Government Seeks Broader Tech Snooping Powers

The Bush administration is complaining that a snooping law doesn't encompass the latest technologies, though the FBI seems to be doing just fine using data mining on a dizzying array of U.S. citizens' non-terrorist activities.

The Bush administration is itching to update a snooping law to encompass new technologies, even as a DOJ report shows the FBI is using data mining on a dizzying array of U.S. citizens non-terrorist activities: Think auto insurance fraud and Medicare claims abuse.

"Today, cellular phones are the size of credit cards, you would be hard-pressed to find a computer with memory less than 512 megabytes and our greatest threats are independent transnational terrorists and terror networks," complained Michael McConnell, director of national intelligence, in a May 2007 column published by the Washington Post.

The law that McConnell and others in the Bush administration want to overhaul is FISA, the 1978 Foreign Intelligence Surveillance Act. The law, originally drafted to prescribe physical and electronic surveillance and spying procedures on foreign powers, came under scrutiny after the New York Times in 2005 chronicled the Bush administrations order for warrantless domestic wiretapping—called the Terrorist Surveillance Program—subsequently carried out by the National Security Agency, following the terrorist attacks of 9/11.

Critics have crossed party lines to accuse the Administration of criminally violating FISA with the Terrorist Surveillance Program. The Bush administration has admitted that it flaunts FISA, claiming that the act is an unconstitutional infringement on executive power and that Congress implicitly amended FISA when it passed the Authorization for Use of Military Force on Sept. 18, 2001.

The Adminstration may well scorn FISA, but it still wants to see it overhauled to cover modern technologies.

"FISA was created to guard against domestic government abuse and to protect privacy while allowing for appropriate foreign intelligence collection," McConnell said in his column. "Technology and threats have changed, but the law remains essentially the same. If we are to improve our ability to protect the country by gathering foreign intelligence, this law must be updated to reflect changes in technology and the ways our adversaries communicate with one another."

Not so fast, says a bipartisan group of senators that includes Charles Grassley (R-IA) and Patrick Leahy (D-VT). The group has blocked the FISA overhaul bill from proceeding, instead introducing an oversight bill to make sure that the Administrations secret FISA court faces at least basic public accounting, including coughing up information on the number of United States citizens whove been spied on under FISA and the number of times that FISA information has been used for law enforcement purposes.

But besides FISA, Leahy and others are casting a hairy eyeball at additional government surveillance work. Case in point is the FBIs data-mining programs as detailed in a U.S. DOJ report delivered to Capitol Hill this week in accordance with the Patriot Acts reporting requirements. The Patriot Act specifies that the Attorney General submit a report to Congress concerning any DOJ initiative connected with pattern-based data mining. The AG is required to provide details not only on the data-mining technology in question for each initiative but also on data quality controls and the initiatives impacts on privacy and civil liberties.

The report arrived, in fact, four months late. Beyond that, the report is woefully short on specifics, Leahy charges.

"This report raises more questions than it answers and demonstrates just how dramatically the Bush Administration has expanded the use of this technology, often in secret, to collect and sift through Americans most sensitive personal information," Leahy said in a statement on July 10. "Unfortunately, the Congress and the American public know very little about these and other data mining programs, making them ripe for abuse. … I look forward to thoroughly examining the findings in this report with the Attorney General and the FBI Director in the coming weeks."

The report covers six data-mining initiatives. Their summaries, as quoted from the DOJs report:

The System-to-Assess Risk (STAR) Initiative, which is not yet operational, will be designed to help FBI analysts prioritize the risks associated with individuals who have already been identified as persons of interest in connection with a specified terror threat. The initiative will not label anyone a terrorist, but is designed to save time in helping to narrow the field of individuals who may potentially merit further scrutiny with respect to a specific terrorist threat.

The Identity Theft Intelligence Initiative examines and analyzes consumer complaints about identity theft in order to identify commonalities that may be indicative of major identity theft rings in a given geographic area. The initiative helps identify possible offenders who are the subject of multiple, similar consumer complaints in a given geographic area. This initiative has been used to identify major identity theft trends and organizations as well as generate leads for FBI field offices since 2003.

The Health Care Fraud Initiative examines summary health care billing records in government and private insurance claims databases to help the FBI identify anomalies that may be indicative of fraud or over-billing by health care providers. Introduced in 2003, this initiative has resulted in the initiation of more than 50 FBI investigations and nearly 200 referrals to state and local and other federal agencies, resulting in numerous criminal convictions and civil settlements for violations of health care fraud statutes.

The Internet Pharmacy Fraud Initiative examines consumer complaints to the Food and Drug Administration about fraud by Internet pharmacies to develop common threads that may be indicative of larger fraud by such pharmacies. The initiative performs analysis that FBI agents used to perform manually in order to improve the investigation and prosecution of Internet pharmacies involved in illegal activities. Created in 2005, the initiative has thus far generated 40 leads.

The Housing Fraud Initiative examines public source data on real estate transactions to identify potential indications of fraudulent housing purchases. First completed in 1999, this FBI initiative has proven effective at identifying real estate transactions likely to be fraudulent in a given area, especially in situations where the same lenders and brokers are consistently associated with a similar fraudulent process (commonly known as "property flipping").

The Automobile Accident Insurance Fraud Initiative compares information on possible fraudulent insurance claims provided by the National Insurance Crime Bureau against other data to identify the national scope of staged accident frauds; to identify major perpetrators and organized groups; and to identify multi-city clusters where staged accidents are occurring. This FBI initiative is only in use in one field office, but plans are in place for larger deployment.

McConnell is arguing that under FISA, investigators are getting tripped up by having to seek special permissions from the secret court to perform what they consider to be routine surveillance of overseas terrorist suspects. But at least as far as the FBI is concerned, the DOJs report shows that pickings are easy—whether youre talking fake online pharmacies or terrorists.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.