WASHINGTON, Oct. 9 (UPI) -- Since Sept. 11, 2001, the government has begun to scrutinize the vast quantities of electronic data created by everyday consumer actions like credit card purchases, looking for patterns and links that might indicate terrorist planning.
Critics of this process, known as data-mining, say the authority given the government under the Patriot Act and other federal laws is too broad to protect the privacy rights of the consumers -- and argue that the process is usually ineffective and represents a waste of resources.
But while both Sens. Barack Obama and John McCain have posted positions on continuing reform of U.S. intelligence and counter-terrorism agencies, neither candidate has said what specific parts of the law he would change to protect the privacy of Americans -- either from the government or from a new breed of cybercriminals.
According to Philip Friedman, an expert in consumer protection law, the answer might be not much.
"When those that are in power see the power that they have, they tend to not want to relinquish it," Friedman said.
Data security expert Bruce Schneier agreed that changes in the law tend to be a ratchet and that restricting investigative powers might be difficult.
"Law enforcement would lobby very hard to keep any powers they've gotten," he said.
The Obama campaign has vowed to revisit the Patriot Act, citing the alleged abuses of the Bush administration. An Obama presidency would ensure that "real and robust oversight tools" are present in the law. The campaign also said Obama would extend oversight to the Foreign Intelligence Surveillance Act, which covers wiretapping.
McCain's campaign also calls for reform of oversight, especially of the troubled Department of Homeland Security, but what he proposes is a "comprehensive reform of our intelligence gathering efforts," again without specifics.
A report released Tuesday by the National Research Council has called for more transparency and outside review of the government in its intelligence-gathering efforts.
The report, co-authored by William Perry, the Republican secretary of defense under President Clinton, suggests a series of questions to be asked about each intelligence program, both when it commences and as it goes forward. Questions are designed to ensure that any program has both a specific purpose and still falls under U.S. law.
The framework provided by these questions could help to avoid abuses and mismanagement such as those uncovered by a Justice Department internal audit last year.
The audit cited multiple cases investigated by U.S. attorneys and the FBI designated as terrorism-related but where no documentation of the link to terrorist activities existed.
Despite public distrust caused by these errors, changing the tide within the government could still prove difficult.
"There has been a sort of dialing back of what would be a reasonable response to terrorism, and I don't believe the Patriot Act would pass today," said Schneier.
While Schneier said he thinks both candidates would work to reverse some of "the more egregious positions," given the public sentiment, he is less optimistic about the prospects of improving Americans' privacy rights overall.
Schneier said an abuse of power with a dramatic impact comparable to the attacks of Sept. 11 would have to occur to win support for a repeal of the Patriot Act.
"So, I'm afraid we are stuck with a lot of it," he said.
But Americans also face threats to their privacy from a new breed of cybercriminal. The No. 1 complaint of consumers to the Federal Trade Commission for 2007 was identity theft.
Every time consumers make a transaction, data are collected that can fall into the hands of criminals, whether it is through dumpster diving or sophisticated cyber-crimes. For example, earlier this year indictments were brought against 11 people after an investigation by the Justice Department and the Secret Service found they had stolen more than 40 million credit card and debit card numbers.
However, dealing with identity theft for consumers remains difficult, given the legal framework. "The law has really lagged behind the developments of technology," said Friedman.
According to Friedman, the laws don't provide enough financial incentive for companies to secure data. As a result, it becomes easier to deal with paying fines after security breaches than solving the problem upfront.
Schneier said one of the ways to improve computer security is through investment in research. "A lot of these computer security problems are very hard and require research that might not pay off in the next few years," he said.
Enter the Center for Applied Identity Management Research, a new public-private partnership with a focus on research into problems of identity management. CAIMR will research effective techniques for solving the problem of making an authentic identification while also protecting the data used to identify.
One goal of the research will be to help consumers do a better job of helping themselves.
"Consumers are investing in security technologies that might be totally ineffective," said Anne Wallace, president of the Identity Theft Assistance Center. "How many shredders have been sold over the last couple of years? Research will have a big impact on consumer risk management techniques."
Jack Hermansen, the chief technology officer in IBM's Global Name Recognition Group, said his goal with the group is "replacing the fear and folklore of identity management with facts."
Using the facts, the hope of CAIMR is that new technologies and techniques will be developed to help secure consumer identity and instill faith in transactions.
Still, Friedman stressed that a stronger legal remedy for any breaches has to be provided by the government.
"If (companies) know they will be hit with a multimillion-dollar judgment because some employee has left a laptop on a counter, they are going to take serious efforts to make sure that they have systems in place that are going to prevent that," he said.
--
(Medill News Service)
