The Washington Post had an op-ed on Sunday by Simson Garfinkel that is headlined “Phone calls are just the start” and looks at possible future applications of data analysis for homeland security and counterterrorism. He writes:
Government authorities can turn to many sources to feed their data-mining systems. Wireless telephone providers such as Verizon, for example, know a lot more about their customers than what numbers they dial. Cellular phones aren’t just communication devices — they’re tracking devices, too. To route telephone calls, your cellphone provider must know your location whenever your phone is on. (According to a BBC report, geo-location data were used last July to track and stop a would-be suicide bomber in London.) Instead of having a watch list for individuals, the Department of Homeland Security could create an electronic watch for specific locations. A cellphone near the perimeter of a nuclear power plant might generate a database record; three such records in one year might trigger an investigation.
Such geo-location information could also be stored and used retrospectively for any number of purposes. If intelligence officers discover that terrorists held a planning meeting in some remote corner of a park, they could consult the database to see which phones were there. Authorities also could compile an electronic list of known associates by looking for cellphones that tend to travel in the same car or bus as a suspect.
Of course, data surveillance doesn’t depend on cellphones — it depends on data. If Alice is on a terrorist watch list, the government may decide it has an interest in everybody who calls Alice regularly. If Bob is one of those frequent callers, the government may decide that he should be under surveillance, too.
And other kinds of everyday information could help locate even tech-savvy terrorists who try hard to avoid leaving an electronic footprint. For example, a database of airline reservations could reveal that Alice and Bob frequently travel on the same flight, or that they travel to the same cities on the same days from different locations. Credit card charges or ATM withdrawals or even records from prepaid calling cards can provide similar information. Such data has already proved useful: The FBI used records from prepaid calling cards to find a close link between Oklahoma City bombers Timothy McVeigh and Terry Nichols. This kind of social-network analysis requires a lot of data and very fast computers — and neither of those is in short supply.
I think that these types of tools can have a real value in the war on terror, and should be explored further from a technological standpoint. But they need to actually work, and they need to be firmly grounded in the rule of law and established in a framework of checks and balances across the three branches of government. That’s why the NSA program fails my litmus test. But I would be also disturbed if these revelations lead to a backlash that throws out useful and legally-vetted data analysis programs. That’s why I think we need a new common framework for privacy, security, and data analysis, along the lines I proposed at the end of this post from February.