The Department of Justice has released a report detailing its use of multiple databases and information provided by data brokers to identify identity thieves and patterns of fraud, as well as its plans to build a new database to hunt terrorists.
The data mining programs, which use advanced technologies and concepts such as risk scoring, drew criticism from civil rights advocates for relying on bad data and potentially identifying innocent Americans as criminals.
Sen. Patrick Leahy (D-VT), chairman of the Judiciary Committee, criticized the system as "ripe for abuse," while the ACLU and EFF derided the system's reliance on potentially inaccurate data for making judgments.
The FBI's proposed "System To Assess Risk," or STAR, would measure suspects against data gleaned from a wide variety of sources, including private data resellers such as ChoicePoint.
STAR would then assign a risk score to the suspect based on the data analysis. Much as credit scores are used to determine a borrower's ability to pay a loan or receive new credit, the risk score would be used to determine the likelihood that the suspect is a terrorist or accomplice.
Unlike credit scores, risk scores are built from far larger sources of data, including names, addresses, buying habits, financial records, and in the FBI's case, other "watch lists" and databases of suspects. STAR would measure suspects against names found on terrorist watch lists like those held by the TSA, which has been criticized for containing inaccurate information and penalizing innocent travelers.
The TSA was also criticized for using private contractors to collect information on hundreds of millions of Americans as part of its own proposed antiterrorist verification system, variously called "CAPPS II" and "Secure Flight."
The Secure Flight program was scuttled due to criticism of its vulnerabilities and violation of privacy.
The Department of Homeland Security already has its own terrorism risk score, which it assigns to travelers entering and exiting the United States. The score, which is held for up to forty years, can be shared with other Federal agencies and foreign governments, but Americans are barred from seeing their own scores.
Individuals who score high on a terrorism risk score list can be subjected to heavier scrutiny when traveling, or be added to a "no-fly" list that may bar them from entering or leaving the country.
Risk scores, sometimes called "identity scores," are chiefly used by the financial industry to measure and prevent account fraud.
Individuals opening new bank or credit accounts have their information measured against patterns of fraud and risk, such as opening many new accounts at once or suddenly charging huge balances on a credit card. If the person opening the account has a high risk score, they may be flagged for committing fraud.
Avivah Litan, research analyst for the Gartner group, advocated identity scoring as a stronger tool to combat fraud than credit monitoring, as it drew information from a larger number of sources, but warned that it was also not infallible and was still too new a concept to really take hold in the marketplace.
Risk scoring, like credit scoring, relies on measuring information based on the data provided. Just as credit bureaus are criticized for relying on inaccurate or outdated information to generate credit scores, data brokers generally refuse to be held liable for the accuracy -- or inaccuracy -- of the information they gather and sell.
The Justice Department report, which had been requested several months earlier, came on the heels from statements by Attorney General Alberto Gonzales that he had been unaware of the FBI's abuse of "national security letters," which can be used to access Americans' financial records as part of criminal investigations.
The use of the letters for criminal investigations spurred similar requests by the Pentagon and the CIA. Gonzales claimed he was ignorant of the abuses until he had read about them in a report issued by the FBI's Inspector General, but investigations by the Electronic Frontier Foundation found that he had been briefed months earlier about the use of national security letters and the resultant abuses.