Guardian, an FBI system for sharing counterterrorism information, suffers from numerous data integrity and management problems, according to a recent Inspector General’s (IG) report. As a result of spotty oversight and noncompliance with internal rules, the report concluded that Guardian consistently holds inaccurate, outdated, and incomplete records. Out of the records the IG examined, 61 percent did not comply with the FBI’s internal standards. Moreover, the report found the overwhelming majority of threat information held in Guardian had no nexus to actual terrorism.

The report’s conclusions have significant implications for civil liberties. There is an increasing trend towards sharing information among federal, state, and local law enforcement and intelligence agencies. One outcome of the trend is a huge influx of baseless threats into databases designed to aid terrorism investigations; these records then require analysis to ensure they are accurate and relate to credible threats. Yet the IG report indicates that FBI officials repeatedly fail to follow rules intended to make the system more reliable. The potential for false inferences and mistakes is amplified when systems like Guardian share information that is inaccurate or outdated with multiple agencies, some of which doubtlessly have less stringent safeguards than those of the FBI.

Guardian is an automated system the Bureau developed to collect, store, and assign responsibility for follow-up on terrorism-related tips and reports. Employees of the FBI and other government agencies, including the Department of Defense, can query Guardian to gather intelligence. The FBI’s Counterterrorism Division (CTD) set internal procedures for using Guardian. In this report, the IG for the Department of Justice audited the FBI’s oversight and implementation of these policies.

The IG report found that CTD’s procedures are often not followed. Of the examined records, 30 percent were incomplete, hampering the accuracy and search capability of Guardian’s records. Timeliness of records also affects accuracy, and the IG report discovered that 28 percent of low-priority threats were not assessed during the 30-day period established under the CTD criteria. This indicates that potentially baseless threat reports lay unresolved in the system longer than necessary, increasing the risk that users could take action based on unfounded suspicions.
(more…)

We’re heading into flu season, though we don’t yet know exactly when, where, or how hard the disease will strike. As the New York Times reported, this year Google may be able to help us predict outbreaks as much as a week to 10 days before the Centers for Disease Control and Prevention can. Google Flu Trends compiles individuals’ searches on flu-related terms from across the U.S. and creates visuals that show their volume and geographic source. As it turns out, those trends are closely correlated with actual outbreaks reported by the medical establishment.

Good news for syndromic surveillance, but is it good for privacy? Google Flu Trends assures us that its data “can never be used to identify individual users”. Perhaps. We would all rest easier if Google would be more transparent about how it assures that identification won’t happen. And such assurances are getting harder to back every day.

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule includes guidelines on how to “de-identify” health data to protect personal privacy while enabling it to support social goods like improving the quality and safety of health procedures, public health, and medical research. But the Privacy Rule hasn’t kept up with the times, even though the authors’ intention was that it should evolve. For one thing, it doesn’t apply to Google… or a host of other companies and organizations that now access and use personal health data.
(more…)

On Election Day last week, the legal community was momentarily distracted from the momentousness of the election by the possibility that the Supreme Court Justices might utter profanities in the hallowed chamber. Sadly, they restrained themselves. But the lack of “f-bombs” (as the Solicitor General called them) didn’t take away from the intrigue surrounding the oral argument in FCC v. Fox – the amusing but important case that challenges the Federal Communications Commission’s regulation of one-time or “fleeting” expletives on broadcast television.

It hasn’t been clear why the High Court decided to take this case in the first place. The key question before the Justices is whether the FCC violated the Administrative Procedure Act’s prohibition against agency action that is “arbitrary and capricious” when the Commission – reversing decades-long policy – suddenly began fining television stations for airing fleeting expletives during daytime and primetime hours.

(more…)

During all the US election news, I missed a good story in the International Herald Tribune on the country of Macedonia’s push toward E-Government:

A lucrative annual permit to haul freight across the border between this Balkan country and Greece used to cost Macedonian truckers as much as €2,500 in bribes per vehicle.

But that changed two years ago, when the Ministry of Transport and Communications adopted a computer system to electronically assign licenses. Now truckers pay only about €100, or about $127, in application fees for a cross-border license. And the annual two-week period for license applications closed in October with no sign of the angry crowds of truckers who used to picket outside government offices here.

