WikiISI/Security/Social Issues

From AI Wiki

Contents 1 Abstract 2 Introduction 3 Important Concepts 3.1 Civil Liberties 3.2 PATRIOT Act 3.3 cybercrime 3.4 Electronic Frontier Foundation (EFF) 4 Literature Review 4.1 Privacy and information sharing issue 4.1.1 Reasons for maintaining privacy 4.1.2 Reasons for not maintaining privacy 4.1.3 Impact of privacy issue due to lack of control 4.1.4 Privacy and information sharing trade-offs 4.2 Civil Liberties and government surveillances 4.2.1 The Patriot Act increases the governments surveillance powers in three areas 4.2.2 Debate between government surveillance and civil liberties 4.2.3 ACLU against PATRIOT Act 4.3 Border security for the illegal crossing immigrants 4.3.1 Border security enforcement 4.3.2 The Secure Border Initiative plan 4.4 The rising toll of Cybercrime 4.4.1 Identity Theft 4.4.2 Computer hacking 5 Case Study 1: Fighting cybercrime: a review and the Taiwan experience 5.1 Introduction 5.2 Approaches to fighting cybercrime 5.3 Recommendations 6 Case study 2: The social impact of the Patriot Act 6.1 Introduction 6.2 The program initiated after the Patriot Act 6.3 The Patriot Act concern 6.4 Recommendation 7 Overall Conclusion 8 References:

Abstract

Intelligence and security informatics are strongly related with social security issues. Implementing data sharing and collection is an important and controversial topic, especially after the Patriot Act was passed in 2001. There are four major topics in intelligence and security informatics as social issues: privacy, civil liberties, border security and cybercrime. To better secure our country from danger, government agencies must work cohesively to prevent attacks and respond to assaults. In the end of this chapter, we have two cases study about approach to cybercrime and the impact of the Patriot Act.

Introduction

We live in a digital age where many of our activities are constantly being tracked, recorded and analyzed. Information collecting and sharing affect nearly everyone. These are both social issues and include ownership of data, privacy, cybercrime and civil liberties. These issues must be debated in a broader level and larger forum, especially because the consequences of these issues will affect our lives. In this essay I will overview the intelligence and security informatics of social security issues.

Important Concepts

Civil Liberties

In 1789, The US Constitution and its Bill of Rights protected many civil liberties and set limits for the government so that it could not abuse its power and interfere with the lives of its citizens. Civil Liberties of United States are civil privileges guaranteed to citizens of the United States, as protected by the Supreme Court. Fundamental civil liberties include freedom of association, freedom of assembly, freedom of speech and the right to privacy. In the US, the American Civil Liberties Union (ACLU) works in the Supreme Court to ensure the protection of free speech, privacy and other fundamental rights. Especially, privacy is the ability of an individual or group to keep their lives and personal affairs out of public view, or to control the flow of information about them. Privacy can be regarded as part of security —one in which trade-offs between the interests of one group and another can become particularly obvious.

PATRIOT Act

The drastic events of September 11, 2001 had a profound impact on the way we think about security. In response to the attacks the US government launched a series of initiatives: passing of the PATRIOT Act, creation of the Department of Homeland Security (DHS), establishment of the Information Awareness Office and the Total Information Awareness (TIA) Program etc. The PATRIOT Act expands the government's ability to look at records on an individual's activity being held by third parties, secret searches and intelligence searches. The PATRIOT Act expands a narrow exception to the Fourth Amendment that had been created for the collection of foreign intelligence information and also expands another Fourth Amendment exception for spying that collects "addressing" information about the origin and destination of communications.

cybercrime

Cybercrime is a term usually used to describe criminal activity in which computers or networks are relevant. From the definition, cybercrime is usually restricted to describing criminal activity in which the computer or network is a major part of the crime. In fact, this term is also used to include traditional crimes in which computers or networks are used to enable the illicit activity. The elements include:

1. The criminal activity uses computer or network as a tool. This kind of cybercrime includes spamming, intellectual property and criminal copyright crime, especially using the peer-to-peer networks.
2. The criminal activity uses computer or network as a target. This kind of cybercrime includes unauthorized access into controls, malicious code and denial-of-service attacks.
3. The criminal activity uses computer or network as a place. This kind of cybercrime includes theft of service (like telecom fraud), phishing, identity theft and certain financial frauds.

