Opposites Agree on Data Mining's Importance and the Need for Controls

By Joseph Straw


In 2005, then U.S. Rep Curt Weldon of Pennsylvania alleged that Able Danger, an older, secret DoD data mining program, had identified 9-11 hijacker Mohammad Atta as a potential threat well before the attacks. While the Pentagon ordered personnel not to testify before Senate Judiciary Committee, which investigated the case, Weldon changed his story and the Senate committee found that the program had not identified Atta.

Addressing data mining’s baggage, Paul Pillar, a former CIA officer and a member of The Constitution Projects’ Liberty and Security Committee, which issued the report, explained that anyone who wants governments to “connect the dots” to fight terrorism supports data mining.

“‘Connecting the dots' is link analysis,” Pillar said, warning that even robust, constitutionally sound data mining is not a panacea against terrorism. “It’s a matter of improving the odds. It’s not a matter of certainty, it’s not a matter of predicting outcomes.”

Panelist Mary Ellen Callahan, chief privacy officer of the Department of Homeland Security, said that the critical protection against abuse and false positives in data mining is the moment of human intervention, when an investigator follows up a lead that mining software has generated. Yet she expressed the agency's support for disclosure and transparency in data mining programs.

“I think that these are key elements for people to keep working on, and to keep improving," Callahan said.

At its best, Pillar said, data mining identifies the innocent so law enforcement can focus on those who bear risk.

“We’re looking to improve the odds for the good guys in a business where there’s no certainty,” Pillar said.

The reports recommendations include:

  • Planning of government data mining programs, including identification of the programs purposes and uses of data, with the process open to public review and comment.
  • Notification of individuals subject to action or classification by data mining programs where possible
  • Establishment of standards and procedures for operations, including appeals processes for persons affected by the programs, and penalties for abuse
  • Data security measures, including training and access limits
  • Data minimization, including set retention periods for unused data and limits on database aggregation.

♦ Screen shot of Principles of Government Data Mining


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.