Governmental Data Mining and its Alternatives

Governments face new and serious risks when striving to protect their citizens. Of the various information technology tools discussed in the political and legal sphere, data mining applications for the analysis of personal information have probably generated the greatest interest. Data mining has captured the imagination as a tool which can potentially close the intelligence gap constantly deepening between governments and their targets. Data mining initiatives are popping up everywhere. The reaction to the data mining of personal information by governmental entities came to life in a flurry of reports, discussions, and academic papers. The general notion in these sources is that of fear and even awe. As this discourse unfolds, something is still missing. An important methodological step must be part of every one of these * Hauser Research Fellow, New York University Law School, 2010-2011. Senior Lecturer, University of Haifa, Faculty of Law. Research for this paper was partially funded by an NWO (the Dutch Research Foundation) funded project “Data Mining without Discrimination” and I thank my co-researchers Bart Custers, Bart Schermer and Toon Calders for their insights. I also thank Chris Slobogin, Kathy Strandburg, Helen Nissenbaum, Ira Rubinstein, Richard Stewart, the participants of the Hauser Research Forum, the DePaul Law School CIPLIT presentation for their comments and Talya Ponchek for her assistance in research. 286 PENN STATE LAW REVIEW [Vol. 116:2 inquires mentioned abovethe adequate consideration of alternatives. This article is devoted to bringing this step to the attention of academics and policymakers. The article begins by explaining the term “data mining,” its unique traits, and the roles of humans and machines. It then maps out, with a very broad brush, the various concerns raised by these practices. Thereafter, it introduces four central alternative strategies to achieve the governmental objectives of security and law enforcement without engaging in extensive data mining and an additional strategy which applies some data mining while striving to minimize several concerns. The article sharpens the distinctions between the central alternatives to promote a full understanding of their advantages and shortcomings. Finally, the article briefly demonstrates how an analysis that takes alternative measures into account can be carried out in two contexts. First, it addresses a legal perspective, while considering the detriments of data mining and other alternatives as overreaching “searches.” Second, it tests the political process set in motion when contemplating these measures. This final analysis leads to an interesting conclusiondata mining (as opposed to other options) might indeed be disfavored by the public, but mandates the least scrutiny by courts. In addition, the majority’s aversion from the use of data mining might result from the fact that data mining refrains from shifting risk and costs to weaker groups. This is yet one of the ways the methodology of examining alternatives can illuminate our understanding of data mining and its effects. INTRODUCTION: THE LURE AND CONFUSION OF GOVERNMENTAL DATA MINING Governments around the world are facing new and serious risks when striving to assure the security and safety of their citizens. Perhaps the greatest concern is the fear of terrorist attacks. Various technological tools are being used or considered as means to meet such challenges and curb these risks. Of the tools discussed in the political and legal sphere, data mining applications for the analysis of personal information have probably generated the greatest interest. The discovery of distinct behavior patterns linking several of the 9/11 terrorists to each other and known operatives 1 has led many to ask: What if data mining had been 1. See Kim Taipale, Technology, Security and Privacy: The Fear of Frankenstein, the Mythology of Privacy, and the Lessons of King Ludd, 7 YALE J.L. & TECH. 123, 134 (2004). 2011] GOVERNMENTAL DATA MINING AND ITS ALTERNATIVES 287 applied in advance? Could the attacks and their devastating outcomes have been avoided? Data mining has captured the imagination as a tool that can potentially close the intelligence gap constantly deepening between governments and their new targetsindividuals posing a risk to security and the public’s wellbeing. 2 Data mining is also generating interest in other governmental contexts, such as law enforcement and policing. In recent years, law enforcement has shifted to “Intelligence Led Policing”(ILP). 3 Rather than merely reacting to events and investigating them, law enforcement is trying to preempt crime. It does so by gathering intelligence, which includes personal information, closely analyzing it, and allocating police resources accordinglyall tasks which could be enhanced by data mining technology. 4 The growing appeal of data mining in all these contexts results from similar reasons and sourcesthe development of cutting edge technologies; advances in mathematics, statistics, and computer science; and the sinking costs of the hardware, software and manpower needed for their implementation. 