Another way to define cybercrime is as criminal activity involving the information technology structure, including illegal access, illegal interception, data interference and systems interference

Electronic Frontier Foundation (EFF)

EFF is a nonprofit organization to work to defend freedom in the digital world. EFF founded in 1990 with a group of expertise of lawyers, policy analysts, activists and technologists. Until now, EFF continues to deal with advanced issues defending free speech, privacy and civil liberties today.

Literature Review

Privacy and information sharing issue

To better protect our country from terrorism, various law-enforcement and homeland security agencies must act quickly and corporately to thwart active attacks and respond to potential or planned attacks. One of the many ideas that have been widely discussed recently is the creation of a central repository or database that stores all the information that the government collects on citizens, residents, visitors, and others suspect watch lists. Privacy and information sharing can be in conflict, requiring trade-offs between the two, or privacy can enhance information sharing. To govern all these interactions

Reasons for maintaining privacy

More than ever, Information is extremely powerful in the real world. Few organizations or governments desist from making judgments based on their own interest and the information gained through the loss of individual privacy. The trend of loss of privacy is ultimately when the advance technological age is using to wrestle power and autonomy away from the individual. The risks of privacy loss are based on the intolerable strains on democracies by governments towards actions and dictatorial political forms. We can imagine that the losses of privacy will inevitably lead to losses of personal freedom. Take a look into a world surrounding a person (Fig.1), all sensors and the internet will extend to get large volumes of data that are analyzed and associated by intelligent agencies at the end. How can one tell what kind of data is brought together, who collect the data and what is the result of one’s daily actions[22]? We all want to maintain control of our privacy.

Fig.1 the world around people

Another reason for maintaining privacy is that the critical information is important for us. For example, bank account and social security number information can be used against the owner of the information. In one federal prosecution, the defendants allegedly obtained the names and Social Security numbers of U.S. military officers from a Web site. The defendants used more than 100 of those names and Social Security numbers to apply for a Delaware Bank credit card. The fraudulent credit card transaction cost the Delaware Bank millions of dollars in 2000. Another case was in the Central District of California, where a woman pleaded to use of a stolen Social Security number to obtain thousands of dollars in credit account and then filing for bankruptcy in the name of her victim. By maintaining privacy, information owners hope to avoid this fraud or limit effects from it.

Reasons for not maintaining privacy

A reason for not maintaining privacy is that sometimes there is a benefit of disclosure in a pragmatic way. For example, students need to submit a resume in order to evaluate their competence for the position by the interviewers. Or the telephone number and home address are provided in exchange for receiving information. At this point, it is obvious to see the reasons for not maintaining privacy. The U.S. government also notices this necessary issue in some situations to facilitate the business and administration process. Some court cases in the United States reviewed the issue of personal privacy:

1. In Davis v. Freedom of Information Commission, 259 Conn. 45 (2001) The Connecticut Supreme Court declared that the Drivers Privacy Protection Act (DPPA) does not relate to other government agencies who receive personal information from the State DMV in the course of their normal government functions. The DPPA does not prohibit the certain personal information records from publicly accessible channel.
2. On August 18, 2000, Nevada’s highest court ruled that the incoming and outgoing calls on the publicly owned telephones are not considered as confidential information.

