Report: After a Fight, Fed Terrorism Agency Granted Access to Database on U.S. Citizens

Former Homeland Security Chief Privacy Officer Mary Ellen Callahan, pictured in 2011, was one of the most vocal opponents to the rule change that would allow the National Counterterrorism Center to obtain non-terrorism related datasets from other agencies and keep them for an extended length of time as it tried to find patters in suspicious activities of innocent Americans. (Photo: AP/Carolyn Kaster)

The federal government's top counterterror agency received permission to cull through any government database to gather information on innocent Americans for analysis of potentially suspicious behavior in March. But allowing such a rule change, seen by some as an invasion of citizens' privacy, did not come without an internal battle lasting more than a year, the Wall Street Journal reported.

The changes to guidelines for National Counterterrorism Center was signed by Attorney General Eric Holder earlier this year, allowing the center to obtain and retain information from government datasets for up to five years. NCTC could also permanently retain data it deems "reasonably believed to constitute terrorism information." All of these actions were not allowed in the previous guidelines for obtaining non-terror information from other agencies.

Through Freedom of Information Act requests and interviews, the Wall Street Journal learned more about why the NCTC wanted access to datasets, which hold everything from financial forms to health records to flights taken to lists of American households with foreign-exchange students. It also learned how some internally were fighting to protect the information of innocent citizens in such datasets.

As the WSJ put it, the internal debate was "a confrontation between some who viewed it as a matter of efficiency—how long to keep data, for instance, or where it should be stored—and others who saw it as granting authority for unprecedented government surveillance of U.S. citizens."

One of the databases with some of the most personal information is the Advanced Passenger Information System -- it has name, gender, birth date and travel information for all people who fly in the U.S. This database owned by the Department of Homeland Security is only supposed to maintain information for a year, but NCTC's new guidelines would allow it to keep info well beyond that.

The point of the new rule is to allow the center to pinpoint people who could commit crimes in the future.

Think "probably cause" should prevent innocent people's data from being spied upon? WSJ stated the Fourth Amendment doesn't apply to files created by the government for normal business. Or how about the Federal Privacy Act in 1974, which was intended to prevent just this type of search of government files, WSJ pointed out? There's a loophole for that.

"All you have to do is publish a notice in the Federal Register and you can do whatever you want," Robert Gellman, a consultant specializing in compliance with the Privacy Act, said to WSJ.

But Alexander Joel, a Civil Liberties Protection Officer for the Office of the Director of National Intelligence, which falls above NCTC, said the guidelines have "rigorous oversight" to prevent the information being used for inappropriate reasons. One of these includes that each agency works out terms with NCTC under which it would provide datasets. According to WSJ, the Department of Homeland Security has provided NCTC with one dataset thus far and is ironing out details to hand over three others.

Joel told WSJ the failed underwear bomber in Detroit on Christmas Day in 2009 was cause enough to show that NCTC needed to be able to retain information longer, as it might not be relevant at the time but could be later.

Here's more from WSJ:

To fix problems like these that had cropped up since the Abdulmutallab incident, NCTC proposed the major expansion of its powers that would ultimately get debated at the March meeting in the White House. It moved to ditch the requirement that it discard the innocent-person data. And it asked for broader authority to troll for patterns in the data.

As early as February 2011, NCTC's proposal was raising concerns at the privacy offices of both Homeland Security and the Department of Justice, according to emails reviewed by the Journal.

[...]

At the Department of Justice, Chief Privacy Officer Nancy Libin raised concerns about whether the guidelines could unfairly target innocent people, these people said. Some research suggests that, statistically speaking, there are too few terror attacks for predictive patterns to emerge. The risk, then, is that innocent behavior gets misunderstood—say, a man buying chemicals (for a child's science fair) and a timer (for the sprinkler) sets off false alarms.

Some of these officers also argued that the failure to stop the attempted Christmas Day bomber wasn't because he wasn't targeted already for potential terrorist activities. He was and this would negate arguments for obtaining info on innocent Americans.

One of these officers fighting for protections of innocent people's information was Homeland Security's Chief Privacy Officer Mary Ellen Callahan, who has since joined the private sector. In information obtained by WSJ, she called the rule being proposed at the time "a sea change in the way that the government interacts with the general public."

Be sure to read Julia Angwin's full article in the Wall Street Journal for more details she uncovered about the new rule here. You can also see the 2012 unclassified guidelines for obtaining and retaining government datasets here and its comparison to the 2008 rules here. WSJ posted the emails it received through FOIA requests here.

Featured image via Shutterstock.com.