5 Reports on the success of prediction through the use of data mining 6 in the commercial realm have strengthened the appeal of these models for governmental actions as well. 7 It should therefore come as no surprise that in the United States, data mining initiatives are popping up everywhere. A recent U.S. General Accounting Office report indicates current data mining 2. For a countering view, see Jeff Jonas & Jim Harper, Effective Counterterrorism and the Limited Role of Predictive Data Mining, CATO INST. POL’Y ANALYSIS, Dec. 11, 2006; see also Bruce Schneier, Why Data Mining Won't Stop Terror, WIRED, Mar. 9, 2006, http://www.wired.com/politics/security/commentary/securitymatters/2006/03/70357. 3. Fred H. Cate, Data Mining: The Need for a Legal Framework, 43 HARV. C.R.C.L. L. REV. 435 (2008). 4. See, e.g., Press Release, IBM, Memphis Police Department Reduces Crime Rates with IBM Predictive Analytics Software (Jul. 21, 2010), available athttp://www03.ibm.com/press/us/en/pressrelease/32169.wss. For a paper discussing these initiatives in the Netherlands, see RCP van der Veer et al., Data Mining for Intelligence Led Policing, 15 ACM SIGKDD INT’L CONF. ON KNOWLEDGE DISCOVERY AND DATA MINING (2009), http://www.sentient.nl/docs/data_mining_for_intelligence_led_policing.pdf. 5. For a discussion of the building blocks of data mining, see Tal Z. Zarsky, “Mine Your Own Business!”: Making the Case for the Implications of the Data Mining of Personal Information in the Forum of Public Opinion, 5 YALE J.L. & TECH. 4 (20022003) [hereinafter Zarsky, MYOB]. 6. Such success has been recently detailed in several popular books. See, e.g., STEPHAN BAKER, THE NUMERATI (2008); IAN AYRES, SUPER CRUNCHERS (2007). 7. DANIEL J. SOLOVE, NOTHING TO HIDE—THE FALSE TRADEOFF BETWEEN PRIVACY AND SECURITY 182 (Yale Univ. Press 2011) [hereinafter SOLOVE, NOTHING TO HIDE]. 288 PENN STATE LAW REVIEW [Vol. 116:2 initiatives in a broad array of contexts. 8 The Defense Against Research Projects Agency (DARPA) has famously promoted the Total (later changed to “Terrorist”) Information Awareness (TIA) program—an ambitious project which planned to analyze vast amounts of personal information from governmental and commercial sources. This project was catastrophically handled in terms of public relations. Public concern and outrage led to Congressional intervention and the project’s quick demise. 9 It is broadly understood that similar projects are living on under different names and acronyms, however. The reaction to the data mining of personal information by governmental entities came to life in a flurry of reports, discussions, and academic papers. The general notion in these sources, as well as the one in the public sphere, 10 is that of fear and even awe. Information privacy, which many sense is under constant attack in both the commercial and governmental realm, seems to be utterly compromised. The visceral feeling of many is that the outcome of data mining analyses, which allow the government to differentiate among individuals and groups in novel ways, is extremely problematic. Understanding what stands behind this strong visceral response is a difficult task. Even though governmental data mining is extensively discussed in recent literature, 11 an overall sense of confusion is ever present. Given the fact that data mining will probably prove necessary (or a “necessary evil” for some), scholars have moved to examine how the problems it generates could be mitigated and how its risks and benefits should be balanced. While mapping out these matters, scholars, as well as policymakers, must further establish which paradigms of legal thought are most fitting to address these matters. Central paradigms are constitutional law, privacy law, and anti-discriminationyet other fields 8. U.S. GEN. ACCOUNTING OFFICE,GAO-04-548, DATA MINING: FEDERAL EFFORTS OVER A WIDE RANGE OF USES 9-54 (2004). The General Accounting Office has since been renamed as the Government Accountability Office. 9. See Cate, supra note 3, at 441; see also SOLOVE, NOTHING TO HIDE, supra note 7, at 184-85. 10. This outcome is interesting, as stories related to privacy in general have generated limited interest, lest they involve an actual catastrophepersonal data about a judge blocks his nomination, information regarding the address of an actress leads to her murder, and many other examples. The data mining stories here addressed focus on potential harms, which have yet to materialize. This outcome tells an interesting story about the data mining risks. 11. See, e.g., Cate, supra note 3; Christopher Slobogin, Government Data Mining and the Fourth Amendment, 75 U. OF CHIC. L. REV. 317 (2008); see also Anita Ramasastry, Lost in Translation? Data Mining, National Security and the Adverse Inference Problem, 22 SANTA CLARA COMPUTER & HIGH TECH. L.J. 757, 760 (2006), and Daniel J. Solove, Data Mining and the Security-Liberty Debate, 75 U. CHI. L. REV. 343 (2008). 