Impact of privacy issue due to lack of control

1. Internet privacy : When we use search engines (e.g. Google, Yahoo, Ask.com) to search internet, the search engine not only can return the relevant results to us but also can save the term that we enter into the search box. These key words will associate with your Google or Yahoo’s account. This information can significantly help the online search company improve the logical of search engine or tune to target the advertising. Reference from the search engines concept, the data retention also includes the user IP address and other demographic data from the users’ computer. The internet privacy concern involves the web search engines’ access to the personal data online, such as online resumes, personal blogs, or social networking profiles.
2. Privacy from corporations : Many companies set up a goal to obtain as much information about customers as possible, through club cards and other kinds of customer behavior systems. As we know, this data is always immensely valued by other companies. Many companies may pay large amounts of money for access to this information for marketing purposes. For this, a huge public backlash against telemarketers led to the introduction of the ‘National Do Not Call Registry’ in the United States in 2003, and similar systems in other countries. Another concern in privacy of corporation is the increasing amount of e-mail spam. E-mail spam involves sending nearly identical messages to numerous recipients by email. Anyone who uses email probably found an increase amount of ‘junk mail’ in their email box. The activities of a small number of trouble-makers are becoming a bigger problem for the Internet. In 1978, an email spam sent to 600 email address. In February 2007, there are 90 billion junk emails per day sent out. Messaging Anti-Abuse Working Group (MAAWG) estimates that 80-85% of incoming mail is "abusive email", as of the last quarter of 2005. The sample size for the MAAWG's study was over 100 million mailboxes. It costs fifteen minutes for the average person to delete the junk emails every day. In the United States, if the spam fails to comply with the requirements of CAN-SPAM Act of 2003, then it is illegal.
3. Privacy inside the corporation : It is illegal to use deceit to obtain private records of individual employee in a corporations under U.S. law. This privacy concern inside the corporation is triggered by 2006 HP Spying Scandal. On September 5, 2006 Newsweek published an article which revealed that the chairwoman of HP, Patricia Dunn, hired a group of electronic-security experts to investigate a board-level leak of confidential strategy of HP in January, 2006. The electronic-security experts investigated the leaks by obtaining the personal telephone records of HP board members and reporters for CNET, the New York Times and Wall Street Journal. This spying scandal that involved HP, aroused the press concern about the privacy inside the corporation. As one of America’s corporate icons, HP should be committed to superiority in employee privacy. On December 7, 2006 HP paid $14.5 Million to settle civil charges brought by the California Attorney General. [23]
4. Privacy from government interference : Government rights and individual privacy rights are related. Civil Liberties of the US are civil privileges guaranteed to citizens of the country, as protected by the Supreme Court. Fundamental civil liberties include freedom of association, freedom of assembly, freedom of speech and the right to privacy. Civil Liberties guarantee that individual privacy rights are protected against possible invasions of other individuals. However, the interest of individual privacy must meet a specified standard. The ways to breach privacy include:

• • In the criminal investigations, the police are permitted to search the private property.
  • Under the permission by Law Enforcement Agencies, the intelligence agencies can use the telephone tapping to transmit over a phone line to monitor the conversation.
  • Other ways to monitor individual’s activity is the forward looking infrared cameras which place on police helicopters.
  • More and more closed-circuit television cameras are placed in the public spaces. Closed-circuit television (CCTV) is the use of video cameras to transmit a signal to a agency by using point to point wireless links. CCTV is often used for mass surveillance in public spaces, such as airports, subway or other public transportation center. [24]

The debate whether government has the right to monitor individual privacy or not is extremely common. Organizations such as the Electronic Frontier Foundation insist that humans have the right to privacy from the government. On the other hand, the government agencies declare that the purpose of monitoring the personal communications help prevent terrorism.

Privacy and information sharing trade-offs

The Universal Declaration of Human Rights, in article 12, states: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence. Nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Privacy and information sharing can be in conflict. Sometime, it requires trade-offs between privacy and information sharing; or privacy can improve information sharing. For example, census data is a good way to trade-off between privacy and information sharing. For census data, it is important to get the accurate data to plan the future service in the public sector. On the other hand, the data is released by showing the trend and not identifying of specific individuals. The censuses are tailored by reducing accuracy.

Civil Liberties and government surveillances

USA Patriot Act is a revision of the nation’s surveillance laws. The Patriot Act passed six weeks after the 911 attacks, 2001. The Patriot Act expanded the government’s authority to spy on citizens and at the same time it decreased the checks and balances on those powers that are able to challenge government authority in court.

The Patriot Act increases the governments surveillance powers in three areas

• Expanded access to personal records held by third parties

The Patriot Act allows the authorities to gain access to records of citizens’ activities by a third party. Simultaneously, section 215 of the Patriot Act permits the FBI to compel anyone – including doctors, universities and internet service providers – to turn over the records. One of the most significant provisions of the Patriot Act makes it far easier for the authorities to gain access to records of citizens' activities being held by a third party. At a time when computerization is leading to the creation of more and more such records, Section 215 of the Patriot Act allows the FBI to force anyone at all - including doctors, libraries, bookstores, universities, and Internet service providers - to turn over records on their clients or customers. The Patriot Act allows the government to gain unchecked power on getting the financial records, medical history, travel records and other activities. The Patriot Act reduces the checks and balances on government powers as following:

1. The FBI does not have to show the evidence related to criminal activity before it implements personal records checks. The government agencies just need to make the assertion that the demand order is about terrorism or foreign intelligence investigation.
2. People’s activities, including the books they read, the web sites they visit, or the speech they made, can be used as the reason of the surveillance orders.
3. An organization that is compelled to submit the records to government agencies is forbidden to disclose the action to anyone. The ability of individuals or the press to challenge illegal searches is undermined by this power.

