[IP] The sniper case: Privacy and databases

[David Farber <dave@farber.net>]

-----Original Message-----
From: John Morris <[mailto:jmorris@cdt.org]> 
Sent: Friday, October 25, 2002 1:50 PM
To: David Farber
Cc: Dempsey, Jim
Subject: For IP: The sniper case: Privacy and databases

Dave,

Your IP readers might be interested in the take of CDT's Jim Dempsey 
on the use of databases in the sniper investigation.

John Morris
Center for Democracy & Technology


At 12:42 PM -0400 10/25/02, Jim Dempsey wrote:
>From: Jim Dempsey <jdempsey@cdt.org>
>Subject: The sniper case: Privacy and databases
>Date: Fri, 25 Oct 2002 12:42:59 -0400
>
>The argument has been made on at least one list that "Big Brother 
>caught the sniper" - that  the police caught the sniper by using 
>massive government databases, citizen informants, and inter-agency 
>government information sharing.
>
>I see it differently: The sniper was caught in part using government 
>databases consisting of carefully-defined information collected 
>pursuant to strict guidelines and subject to privacy protections, a 
>citizen responding to leaked (arguably illegally leaked) government 
>information, and traditional police work (including one officer's 
>telephone call to another police officer he knew personally and the 
>non-electronic exchange of information). Most importantly, though, 
>it seems that the case was broken when the sniper (or his 
>accomplice) called police and gave them crucial information.
>
>There are also several pieces we don't yet fully know the details of 
>(e.g., how did police trace the call to the priest near Ashland).
>
>Nevertheless, it is useful to look at the databases and methods the 
>police used.
>
>Information sharing
>
>Law enforcement agencies have long been authorized to share 
>information with each other.  See, e.g., 18 USC 2517(1) (pre-PATRIOT 
>Act sharing of wiretap info with other investigative or law 
>enforcement officers); 28 USC 534 (codification of provision dating 
>back to the 1921 DOJ appropriations act, authorizing the Attorney 
>General to collect "identification, criminal identification, crime, 
>and other records" and "exchange such records ... with, and for the 
>official use of, authorized officials of the States, cities, and 
>penal and other institutions").
>
>Our privacy rules, such as they are, largely focus on the collection 
>of information.  The federal Privacy Act permits all sharing of 
>information for purposes that are "compatible" with the purposes for 
>which the data was initially collected.
>
>Fingerprint databases
>
>What became the International Association of Chiefs of Police (IACP) 
>was founded in 1893 when police chiefs from all parts of the country 
>met in Chicago to form an organization to share information across 
>jurisdictions and apprehend wanted persons who fled local 
>jurisdictions.  In 1897, they created the National Bureau of 
>Criminal Identification, just as the technique of fingerprinting was 
>becoming popularized.  In 1924, the IACP's criminal identification 
>files (fingerprints and rap sheets) were turned over to the federal 
>government and used to create the FBI Identification Division, sixty 
>years before 1984's Big Brother.
>
>But the key point is this: The database at issue (actually a 
>networked series of databases) is woven through with a series of 
>rules intended to limit its use and protect privacy.
>
>*  First of all,  the fingerprint database consists only of people 
>who have been arrested.  That is, they are people for whom there was 
>probable cause to believe that they had already committed a crime.
>
>*  Second, all information in the database is collected with the 
>knowledge of the record subject.
>
>*  Third, access to the database is strictly controlled by statute 
>and regulation - by and large, it is available only to law 
>enforcement agencies, and to government agencies and some private 
>sector employers conducting background checks, but only when the 
>legislature has specifically said that the occupation requires a 
>criminal history check.  18 USC 534, Public Law 92-544, 28 CFR.
>
>*  Huge efforts have been made over the years to improve the data 
>quality of the database, particularly in making sure that it is 
>complete.  In recognition of the data quality problem, particularly 
>the fact that the disposition of many arrests are not posted, the 
>federal courts have ruled that it is a violation of federal law to 
>use mere arrests in the database as the basis for employment 
>decisions.
>
>*  When the database is used for non-criminal justice purposes, it 
>is accessed only with prior written consent of the record subject - 
>a very high standard.
>
>*  Individuals have an absolute right to access any and all 
