Data Expert Is Cautious About Misuse of Information

[Dave Farber <dave () farber net>]

NYT March 25, 2003
Data Expert Is Cautious About Misuse of Information
By STEVE LOHR


SCOTTSDALE, Ariz., March 24  As the government gears up its domestic
security program, the chief executive of a venture capital firm founded by
the Central Intelligence Agency warned today of the danger of amassing a
large, unified database that would be available to government investigators 
as some technology executives have advocated.
"I think it's very dangerous to give the government total access," said
Gilman Louie, chief executive of In-Q-Tel, a venture fund established by the
C.I.A. in 1999.
Besides, the real lesson learned from the Sept. 11 terrorist attacks, Mr.
Louie said, was that the intelligence failure was not so much that the
government had too little information but that the information held by
different government agencies was not linked, shared and analyzed.
It is already clear that a part of the vast amounts of personal and
commercial data housed in government and corporation will increasingly be
used in terrorist-related government investigations. But there is a vigorous
debate over what data should be collected and how it should be used to
balance the interests of national security with personal privacy and
individual freedom.
Speaking at the PC Forum, an annual gathering of corporate technology
executives, entrepreneurs and venture capitalists, Mr. Louie said there were
two different paths being pursued toward data surveillance by the
government.
First, there is what he termed the "data mining or profiling" approach. This
involves collecting large amounts of data  like credit card and air travel
information  and then sorting the data by names, buying habits or travel
plans looking for patterns.
The data mining approach, Mr. Louie said, results in the "watch lists" used
by law enforcement authorities. If used as the main tool of surveillance,
the data mining approach is too blunt an instrument, in Mr. Louie's view,
and one likely to needlessly undermine individual freedom. "The policy has
not been defined for how you get on or off these watch lists," he said.
Mr. Louie said that he had friends who after the terrorists attacks have
been interrogated at length and sometimes missed flights because they
matched certain characteristics that put them on a watch list. "They have
Arabic names," he said, "they are naturalized citizens and because they are
investment bankers they buy one-way tickets."
The second way to use database technology to detect threats is what he
called the data analysis approach. The alternative, which Mr. Louie
supports, starts with some kind of investigative lead and then uses software
tools to scan for links between a person under investigation and known
terrorists, in terms of where they live, recent travel and other behavior.
Las Vegas casinos, for example, use data analysis software called NORA, for
Non-Obvious Relationship Awareness, for tracking threats to their business 
links between some patrons and sometimes employees with money launderers,
known card counters and individuals with criminal records. The company that
developed the NORA software, Systems Research and Development, is one of the
companies in which In-Q-Tel has invested.
Data mining, Mr. Louie said, can play a useful role. But he argues that
relying on data mining as the principal way to use database technology in
fighting terrorism would be a mistake. "This is an ongoing argument," Mr.
Louie said, "a big debate right now in government."
In-Q-Tel was established by the C.I.A., in an effort to inject new thinking
and technology into the agency. The agency's handling of information had
been shaped by the cold war concerns of big power confrontations where the
weapons were tanks and missiles, and the security risks tended to be spies
and moles.
Information, noted Mr. Louie, a former computer game designer and software
executive, was kept in separate database silos so it would not leak or any
leak could be quickly contained. Speed of information flow across databases
was not a priority.
Yet in a world of quickly shifting terrorist threats, Mr. Louie said, "the
agency realized that this stove-piping of information was a security model
that was really vulnerable."
Today, In-Q-Tel has invested in 25 companies. At the same time, the Defense
Department's advanced research projects agency, or Darpa, and the
government's National Imagery and Mapping Agency, or Nima, have also
supplied financing to In-Q-Tel for specific programs.
Before Sept. 11, Mr. Louie said, In-Q-Tel was seen within government as an
intriguing experiment. "Now, this isn't an experiment," he said. "This is a
necessity."

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/