Interesting People mailing list archives
The sniper case: Privacy and databases
From: David Farber <dave () farber net>
Date: Fri, 25 Oct 2002 13:52:22 -0400
-----Original Message----- From: John Morris <[mailto:jmorris () cdt org]> Sent: Friday, October 25, 2002 1:50 PM To: David Farber Cc: Dempsey, Jim Subject: For IP: The sniper case: Privacy and databases Dave, Your IP readers might be interested in the take of CDT's Jim Dempsey on the use of databases in the sniper investigation. John Morris Center for Democracy & Technology At 12:42 PM -0400 10/25/02, Jim Dempsey wrote:
From: Jim Dempsey <jdempsey () cdt org> Subject: The sniper case: Privacy and databases Date: Fri, 25 Oct 2002 12:42:59 -0400 The argument has been made on at least one list that "Big Brother caught the sniper" - that the police caught the sniper by using massive government databases, citizen informants, and inter-agency government information sharing. I see it differently: The sniper was caught in part using government databases consisting of carefully-defined information collected pursuant to strict guidelines and subject to privacy protections, a citizen responding to leaked (arguably illegally leaked) government information, and traditional police work (including one officer's telephone call to another police officer he knew personally and the non-electronic exchange of information). Most importantly, though, it seems that the case was broken when the sniper (or his accomplice) called police and gave them crucial information. There are also several pieces we don't yet fully know the details of (e.g., how did police trace the call to the priest near Ashland). Nevertheless, it is useful to look at the databases and methods the police used. Information sharing Law enforcement agencies have long been authorized to share information with each other. See, e.g., 18 USC 2517(1) (pre-PATRIOT Act sharing of wiretap info with other investigative or law enforcement officers); 28 USC 534 (codification of provision dating back to the 1921 DOJ appropriations act, authorizing the Attorney General to collect "identification, criminal identification, crime, and other records" and "exchange such records ... with, and for the official use of, authorized officials of the States, cities, and penal and other institutions"). Our privacy rules, such as they are, largely focus on the collection of information. The federal Privacy Act permits all sharing of information for purposes that are "compatible" with the purposes for which the data was initially collected. Fingerprint databases What became the International Association of Chiefs of Police (IACP) was founded in 1893 when police chiefs from all parts of the country met in Chicago to form an organization to share information across jurisdictions and apprehend wanted persons who fled local jurisdictions. In 1897, they created the National Bureau of Criminal Identification, just as the technique of fingerprinting was becoming popularized. In 1924, the IACP's criminal identification files (fingerprints and rap sheets) were turned over to the federal government and used to create the FBI Identification Division, sixty years before 1984's Big Brother. But the key point is this: The database at issue (actually a networked series of databases) is woven through with a series of rules intended to limit its use and protect privacy. * First of all, the fingerprint database consists only of people who have been arrested. That is, they are people for whom there was probable cause to believe that they had already committed a crime. * Second, all information in the database is collected with the knowledge of the record subject. * Third, access to the database is strictly controlled by statute and regulation - by and large, it is available only to law enforcement agencies, and to government agencies and some private sector employers conducting background checks, but only when the legislature has specifically said that the occupation requires a criminal history check. 18 USC 534, Public Law 92-544, 28 CFR. * Huge efforts have been made over the years to improve the data quality of the database, particularly in making sure that it is complete. In recognition of the data quality problem, particularly the fact that the disposition of many arrests are not posted, the federal courts have ruled that it is a violation of federal law to use mere arrests in the database as the basis for employment decisions. * When the database is used for non-criminal justice purposes, it is accessed only with prior written consent of the record subject - a very high standard. * Individuals have an absolute right to access any and all information about themselves that is in the fingerprint/rap sheet database and they have the right to obtain the correction of erroneous or incomplete information. There are also laws providing in some cases for sealing or purging of information. Notwithstanding all of these protections - in some respects, particularly the data quality initiative, because of these protections - the database is very useful to law enforcement agencies. DMV databases The use of car registration databases also is a very interesting example of the rules and privacy protections that have been built up around government databases: The DMV databases are very useful to law enforcement despite being subject to a number of privacy protections. * First, the identifying data are collected only with notice and express prior consent - meaning that everyone in the DMV database knows he is there, was expressly asked to be put in the database, and has a right of access to all information about himself in the database. (In fact, practically everyone in the DMV database carries with himself or herself a copy of the information in the database.) * The information is quite highly accurate. It is regularly updated. Individuals can easily change inaccurate or outdated information. They can purge erroneous information (for example, when they move or get married or divorced and change their name). * The database contains a unique identifiers, but several states, recognizing the privacy and security flaws in the use of the Social Security Number as a single identifier, have allowed their citizens to generate a random number for use in the DMV system, with no degradation in its value for administration of the drivers license system nor its value as an identifier for other criminal law enforcement purposes. On the other hand, many transaction (the use of a credit card, the sending of an email, the use of the telephone) can be effected without showing this identifier. License plates are especially interesting in terms of some of the authentication debates taking place in other contexts, for while it is a unique number, it is not a personal identifier: the person driving the car need not be the person in whose name the car is registered. Also both drivers license data and car registration data are subject to privacy protections. In fact, Congress has adopted a very detailed law (upheld against constitutional challenge by the US Supreme Court) limiting the use of DMV data. 18 USC 2721-2725 Citizen tips Contrast the tip that led to the sniper's arrest to the TIPS program. In the sniper investigation, the police put out a general request for information about suspicious people, posting a hot line number, similar to the hot line number the Justice Department was proposing for the anti-terrorism TIPS program. In the sniper case, the TIPS line generated over 70,000 leads, which consumed huge resources but apparently contributed nothing to the solving of the case - except for the calls that the sniper himself made to line, some of which police ignored or discounted, apparently overwhelmed by the number of crank calls. In contrast, the "tip" that lead to arrest of the suspects related to a very specific piece of information - a license plate number. Disclosure versus secrecy Ironically, the government had not officially made the license plate number public. It was leaked by one or more officers violating (at the very least) the conditions of their employment and the orders of their superiors. This is very interesting in this era of talk about "information sharing," which too often means sharing with a few while keeping from the public. Legislation is now pending in Congress that would make it a crime for a government official to disclose to the public information about cyber-vulnerabilities that has been given the government by the private sector. If a similar criminal penalty had been in place for law enforcement investigative information, the officers who leaked the license plate might have not taken the risk and the sniper might still be on the loose. Private sector databases Much of the current privacy debate focuses on databases in the hands of private commercial entities and the government's desire to mine this data to predict and solve terrorist and other crimes. The key databases in this case were not private sector. Far from having their hands tied by privacy rules, there are many ways in which police access to private sector data remains largely unregulated. J
------------------------------------- You are subscribed as interesting-people () lists elistx com Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- The sniper case: Privacy and databases David Farber (Oct 25)