The Brennan Center for Justice has released a new report, “What the Government Does with Americans’ Data,” concerning changes to government information-gathering after the terrorist attacks of Sept. 11, 2001. The report also makes recommendations for reforms to the government system of data collection, retention and dissemination. Here’s an excerpt from the introduction:
The attacks of September 11, 2001, and the intelligence failures preceding them, sparked a call for greater government access to information. Across a range of laws and policies, the level of suspicion required before law enforcement and intelligence agencies could collect information about U.S. persons was lowered, in some cases to zero. Many restrictions on gathering information about First Amendment-protected activity have been similarly weakened. The result is not merely the collection of large amounts of information, but a presumptive increase in the quantity of information that reflects wholly innocuous, and in some cases constitutionally protected, activity.
While some publications address whether lowering the threshold for suspicion to collect information poses an undue risk to civil liberties, this report addresses a separate question: Regardless of whether the expansion of the government’s domestic information collection activity can be expected to yield enough additional “hits” to justify its various costs, how do federal agencies deal with the apparent “misses” — the stores of information about Americans that are swept up under these newly expanded authorities and that do not indicate criminal or terrorist behavior?
One might expect that this information would NOT be retained, let alone extensively shared among agencies. To the contrary, there are a multitude of laws and directives encouraging broader retention and sharing of information — not only within the federal government, but with state and local agencies, foreign governments, and even private parties. Policymakers remain under significant pressure to prevent the next 9/11, and the primary lesson many have taken from that tragedy is that too much information was kept siloed. Often lost in that lesson is that the dots the government failed to connect before 9/11 were generally not items of innocuous information, but connections to known al Qaeda or other foreign terrorist suspects. Meanwhile, the cost of data storage is plummeting rapidly while our technological capabilities are growing, making it increasingly cheap to store now and search later.
Of course, federal and state agencies must maintain databases to carry out legitimate governmental purposes, including the provision of services, the management of law enforcement investigations, and intelligence and counterterrorism functions. In addition, where law enforcement agencies have reasonable suspicion of possible criminal activity or intelligence components are acquiring information on foreign targets and activity, they must retain information to track investigations, carry out lawful intelligence functions, and ensure that innocent people are not repeatedly targeted.
History makes clear, however, that information gathered for any purpose may be misused. Across multiple administrations, individuals and groups have been targeted for their activism, and sensitive personal information has been exploited for both political and petty reasons. The combination of vastly increased collection of innocuous information about Americans, long-term retention of these materials, enhanced electronic accessibility to stored data, and expanded information-sharing exponentially increases the risk of misuse.
Against this backdrop, this report analyzes the retention, sharing, and use by federal law enforcement and intelligence agencies of information about Americans not suspected of criminal activity. It examines five distinct categories of information. The categories are Suspicious Activity Reports, assessments, National Security Letters, searches of electronics at the border, and information acquired by the National Security Agency.