Declassified documents obtained (but not published) by WIRED Magazine indicate that the FBI has been hard at work expanding a database of Americans' personal and financial information. According to WIRED, the FBI's National Security Branch Analysis Center (NSAC) has compiled a database of "more than 1.5 billion government and private-sector records" and has been mining this database for use in criminal investigations. The data, which apparently has been obtained from a number of private companies, includes transaction records from hotels, rental car companies and retailers. [Note, that this database dwarfs the largest know data breach to date, which involved a mere 130 million records. One hopes that they have policies in place to prevent abuse.] The records include:
- International travel records of citizens and foreigners
- Financial forms filed with the Treasury by banks and casinos
- 55,000 entries on customers of Wyndham Worldwide, which includes Ramada Inn, Days Inn, Super 8, Howard Johnson and Hawthorn Suites
- 730 records from rental-car company Avis
- 165 credit card transaction histories from Sears
- Nearly 200 million records transferred from private data brokers such Accurint, Acxiom and Choicepoint
- 17,000 traveler itineraries from the Airlines Reporting Corporation
This program is picking up speed. Declassified documents obtained by WIRED apparently show that the FBI has 103 full-time employees and contractors devoted to the protect and has requested funding for 71 more. Funding for the program has expanded from $47.5 million in 2007 to $78.7 million in 2008. A U.S. Department of Justice document (.pdf) indicates that in 2009 alone, NSAC received 18 new employees and a more than $10 million increase in its budget.
This is not the first data mining project developed for the purposes of investigating terrorism and criminal activities. In the wake of the September 11, 2001 attack, the U.S. government began development on a data mining project called "Total Information Awareness" or "TIA" which would analyze vast amounts of information regarding financial transactions, travel, health records and other types of customer data to detect terrorism and criminal activity. The Defense Advanced Research Projects Agency (DARPA) and the Pentagon's short-lived Information Awareness Office was chiefly responsible for this project. Based on concerns about the scope and privacy implications of the project, Congress pulled funding for the TIA program and shuttered the Information Awareness Office in September 2003.
The current NSAC program makes it clear that the governments has not given up on efforts to use large-scale data mining in criminal investigations. To many, however, the program implicate the same privacy concerns as TIA and should be subject to strict scrutiny and oversight. In 2007, congressmen Brad Miller and James Sensenbrenner sent a letter (.pdf) to the Government Accountability Office asking them to look into the NSAC project. One year later, congressman Miller sent a second letter (.pdf) to the House Committee on Appropriations demanding that funding to NSAC be suspended until the FBI outlines the program's purpose and provides "a clear idea of how NSAC intends to ensure that the program complies" with privacy guidelines. According to congressman Miller, the U.S. Department of Justice refused to provide any information on the FBI's plan for the program and what information they planned to obtain. In addition, the FBI apparently told GAO officials that the NSAC program was "not yet 'operational'" in an April 3, 2008 meeting. In contrast, documents obtained by WIRED apparently indicate that the NSAC data mining operations have been used in prosecuting a number of individuals.
2007 letter (.pdf) from Congressmen Miller and Sennsenbrenner to the GAO requesting an investigation into the activities of the NSAC