Spies Among Us
Despite a troubled history, police across the nation are keeping tabs on ordinary Americans
States and cities began linking up their systems in the 1990s, but since 9/11 their progress has been dramatic. At least 38 states are working on some 200 projects tying together their criminal justice records. Concerned over disjointed police networks around its key bases, the Navy's Criminal Investigative Service is funding projects in Norfolk, Va., and four other port cities, creating huge "data warehouses" stocked with crime files from dozens of law enforcement agencies. The FBI is also running pilot database centers in the St. Louis and Seattle areas in which the bureau makes its case files available to police. To local cops who have long complained about the FBI's lack of sharing, the development is downright revolutionary. "It made people nervous as hell, including me," says the FBI's Thomas Bush, who oversaw the initial program and now runs the FBI's Criminal Justice Information Services Division. "The technical aspect is easy, but you need to have the trust of the community and the security to safeguard the system."
The benefits of all this are undeniable. Armed with the latest information, police will be better able to catch crooks and spot criminal trends. But in this digital age, with so much data available about individual Americans, the lines between what is acceptable investigation and what is intrusive spying can quickly grow unclear. Consider the case of Matrix. Backed by $12 million in federal funds, at its peak in 2004 the Matrix system tapped into law enforcement agencies from a dozen states. Using "data mining" technology, its search engine ripped through billions of public records and matched them with police files, creating instant dossiers. In the days after 9/11, Matrix researchers searched out individuals with what they called "high terrorist factor" scores, providing federal and state authorities a list of 120,000 "suspects."
Law enforcement officials loved the system and made nearly 2 million queries to it. But what alarmed privacy advocates was the mixing of public data with police files, profiling techniques that smacked of fishing expeditions, and the fact that all these sensitive data were housed in a private corporation. Hounded by bad publicity and concerned that Matrix might be breaking privacy laws, states began pulling out of the system. Then, early last year, the Justice Department quietly cut off funding.
Matrix no longer exists, but similar projects are underway across the country, including one run by the California Department of Justice. Having learned from Matrix's mistakes, users are employing what tech specialists call "distributed computing." Instead of creating a single, vast database, they rapidly access information from sites in different states, often with a single query. The effect is essentially the same. "If people knew what we were looking at, they'd throw a fit," says a database trainer at one prominent police department.
Hacker's discovery. Another concern is the quality--and security--of all that information. In Minnesota, the state-run Multiple Jurisdiction Network Organization ran into controversy after linking together nearly 200 law enforcement agencies and over 8 million records. State Rep. Mary Liz Holberg, a Republican who oversees privacy issues, found much to be alarmed about when a local hacker contacted her after breaking into the system. The hacker had yanked out files on Holberg herself, showing she was classified as a "suspect" based on a neighbor's old complaint about where she parked her car. "We had a real mess in Minnesota," Holberg later wrote. "There was no effective policy for individuals to review the data in the system, let alone correct inaccuracies." In late 2003, state officials shut down the system amid concerns that it violated privacy laws in its handling of records on juvenile offenders and gun permits.