Keeping Snoops Out of Your Genes

BusinessWeek ^ | April 1, 2004 | Jane Black

[MikeJ75]

Safeguarding your DNA is a huge 21st century privacy issue, says author George Annas. So why is the government sitting on its hands?

In an election year, only vote-getting legislation seems to get Congress' attention. So I suppose it comes as no surprise that an important House bill, the Genetic Nondiscrimination in Health Insurance & Employment Act, has quietly been shunted -- once again -- to the bottom of the agenda. The bill, sponsored by Representative Louise Slaughter (D-N.Y.), would, as the name suggests, forbid employers from using genetic information to make hiring decisions or insurers from denying coverage or raising premiums.

[Ronaldus Magnus]

Pardon my defense of greater levels of legislation, but this bill has to pass this time. Technology is now available to retrieve DNA from finger print cards and signed documents, and several private companies have begun offering the service. Since the information I have written on countless medical forms can legally be added to my permanent medical record, so too could the medical information I inadvertently left in my DNA scattered on those same medical forms.

Admittedly, this is an extreme example. The samples taken when I donate blood could be more easily used. It would be a great disappointment to me for my life insurance policy to be canceled on the basis of a previously undiagnosed genetic ailment. There are somethings that I would prefer everyone, myself included, not know.

[Eva]

The other side of the story:

AT WAR

The 'Privacy' Jihad
"Total Information Awareness" falls to total Luddite hysteria.

BY HEATHER MAC DONALD
Thursday, April 1, 2004 12:01 a.m. EST

The 9/11 Commission hearings have focused public attention again on the intelligence failures leading up to the September attacks. Yet since 9/11, virtually every proposal to use intelligence more effectively--to connect the dots--has been shot down by left- and right-wing libertarians as an assault on "privacy." The consequence has been devastating: Just when the country should be unleashing its technological ingenuity to defend against future attacks, scientists stand irresolute, cowed into inaction.

The privacy advocates--who range from liberal groups focused on electronic privacy, such as the Electronic Privacy Information Center, to traditional conservative libertarians, such as Americans for Tax Reform--are fixated on a technique called "data mining." By now, however, they have killed enough different programs that their operating principle can only be formulated as this: No use of computer data or technology anywhere at any time for national defense, if there's the slightest possibility that a rogue use of that technology will offend someone's sense of privacy. They are pushing intelligence agencies back to a pre-9/11 mentality, when the mere potential for a privacy or civil liberties controversy trumped security concerns.





The privacy advocates' greatest triumph was shutting down the Defense Department's Total Information Awareness (TIA) program. Goaded on by New York Times columnist William Safire, the advocates presented the program as the diabolical plan of John Poindexter, the former Reagan national security adviser and director of Pentagon research, to spy on "every public and private act of every American"--in Mr. Safire's words.
The advocates' distortion of TIA was unrelenting. Most egregiously, they concealed TIA's purpose: to prevent another attack on American soil by uncovering the electronic footprints terrorists leave as they plan and rehearse their assaults. Before terrorists strike, they must enter the country, receive funds, case their targets, buy supplies, and send phone and e-mail messages. Many of those activities will leave a trail in electronic databases. TIA researchers hoped that cutting-edge computer analysis could find that trail in government intelligence files and, possibly, in commercial databases as well.

TIA would have been the most advanced application yet of "data mining," a young technology which attempts to make sense of the explosion of data in government, scientific and commercial databases. Through complex algorithms, the technique can extract patterns or anomalies in data collections that a human analyst could not possibly discern. Public health authorities have mined medical data to spot the outbreak of infectious disease, and credit-card companies have found fraudulent credit-card purchases with the method, among other applications.

But according to the "privacy community," data mining was a dangerous, unconstitutional technology, and the Bush administration had to be stopped from using it for any national-security or law-enforcement purpose. By September 2003, the hysteria against TIA had reached a fevered pitch and Congress ended the research project entirely, before learning the technology's potential and without a single "privacy violation" ever having been committed.

The overreaction is stunning. Without question, TIA represented a radical leap ahead in both data-mining technology and intelligence analysis. Had it used commercial data, it would have given intelligence agencies instantaneous access to a volume of information about the public that had previously only been available through slower physical searches. As with any public or private power, TIA's capabilities could have been abused--which is why the Pentagon research team planned to build in powerful safeguards to protect individual privacy. But the most important thing to remember about TIA is this: It would have used only data to which the government was already legally entitled. It differed from existing law-enforcement and intelligence techniques only in degree, not kind. Pattern analysis--the heart of data mining--is conventional crime-solving, whether the suspicious patterns are spotted on a crime pin map, on a city street, or in an electronic database.