2011] GOVERNMENTAL DATA MINING AND ITS ALTERNATIVES 289 will surely prove relevant. As this discourse unfolds, something is still missing. An important yet often overlooked methodological step must be part of every one of the inquires mentioned abovethe adequate consideration of alternatives. Scholars and policymakers swiftly point out the troubles of data mining, as well as the dangers of ignoring it. Yet they are not equally quick to consider the alternatives which will surely be applied by governments setting data mining aside, with their many detriments and shortcomings. Understanding the importance of this analytical step follows from acknowledging that the challenges bringing data mining to the forefront of our discussion are not going away. Governments must confront new security and law enforcement challenges and pressure to take action. They must also address the challenges of optimally utilizing the vast volumes of personal information at their disposal. Moreover, considering alternatives is also helpful in sharpening our understanding of the benefits, detriments, traits and qualities of data mining itself. This article strives to develop a methodology for examining alternatives to data mining and to bring it to the attention of academics and policymakers. It provides basic tools for engaging in this important analytic exercise and a brief demonstration as to how it could be carried out. To achieve its objective, this article proceeds as follows: in Part 1, it briefly demonstrates and explains the government’s data mining initiatives. This is a crucial step, as the term “data mining” has almost taken on a life of its own, and is applied in several—at times contradictory—ways. The article also notes specific unique traits of these practices while focusing on the distinct roles of humans and machines. Part II maps the various concerns data mining generates while drawing from ongoing literature in legal journals and policy papers. Part III presents the center of the thesis and introduces four alternative strategies of data usage and management for achieving the governmental objectives of security and law enforcement. It also addresses an additional strategy (contemplated by policymakers and think tanks) for using a specific form of data mining while anonymizing the data and thus minimizing some of the mentioned concerns. In the second segment of this part, I sharpen the distinctions between the central alternatives to promote a full understanding of their advantages and shortcomings In Part IV, I demonstrate how an analysis that takes alternative measures into account can be carried out in two contexts. First, from a legal perspective, while considering the detriments of data mining analysis as a “search” of personal information pertaining to specific individuals without their specific and informed consent. For that, the article briefly maps out three theories for understanding “searches” in these contexts and tests them for every alternative. I conclude that the 290 PENN STATE LAW REVIEW [Vol. 116:2 results are mixed; while generally data mining proves to be the most problematic option, the outcomes vary among the theories. Therefore, as results are complex and unpredictable, a full comparative analysis will be required at every juncture prior to setting relevant policy. Second, I briefly demonstrate how this methodology could be applied to studying the political process set in motion by adopting measures for selective law enforcement. Here I address the different social and political dynamics which will transpire under every alternative regime. This analysis leads to two interesting preliminary results. First, that data mining might indeed be disfavored by the public, but mandates the least scrutiny by courts. Second, that the majority’s general discontent with data mining might result from the fact that data mining refrains from shifting risks and costs to weaker groups. Thus, the political process might not be leading to the selection of the most fair and efficient option. This comparative analysis provides an important insight that would enrich future discussions and court decisions. The discussion of data mining and its alternatives goes beyond the actions of government. Private entities are applying similar techniques to distinguish among their actual or prospective clients/customers, while analyzing personal behavior. Advertisers, marketers, banks, credit card issuers, and insurance companies all engage in the data mining of personal information. 12 While the commercial context is of great importance, it is beyond our current scope. It is important to note, however, that the rationales and internal balances discussed in the governmental context cannot be applied directly to the private sector. With private firms, competitive forces (when these indeed exist) might play an important role in achieving some of the needed objectives. 