In a rebuttal attached to the report, the DHS Directorate for Science and Technology disagreed with most of the OIG's findings. "The ADVISE tool set is little more than an empty framework to which data must be applied," wrote Jay Cohen, DHS undersecretary for science and technology, in a letter accompanying the rebuttal. He said no privacy laws were violated.
Even in searching for terrorists, data-mining programs are supposed to ensure that Americans' personal information is used only when necessary and lawful – and only for specific and proper uses. One problem is that even data that look anonymous aren't necessarily so. For instance, even when names and Social Security numbers are stripped from data files, programmers can still identify 87 percent of Americans through their date of birth, gender, and five-digit Zip Code, researchers say. So a system has to be carefully designed and use encryption and other computer techniques to comply with the law.
Last week the Pentagon shut down its TALON terrorism database program, which had been found to hold files on peace activists. In 2003, another military data-mining project – the Total Information Awareness project – was also ended following a congressional uproar over privacy fears.
Congress last fall ordered its Government Accountability Office to audit the program for privacy and effectiveness. It asked the OIG to do the same. In February, the GAO recommended a full-blown data-privacy review of the ADVISE system. Without that, its report said, ADVISE holds "potential for erroneous association of individuals with crime or terrorism and the misidentification of individuals with similar names."
In his report to Congress, publicly released earlier this month, DHS Inspector General Richard Skinner revealed that: