On October 17 the Electronic Frontier Foundation (EFF) sued the Department of Justice (DOJ) demanding records related to the FBI’s Investigative Data Warehouse (IDW) be released under the Freedom of Information Act (FOIA).
The IDW will basically allow more data mining activities, linking personal information with specific activities to spawn investigations, than ever before.
The EFF brings up an important component and privacy concern; perpetuating incorrect data. If the FBI and other law enforcement and investigative agencies are using this database to make decisions and take actions based upon incorrect information, it could have devastating impact upon the involved individuals.
Another concern is incorrect data mining interpretations and linkages. We’ve already seen many people’s lives disrupted on an ongoing basis under the Transportation Security Authority (TSA) mistakes from their data mining efforts with their Terrorist Screening Center Database (TSCD). Oh, and by the way, it appears this error-riddled TSA database is going to be dumped into this even more behemoth IDW database.
The EFF states within their lawsuit that,
“According to Mr. Lewis, as of March 2005, ‚Äú[t]he database comprise[d] more than 100 million pages of terrorism-related documents, and billions of structured records such as addresses and phone numbers.‚Äù
7. The amount of information contained in the IDW appears to be growing at a tremendous rate. In May 2006, little more than a year after Mr. Lewis quantified the contents of the IDW, FBI Director Robert S. Mueller, III testified to Congress that the “IDW now contains over 560 million FBI and other agency documents.‚Äù Statement of Robert S. Mueller, III, Director, Federal Bureau of Investigation, Before the Senate Committee on the Judiciary (May 2, 2006). According to Mr. Mueller, ‚ÄúNearly 12,000 users can access [the IDW] via the FBI’s classified network from any FBI terminal throughout the globe. And, nearly 30 percent of the user accounts are provided to task force members from other local, state, and federal agencies.”
It is important that the FBI perform a privacy impact assessment (PIA) for the IDW, and post a subsequent privacy impact statement as required by the E-Government Act of 2002. Improper controls of such a huge database of personally identifiable information (PII) could have long-lasting, and even irreversible, impact on many individuals.
One of the data mining tools being used is provided by MicroStrategy. Another is a tool provided by Convera.
The IDW is not new, it was launched in January 2004, so the FBI has had more than sufficient time to perform at least a couple of PIAs and make privacy impact statements available.
How consistently are the sanctions for not complying with the E-Government Act or the FOIA enforced? With no enforced sanctions, where is the motivation for these unwieldingly large agencies to comply?