Lawyers at the Homeland Security Department are trying to address privacy concerns now so that DHS can use big data to stop national security threats without running afoul of the law.
Big data is becoming increasingly attractive to law enforcement as terrorists and other adversaries adapt technology that skirts traditional wiretaps and signals intelligence, said DHS General Counsel Stevan Bunnell in a speech at the American Bar Association Homeland Security Institute in late August.
“How the courts, Congress and the general public react to what I predict will be an expanded use of big data will depend on whether DHS and other security agencies put in place credible internal controls and administrative privacy protections,” he said. “If we don’t do it ourselves, some courts will very likely do it for us.”
Since 2013, when Edward Snowden revealed the extent of the National Security Agency’s surveillance methods, the nation’s adversaries have become smarter about how they communicate, Bunnell said. Cloud technology has made their job easier. Data stored in countries with more restrictive privacy laws may be out of the reach of U.S. authorities, he added.
Thus, big data and predictive analytics — the concept of using various information to predict trends and patterns — could help DHS decide where to put its limited resources.
“This is, frankly, not all that different from what Google, Amazon and many other Internet companies do everyday to figure out how to targeting advertising to each of you,” he said.
DHS already employs big-data analytics to screen the two million airline passengers that enter U.S. skies each day, he said.
“It’s not possible to do a thorough screening and search of every airline passenger or every arriving international traveler,” he said. “We need to rely on risk algorithms, run through large collections of data, to allow us to be smarter about who we send through secondary screening and who we don’t.”
But the way the government collects and analyzes data has raised concerns in the United States and elsewhere. Increasingly the courts — once largely deferential to the government’s national needs — increasingly share those concerns, Bunnell said.
“I was the criminal chief that approved the attachment of the GPS device,” Bunnell said. “It seemed like a good idea at the time. He was, by the way, a drug dealer.”
Applying big-data analytics more broadly to the DHS’ varied missions on land, sea, air and cyberspace would be a massive undertaking, hampered by expensive and aging information technology systems that do not work together, as a 2014 White House report noted.
Bunnell sees those problems disappearing, as newer, more powerful technology becomes less expensive and easier to use. The legal pitfalls will remain.
DHS plans to expand a multi-year pilot program that pools data from various components to be searched and analyzed. The DHS components responsible for the individual data sets have worked with the department’s privacy, civil liberties and legal experts to tag the data so that its use can be controlled. The department can limit where the information goes and track its source as well, Bunnell said.
“As we scale this pilot up and implement it to all of DHS, it will be important to institutionalize robust privacy protections and monitor their effectiveness,” he said. “How well we do that will, no doubt, impact the degree of concern courts and others may have in the future about the privacy implications of an expanded use of big-data analytics.”
The United States has been in talks with the European Union, Canada and Mexico about ways to share data without violating other countries’ more protective privacy laws. The United States will have to accommodate at least some of those laws, Bunnell said.
“If we want to do big data right, we need lots of data, which means we need international data,” he said.
The United States is close to reaching an agreement with the European Union, he said.