• More secret searches

The Fourth Amendment to the Constitution recognized the ‘knock and announce’ as the principle. The government can not go into private property without noticing the owner. The government agencies need to give the owner a message and signed search warrants before they carry out a search. The Patriot Act allows the government to conduct searches without noticing the property owner. This means that government agencies can do the search when the owner is away and did not tell the owner later. For this reason, the property owner can not defend his or her rights.

• Extend wiretap surveillance

Before the Patriot Act, the governing wiretaps are allowed to monitor the transactional information from a communication. After the Patriot Act, the government agencies allow surveillance of the content of a communication. There are different between these two situations. It is like the difference between listening to a phone conversation and recording the phone numbers trace and call time. Even worse, the FBI did not need to show suspicion of criminal activity to require the wiretap surveillance. Every year, government agencies like the NSA and the FBI order thousands of requests to access to customers’ phone records.

The Patriot Act extends wiretap surveillance to the internet. The government agencies can trace and trap all the communication through internet. For example, the e-mail message can be interpreted by law enforcement agencies before the e-mail was sent out to the destination. Also, the transactional data for web surfing is monitored by the government agencies. It might be recorded the data if the URL is addressed by government agencies.

Debate between government surveillance and civil liberties

• Arguments support government surveillance

1. Government surveillance can increase crime detection rate. The federal law enforcement places the CCTV cameras in the public spaces, such as airports, subway or other public transportation center. For this reason, the criminals were more likely to be convicted by the evidence from the CCTV cameras.
2. Government surveillance can prevent terrorism. The terrorist organizations need to use electronic devices to communicate with each other. If the government can monitor the communications between devices, the terrorist network can be unveiled by intelligence agencies.

• Arguments against government surveillance

1. Government surveillance infringes on civil liberties
2. The Patriot Act Violate the Fourth Amendment. It prohibits government from conducting a search without obtaining a evidence to believe that the person has committed a crime.
3. More and more functions to track individuals’ movements could create distrust in the government.
4. Government surveillance can be used in committing crime. The data is a valuable source for someone. Potential illegal activities will happen if the integrity of the operators were compromised.
5. Many crimes have been recoded by the public camera for months or even years, but no operator noticed them. It cost a lot of money for upkeep and wages to manpower the public cameras.

ACLU against PATRIOT Act

The American Civil Liberties Union (ACLU) is a major American non-profit organization, whose stated mission is "to defend and preserve the individual rights and liberties guaranteed to every person in this country by the Constitution and laws of the US.” It works through litigation, legislation, and community education. The ACLU reported over 500,000 members at the end of 2005.

The ACLU believes that TIA program will end privacy in America. Under this program, every aspect of our lives would be catalogued and made available to government officials. On 30 October 2003, the (ACLU) filed simultaneous requests in Connecticut, Michigan, New York, Ohio and Pennsylvania for information about those states' participation in the "Matrix" program. In addition to the five states named above, four other states are participating - Alabama, Florida, Georgia, and Utah.

Border security for the illegal crossing immigrants

Border security enforcement

Immigrants from nations that do not have the visa agreements cross the borders illegally in some other countries are illegal crossing immigrants. In U.S. - Mexico border, Mexico illegal immigrants store in shipping containers, boxes and trucks to cross the borders. These crossings are very dangerous because the illegal immigrants are dehydrated in the hot temperatures. In 2005, there were 473 migrant deaths at the border; over 260 were on the Arizona border. These are attributed to the over 100 degree temperatures in Arizona. The Border Patrol rescued 2570 illegal migrants in 2005 (Source: US Customs and Border Protection Public Affairs Office)

There are 11,000 Border Patrol agents in U.S. 90 percent of the Border Patrol agents work along the U.S. – Mexico border. 6,000 National Guard troops provide support service to the Border Patrol in U.S. – Mexico border. U.S. coordinated with Mexico to launch Operation Centinela in 2003 to reinforce detention operations of unauthorized immigrants and to improve measures to target drug smuggle and human trafficking.

