Here’s what can go wrong when the government builds a huge database about Americans

July 8, 2013

When stated abstractly, the risk of the NSA violating your privacy may not seem so alarming. The Associated Press reports on an FBI database that provides some concrete examples of how a massive database about Americans can be abused.


FBI headquarters. (Manuel Balce Ceneta/AP)

The National Crime Information Center database, maintained by the FBI, provides law enforcement agencies across the country with information they need to do their job, including information about outstanding arrest warrants, gang memberships, firearms records, and much more. According to the AP, it serves 90,000 agencies and receives 9 million data points every day.

The New York Police Department says one of its detectives was recently caught using the NCIC database to secretly obtain personal information about two other NYPD officers. Police officials have suggested that the man, who also hacked into several individuals' e-mail accounts, was trying to figure out "who his ex-girlfriend, also a police officer, was chatting with."

Another police officer, Gilbert Valle, was convicted in March for using the NCIC database to "help compile dossiers on women that listed their birthdates, addresses, heights and weights," apparently as part of a "bizarre plot to kidnap, cook and cannibalize women." Fortunately, the authorities stepped in before the women he had profiled were harmed.

The AP reports that "authorities have accused a Memphis police officer of using the NCIC database to leak information to a confidential informant about a watch dealer who the informant believed had stolen a Rolex; a reserve patrolman in Clarkston, Ga., of running names and license plates for marijuana dealers; a Montgomery County, Md., officer of running checks on cars belonging to a woman who later reported that the vehicles had been vandalized; and a Hartford, Conn., police sergeant of supplying database records to a woman who used them to harass her ex-boyfriend’s new girlfriend."

These stories illustrate some of the kinds of misconduct that could occur with the NSA's database of the nation's phone calls. A record of every American's phone calls and cellphone locations could be even more attractive to unethical government employees than the NCIC database. Jilted NSA employees could use the database to stalk exes. Corrupt NSA officials could sell information from the database to criminal enterprises. Voyeuristic NSA employees could browse through the database to learn about the personal lives of celebrities.

Indeed, the threat of NSA voyeurism is not just hypothetical. In 2008, a former NSA employee admitted to ABC that he and others at the agency had listened in on the personal phone calls of soldiers stationed overseas.

"Hey, check this out, there's good phone sex or there's some pillow talk," the man said he was told by other NSA employees. "Pull up this call, it's really funny, go check it out. It would be some colonel making pillow talk and we would say, 'Wow, this was crazy.'"

Of course, the NSA says it has safeguards in place to prevent this kind of abuse. According to the agency, just 22 officials have the authority to authorize queries against the phone records database.

But even if access is tightly controlled today, there's no guarantee that it will stay that way. The more tightly access to the database is controlled, the more difficult it will be for NSA analysts to make effective use of it. There will be a natural pressure to expand access as new uses for the database are discovered and concerns about privacy recede.

And the fact that access to the database is officially limited to 22 people doesn't mean that no one else has unofficial access. One reason the FBI has trouble preventing abuse of the NCIC database is that cops share passwords or forget to log themselves out after using the database, allowing others to gain access using their credentials.

And Edward Snowden appears to have gained access to documents that he wasn't authorized to access. The call records database might have similar vulnerabilities.

Of course, the fact that a database can be abused doesn't necessarily mean it shouldn't exist. Despite the frequent abuse of the NCIC database, few are calling for it to be dismantled. It's just too useful for legitimate law enforcement purposes.

But the FBI's experience with the NCIC database suggests that a certain amount of abuse is inevitable any time the government compiles a database containing private information about millions of individuals. That's a cost that needs to be weighed against the benefits of the NSA's phone records database.

If the database is going to exist, external oversight is needed to minimize abuses. An agency that relies entirely on self-policing will be tempted to sweep embarrassing incidents under the rug. But the harsh glare of public scrutiny will motivate NSA officials to keep strong checks in place.

Comments
Show Comments
Most Read Business
Next Story
Sarah Kliff · July 8, 2013