2008 report on privacy proves prescient

Long before anyone had ever heard of Edward Snowden, US scientists were examining the question of how to safeguard privacy while mining personal data in the hunt for terrorists.

In 2005, the National Research Council set up a committee of academics, scientists, computer experts, and law-enforcement officials to study the issue. Three years later, the group published a report that seems prescient in the wake of Snowden.

Its key recommendation: “All US agencies with counterterrorism programs that collect or ‘mine’ personal data — such as phone records or Web sites visited — should be required to evaluate the programs’ effectiveness, lawfulness, and impacts on privacy.”


The committee listed common-sense measures to ensure that such programs aren’t wasteful or abusive. It recommended that all information-collection systems should be built with a tamper-resistant record of who has accessed the information, and when. It also suggested mandatory periodic reviews of whether the search for terrorists had turned up any “false positives.”

Get Arguable in your inbox:
Jeff Jacoby on everything from politics to pet peeves to the passions of the day.
Thank you for signing up! Sign up for more newsletters here

“Persons affected by the program and the public generally should be informed as fully as practicable of the existence of the program, its purpose, cost, the laws and regulations under which it operates,” the committee wrote.

Committee members say the report got a chilly reception from intelligence agencies, although some government watchdog offices seem to have adopted its framework as a measure against which to judge existing programs in the Department of Homeland Security. It is impossible to know how widely the recommendations have been adopted among intelligence agencies — if at all. But having periodic reviews of legality, privacy concerns, and “false positives” are simply good governance. If intelligence agencies haven’t already adopted these recommendations, they should. Now that these programs have become public, the National Security Agency should announce that it is using this general framework for evaluating their success. That could give the public some peace of mind, even if the evaluations remain classified.