The Secure Border Initiative plan

The Department of Homeland Security set up the Secure Border Initiative (SBI) - a multiyear plan to secure the nation’s borders and prevent unauthorized immigrants. The Secure Border Initiative is responsible for:

• Provide the funding for the border patrol and Customs Enforcement.
• Build 74.8 miles of fence along the U.S.- Mexico
• Upgrade border control technology and infrastructure: night vision scope, ground vehicle and unmanned aerial vehicles.
• Build an $2 billion SBInet network which is integrated sensors and cameras along U.S. – Mexico border. The SBInet is managed by the Secure Border Initiative Plan office within Customs and Border Protection. The Border Patrol agents and the air and Marine interdiction agents can use the SBInet to secure the borders of United States to deny the illegal entry and contraband into the country.

The rising toll of Cybercrime

Cybercrime is an important social issue in intelligence security area. Because the internet becomes more and more important in our lives, the cybercriminals have increased so much in the past few years. According to cybercrime expert Valerie McNiven’s study, the proceeds from cybercrime were greater than proceeds from the sales of illegal drugs (over 105 billion in 2005). The Gartner Research provide the report to confirm the ‘The rising toll of cybercrime in 2005. The trend of increase toll of cybercrime illustrate in Fig. 2.

Fig. 2 The rising toll of cybercrime

The major types of cybercrime are identity theft, computer hacking, internet fraud and email spamming.

Identity Theft

Identity Theft is fraud related to activity in connection with identification documents, authentication features, and information. Identity theft has become the fastest growing area of crime in the United States [4]. 9.9 million American were victims of identity theft in 2003 alone [5]. A large portion of the victims’ identity information was obtained via security breaches at CDB’s. On February 2005, Choicepoint announced that it had unknowingly sold the personal information of over 145,000 Americans to identity thieves [6]. On April 2005, LexisNexis announced that the social security numbers, driver’s license information and addresses for over 310,000 people had been stolen in a security breach. The Privacy Rights Clearinghouse has been tracking security breaches at CDB’s since February 2005. According to them as of December 13th 2006, over 100 million records of personal information have been compromised [7]. The survey from Identity Theft Resource Center in the USA from 2003 to 2006 showed a decrease in the total number of victims but an increase in the total value of identity fraud to US$56.6 billion in 2006. The average fraud per person rose from $5,249 in 2003 to $6,383 in 2006.

Computer hacking

Computer hacking refers to the unauthorized access of a computer system. Computer hacking always connects to some degree of intrusion on the privacy of others or damage to computer-based records. Motivation to hack into a computer can be political or individual. For political reason, the hackers attack websites from the government office to get the secret information or destroy the sustainable service of the website; for individual reason the hackers’ activities related to financial benefit or personal favorable culture content. For example, a Denver woman who did not have adequate security on her home computer paid the price. Police investigators said someone hacked into her computer and stole her IP address. After that, hackers used her IP address with a stolen credit card to make fraudulent purchases online.

Case Study 1: Fighting cybercrime: a review and the Taiwan experience

Introduction

As discussed in the earlier chapter, crybercrime is an important social issue in intelligence security area. Government and organization put a lot of money on research and infrastructure to flight with cybercrime. From Fig 3, Data Forrester Research estimated that the cost of fighting cybercrime on IT security services and products are over $20 billions in 2006.

Fig 3: The cost of Cybercrime

Approaches to fighting cybercrime

Cybercrime is becoming more serious all round the world. From the paper Fighting cybercrime: a review and the Taiwan experience, authors reviewed previous research and current status of fighting cybercrime in different countries that focus on legal, organizational and technological approaches. [20]

• Legal approach

1. Within-country strategies : In order to protect the internet businesses, many countries have created new laws. The US signed The National Infrastructure Protection Act of 1996 to protect all US government computers and other critical infrastructure. In 2000, US President, Bill Clinton signed into law a bill that makes electronic signatures submitted to US websites as valid as signatures made by hand. This is the first digital signature law in the world. In 2001, US companies began the electronic retention of legal records such as loan and financial securities. This digital signature law provides the legal certainty to global and national online commerce.
2. Across-country strategies : Almost every country has its own legislations on fighting cybercrime. However, crime on internet would not be punished in every country because of different law among different counties. For example, the ‘I love you’ virus was created by Michael Buen and Onel A de Guzman in the Philippines. This virus caused over 5.5 billion in damage around the world. Since there were no Philippine laws against virus-writing at the time 2000, the prosecutors dropped all charges against Michael Buen and Onel A de Guzman. The Philippines E-Commerce Law (Republic Act No. 8792), passed on 2001, laid out penalties for cybercrime. Under the law, those who spread computer viruses or otherwise engage in cybercrime (including copyright infringement and cracking) can be fined a minimum of 100,000 pesos (about USD$2,350) and a maximum commensurate with the damage caused, and imprisoned for six months to three years. [21]. To avoid this kind of the problem from happening again, different countries showed consistent standard to address the cybercrime. The Council of Europe (CE), the US, Canada, South Africa and Japan co-signed the Cybercrime Convention. The convention commands all the member countries to have the same standard on legislation on cybercrime.