13 These differences and their implications must be explored elsewhere. Finally, although this article claims to merely make a methodological contribution, I confess to arguing a normative point between the lines. While I do not carry through a full analysis of the pros and cons of the data mining strategies, my sense is that when taking the full scope of alternatives into account, data mining is far less problematic than when it is considered at first blush. The problems data mining brings to mind persist, and with greater force, when applying 12. For a recent example, see Leslie Scism & Mark Maremont, Insurers Test Data Profiles to Identify Risky Clients, WALL ST. J., Nov. 19, 2010, http://online.wsj.com/article/SB10001424052748704648604575620750998072986.html? mod=WSJ_hp_LEADNewsCollection. 13. In some instances, the services rendered are not essential, thus allowing for consumer choicean option which requires rethinking many of the elements to be addressed below. Finally, the obligations and motivations of governmental entities are different than their commercial counterparts, thus altering the internal calculus leading to the final recommendations. 2011] GOVERNMENTAL DATA MINING AND ITS ALTERNATIVES 291 other options. Understanding this point might lead policymakers to reconsider the overall negative treatment data mining options receive. PART I: DATA MINING: IN THEORY AND IN PRACTICE I.1. Data Mining: Definitions, Processes and General Terms 14 The term “data mining” has recently been used in several contexts by policymakers and legal scholars. For the discussion here, I revert to a somewhat technical definition of this term of art. Here, data mining is defined as the “nontrivial process of identifying valid, novel, potentially useful and ultimately understandable patterns in data.” 15 Even within this definition, there are several intricacies. The term “data mining” refers to both “subject based” and “pattern based” searches. 16 The former refers to database searches of and for specific individuals, events, and predetermined patterns. However, the core of this article focuses on the latter forms of analysis (also referred to as “event-based” data mining). These methods provide for a greater level of automation and the discovery of unintended and previously unknown information. Such methods can potentially generate great utility in the novel scenarios law enforcement and intelligence now facewhere a vast amount of data is available, yet there is limited knowledge as to how it can be used and what insights it can provide. With “pattern based analyses,” the analysts engaging in data mining do not predetermine the specific factors the analytical process will use at the end of the day. They do, however, define the broader datasets which will be part of the analysis. Analysts also define general parameters for the patterns and results they are seeking and that thus could be acceptedsuch as their acceptable level of error. Thereafter, the analysts let the software sift through the data and point out trends within 14. Since the matters here addressed were drawn out elsewhere, the analysis is brief. For a more in-depth discussion, see Zarsky, MYOB, supra note 5. See also Kim A. Taipale, Data Mining and Domestic Security: Connecting the Dots to Make Sense of Data, 5 COLUM. SCI. & TECH. L. REV. 2 (2003), available athttp://www.stlr.org/html/volume5/taipaleintro.php; MARY DEROSA, CTR. FOR STRATEGIC AND INT’L STUDIES, REPORT: DATA MINING AND DATA ANALYSIS FOR COUNTERTERRORISM 14, (2004), available at http://csis.org/files/media/csis/pubs/040301_data_mining_report.pdf. 15. This is the most common definition of data mining. For example, see U.M. Fayyad et al., From Data Mining To Knowledge Discovery: An Overview, in ADVANCES IN KNOWLEDGE DISCOVERY AND DATA MINING 6 (1996). 16. For a discussion regarding the distinction among the two, see Cate, supra note 3, at 438, and Slobogin, supra note 11, at 323. 292 PENN STATE LAW REVIEW [Vol. 116:2 the relevant datasets, or ways in which the data could be effectively sorted. 17 The data mining process could achieve both descriptive and predictive tasks. Descriptive data mining provides analysts with a better understanding of the information at their disposal, while uncovering hidden traits and trends within the dataset. When applied by law enforcement to vast databases of personal information, such analyses can uncover disturbing behavior patterns and assist in ongoing investigation to find criminals and terrorists already being sought. While this ability generates legal concerns, this paper focuses on the use of the data mining of personal information for predictive modeling and analysisan issue that generates far more interest (and subsequent fear). 