A massive new data mining project planned by the U.S. Department of Homeland Security raises privacy concerns that must be identified and mitigated sooner than later, government auditors said Wednesday.
According to a new Government Accountability Office report (PDF), DHS has not yet analyzed the privacy implications of the ADVISE (Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement) tool. The department has said it is counting on the tool to aid in detecting threats to the homeland by sifting through mounds of information.
Before DHS proceeds, it should scrutinize a number of potential privacy risks, including "the potential for erroneous association of individuals with crime or terrorism through data that are not accurate for that purpose, the misidentification of individuals with similar names, and the use of data that were collected for other purposes," the GAO report said.
If the department does not build in controls from the beginning that ensure information is only used for specified purposes, it may have to spend lots of time and money to retrofit the system later, the GAO warned.
The report noted that DHS has already built in some controls, such as requiring analysts to log into the tool with a valid username and password, restricting sensitive data sets to only certain authorized users, and logging all user requests and system responses for subsequent audits.
The department has spent approximately $40 million since 2003 to develop ADVISE, which it is rolling out in six phases, according to the report. It is currently testing the system using "mock data" to gauge how well it identifies "patterns of interest."