• Organizational approach

1. Within-country strategies : In the US, a large number of agencies have been constructed to fight against the cybercrime since 1998: The National White Collar Crime Center provides the evidence to law enforcement agencies on prosecuting the high-tech cybercrime. The United States Secret Service fights with financial crime especially for the identity theft and computer fraud. The Technical Support Center of the FBI was set up to offer the technical support to the state or local security agencies.
2. Across-country strategies : In Europe, member countries of The Council of Europe (CE) cooperate to operate a strong information connection network on a round the clock basis to fight against the cybercrime. Each party provides the trained personnel who are ready to facilitate the operation of network. The International Criminal Police Organization (INTERPOL) was created as The International Criminal Police Commission in 1923 to assist international criminal police cooperation. As the cybercrime is an emerging phenomenon, INTERPOL called for better legislation to support efforts to tackle web criminals. Interpol crime intelligence officer for the financial and hi-tech crime unit, Bernhard Otupal, told an anti-phishing conference in Brussels that politicians and police forces need to educate themselves about the tactics used by criminals to steal money over the internet. [14]

• Technological approach

1. Within-country strategies : To fight with the cybercrime, the US launched the Carnivore system which was implemented by the Federal Bureau of Investigation (FBI). Carnivore surveillance system was essentially a customizable network packet sniffer that could monitor all internet users. The Carnivore system is a Windows workstation with packet-sniffing software and a removable disk drive. In the same time this computer must be physically installed at an Internet service provider (ISP) to look for email messages in transit. When an email passes through that matches the filtering criteria, the message is logged along with information on the date, time, origin and destination. This log sends to FBI in real time. FBI uses the log to capture the target user’s track.
2. Technologies applied to fighting cybercrime out of U.S.

• • • The National Criminal Intelligence Service founded in England. It established a system to decrypt criminal material and filter the inappropriate content on the web.
    • The Royal Canadian Mounted Police set up in Canada. This organization introduced new internet technology training to police officers.
    • The Cyber Force Center of National Police Administration was established in Japan 2001. It is the first Real Time Intrusion Detection Network System to detect terrorist activities in Asia.

Recommendations

Based on the above-mentioned observations, the research concluding with the following recommendations:

• On a regular basis, lawmakers keep updating existing laws that related to cybercrime as new technologies are being come out.
• Law enforcement agencies can use civil resources, for example, university and research organization, to improve the efficiency of their task.
• Applied the information technologies into the intelligence analysis and knowledge management systems can help cybercrime investment.

Case study 2: The social impact of the Patriot Act

Introduction

The drastic events of September 11, 2001 had a profound impact on the way we think about security. After the September 11 attacks, many CDB’s approached government agencies and voluntarily offering them access to their databases and services. In this critical situation, after the Patriot Act passed, there are some new programs and reorganization among the federal intelligence agencies.

The program initiated after the Patriot Act

• TIA program : Terrorism Information Awareness (TIA) is run by the Defense Advanced Research Projects Agency (DARPA). DARPA is a branch of the Department of Defense that works on military research. In 2003, the DARPA began to fund the research on the TIA program. After the public knew how TIA works, TIA was criticized by a lot of the press and organization for impairment of Civil Liberties. They could incorporate not only government records of all kinds but individuals' medical and financial records, political beliefs, travel history, prescriptions, buying habits, communications (phone calls, E-mails and Web surfing), school records, personal and family associations, and so on. Programs like TIA would make such "data surveillance" a reality. [18] In 2004, H.R. 2658, DEPARTMENT OF DEFENSE APPROPRIATIONS ACT, declared to eliminate funding for the Terrorism Information Awareness (TIA) program within the Defense Advanced Research Projects Agency (DARPA).

