Summary
The government's interest in using technology to detect terrorism and other threats has led to increased use of data mining. A technique for extracting useful information from large volumes of data, data mining offers potential benefits but also raises privacy concerns when the data include personal information. GAO was asked to review the development by the Department of Homeland Security (DHS) of a data mining tool known as ADVISE (Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement). Specifically, GAO was asked to determine (1) the tool's planned capabilities, uses, and associated benefits and (2) whether potential privacy issues could arise from using it to process personal information and how DHS has addressed any such issues. GAO reviewed program documentation and discussed these issues with DHS officials.
ADVISE is a data mining tool under development intended to help DHS analyze large amounts of information. It is designed to allow an analyst to search for patterns in data--such as relationships among people, organizations, and events--and to produce visual representations of these patterns, referred to as semantic graphs. None of the three planned DHS implementations of ADVISE that GAO reviewed are fully operational. (GAO did not review uses of the tool by the DHS Office of Intelligence and Analysis.) The intended benefit of the ADVISE tool is to help detect threatening activities by facilitating the analysis of large amounts of data. DHS is currently in the process of testing the tool's effectiveness. Use of the ADVISE tool raises a number of privacy concerns. DHS has added security controls to the tool; however, it has not assessed privacy risks. Privacy risks that could apply to ADVISE include the potential for erroneous association of individuals with crime or terrorism and the misidentification of individuals with similar names. A privacy impact assessment would identify specific privacy risks and help officials determine what controls are needed to mitigate those risks. ADVISE has not undergone such an assessment because DHS officials believe it is not needed given that the tool itself does not contain personal data. However, the tool's intended uses include applications involving personal data, and the E-Government Act and related guidance emphasize the need to assess privacy risks early in systems development. Further, if an assessment were conducted and privacy risks identified, a number of controls could be built into the tool to mitigate those risks. For example, controls could be implemented to ensure that personal information is used only for a specified purpose or compatible purposes, and they could provide the capability to distinguish among individuals that have similar names to address the risk of misidentification. Because privacy has not been assessed and mitigating controls have not been implemented, DHS faces the risk that ADVISE-based system implementations containing personal information may require costly and potentially duplicative retrofitting at a later date to add the needed controls.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director:
Team:
Phone:
Linda D. Koontz
Government Accountability Office: Information Technology
(202) 512-6240
Recommendations for Executive Action
Recommendation: To ensure that privacy protections are in place before DHS proceeds with implementations of ADVISE, the Secretary of Homeland Security should immediately conduct a privacy impact assessment of the ADVISE tool to identify risks, such as those described in this report.
Agency Affected: Department of Homeland Security
Status: Closed - not implemented
Comments: In February 2007, we reported on the privacy risks associated with the DHS ADVISE data mining tool. We reported that use of the ADVISE tool raises a number of privacy concerns, and that DHS has added security controls to the ADVISE tool but neglected to assess privacy risks. As a result, we recommended that the Secretary of DHS conduct a privacy impact assessment of the ADVISE tool. In response to our recommendation, DHS stated that a PIA is not well-suited for the ADVISE tool and has since developed the Privacy and Technology Implementation Guide which is meant to provide assistance to technology managers and developers in understanding privacy protections as they design, build, and deploy operational systems. Furthermore, the ADVISE tool was terminated subsequent to our report and further reports by the DHS Privacy Office and Inspector General citing privacy concerns. According to a DHS official, this termination was due to a change in priorities and the increasing availability of more cost-effective solutions. Because the ADVISE program was terminated by DHS, we are considering this recommendation closed. Furthermore, the development of the Privacy and Technology Implementation Guide will help to ensure that technologies, such as ADVISE, appropriately consider privacy risks throughout system design and development.
Recommendation: To ensure that privacy protections are in place before DHS proceeds with implementations of ADVISE, the Secretary of Homeland Security should implement privacy controls to mitigate potential privacy risks identified in the privacy impact assessment.
Agency Affected: Department of Homeland Security
Status: Closed - not implemented
Comments: In February 2007, we reported on the privacy risks associated with the DHS ADVISE data mining tool. We reported that use of the ADVISE tool raises a number of privacy concerns, and that DHS has added security controls to the ADVISE tool but neglected to assess privacy risks. As a result, we recommended that the Secretary of DHS implement privacy controls, as needed, to mitigate any identified risks. In response to our recommendation, DHS has since developed the Privacy and Technology Implementation Guide which is meant to provide assistance to technology managers and developers in understanding privacy protections as they design, build, and deploy operational systems. Further, The ADVISE tool was terminated subsequent to our report and further reports by the DHS Privacy Office and Inspector General citing privacy concerns. According to a DHS official, this termination was due to a change in priorities and the increasing availability of more cost-effective solutions. Because the ADVISE program was terminated by DHS, we are considering this recommendation closed. Furthermore, the development of the Privacy and Technology Implementation Guide will help to ensure that technologies, such as ADVISE, appropriately consider privacy risks and mitigating controls throughout system design and development.
