Dozens of federal agencies are sifting through and sharing Americans' personal information — including credit reports and credit card transactions — leading privacy experts to charge that such government "super-snooping" is much more widespread than first believed.
"It's a bit surprising, given the fact that there has been a very public debate on the privacy issues surrounding data mining," said David Sobel, director of the Electronic Privacy Information Center (search ). "It’s a bit surprising that it is so prevalent and that agencies have not been more open about it."
According to a General Accounting Office (search) report released in May titled: "Data Mining: Federal Efforts Cover A Wide Range of Uses," 52 out of the 128 federal agencies and departments that responded to a survey said they are using or plan to use data mining technology (search ) to sift through records to analyze and identify everything from waste, fraud and abuse to potential criminals and terrorists.
These agencies and departments identified 199 data mining efforts. Of those, 122 use personal information and 54 access information from the private sector. Additionally, of 77 programs that share information within the federal bureaucracy, 46 involved private information like student loan application data, bank account numbers and credit card numbers.
The agencies that use data mining to track criminal and terrorist activities aren't just typical law enforcement interests like the FBI and Department of Homeland Security, but others, like the Departments of Veterans Affairs, Education and Health and Human Services, the report reveals.
Critics point out that the use of data mining is potentially even more widespread because several agencies, including the CIA and the National Security Agency, did not respond to the GAO's request for information. They add that few if any regulatory safeguards exist against using a technological dragnet on personal information scattered over limitless public and private databases, leaving Americans vulnerable to privacy invasions.
"There is nothing wrong with data mining, per se, as long as these agencies go through their own data and it doesn't involve personal information about individuals," said Barry Steinhardt of the American Civil Liberties Union (search). "But pawing through the disconnected personal data compiled by the private sector on private individuals is another matter."
Not all the data mining efforts use personal information, and the majority use the technology for reasons other than trying to detect criminal or terrorist behavior. In fact, about 129 out of the 199 efforts are restricted to managing human resources, analyzing scientific research, detecting waste, fraud and abuse and improving service or performance, the GAO report states.
Mirko Dolak, an analyst with GAO, said the report makes no determination about privacy, but he expects to conduct those assessments in an upcoming report, which will explore particular data mining programs more closely.
Jose Llamas, a spokesman for the VA, said his agency absolutely "does not use personal information" particular to veterans in its system in order to ferret out criminals or terrorists. Calls to the Education Department and HHS were not returned.
Last year, the Department of Defense attempted to foster Total Information Awareness (search), a massive "data-surveillance" project that was to track potential security risks among the American population, but Congress shut it down after lawmakers complained about the privacy implications. Nonetheless, privacy advocates at the time said government data mining was around for good.
"It’s like a vampire, it never dies," former Rep. Bob Barr, R-Ga., a privacy advocate, told Foxnews.com. "Unless you shoot it, drive a stake through its heart and scatter its ashes, you will never have any assurance that it's dead."
Sen. Daniel Akaka, D-Hawaii, requested the GAO report and its follow-up. He said shortly after its release on May 27 that he "was disturbed by the high number of data mining activities in the federal government involving personal information."
"I doubt that the American public realizes the extent to which the federal government collects and uses their personal information and the degree to which their information is shared with other agencies," he said.
Members of Congress have attempted to lend some oversight to data mining programs, including the controversial CAPPS II (search ) system at the Transportation Security Agency. CAPPS II seeks to identify potential terrorists by accessing multiple public and commercial databases in order to authenticate the identities of everyone traveling on U.S. airlines. Privacy concerns have been at the center of current deliberations over the final rollout of CAPPS II, though the program is reportedly in the testing stages.
"I believe that it's possible to fight terrorism vigorously without cannibalizing privacy civil liberties," said Sen. Ron Wyden, D-Ore., who last year introduced the Citizens' Protection in Federal Databases Act of 2003 (search), which would regulate the use of government data mining.
The Department of Defense Technology and Privacy Advisory Committee, which was appointed in 2003 to examine TIA, recommended in its March 2004 report that both the president and Congress get involved in ensuring "meaningful privacy, not only in the DoD, but throughout the government.
"The committee believes that data mining plays a critical role in the fight against terrorism but that it should be used -- and can be effectively -- only in ways that do not compromise the privacy of U.S. persons," the panel's letter on its final report to Secretary of Defense Donald Rumsfeld read.
Bob Dix, staff director for the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, said that his panel has held several hearings on the issue of data mining. He said while he believes "significant" privacy considerations exist, the use of data mining should not be scrapped entirely because in many cases it "provides benefits to the public."
Barr said that lawmakers have not been vigilant enough, which has allowed the proliferation of data mining efforts that use personal information. He said that most members are afraid of appearing "soft on terrorism," or in the case of Republicans, disagreeing with the president.
"Virtually every one of these federal agencies are most certainly conducting some sort of data mining and they come up with some sort of logical reason for using it," he said. "Congress should not be persuaded by this. They need to be doing something quickly."