• CAPPS II : The Computer Assisted Passenger Pre-screening System II (CAPPS II) is run by the officials of the Transportation Security Agency. CAPPS II was tested at several airports around the U.S in March 2003. This secretive new system is responsible for conducting background checks on all airline passenger threats. The US government said that under the CAPPS II program Americans will be labeled as a "green," "yellow" or "red" security risk. The red code would be reserved for those on terrorist watch blacklists. If a passenger had a yellow label in their records they would be subject to a screening check. Through CAPPS II, a yellow label in a person's file is shared with other government state and local agencies, with intelligence agencies such as the CIA. It can be used for many purposes, including employment decisions and the granting of government benefits. It is hard to calculate how many innocent people have been denied jobs or suffered other losses because of the blacklist.

• MATRIX : The Multi-state Anti-Terrorism Information Exchange (MATRIX) system is the most current government tool that pushes the envelope for the amount and type of information on individuals that the government uses. MATRIX was developed by Florida-based Seisint Inc. and then was donated to the Florida state. The system combines a number of databases that include information such as criminal histories, driver’s license data, vehicle registration records, photographs, and significant amounts of personal information. At least 135 police agencies in Florida have signed up for the Department of Law Enforcement database service and 12 other states have joined a coalition to develop network support across state lines. [19]

• NSA (National Security Agency) : The NSA is the world's largest intelligence-gathering agency. It is responsible for the collection and analysis of foreign communications. It coordinates highly specialized activities which produce foreign intelligence information. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications .Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications. The PATRIOT Act has acknowledged that the NSA program monitors Americans' international phone calls and e-mails without court authorization, but says the program only targets communications where one side or the other has suspected terrorist connections.

The Patriot Act concern

After September 11, the US government underwent the largest reorganization phase in recent history. Just a few days after the attacks, the United States Congress authorized a 40 billion dollar emergency spending bill and a few months after that it approved a 318 billion dollar defense bill [2]. Clearly, the government had made the “war on terror” its top priority and it was willing to allocate all the resources necessary to achieve its goal. Some federal agencies turned to Information Technology companies in the private sector for assistance in this effort [3]. After the September 11 attacks, many CDB’s approached government agencies, voluntarily offering them access to their databases and services, causing a stir between privacy advocates and government watchdogs. Given the state of crisis at that time, there were significant benefits in providing law enforcement agencies with this type of information. The data can be used to identify the terrorists responsible for the attacks and aid in tracking them down and stop other terrorist incidents from occurring.

LexisNexis is the "world’s largest collection of public records, reports, legal, news, and business information” which collects all the published case back to 1970’s. LexisNexis is divided into two functions: concentrating on legal research and focusing on the business dealings. Data aggregation companies, also known as Commercial Data Brokers (CDB) have been in the business of collecting and selling personal data for almost a decade. Choicepoint, one of the nation’s largest CDB, sells access to its database of over 17 billion data records on over 220 million individuals, which includes motor vehicle records, police records, credit information etc ^[1]. Acxiom, the world’s largest processor of consumer data, collects and processes over a billion records a day. Based on these huge data center, there are some impacts of the Patriot Act as following:

• Potential for misuse: On November 5th 2003, an FBI investigative analyst was arrested for misuse of law enforcement databases. He used his access privileges to lookup information about his friends and family and to check if the FBI was investigating specific people [8]. In December 2005, a federal government worker was charged with abusing her access to the LexisNexis database. She used the system to run a background check on a Kansas City police sergeant to discover his undercover names and to look up information on ex-husbands bankruptcy records. [9]

• Accuracy: In the 2000 presidential elections, thousands of Florida state residents were wrongly denied the right to vote because they were incorrectly flagged as convicted felons in ChoicePoint’s database [10]. In 2005, Steven Calderon was wrongly arrested and jailed for a week under rape and child molestation charges [11]. The arrest was made based on inaccurate information provided by ChoicePoint, when a background check was run on Mr. Calderon.

• Violate the privacy: From the Dunn Report, some politicians suggest to create a National Data Center to collect and store the data. The businesses and individuals have a lot of concerns about this project. Having this National Data Center, the government has the ability to tracking our activities. [25] Governmental use of personal information databases for law enforcement purposes is not destined to stop anytime soon. So the focus should be on developing and implementing the right infrastructure for storing sensitive data and accessing it in a manner which does not violate the privacy expectation of individuals. This problem has generated considerable research interests in the area of privacy preserving data mining [12, 13].