The computing world watched TIA's demolition and rationally concluded: Let's not go there. "People and companies will no longer enter into technology research [involving national-security computing] because of the privacy debates," says a privacy officer for a major information retrieval firm.





But the national-security carnage was just beginning. Next on the block: a biometric camera to protect embassies and other critical government buildings from terrorist attack; and an artificial intelligence program to help battlefield commanders analyze engagements with the enemy. In the summer of 2003, New York Times columnists Maureen Dowd and Mr. Safire sneered at the programs, portraying them as--once again--the personal toys of the evil Mr. Poindexter to invade the privacy of innocent Americans. The Dowd-Safire depictions of the projects were fantastically inaccurate; but Pentagon researchers, already reeling from the public-relations disaster of TIA, cancelled both projects without a fight. Special forces leaders in Afghanistan and embassies in terror-sponsoring states will just have to make do.
The privacy vigilantes now have in their sights an airline-passenger screening system and an interstate network to share law enforcement and intelligence information. Both projects could soon go down in flames. As to whether that would be in the national interest, readers should ask themselves if they would be happy to fly seated next to Mohamed Atta. If yes, they needn't worry about the cancellation of the Computer Assisted Passenger Prescreening System (known as Capps II). And if they don't care whether police can track down a child abductor within minutes of his crime, then they shouldn't care about the crippling of the Multistate Anti-Terrorism Information Exchange, either.

Capps II seeks to verify that an airline passenger is who he says he is and has no terrorist ties. To that end, the program would ask passengers to supply their name, address, phone number and date of birth upon purchasing a plane ticket. A commercial databank would cross-check those four identifiers against its own files to see if they match up. Next, Capps II would run the passenger's name through antiterror intelligence files. Depending on the results of both checks, the system would assign a risk score to air travelers--acceptable, unknown or unacceptable.

Privacy zealots have mischaracterized Capps II as a sinister rerun of TIA--which it is not, since it has nothing to do with data mining--and as a plot to trample the privacy rights of Americans. They argue that, by asking your name and other minimal identifying information already available on the Internet and in countless commercial and government data bases, aviation officials are conducting a Fourth Amendment "search" of your private effects for which they should obtain a warrant based on probable cause that you have committed a crime. Such a broad reading of the Constitution is groundless, but even were the collecting of publicly available information a "search," it is clearly reasonable as a measure to protect airline safety.

Development of Capps II has come to a halt, due to specious privacy crusading. Air passengers can only hope that when the next al Qaeda operative boards a plane, baggage screeners are having a particularly good day, free of the human errors that regularly let weapons on board.

Also under a death sentence: a state-run law enforcement program called "Multistate Anti-Terrorism Information Exchange."Known as Matrix, it allows police officers to search multiple law-enforcement databases and public records in the blink of an eye after a crime has been committed. It uses only information that law enforcement can already routinely access: its own records on suspects, convicts and sexual offenders, as well as publicly available data from county courthouses, telephone directories and business filings. Strong protections against abuse are built into the system.

Matrix developers had hoped to allow law enforcement agencies nationwide to instantaneously connect the dots about itinerant felons like the D.C. snipers. That won't happen, however, thanks to the lies of the privacy community. Using the familiar tactic of tying the hated program to TIA and data mining, and of invoking Big Brother totalitarianism, the advocates have browbeaten nearly two-thirds of the states that had originally joined the data-sharing pact into withdrawing from it.





The bottom line is clear: The privacy battalions oppose not just particular technologies, but technological innovation itself. Any effort to use computerized information more efficiently will be tarred with the predictable buzzwords: "surveillance," "Orwellian," "Poindexter." This Luddite approach to counterterrorism could not be more ominous. The volume of information in government intelligence files long ago overwhelmed the capacity of humans to understand it. Agents miss connections between people and events every day. Machine analysis is essential in an intelligence tidal wave.
Before the privacy onslaught, scientists and intelligence officials were trying to find ways of identifying those fanatics who seek to destroy America before they strike again. Now many avenues are closed to them. This despite the fact that proposals for assessing risk in such areas as aviation do not grow out of an omnivorous desire to "spy on citizens" but out of a concrete need to protect people from a clear threat. And since 9/11, no one's "privacy rights" have been violated by terror pre-emption research.

The "privocrats" will rightly tell you that eternal vigilance is the price of liberty. Trouble is, they're aiming their vigilance at the wrong target.

Ms. Mac Donald is a fellow at the Manhattan Institute. This is

[agitator]