18 In a predictive process, the analysts use data mining applications to generate rules based on preexisting data. Thereafter, these rules are applied to newer (while partial) data, which is constantly gathered and examined as the software constantly searches for previously encountered patterns and rules. Based on new information and previously established patterns, the analysts strive to predict outcomes prior to their occurrence (while assuming that the patterns revealed in the past pertain to the current data as well). In the law enforcement and national security context, such insights can prove quite helpful—at times allowing for sufficient reaction before it is too late. 19 I.2. Data Mining, Automation, and the Human Touch As mentioned above, one of data mining’s unique traits is the high level of automation it provides. The scope of automation this process entails might be easily overestimated. Counter to what one might initially believe, even with predictive data mining, the role of the human analyst and his or her discretion is quite extensive. For example, the dataset must be actively constructed, at times by bringing together data from various sources. The analyst must also predefine the parameters of the search. 20 These actions directly affect the outcome of the process, and thus impact policy. 17. For a discussion as to how these data mining techniques are carried out, see generally Zarsky, MYOB, supra note 5. 18. For similar reflections on this dichotomy and its normative implications, see SOLOVE, NOTHING TO HIDE, supra note 7, at 195. 19. The data mining process includes other stages as well, such the preparation of the data, data warehousing, cleansing and sorting. For more on these stages, see generally Zarsky, MYOB, supra note 5. 20. This is done both in advance and after the fact by “weeding out” results she might consider as random, wrong, or insignificant. 2011] GOVERNMENTAL DATA MINING AND ITS ALTERNATIVES 293 The extent of human discretion involved in this process is not a factor set in stone. Rather, it is a result of various policy decisions. For instance, it is impacted by whether the process is interpretable or noninterpretable. With a non-interpretable process, the rationales for actions premised upon the predictions the data mining process provides are not necessarily explainable to humans; the software makes its decisions based upon multiple variables (even thousands!) that were learned throughout the data analysis. 21 This process is not easily reduced to words. Therefore, applying non-interpretable schemes affects the role and discretion of the analysts. With such processes in place, human discretion is minimized to setting the parameters for generating predictive algorithms ex ante. The subsequent process of sorting objects, events, or people is carried out automatically, with minimal human oversight. In addition, when a process is non-interpretable, it is very difficult to provide an answer as to why a specific result was reached beyond the fact that this is what the algorithm identified based on similar cases in the past. The flip side of these processes would be a fully interpretable analysis: one which uses a limited number of factors which in turn could be reduced to a human-language explanation. With interpretable results, an additional stage could be added to the process in which the analyst works through the patterns and criteria set forth by the computer algorithms. These could be indications of higher risk associated with individuals of a certain height, age, specific credit or purchasing historyand the interaction of these factors. With an interpretation in hand, the analysts can track and set aside factors which they find offensive, ridiculous, or problematic. In addition, the analyst could provide a response after the fact to questions as to what initiated the special treatment of an event or individual. An interpretable process would be costly, both in terms of additional expenses for analysts and the efficiency and effectiveness lost in the process. Yet these costs are balanced by gains in accountability and transparency. Providing for an interpretable process also enables an additional level of human scrutiny in the predictive data mining dynamic. If analysts have a good grasp of the elements used, they can further seek out a theory of causation. Such a theory would go beyond the mere correlation that data mining reveals and seek out explanations as to why 21. David Martens & Foster Provost, Explaining Documents' Classification 6 (N.Y.U. Stern School of Business, Working Paper No. CeDER-11-01, 2011), available at http://pages.stern.nyu.edu/~fprovost/Papers/martens-CeDER-11-01.pdf. 294 PENN STATE LAW REVIEW [Vol. 116:2 these are proper indicators 22 (as opposed to merely acknowledging that they “work”). This step can prove helpful in weeding out ridiculous and random findings as well as those which resemble problematic (or even illegal) discriminatory practices. The notion of “interpretability” and the causation/correlation distinction will be addressed throughout this article, as it analyzes the various alternatives to data mining. To summarize, this segment provided an overview of the meaning and use of data mining when applied to the analysis of personal information by governments. It also briefly clarified the extent of human discretion and computer automation. The entire discussion is premised on an underlying assumption that the tools here discussed are effective in achieving their analytical objectives while maintaining an acceptably low level of false positives and negatives. Whether this is indeed true is currently hotly debated 23 and notoriously difficult to measure. The answer to these questions will depend on context as well as the costs, consequences, and chances of false positives and false negatives. Therefore, prior to engaging in data mining, a relevant authority must conduct an assessment of the effectiveness of the data mining process. 