>information about themselves that is in the fingerprint/rap sheet 
>database and they have the right to obtain the correction of 
>erroneous or incomplete information.  There are also laws providing 
>in some cases for sealing or purging of information.
>
>Notwithstanding all of these protections - in some respects, 
>particularly the data quality initiative, because of these 
>protections - the database is very useful to law enforcement 
>agencies.
>
>DMV databases
>
>The use of car registration databases also is a very interesting 
>example of the rules and privacy protections that have been built up 
>around government databases:  The DMV databases are very useful to 
>law enforcement despite being subject to a number of privacy 
>protections.
>
>*  First, the identifying data are collected only with notice and 
>express prior consent - meaning that everyone in the DMV database 
>knows he is there, was expressly asked to be put in the database, 
>and has a right of access to all information about himself in the 
>database.  (In fact, practically everyone in the DMV database 
>carries with himself or herself a copy of the information in the 
>database.)
>
>*  The information is quite highly accurate.  It is regularly 
>updated.  Individuals can easily change inaccurate or outdated 
>information. They can purge erroneous information (for example, when 
>they move or get married or divorced and change their name).
>
>*  The database contains a unique identifiers, but several states, 
>recognizing the privacy and security flaws in the use of the Social 
>Security Number as a single identifier, have allowed their citizens 
>to generate a random number for use in the DMV system, with no 
>degradation in its value for administration of the drivers license 
>system nor its value as an identifier for other criminal law 
>enforcement purposes.  On the other hand, many transaction (the use 
>of a credit card, the sending of an email, the use of the telephone) 
>can be effected without showing this identifier.
>
>License plates are especially interesting in terms of some of the 
>authentication debates taking place in other contexts, for while it 
>is a unique number, it is not a personal identifier: the person 
>driving the car need not be the person in whose name the car is 
>registered.
>
>Also both drivers license data and car registration data are subject 
>to privacy protections.  In fact, Congress has adopted a very 
>detailed law (upheld against constitutional challenge by the US 
>Supreme Court) limiting the use of DMV data.  18 USC 2721-2725
>
>Citizen tips
>
>Contrast the tip that led to the sniper's arrest to the TIPS 
>program. In the sniper investigation, the police put  out a general 
>request for information about suspicious people, posting a hot line 
>number, similar to the hot line number the Justice Department was 
>proposing for the anti-terrorism TIPS program.  In the sniper case, 
>the TIPS line generated over 70,000 leads, which consumed huge 
>resources but apparently contributed nothing to the solving of the 
>case - except for the calls that the sniper himself made to line, 
>some of which police ignored or discounted, apparently overwhelmed 
>by the number of crank calls.
>
>In contrast, the "tip" that lead to arrest of the suspects related 
>to a very specific piece of information - a license plate number.
>
>Disclosure versus secrecy
>
>Ironically, the government had not officially made the license plate 
>number public.  It was leaked by one or more officers violating (at 
>the very least) the conditions of their employment and the orders of 
>their superiors.  This is very interesting in this era of talk about 
>"information sharing," which too often means sharing with a few 
>while keeping from the public.  Legislation is now pending in 
>Congress that would make it a crime for a government official to 
>disclose to the public information about cyber-vulnerabilities that 
>has been given the government by the private sector.  If a similar 
>criminal penalty had been in place for law enforcement investigative 
>information, the officers who leaked the license plate might have 
>not taken the risk and the sniper might still be on the loose.
>
>Private sector databases
>
>Much of the current privacy debate focuses on databases in the hands 
>of private commercial entities and the government's desire to mine 
>this data to predict and solve terrorist and other crimes.  The key 
>databases in this case were not private sector.  Far from having 
>their hands tied by privacy rules, there are many ways in which 
>police access to private sector data remains largely unregulated.  J

-------------------------------------
Archives at: http://www.interesting-people.org/archives/interesting-people/