• Civil Liberties: As mentioned in this charter, the privacy issues boil over into the civil liberties issues. Under the Patriot Act, the government agencies have the ability and right to surveillance our activities and interest. It is possible that the individuals have been arrested just because the government agencies believe that they are plotting against the U.S. Some time the information and analysis are not entirely right. The Patriot Act made a lot of change in government agencies system, but indeed many of the provisions have noting to do with terrorism attack.

Recommendation

• Government need to preserve the privacy protections and keep the checks and balance powers in the Patriot Act. Government can maintain the individual ability to challenge government searches in the court.

• The government agencies need to strictly limit the access of each database administrator and user, and thus can reduce the potential abuse in database information or internal sabotage.

Overall Conclusion

Intelligence and security informatics have strong related with the social and security issues. The implementation of data sharing and collection with respect to the social and national security issues arouse interest, especially after the Patriot Act was passed in 2001. There are four major topics about the intelligence and security informatics in social issues: privacy, civil liberties, border security and cybercrime. We have learned that government agencies coordinate together to secure our lives and our homeland. Government agencies are still looking for what technical and social way to attain this in a workable manner and function.

References:

1. ChoicePoint - Financial Solutions/US PATRIOT Act Compliance http://www.choicepoint.com/business/financial/patriotact.html
2. The White House (November 03, 2001) Federal Response: Examples of Government Action Since September 11. Press Release. http://www.whitehouse.gov/news/releases/2001/10/20011003.html
3. National Research Council Making the Nation Safer: The Role of Science and Technology in Countering Terrorism Washington, DC: Committee on Science and Technology for Countering Terrorism, U.S. National Research Council, The National Academies Press, 2002.
4. Federal Trade Commission, Facts for Consumers. http://www.ftc.gov/bcp/conline/pubs/tmarkg/fraud.htm
5. Federal Trade Commission (September 03, 2003) FTC Releases Survey of Identity Theft in U.S. 27.3 Million Victims in Past 5 Years, Billions in Losses for Businesses and Consumers. Press Release. http://www.ftc.gov/opa/2003/09/idtheft.htm
6. http://www.consumeraffairs.com/news04/2005/choicepoint_worse.html
7. http://www.privacyrights.org/ar/ChronDataBreaches.htm
8. http://www.cybercrime.gov/fudgeIndict.htm
9. http://blog.washingtonpost.com/securityfix/2005/12/prostitution_suspect_used_data_1.html
10. U.S. Commission on Civil Rights. 2001. Voting Irregularities in Florida during the 2000 Presidential Election. Washington, DC: U.S. Commission on Civil Rights. http://www.usccr.gov/pubs/vote2000/report/main.htm
11. http://www.baselinemag.com/article2/0,1540,1825287,00.asp
12. R. Agrawal and R. Srikant. Privacy-preserving Data mining. In ACMSIGMOD Conference on Management of Data, pages 439–450, Dallas, Texas, May 2000.
13. Y. Lindelland B. Pinkas. Privacy preserving data mining. In CRYPTO,pages 36–54,2000
14. Interpol vs cybercrime http://www.crime-research.org/news/22.01.2007/2468/
15. J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, and R. Wright, “Secure multiparty computation of approximations,” in Proceedings of 28th International Colloquium on Automata, Languages and Programming, LNCS volume 2076, Springer, Berlin, 2001, pp. 927–938.
16. T. Garfinkel, M. Rosenblum, D. Boneh, “Flexible OS Support and Applications for Trusted Computing,” to appear in Proceedings of the 2003 USENIX Workshop on Hot Topics in Operating Systems.
17. B. Ross and D. Boneh, “Simple password management for the web,” http://crypto.stanford.edu/WebPwd
18. Q&A on the Pentagon’s “Total Information Awareness” Program http://www.aclu.org/privacy/spying/15578res20030420.html
19. Counterterrorism Database Could Threaten Privacy http://www.ombwatch.org/article/articleview/1731/1/1/
20. Fighting cybercrime: a review and the Taiwan experience Wingyan Chung,Hsinchun Chen,Weiping Chang,Shihchieh Chou
21. http://en.wikipedia.org/wiki/ILOVEYOU Legislative in cybercrime
22. Maintaining privacy in pervasive computing — enabling acceptance of sensor-based services
23. http://news.com.com/HP+settles+with+California+in+spy+scandal/2100-1014_3-6141814.html?tag=nefd.lede
24. http://en.wikipedia.org/wiki/Closed-circuit_television
25. Database Issues in Homeland Security http://www.informit.com/articles/article.asp?p=28265&seqNum=3&rl=1