Why we should fear the Matrix
The 'Multistate Anti-Terrorism Information Exchange' program threatens privacy
By Anita Ramasastry
Special to CNN.com
(FindLaw) -- On October 30, 2003, the American Civil Liberties Union (ACLU) filed simultaneous requests in Connecticut, Michigan, New York, Ohio and Pennsylvania for information about those states' participation in the "Matrix" program. (The program's formal name is the "Multistate Anti-Terrorism Information Exchange.") In addition to those five states, four others -- Alabama, Florida, Georgia, and Utah --are participating.
The ACLU's requests seek to find out what information sources the Matrix uses, who has access to the database and how it's being used. They were made pursuant to each states' Freedom of Information Act (FOIA). In October, the ACLU had sought similar information under the federal version of FOIA and in Florida, where the program originated.
What is the Matrix, and why is the ACLU so concerned? Those are the two questions I will address in this column. I will also argue that readers should be concerned, too.
The Total Information Awareness program
Last September, Congress voted to close down the Pentagon's Total Information Awareness (TIA) program. As I discussed in an earlier column, TIA would have allowed the federal government to search and combine the vast amount of data that exists in government and commercial (for profit) databases to create individual profiles of each of us.
TIA was premised on a belief that compiling as much information as possible about as many people as possible in a large-scale database would help thwart terrorist activity. The idea -- called "data mining" -- was that government officials would search the database for information, or patterns of information, that might identify terrorists.
Congress should be applauded for shutting TIA down. First, Congress banned the use of TIA against American citizens, in light of privacy concerns, as well as concerns about the potential for erroneous identifications of innocent persons as terrorists. The program was then renamed Terrorist Information Awareness. Then, Congress shut down that program as well.
Unfortunately, however, the same data mining ideas that inspired TIA have appeared again-- this time, in the guise of the Matrix.
What the Matrix is, and how it works
The Matrix is run by a private corporation -- Seisint Inc. of Boca Raton, Florida, -- on behalf of a cooperative group of state governments. However, it is, at least in part, federally funded -- and may, in future, allow federal access.
The program has received $4 million from the Justice Department. It has been promised a further $8 million from the Department of Homeland Security. In addition, news reports indicate that Matrix officials have said they are considering giving access to the CIA.
What does the Matrix do? According to Congressional testimony and news reports, it appears to do just what TIA would have done, if enacted: Tie together government and commercial databases to allow federal and state law enforcement entities to conduct detailed searches on particular individuals' dossiers.
The Matrix Web site states that the data compiled will include criminal histories, driver's license data, vehicle registration records, and significant amounts of public data record entries. Company officials have refused to disclose more specific details about the nature and sources of the data. According to news reports, the data may also include credit histories, driver's license photographs, marriage and divorce records, Social Security numbers, dates of birth, and the names and addresses of family members, neighbors and business associates.
Moreover, there is no guarantee that the type of data that the Matrix compiles will not be further expanded. And information in today's commercial databases encompasses purchasing habits, magazine subscriptions, income and job histories, and much more. Soon, we may be profiled based on what we read and buy, and how we live.
In Congressional testimony, a Florida lawmaker, Paula B. Dockery, described how the Matrix works: It combines government records with information from "public search businesses" into a "data-warehouse." There, dossiers are reviewed by "specialized software" to identify "anomalies" using "mathematical analysis." If "anomalies" are spotted, they will then be scrutinized by personnel who will search for evidence of terrorism or other crimes.
As with TIA, the idea is plainly that of data mining -- the concept that searches for patterns in this data (including so-called "anomalies") that can identify individuals possibly involved in terrorist or other criminal activity. But as with TIA, this kind of "data mining" may be ineffective, and has severe downsides, including its privacy costs.
Why "data mining" is dangerous
Supporters of data mining claim that it is innocuous because it is simply a faster way of gathering data that already exists. They note that police personnel, and even private detectives, can already trail suspects and search records to compile a profile of a person. Data mining, they say, is just the same process speeded-up and automatized.
In fact, however, the Matrix is so much more powerful than the work of individual detectives or law enforcement personnel, that the comparison is not useful. The Matrix allows the virtually instantaneous search of dozens of records relating to ordinary Americans. Such searches could be done routinely and on a massive scale. No complainant must walk into the police department; no client must go to a private detective.
With a keystroke, the government will be able to compile so much information about us that it could reconstruct our daily lives instantaneously. It won't need to send a detective to trail us, or put a video camera at our side, because data will be used to reconstruct our movements. Nor will it need to pick and choose suspects: Everyone will be a suspect, in effect.
Still, supporters of data mining argue, "Why would you mind this, if you don't have anything to hide? Why do you care if you're a suspect, unless you're guilty?"
But this argument is insidious, as history has proved. After all, if one has nothing to hide why would that person seek to enforce his or her privacy rights, or rights against self-incrimination, or right to an attorney? Yet, of course, it's not that simple -- and these rights are among those most valued within the Bill of Rights.
The principle of "innocent until proven guilty," too, is a fundamental part of our system. Indeed, more than this, it is a core American principle that the government will leave people alone unless it has good reason to suspect them of wrongdoing.
It is unclear when law enforcement will have access to records in the Matrix. But even more important, what triggers the creation of an individual's electronic dossier? At present, this is also an open question.
The risk of painting the innocent as suspect
Even beyond the very serious privacy issues with the Matrix, there is the important risk of so-called false positives. "Data anomalies" are far from certain indicators of guilt.
The data itself may be in error. As anyone who has ever tried to correct an erroneous credit report may have found, it's not easy to stop an error once it gets into the system. Yet there has been no account of how errors in the Matrix databases can be located and corrected.
Or the data may look bad, but have an innocent explanation. Terrorists are said to be transients, moving frequently, with few fixed addresses. But students, poor people, and the homeless do the same. For that matter, so do travel writers.
The truth is that judgments about reasonable suspicion of criminal activity are fundamentally human judgments that cannot now -- and, perhaps, ever -- be made accurately by computers.
A program without safeguards presents special risks
As if all this weren't bad enough -- and it is-- the Matrix lacks safeguards against these predictable problems. The Web site states that "[t]his system will ensure that state and local law enforcement officers -- the individuals most likely to come into direct contact with terrorists or other criminals -- have the best information (accurate and complete) available to them in a timely manner." Despite the promise of accuracy, it does not have an error correction system, at least not one that has been explained to the public. And it does not make clear how, if at all, it will protect privacy.
All of these problems with the Matrix are very serious ones. And there may be others of which we are not aware yet. Until -- and unless -- the ACLU gets full responses to its FOIA requests, we still will not know exactly what data that will be collected, how such information will be used, and who can access it.
These questions are simple. The answers may be of momentous importance. Let's hope the ACLU gets the answers it's looking for. And let's hope that the Matrix meets the same dire fate TIA did before it.
Anita Ramasastry, a FindLaw columnist, is an Associate Professor of Law at the University of Washington School of Law in Seattle and a Director of the Shidler Center for Law, Commerce & Technology. Her other columns on Total Information Awareness, cyberlaw, surveillance, and other issues are included in the archive of her columns on this site.