Privacy SOS

When we are all suspects

Hello all you potential terrorists! 

That’s how American citizens and anyone else in the country with any kind of data footprint are regarded these days, thanks to new guidelines for the National Counterterrorism Center (NCTC) which the Obama Administration endorsed last March.

Yesterday, ACLU legislative counsel Chris Calabrese testified before a Congressional committee about the new rules which, he stated, “effectively remove traditional protections for US person information and allow the vast power of the US Intelligence Community to be turned on innocent Americans.”

It was the NCTC – a new layer of bureaucracy created by the 2004 Intelligence Reform and Terrorism Prevention Act to promote effective intelligence collection, sharing, evaluation and dissemination – that dropped the ball in 2009, when it failed to move the name of Christmas Day plotter Umar Farouk Abdulmuttalab from its giant Terrorist Identities Datamart Environment (TIDE) system containing at the time some 550,000 identities to the FBI’s even more massive master watch list in the Terrorist Screening Center. 

It seems that the TIDE system suffered from fundamental design flaws that made data difficult or impossible to search and that it had a tendency to crash. 

You would have thought that a NCTC “fix” would include an effort to address data overload.  Instead, the overload has been hugely ratcheted up, total information awareness-style.

In its report on the changed rules, The Washington Post quotes Rep. Mike Rogers, chair of the House intelligence committee:

“We have been pushing for this because NCTC’s success depends on having full access to all of the data that the U.S. has lawfully collected.  I don’t want to leave any possibility of another catastrophic attack that was not prevented because an important piece of information was hidden in some filing cabinet.”

So they set about to give the NCTC “full access to all of the data that the US has lawfully collected” – and that’s data on all of us, including our travel, tax, health care, education, licensing, benefits, employment and criminal records as well as the mountain of information which the government obtains from commercial data aggregators.

Before the new rules went into effect, a person had to be a terrorist suspect or information collected on him or her had to be related to an actual investigation to be deposited with the NCTC. Any information on innocent people that was inadvertently collected had to be discarded within 180 days. 

Under the new rules, no one is presumed to be innocent. 

Now entire databases of information can be ingested by the NCTC and can be “continually assessed” through data mining techniques for five years. The information they contain may – or may not – be accurate.  Not only that –  if some kind of connection is made to national security, the war on drugs or a suspected crime, the information can be widely shared with “a federal, state, local, tribal or foreign or international entity, or an individual or entity not part of the government.”

In endorsing the new rules, the Obama Administration has ignored the  exhaustive multi-year study carried out by the National Research Council that found that locating terrorists through data mining “is neither feasible as an objective nor desirable” and that it will result in “ordinary law abiding citizens and businesses” being wrongly treated as suspects. 

So how can we begin to restore the presumption of innocence and our privacy rights? We can start by demanding that our Congressional representatives update the woefully antiquated Privacy Act of 1974.

As the ACLU’s Chris Calabrese testified at yesterday’s Congressional hearing, this legislation no longer fulfills its mandate of controlling when records can be collected by the government, when and how they can be disclosed, and giving individuals the ability to correct records being held on them while requiring agencies to ensure that the information is both accurate and secure. 

As a first step, the ACLU is pushing for the passage of S. 1732, the Privacy Act Modernization for the Information Age Act.  Please ask your senators to support it!

© 2021 ACLU of Massachusetts.