CIA claims no electronic data mining thanks to legal loophole

10 Apr, 2013 03:28 / Updated 12 years ago

It appears that the Central Intelligence Agency has been taking advantage of a legal loophole to avoid submitting reports on cyber surveillance, based on a 2007 definition of “data mining” established during the last Bush administration.

According to the Huffington Post, which began to look into a Congressionally mandated report on data mining submitted by agencies such as the Department of Homeland Security (DHS), the CIA itself does not present such information as it does not consider its electronic surveillance activities as data mining at all.

Under the current law, the 2007 Federal Agency Data Mining Reporting Act calls for annual agency reports on activities that collect data involving pattern detection within electronic databases. The latter definition does not, however, cover information retrieved by targeting a single individual, even though surveillance could obviously yield a trove of data regarding any number of additional people.

An investigation by Wired Magazine in 2009, for example, revealed that the CIA’s investment arm, In-Q-Tel, was funding a software firm that specialized in scraping mounds of data posted to blogs, forums, and social network websites like Twitter. The software firm, called Visible Technologies, was said to crawl, or archive, over half a million websites per day, and produce customized reporting based on real-time keyword searches. At the time of the report, Visible chief executive officer Dan Vetras called the CIA an “end customer” for its product.

Pattern-based searches of the sort that must currently be reported to Congress could include detection of suspicious behavior by DHS - a good example cited by Huffington Post would involve a passenger who departed the US with no baggage returning with a suspicious quantity of suitcases. But then, why would the CIA invest in software such as Visible, which can compile mass amounts of information from thousands of individuals, if not to mine that database?

The CIA’s chief technology officer raised some eyebrows last month after outlining the agency’s attempt to “collect everything and hang on to it forever,” in reference to the overwhelming amount of information being transmitted via cell phone texts, or online via social media platforms such as Twitter. Those comments were made only a few days after Federal Computer Week reported on the agency’s $600 million deal with Amazon for cloud computing services.

Again, in that instance, one might wonder why the agency would require a near-biblical amount of digital storage with Amazon to compile databases which it purports to have no interest in mining.

According to Sharon Bradford Franklin, the senior legal counsel for the Constitution Project, the CIA’s own interpretation of the Data Mining Reporting Act may well comply with the current law, though a growth in the CIA’s own capabilities would seem to merit a re-evaluation of that act.

"The definition is overly narrow, and so the act cannot fully serve its purpose of providing greater transparency, accountability and oversight.”

Even Mary Ellen Callahan, the former chief privacy officer for the DHS, who herself oversaw the agency’s data mining reports, seems unconvinced that the 2007 legislation has aged well.

"It is inconsistent with common understandings of data mining," Callahan said. "Congress hasn't changed it, so Congress seems to think that the pattern-based data mining report is more important," she added.

Whether or not Congress moves to adapt government’s definition of data mining remains to be seen. According to a CIA spokesperson who responded to the Huffington Post’s report, under the current act the agency “did not have any reportable activities.”