Loss of Privacy

According to a recent, internal Department of Homeland Security report, the ADVISE (Analysis, Dissemination, Visualization, Insight and Semantic Enhancement) system, designed to track terrorists and weapons, violated safeguards to personal data and often ignored federal privacy laws.  Although ADVISE is able to sift through trillions of bits of data, it could be canceled if current reviews find similar problems that the internal report found.

Sifting that enormous mass at lightning speed, ADVISE was to display data patterns visually as “semantic graphs” – a sort of illuminated information constellation – in which an analyst’s eye could spot links between people, places, events, travel, calls, and organizations worldwide.

Yet ADVISE, whose existence and scope were first detailed by the Monitor in February 2006, seems to have run afoul of its own ambitious scope. It failed to incorporate federal privacy laws into its system design. From its earliest days, the system’s pilot programs used “live data, including personally identifiable information, from multiple sources in attempts to identify potential terrorist activity,” but without taking steps required by federal law and DHS’s own internal guidelines to keep that data from being misused, the DHS Office of Inspector General (OIG) said in a June report to Congress, which was made public Aug. 13.

This is not the first time a data-mining project has run into trouble.  The Pentagon shut down TALON because it held files on peace activists.  The TIA (Total Information Awareness) project was also shut down after Americans wrote their Congressmen and protested, leading Congress to go ballistic over the privacy issues of TIA.

Privacy concerns were, again, at the root of the problem with the three ADVISE pilot programs.  It had been up and running for 18 months without notifying Congress of the data it was collecting.  Those in charge of ADVISE, claimed that they didn’t know they had to follow privacy rights on pilot projects.

DHS has not reported how much and what type of personal information was used. One senior DHS official, who agreed to speak only on condition of anonymity, says of the personally identifiable data used by ADVISE: “We have no idea what information or how much was used.”

Larry Orluskie, a spokesman for the DHS science and technology directorate, says a DHS privacy office review of ADVISE last month corroborates the OIG finding that ADVISE “was maybe too zealous in its testing,” he says.

Even so, he says, the ADVISE system is back on track, though he is unsure if the privacy assessment was complete or if operations had resumed. A request for interviews with Undersecretary Cohen or other ADVISE officials went unanswered.

Oh we’re sorry we used your personal information without your permission.  We don’t know what we did but we were overzealous and we fixed that now.  We’re not overzealous now but we still don’t know what the hell we’re doing.

I’m sure they’ll also delete the data already illegally collected.

“In February, the GAO recommended a full-blown data-privacy review of the ADVISE system. Without that, its report said, ADVISE holds “potential for erroneous association of individuals with crime or terrorism and the misidentification of individuals with similar names.””

cough no-fly-list cough cough

Get on one of these lists and you risk not being employed, not being able to travel, and not having a good credit record.  I swear to God, no one is watching the watchers while they plunder our privacy.  Keep an eye here for the next version of ADVISE, set to pick up where ADVISE left off.  Just give it a few months for the dust to settle and people to forget about Echelon, Carnivore, TALON, TIA, and ADVISE.

Beginning next year, every child living in the United Kingdom will be registered in a database that will contain their name, address, gender, and contact details.  This information will be available to a wide range of people in order to “help” the child through their young lives.

It will be available to an estimated 330,000 vetted users. Some of those allowed to check records, such as head teachers, doctors, youth offender and social workers, are uncontroversial, but critics have questioned why other potential users, such as fire and rescue staff, will have access to the database.

This database has the potential to do more harm than good.

The Association of Directors of Children’s Services (ACDS) has written to officials outlining its “significant” concerns about the new system, called ContactPoint, The Times has learnt. Confusion over who is responsible for vetting users and policing the system “may allow a situation where an abuser could be able to access ContactPoint for illegitimate purposes with limited fear of any repercussions”, Richard Stiff, the chairman of the ADCS Information Systems and Technology Policy Committee, said.

As is typical these days, this database was decided to be created after Lord Laming concluded that, if it had existed, a single girl, Victoria Climbié, would not have been murdered.  Hindsight is a beautiful thing.  Wasting £224 million to create a scheme like this, with no discussion or oversight is not going to help.  Neither is the £41 million it will cost to maintain said database.  It is too easy to give out information within the database to those who would abuse it.

In addition to its warning over vetting, the body says that ministers are placing “unreasonable and perhaps undeliverable expectations on local councils” by asking them to guarantee the accuracy of data over which they have little control.

So, local councils are supposed to keep accurate data on its children within their area, however, they have little control over the database in which to keep accurate data.

Concerns have been intensified by the admission that, while every child under 18 in England will have a record, ministers have allowed some children to be given extra protection. The “shielding” mechanism will mean that information on the offspring of some politicians and celebrities could be left off the main database.

So, again, we must keep track of all our children; that is unless they are rich, in which case, they can be kept out of the database.  This “shielding” is nothing more than an admission that the database is insecure, whereby the politicians have said that your children do not matter because they are not privileged.

Ian Brown, a computer security research fellow at the Oxford Internet Institute, said that the scale of the database posed huge risks. “When you have got more than 300,000 people accessing this database, it’s just very difficult to stop the sale of information.”

Exactly!  This is just a convenient database for hundreds of thousands of people to abuse for a few extra Pounds.  Remember, children raised under this type of system will never question the authorities once they become adults.  They will assume that tracking of individuals is normal and those that refuse to comply must be terrorists/rebels/etc.