As a policy analyst with the Electronic Privacy Information Center, Mr. Mihir Kshirsagar has had an interesting vantage point on the intersection of technological progression with civil liberties. In a recent interview with GlobalPOV, Mr. Kshirsagar shares his thoughts about the importance of government disclosure to the public, the consolidation of disparate government databases, and several other timely topics related to Homeland Security vs. Privacy.

GlobalPOV: Start by telling us a little bit about what Epic does and where you fit into the picture.
MK: Epic is a non-profit public interest research group based in Washington DC. We set up in 1994 to deal with the new threats to civil liberties from new technologies. We were active in the Internet free speech battles, the cryptography battles, and in protecting anonymity online and offline. We’ve also done a lot of work with the Freedom of Information Act (FOIA). After 9/11, we’ve been very much at the center of discussing the implications to civil liberties and privacy of new government security measures.

GlobalPOV: It looks like there have been a number of times where EPIC has sued for access to information. Are you concerned that there’s not enough disclosure around some of the practices that are going on?
MK: That’s absolutely right. It’s a one-way mirror that the government wants to have on us. For example, we’ve sued the Office of Homeland Security for information about its support for a national identity card. We wanted to find out what information they were looking at. And they’ve said they’re not subject to the freedom of information law. And in the new Department of Homeland Security legislation, there is a question whether business information provided to the office would be exempt under the FOIA. We’ve testified on that issue in the House and the Senate. What’s most important is transparency in the government’s decision-making and transparency to the general public.

GlobalPOV: It seems like there’s a natural conflict between the government’s need to act covertly—in order to be effective—and the public’s right to know what’s going on. Do you think there’s a happy medium?
MK: We’re too far on the side of non-disclosure. Take the government’s plan for airline passenger screening. The government has been withholding all information about the program. I can imagine what’s sensitive is how they assign the scores or the specific algorithms that decide a person is a troublemaker. But to not give any information to the public about what databases they’re searching in the first place … I don’t think it would compromise security if we knew that medical records were being searched, if we knew that drivers license databases were being searched. We’re just left to speculate about what they’re looking into.

GlobalPOV: It seems like the consolidation of a lot of different types of data is going to be a major initiative for the government re. Homeland Security. Where are these conversations being made in the public domain? Is anyone really talking about this now?
MK: No…they really aren’t being discussed enough right now. There are groups like us that would like more discussions like these to take place in the public domain. But as of now, a lot of this is being funded and discussed within the government. Admiral John Poindexter—who was National Security Advisor to Reagan and Bush (the first one)—set up a program called “Total Information Awareness Project.” It envisions collecting information about everyone and building risk profiles, and using those risk profiles presumably as a way of predictive surveillance, so they can stop people from doing bad things before they do them. Already, there are four prototypes that have been submitted to the Transportation Security Administration for air travel. It’s called the ‘computer-assisted passenger prescreening program.’ They talk about connecting into commercial databases and government databases to build a risk profile on all passengers.

GlobalPOV: EPIC has looked at corporate misuse of information in the past. Does it concern you to think about the two separate domains—government information and commercial information—being pulled together into one consolidated area?
MK: In the early days of commercial databases, companies would say don’t worry…we’re only collecting this information for marketing purposes. And we said that once they collected the information, there would be other uses for it, and specifically the government would want access to it. And the commercial companies said no, that’s never going to happen…we would never turn the information over. Now, we’re seeing that these companies are voluntarily handing over this information or trying to get contracts where they can sell the credit histories and other profiling information about people to the government.

GlobalPOV: Do you see any correlation between the new ‘threat rating’ and the credit scores?
MK: One of the 4 teams of private contractors that are coming up with prototypes is HNC, which is also now part of the Fair Isaac Corporation. So the exact same company that did the credit scoring is now setting up the risk profiles. It is remarkable how these entities are going to the government and saying what didn’t seem to work too terribly well for the commercial sector … why don’t you use it for profiling terrorists.

GlobalPOV: Seems like after Sept. 11, everyone was willing to trust that the right actions were being taken, and any grumblings were perceived as unpatriotic. How do you get people to start asking the right questions?
MK: Initially any sort of sign that you are skeptical about a government program or security measure was immediately seen as you are challenging America. But that is something that is changing with the slew of court decisions that have done back some of the egregious oversteps the government has taken with security powers has aided that process. And there are several senators—Patrick Leahy, for example—who has talked about how questioning the government is quintessentially being American. One of the hard questions for homeland security data sharing is that we all know that garbage in is garbage out – so what happens when these commercial databases that have poor data in them become the basis of possibly detention, or preventing you from boarding a plane or getting a job? There are a number of ways that this information could be used that would have very severe consequences. And if we know that the information is not reliable—which has been well documented—or that a lot of these algorithms throw out false positives and false negatives, how are we going to deal with those questions and those problems. We cannot abandon the skeptical outlook, because otherwise we’re just going to accept wholesale a program that doesn’t make much sense at all.

GlobalPOV: What kind of actions would prevent something similar to Japanese internment? How are the attitudes different today?
MK: I think we’ve hopefully learned from history that those things should not be repeated. But there are always new challenges, and one of them is to what degree will we tolerate the predictive surveillance of innocent people. If we accept an all-purpose profiling system to look into our past, our background, our credit histories and the other various bits of data that make a story about a person – is that something that we’re willing to tolerate? And that’s the kind of change that will always be with us if we go down that path. I think that’s really where we need to start asking questions, because these profiling schemes are not about terrorism. I think any expert in the field would tell you that it’s incredibly hard to know what you’re searching for. There are huge quantities of data, data visualization issues, problems of developing a good algorithm, and barriers to the data sharing that are institutional. Given all those considerations, what is this profiling scheme actually going to be good for? One of the things would be an all-purpose police stop. So if you have somebody with an outstanding police warrant who goes through an airport—they’ll be arrested. Or somebody who exhibits suspicious or unusual behavior will be flagged by the system. It’s really not clear how this system would be a good security measure. But the government is so fearful about being accused of not connecting the dots that they would be fund anything that would make them look like they’re trying to do just that. The government appears to be investing in creating ever more dots rather than working on better connecting the existing dots through analysis and human intelligence.

GlobalPOV: How can people can involved?
MK: One of the things that they should be actively looking at is the legislation that’s going to authorize this new Homeland Security Department. What kinds of institutional protections will be put in place to make sure the data sharing that does happen happens with proper public and judicial oversight. We’re not saying that they shouldn’t use the data, but there are certain procedures and Congressional oversight where when you are looking, it’s done appropriately and with appropriate limitations. The other one would be to closely follow how the Transportation Security Administration plans to roll out this CAPPS program, which is seeking an additional $45 million to continue funding it this year – and it’s going to become operational next year. The average Joe needs to contact their Congressman and ask hard questions … what is this being used for, are there any limits on its use, will it be transparent … questions like that.

You can imagine a situation where you are pulled out of an airport line and you don’t even know why … and you won’t be told because there’s a national security reason for not telling you.

GlobalPOV: So there would be little recourse…
MK: Right. The way it’s set up right now—what recourse would a person have? If we don’t ask the questions, these systems will be developed and we’ll have to confront those questions when it’s already active.

It’s a huge problem. You have the computing power, you have the ability to tap into these different databases, and you have now the money and the purposes. So now you’re faced with a really different type of system that hasn’t been used before. How do you go about making sure it’s properly used—if at all? There are so many new measures coming out. There’s a lot of money, and a lot of power behind most of these proposals

• Respond on the Message Board
• Back to Previous Page