“We trust the system - we trust the computer,” Blagoja Voinov, who owns a dozen 40-ton trucks, said through a translator.

I visited Macedonia to speak on promoting E-Government in 2004 via a program sponsored by US AID. At that time, there was a big discussion about the old guard civil servants who had no use for E-Government not so much because it assured them bribe money, but because it outdated their skills as bureaucrats. This is an obstacle that exists in Europe and North America at a more subtle level, but something that will need to be recognized if we are to succeed in promoting E-Government and E-Democracy.

I am glad to see that progress was made on some fronts in Macedonia. Now we need to see what we can learn from their experience.

What does Obama’s big win yesterday augur for CDT’s work on Internet policy?

Well, about a year ago the Obama campaign issued a very thoughtful position paper on technology and innovation. It does an excellent job identifying the key issues, and CDT stands ready to provide counsel and input to the new administration as it gets into the details. We look forward to the opportunity to have a productive working relationship with the Obama administration on matters relating to the Internet, innovation, and free expression.

In terms of specific areas where CDT sees an opening for progress, I would emphasize at least three.

–Using technology to make government more accessible and user-friendly. The Obama campaign was incredibly successful in harnessing online social networking and other Internet tools to inform and involve voters and supporters. Hopefully the Obama Administration can use the lessons it has learned to improve the way citizens interact with government.

–Preserving the Internet’s open character. The Obama Administration can be expected to place a high value on the Internet’s unique openness to independent innovation and speech. This should be true domestically, where the open architecture of the Internet should be protected against encroachment by either government or private actions. And the Administration should seek to promote Internet openness in other countries, perhaps including through support of efforts like the Global Network Initiative that CDT recently helped launch.

–Protecting citizen’s privacy. CDT is hopeful that the Obama Administration, together with the next Congress, will take an active interest in trying to update and modernize privacy protections for the digital age. The goal should be to provide citizens with more control over how their personal information is collected and used. This will require working to tighten privacy laws, and also to improve technology-based tools that can empower Internet users.

This isn’t a comprehensive list; CDT earlier set forth its broad platform for a new Administration and Congress. And of course the new Administration will have lots of priority issues to grapple with, starting with the ongoing economic turmoil. But based on Obama’s platform as a candidate, CDT is optimistic that key Internet and technology issues will be in the mix.

Ineffective oversight has led to “numerous, significant vulnerabilities” in the system that safeguards electronic protected health information (EPHI), according to a government report released last week. In addition, the report found that the agency charged with oversight of HIPAA’s Security Rule had not conducted a single compliance review nor levied any civil penalties at the time of publication. The report also warned that poor enforcement has placed confidentiality of EPHI at “high risk.”

No wonder nearly two-thirds of Americans distrust the privacy of electronic medical records.

The Inspector General (IG) for the Department of Health and Human Services (HHS) issued the study on implementation of HIPAA’s Security Rule. The findings were alarming in what they suggested about the integrity of American medical records. The report also reinforced CDT’s repeated calls for stronger enforcement of the HIPAA Privacy and Security Rules.
(more…)

The Election of the Century is just a day away. Lots of things are on the electorate’s mind, but we here at CDT hope the next president – whomever he is – devotes considerable attention to one last major issue: global Internet freedom.

What is Global Internet Freedom?

Whether you call it global Internet freedom, digital human rights, or something else, it’s the idea that governments around the world will not interfere with the free flow of information and ideas on global communications networks, particularly the Internet.

It’s the idea that governments will respect, regardless of the medium of communication, the universally recognized human rights of freedom of expression and privacy enshrined in global documents like the Universal Declaration of Human Rights.

It’s the idea that governments won’t directly or indirectly (for example, by putting pressure on technology companies) block, take down, or otherwise engage in censorship of online content, and access users’ personal information, conduct electronic surveillance or persecute cyber dissidents and citizen journalists.

However, many governments are successfully remaking the Internet into a tool of government control. They recognize that the Internet has become a global communications medium that fuels both economic growth and democratic reforms. The global Internet’s inherent openness and lack of central control is particularly threatening to authoritarian countries and those with weak rule of law and poor human rights records. Such countries want to harness the Internet’s economic power while limiting the personal freedoms the medium bestows, and are making significant strides to do so.
(more…)