June 29th, 2007
Schneier: Will data reuse foster creation of a police state?
The current era of “extreme data collection” puts crytography expert Bruce Schneier in mind of how the government abused US Census data collection during World War II. Writing in Wired, Schneier recalls that Census rules specifically banned the re-use of Census data, precisely so people would provide data without fear of retribution.
But, it turns out, after decades of denial, the Census Bureau was in fact providing to other government agencies specific information on the location of Japanese-Americans. According to USA Today:
[N]ewly released documents show that in 1943, the Census complied with a request by the Treasury Department to turn over names of individuals of Japanese ancestry in the Washington, D.C., area because of an unspecified threat against President Franklin Roosevelt. The list contained names, addresses and data on the age, sex, citizenship status and occupation of Japanese-Americans in the area.
Today, with revelations about NSA warrantless wiretaps and intelligence operations focused within the United States, many citizens are concerned about the potential for similar “data reuse.”
When we think about our personal data, what bothers us most is generally not the initial collection and use, but the secondary uses. I personally appreciate it when Amazon.com suggests books that might interest me, based on books I have already bought. I like it that my airline knows what type of seat and meal I prefer, and my hotel chain keeps records of my room preferences. I don’t mind that my automatic road-toll collection tag is tied to my credit card, and that I get billed automatically. I even like the detailed summary of my purchases that my credit card company sends me at the end of every year. What I don’t want, though, is any of these companies selling that data to brokers, or for law enforcement to be allowed to paw through those records without a warrant.
Data reuse is even more problematic when the data is inaccurate. Errors in demographic marketing data, or even a credit reports, are one thing — but when erroneous data is used to block innocent people from flying or to target them in law enforcement actions, it’s quite another.
A few years ago, the Transportation Security Administration’s follow-on watch list system, Secure Flight, was going to use commercial data to give people a terrorism risk score and determine how much they were going to be questioned or searched at the airport. People rightly rebelled against the thought of being judged in secret, but there was much less discussion about whether the commercial data from credit bureaus was accurate enough for this application.
An even more egregious example of error-rate problems occurred in 2000, when the Florida Division of Elections contracted with Database Technologies (since merged with ChoicePoint) to remove convicted felons from the voting rolls. The databases used were filled with errors and the matching procedures were sloppy, which resulted in thousands of disenfranchised voters — mostly black — and almost certainly changed a presidential election result.
Schenier calls for legislators to take the time to craft laws that require the proper use of technology for data collection. Unrestrained technology will be used to collect everything and reuse it freely.
History will record what we, here in the early decades of the information age, did to foster freedom, liberty and democracy. Did we build information technologies that protected people’s freedoms even during times when society tried to subvert them? Or did we build technologies that could easily be modified to watch and control? It’s bad civic hygiene to build an infrastructure that can be used to facilitate a police state.
