 | |
| |
TechnologyDaily Mobile
No Consent For The ADVISE Program
by Chris Strohm
Lawmakers and their aides say they have not been able to get adequate information on a new data-mining program under development by the Homeland Security Department. That has raised concerns that the effort may be inappropriately using information on U.S. citizens in violation of federal privacy laws.
Homeland Security has spent about $40 million developing the analysis, dissemination, visualization, insight and semantic enhancement program. Known by the acronym ADVISE, the program uses semantic graphs to analyze data. The graphs can identify relationships between disparate information, including that on people to theoretically find terrorism links. The program is under development by the department's science and technology directorate and being operationally tested by its intelligence and analysis office.
"Congress has never been shown a program plan. We don't know what the end game is on it," said a congressional aide who asked to remain anonymous. "Usually when you sink $40 million into something ... you have a plan. You know what you want to accomplish. You have it programmed out. You have critical milestones, and you know what you're going to call successes and what you're going to call failures. They don't have any of that."
The Testing And Watchdog Phases
Alexandra Landsberg, the department's program manager for ADVISE, said the system will remain in a testing phase for at least a year and possibly as long as two years. She said the department's Immigration and Customs Enforcement division likely will begin testing it within eight months.
But the fate of the program could depend on the results of two government investigations. The investigations were ordered by congressional appropriators, frustrated that they were not getting adequate information from the department.
A Government Accountability Office review is expected Feb. 28. The report will examine the planned uses and associated benefits of ADVISE, as well as look at the potential privacy issues of using the program's tools and technology, said Linda Koontz, director of information management issues for GAO.
Homeland Security's inspector general, meanwhile, investigating how the intelligence and analysis directorate is using ADVISE. That report is expected Jan. 23.
The congressional aide noted that Homeland Security ran into trouble with another data-mining program for screening airline passengers. In July 2005, GAO concluded that the Secure Flight program used personal information of passengers in violation of privacy laws. The program has been stalled ever since.
Disputed Data
Congressional appropriators and Homeland Security officials are at odds over whether ADVISE is using personal information on U.S. citizens.
In the conference report accompanying the law to fund Homeland Security in fiscal 2007, appropriators wrote that analysts in the department's intelligence and analysis division are testing ADVISE "using departmental and other data, including some on U.S. citizens." Last May, House Appropriations Committee ranking Democrat David Obey of Wisconsin and Homeland Security Appropriations Subcommittee ranking Democrat Martin Olav Sabo of Minnesota, said a database from the Transportation Security Administration was being used to test the program.
"Staff recently learned that the department has used its databases, some of which contain information on U.S. persons, to test ADVISE," the lawmakers wrote in a letter to GAO. "One database that we have learned has been used to test ADVISE is the 'TSA WATCHLISTS listserv,' which we have been told contains information on 'cleared' individuals whose names are the same as names on the watch list."
The lawmakers said the department should have issued a privacy impact assessment before it began testing ADVISE with information on U.S. citizens.
Homeland Security spokesman Kirk Whitworth said the intelligence and analysis division is not using personal information on U.S. citizens to test the program. He said the office is using "existing data sources" but would not explain what kind of data that is.
He declined to comment on whether it includes information on foreigners. "And how [the office] will use this technology in the future will be determined by the results of our testing," he added.
Gauging Privacy Protections
Landsberg said a privacy impact assessment for intelligence and analysis' testing of the system will be completed in November. She said other privacy impact assessments would be done as needed when other department components begin testing ADVISE.
"It all depends on what you put into that database," she said. For example, she said an independent evaluation of the program is being done at Johns Hopkins University using information generated by computers, meaning it does not include data on real people.
Homeland Security's science and technology directorate also is using data on biological pathogens and gene sequences to test the program, Landsberg said.
Landsberg described ADVISE as "a set of tools to ingest, analyze and visualize massive amounts of data." But she said the program does not collect information by scouring the Internet or people's e-mails, as some critics have suggested. Rather, once information is collected it can be fed into ADVISE for analysis.
Still, the program clearly has the capacity to crunch data on people and was identified in an August inspector general's report as one of 12 data-mining programs being used by Homeland Security personnel. "[A] simple semantic graph can link people, workplaces and towns, as well as indicate a relationship with various friends," the IG said. "Studying the links can assist in understanding the relationships between entities, and help identify threats and vulnerabilities."
The uncertainty of how Homeland Security agencies are using ADVISE has raised concerns among privacy advocates. "I think their track record is that they have not been very forthcoming with respect to the kinds of information that these systems contain," said David Sobel, senior counsel of the Electronic Frontier Foundation. "I think that this really cries out for aggressive congressional oversight."
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
