Intelligence: "Following the failed terrorist attack in December 2009, representatives of the counterterrorism community concluded it is vital for NCTC to be provided with a variety of datasets from various agencies that contain terrorism information. The ability to search against these datasets for up to five years on a continuing basis as these updated guidelines permit will enable NCTC to accomplish its mission more practically and effectively."

Really? DNI Clapper, Rep. Rogers, and the Obama Administration are overlooking vital facts about that “failed terrorist attack.” It never would have come to near fruition in December 2009 if the “underwear bomber” Umar Farouk Abdulmutallab had been kept off the plane.  And there was plenty of opportunity to do that, since the young man’s father had in November 2009 told the US Embassy in Abuja, Nigeria as well as CIA officials about his son’s possible ties to extremists in Yemen.  

As a result of his father’s tip, Abdulmutallab’s name and biographical data were deposited in the NCTC’s  TIDE system, which has been notorious for fundamental design flaws that hundreds of millions of dollars failed to fix. And that is where it remained.

Despite the fact that Abdulmutallab had been listed on a UK watch list in May 2009, and despite intelligence about a plot involving a “Nigerian” trained in Yemen, his name was never moved from the TIDE system to the master watch list in the Terrorist Screening Center, maintained by the NCTC’s partner, the FBI. It weighs in at well over a million names.

At the time, the White House reported that Abdulmutallab was allowed on the plane because of a failure of “intelligence analysis” for which the CIA and the National Counterterrorism Center were chiefly responsible. It is hard to see how giving the NCTC still more data to play with will help it and its partner agencies, the FBI and CIA, do a better job of intelligence analysis and “connecting the dots.” 

But it is easy to see how we all become “suspects” once our data is in the NCTC mix.  Interestingly, we already are as far as the Wall Street Journal is concerned:  

“Suspect Data to Be Kept Longer” was the headline over its March 22 article about the new NCTC Guidelines.

© 2021 ACLU of Massachusetts.