CDT POLICY POST Volume 8, Number 22, October 25, 2002

A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY

CONTENTS:

(1) What Does the Sniper Case Reveal About Policing, Terrorism and Databases?

(2) Fingerprint Databases Useful Despite - In Part Because Of - Privacy Rules

(3) Car License Plate Data Also Subject To Privacy Protections

(4) Citizen Tipsters - A Right Way and a Wrong Way

(1) WHAT DOES THE SNIPER CASE REVEAL ABOUT POLICING, TERRORISM AND DATABASES?

Already the argument has been made on at least one list that "Big Brother caught the sniper" - that the person who was terrorizing the Washington, DC area was caught police by using massive government databases, citizen informants, and inter-agency government information sharing.

We see it differently: The suspected sniper was caught in part using government databases consisting of carefully-defined information collected pursuant to strict guidelines and subject to privacy protections; a citizen responding to leaked (arguably illegally leaked) government information of a precise nature; and traditional police work (including one officer's telephone call to another police officer he knew personally and the non-electronic exchange of information). Most importantly, though, it seems that the case was broken when the alleged sniper (or someone who knew him) called police and gave them crucial information.

While there are several pieces of the investigation that we don't know full details about yet (e.g., how did police trace the call to the priest near Ashland, VA), nevertheless it is useful to look at some the databases and methods the police used, for they offer lessons for current privacy and security debates.

(2) FINGERPRINT DATABASES USEFUL DESPITE - IN PART BECAUSE OF - PRIVACY RULES

The alleged sniper was identified in part because a fingerprint lifted from a Montgomery, Alabama robbery-murder was matched with a fingerprint taken by law enforcement authorities from the 17 year old companion of the accused following the youth's arrest in connection with an altercation in Washington state.

Background on fingerprint databases: What became the International Association of Chiefs of Police (IACP) was founded in 1893 when police chiefs from all parts of the country met in Chicago to form an organization to share information across jurisdictions and apprehend wanted persons who fled local jurisdictions. In 1897, they created the National Bureau of Criminal Identification, just as the technique of fingerprinting was becoming popularized. In 1924, the IACP's criminal identification files (fingerprints and rap sheets) were turned over to the federal government and used to create the FBI Identification Division, sixty years before 1984's Big Brother.

But the key point is this: The database at issue (actually now a networked series of databases) is woven through with a series of rules intended to limit its use and protect privacy.

First of all, the fingerprint database at issue consists only of people who have been arrested. That is, they are people for whom there was probable cause to believe that they had already committed a crime. (Small exceptions: unidentified dead and certain missing persons.)
Second, all information in the database is collected with the knowledge of the record subject.
Third, access to the federal database is strictly controlled by statute and regulation - by and large, it is available only to law enforcement agencies, and to government agencies and some private sector employers conducting background checks, but only when the legislature has specifically determined that the occupation requires a criminal history check.
Huge efforts have been made over the years to improve the data quality of the database, particularly in making sure that it is complete. In recognition of the data quality problem, particularly the fact that the disposition of many arrests are not posted, the federal courts have ruled that it is a violation of federal law to use mere arrests in the database as the basis for employment decisions.
When the database is used for non-criminal justice purposes, it is accessed only with prior written consent of the record subject - a very high standard.
Individuals have a right to access any and all information about themselves that is in the fingerprint/rap sheet database and they have the right to obtain the correction of erroneous or incomplete information. There are also laws providing in some cases for sealing or purging of information.

Notwithstanding all of these protections - in some respects, particularly the data quality initiative, because of these protections - the database is very useful to law enforcement agencies.

(3) CAR LICENSE PLATE DATA ALSO SUBJECT TO PRIVACY PROTECTIONS

The use of car registration databases also is a very interesting example of the rules and privacy protections that have been built up around government databases: The Department of Motor Vehicle (DMV) databases are very useful to law enforcement despite being subject to a number of privacy protections.

First, the identifying data are collected only with notice and express prior consent - meaning that everyone in the DMV database knows he is there, was expressly asked to be put in the database, and has a right of access to all information about himself in the database. (In fact, practically everyone in the DMV database carries with himself or herself a copy of the information in the database.)
The information is quite highly accurate. It is regularly updated. Individuals can easily change inaccurate or outdated information. They can purge erroneous information (for example, when they move or get married or divorced and change their name).
The database contains a numerical identifier, but several states, recognizing the privacy and security flaws in the use of the Social Security Number as a single identifier, have allowed their citizens to choose a random number for use in the DMV system, with no degradation in its value for administration of the drivers license system or its value as an identifier for other criminal law enforcement purposes.

License plate data is especially interesting in terms of some of the authentication debates taking place in other contexts, for while each license plate contains a unique number, it is not a personal identifier: the person driving the car need not be the person in whose name the car is registered.

Also both drivers license data and car registration data are subject to privacy protections. In fact, Congress has adopted a very detailed law (upheld against constitutional challenge by the US Supreme Court) limiting the use of DMV data.

(4) CITIZEN TIPSTERS - A RIGHT WAY AND A WRONG WAY

Contrast the tip that led to the alleged sniper's arrest to the TIPS program suggested by the Bush Administration earlier this year. In the sniper investigation, the police put out a general request for information about suspicious people, posting a hot line number, similar to the hot line number the Justice Department was proposing for the anti-terrorism TIPS program. In the sniper case, the TIPS line generated over 70,000 leads, which consumed huge resources but apparently contributed nothing to the solving of the case - except for the calls that the sniper himself made to line, some of which police ignored or discounted apparently overwhelmed by the number of crank calls.

In contrast, the "tip" that led to arrest of the suspects related to a very specific piece of information - a license plate number.

Ironically, the government had not officially made the license plate number public. It was leaked by one or more officers violating (at the very least) the conditions of their employment and the orders of their superiors. This is very interesting in this era of talk about "information sharing," which too often means sharing with a few while keeping from the public. Legislation is now pending in Congress that would make it a crime for a government official to disclose to the public information about cyber-vulnerabilities that has been given the government by the private sector. If a similar criminal penalty had been in place for law enforcement investigative information, the officers who leaked the license plate might have not taken the risk and the sniper might still be on the loose.

See "The Leak That Sank the Suspects" by Howard Kurtz in the October 25 Washington Post: http://www.washingtonpost.com/wp-dyn/articles/A13610-2002Oct24.html

Detailed information about online civil liberties issues may be found at http://www.cdt.org/.

This document may be redistributed freely in full or linked to http://www.cdt.org/publications/pp_8.22.shtml.

Excerpts may be re-posted with prior permission of ari@cdt.org