OPINION
The New Security Threat: Federal Bureaucrats

A new threat to national security surfaced this week and if federal agencies fail to address it, they could hamstring important tools to catch terrorists. The General Accounting Office (GAO) reported this week that federal agencies are breaking privacy and security laws while conducting data-mining activities. According to the GAO, of the five federal agencies examined, "none followed all key procedures."

The GAO looked at: an Agriculture Department Risk Management Agency program to detect federal crop insurance fraud, a State Department General Services Administration system that monitors employee use of government charge cards, the FBI's Foreign Terrorist Tracking Task Force to detect terrorist activities, the Internal Revenue Service's Reveal system to find financial fraud and terrorist activity, and the Small Business Administration's system to measure and manage risk in two loan programs.

Lack of Commitment

Only three of the above agencies prepared privacy impact assessments which outline with whom data will be shared and how it will be used and protected. Some might think this failure is not such a big deal , but what it shows is a lack of commitment to follow rules set out for managing data and respecting individual privacy.

Senator Daniel Akaka, ranking member of the Senate Subcommittee on the Oversight of Government Management, made this point clear when he said, "having policies and safeguards in place will not work if agencies are not following the law."

Government bodies that don't follow the law are a big deal, and this will affect current and future debates over how and whether government should be empowered to collect data. Predicting terrorist behavior is a useful function and the Total Information Awareness (TIA) program of the Defense Advanced Research Projects Agency (DARPA) set out to do just that.

However, the TIA lost funding and one of the key reasons was that the public and lawmakers distrusted federal bureaucrats. But such a program is looking more necessary as terrorists still want to harm Americans and the technology to do it becomes more widespread. There's also new evidence that data mining to stop terrorists is working.

Data Breach?

Recently, it emerged that a Defense Department unit was following Mohammed Atta and other terrorists more than a year before the attacks on New York and Washington. The information from the program, called "Able Danger," was not used because apparently Defense Department lawyers thought they might be breaking legal guidelines. Obviously, there is a real need to lay out very clearly what agencies can and can't do, and perhaps that's something that can be worked into the computing machinery that drives the data-mining programs.

The GAO also reported that while all the agencies "followed a number of key security procedures," neither the FBI nor Agriculture had tested security contingency plans which are "a key requirement for adequate security planning." This type of news is disturbing and gives credence to critics who claim government can't be trusted with personal data.

In responding to the news of Able Danger, Timothy Sparapani, a legislative counsel for the American Civil Liberties Union, told the New York Sun that "The American public's most sensitive personally identifiable information should not be subjected to this kind of experiment unless and until we have some kind of confidence that society is going to get some kind of tangible benefit out of it."

Preserving Faith

He's right that government has no business collecting massive amounts of data if there's no benefit, and the benefits will only arrive if government knows when it can act and actually follows the law.

The world has become a more dangerous place and America remains a big target. In order to catch terrorists before they act, strong intelligence gathering is necessary. But it won't happen if the American public loses faith in government's ability to follow the law. To safeguard the nation, federal bureaucrats need to address the widening trust and credibility gap.