It was one of those delicious ironies that you can't pass up. A massive government data sweep in the city that sells itself as a playground of naughty anonymity. The Las Vegas story looked very good.
It all started in late December 2003, with an intelligence warning that Al Qaeda might have an interest in Vegas over the New Year's holiday. That warning thrust the FBI into a full-scale vacuum of hotel and rental agency records on some 250,000 vacationers, in hopes of finding lurking terrorists. It was the first time, FBI officials told us, that the bureau had undertaken such a voluminous data grab and it marked a milestone in the feds' big post-9/11 push to a new strategy of prevention.
The story seemed to offer an unusual opportunity to learn more about how the government, in its pre-emptive hunt for terrorists, is using data-mining technologies to comb through mountains of digital information now available about all of us.
In Vegas, we found out that all the hotel and rental records the FBI had collected had been shipped back to Washington for comparison against federal terrorism watch lists. But simply matching names might not tell you all that much. Terrorists will likely use different names and what if the known terrorist had sent an unknown associate? Connecting those dots would take more compute power, and, for that, we were told the FBI turned to a computer wiz named Jeff Jonas.
Jonas had made a name for himself in the Vegas security crowd by marketing a computer program that helped ferret out card cheats among casino job applicants. Jonas' program, called Non-Obvious Relationship Awareness, or NORA, was designed to detect hidden connections among seemingly unrelated individuals by sifting through vast amounts of personal data: dates of birth, Social Security numbers, old addresses and the like. The objective, said Alan Feldman of MGM (one of Jonas' first clients), was "to prevent a crime before it took place."
If Jonas' software could track down card cheats before they are hired to work in a casino, why not Al Qaeda terrorists before they attack? Seemed like a slam-dunk. But there's a catch with these data analytic technologies: The quality of the analysis you get back is dependent on the quality and amount of data you feed in. We wanted to hear from Jonas about how his program could help track down terrorists and what the privacy implications might be for ordinary Americans. It's a subject we knew Jonas has given a lot of thought to.
But we ran into a problem. Jonas had sold his start-up company to IBM and, by the time we got to him, he wasn't his own man anymore. Now he's working for "the man," and "the man" at IBM, we discovered, isn't much interested in a public discussion of the company's data-mining work for the government. Despite our repeated requests, the IBM PR machine shut down the possibility of any on-camera interview with Jonas, who had previously expressed interest in talking to us in a brief meeting with correspondent Hedrick Smith before we learned of his role in the Vegas data sweep.
IBM's public reticence to talk about data mining isn't unique. Government contractors see little benefit from talking about how much Uncle Sam is tapping into Americans' personal information. Legal changes after 9/11 allowed the FBI and other intelligence agencies to move aggressively to access the vast oceans of information aggregated by commercial vendors. The data titans, ChoicePoint, Acxiom and LexisNexis, offer not only access to data -- everything from ordinary public records to personal spending habits -- but also increasingly sell analytic technologies to the feds to help them make sense of the vast amount of information out there.
These private data companies aren't exactly eager to talk much about what they're coughing up to the government. ChoicePoint was an exception; they made company officials available to us on several occasions. But when we called Acxiom, the company PR rep was initially eager to help. But that decision was quickly reversed when higher-ups got involved. LexisNexis likewise refused to discuss any of their work in this area and even went a step further: They got wind of a Homeland Security technology conference we were planning to film -- a conference LexisNexis would be exhibiting at -- and the company shut down our access, telling conference planners they were worried about the "Big Brother" visuals.
The reality is that selling data and data-mining services to the government has become a post-9/11 cash cow for these big data companies, particularly Acxiom and LexisNexis, who are making bundles off the feds' increasing efforts to tap into information pipelines and warehouses. And these companies see no bottom-line benefit from a public debate about the privacy implications of the government's newfound data appetite -- a 2004 GAO report identified 199 data-mining efforts in 52 federal agencies, and that's just what's known publicly.
Many in the intelligence community see such a public discussion as mere political fodder. That's the lesson they took away when the seemingly short-lived research program Total Information Awareness (TIA) hit the headlines in 2003. TIA was designed to test the premise that a terrorist's behavior patterns -- a so-called signature -- can be identified and then detected among the transactional behavior patterns of ordinary citizens. It's one of those scary sci-fi sounding ideas that quickly drew the ire of privacy advocates. Though Congress shut down TIA, its deputy, Bob Popp, concedes that much of its work was simply transferred over to the black budgets of NSA. Ironically, one piece of TIA that wasn't transferred over and therefore really was shut down was $4 million in privacy protection research. The lesson of TIA to intelligence insiders couldn't have been clearer: Don't do your data mining in public.
The basic instinct among intelligence professionals is to keep mum about everything. But what's needed now isn't more black budget secrecy or closed-lip PR protection for corporate bottom-lines. As several former intelligence officials told us, the danger to our privacy rights is real and the biggest danger is that no one -- either in government or within the private sector -- has much incentive to talk openly about the technology and privacy challenges we now all face in the new paradigm of prevention.
Rick Young was the producer and director of Spying on the Home Front.