The federal government is building a domestic spy network unlike any the world has ever seen.
When it's complete, every keystroke you make on a computer and every automated transaction that has ever involved you will be captured, correlated and relentlessly mined by dozens of federal agencies day in and day out.
While privacy advocates and the nation's big newspapers and networks battle the federal government over the National Security Agency's phone record collection and the Treasury Department's fishing expedition through international banking records, federal domestic spying programs are mushrooming.
Odds are that if the American people knew the full story about the federal government's domestic spying regime, they'd consider the NSA and Treasury Department spy programs tame by comparison.
While sleeker, sexier federal data-mining programs that purport to target terrorists make headlines across the nation, dozens of federal spy programs that are just as invasive in scope, if not more so, get scant attention. Unlike the NSA and Treasury spy programs, the US Mint program that trawls through your credit card data when you make online purchases isn't aimed at terrorists. It was built to spy on ordinary Americans in an effort to "detect criminal activities or patterns" and "stop fraudulent activity involving stolen credit cards." Yet very little has ever been written or reported about it.
The Mint program had Gradiance CEO Jeffrey Ullman, a Stanford University computer professor who specializes in data-mining and has served on Google's technical advisory board, scratching his head when he learned about it.
"I'm not sure why the Mint would be doing that," Ullman said. "Visa and MasterCard seem to be doing just fine at fraud detection."
Congress isn't sure either. It didn't know about the program until a bipartisan committee asked the Government Accountability Office (GAO) to find out how many data-mining programs the federal government has going. The Mint program turned up in a 2004 GAO audit, along with about 200 other so-called data-mining programs, over 50 of which are designed to scour personal data and information purchased from the private sector for patterns of criminal and terrorist activity.
The criteria the Mint program uses in its searches remain a mystery, even to Congress. E-mails from Creative Loafing inquiring about the program elicited no response from the Mint, which acknowledges its existence in its annual reports to Congress but provides no further detail.
The Internal Revenue Service (IRS) recently began using data-mining technology to extend its internal fraud detection system outside the IRS building walls for the first time. A recently launched program called Reveal uses commercial software to troll through multiple databases of financial transactions between individuals and institutions in search of suspicious links in the data that could indicate everything from individual income tax evasion to financial crimes or terrorist activity.
- Lee Tien, a senior staff attorney with the Electronic Frontier Foundation
According to a follow-up GAO report, the program spits out reports that contain names, Social Security numbers, addresses and other personal information on individuals whose transactions fit a pattern that the IRS deems suspicious.
In these programs, a chilling nexus is developing between the government and private sector companies called data aggregators, who stand to make billions collecting data on individual Americans and selling it to government agencies. But federal programs like the Mint's are merely the seeds of a universal government data system that has been in the works since at least 1998. When it's complete, all government agencies will speak the same technological language and will be able to access data records that contain every recordable detail of our lives. So far, the federal government has put hundreds of millions of dollars and hundreds of thousands of man-hours into building what the Bush administration calls the Information Sharing Environment (ISE). Until recently, turf battles slowed things down, but that's changing.
Companies have been keeping data on consumers for decades, and the types of data they keep haven't changed much, says Lee Tien, a senior staff attorney with the Electronic Frontier Foundation. But their ability to store it has. It used to be that a company could only afford to keep three months worth of paper data in a warehouse somewhere. A decade later, they stored three years worth on computers. Today, computer storage capacity is so great that the once-necessary data purge is becoming obsolete.
"Fifteen years ago, storage technology reached the point where nothing ever has to be dropped again," said Ullman. "It's growing faster than we could possibly fill it up if all of us were typing all the time. Pretty much every time you fill out a form online, it will be recorded somewhere and it will probably exist permanently. Any transaction that involves a credit card, any financial transaction other than putting cash in a vending machine, will get recorded somewhere. You have to assume that any time you type something, just as when you touch a glass, your finger prints are on it."