24 If such an analysis indicates that data mining schemes are doomed to technical and operational failure, data mining must be abandoned. The critiques presented below, however, will be premised upon the contrary assumption that data mining is effective and operational. PART II:THE FEARS AND CHALLENGES OF GOVERNMENTAL DATA MINING Data mining presents promising opportunities for bridging the gap between the government’s informational needs and the vast datasets of information at its disposal. With data mining, such data could be transformed into knowledge. However, these practices generate a variety of concerns. These concerns, in turn, are now requiring policymakers and courts to engage in an extensive discussion and analysis. A discussion of these matters splinters quickly into a multitude of claims and counterclaims. Fully addressing all these issues is beyond the confines of this (or any) article. For that reason, this article focuses on a specific methodological point which must be applied in every one of the 22. H rewewo , constructing a theoretical justification to a statistical correlation is usually easy and merely requires some imagination. Thus, one can easily question the extent of protection from arbitrary results this requirement will provide. 23. See sources cited supra note 2. 24. This is a well-accepted notion. See TECHNOLOGY AND PRIVACY ADVISORY COMMITTEE, SAFEGUARDING PRIVACY IN THE FIGHT AGAINST TERRORISM (2004) [hereinafter TAPAC REPORT]. For more on this point, see Cate, supra note 3, at 476. 2011] GOVERNMENTAL DATA MINING AND ITS ALTERNATIVES 295 data mining contexts: addressing alternatives. 25 To briefly demonstrate how that should be done, I focus below 26 on merely examining alternatives for the first segment of such an analysis. In the interest of giving context to the critique of data mining and its alternatives, this segment maps out the specific analytical junctures where data mining is challenged. It is at these points where addressing alternatives is crucial. This analytic mapping relies upon scholarship and policy reports addressing this matter in the last few years. For the sake of clarity, I distinguish among the different steps of personal information flow: the collection and analysis stage and the usage of personal data. The following description is mostly theoretical and normative, with only limited attention provided to positive law. The article takes this approach for several reasons. First, setting aside the positive analysis for now allows for quickly working through the relevant issues and leaving room for an in-depth discussion of the alternatives. Second, to a great extent, the legal and policy standing on these issues is still up for grabs. In the United States, most of these issues have not been decided upon in the courts, which are probably awaiting regulation or legislation. The governmental data mining initiatives usually do not amount to breaches of constitutional rights; as Daniel Solove succinctly summarized, “Data mining often falls between the crevices of constitutional doctrine.” 27 These initiatives are also probably permitted according to current privacy laws in view of various exceptions and loopholes. 28 Yet public opinion and various policy groups do not approve of these practices. 29 Thus, change is inevitable. II.1. Collection and Analysis A data mining process inherently calls for automatically reviewing and analyzing profiles filled with personal information regarding many individuals. Such data was previously collected by either government or commercial entities. It is hard to imagine that individuals conceded to the data mining process here described at the time of collection or at a later stage. If the information was collected by the government, citizens 25. Transparency is an additional category that requires scrutiny and discussion, yet it calls for a very different form of analysis. For more on this issue, see Tal Zarsky, Transparency in Prediction in Data Mining without Discrimination (forthcoming2012). See also SOLOVE, NOTHING TO HIDE, supra note 7, at 193. 26. See infra Part IV.1. 27. Solove, supra note 11, at 355. 28. See generally Cate, supra note 3. 29. For an empirical study pointing in this direction, see CHRISTOPHER SLOBOGIN, PRIVACY AT RISK: THE NEW GOVERNMENT SURVEILLANCE AND THE FOURTH AMENDMENT 194 (2007). 296 PENN STATE LAW REVIEW [Vol. 116:2 might not have provided consent at the point of collection. Rather, they merely received a basic and vague notice of the collection and future