Sen. Wyden Introduces Bill to Require Government to Disclose Its Use of Databases

July 29, 2003. Sen. Ron Wyden (R-OR) introduced S 1484 [9 pages in PDF], "The Citizens' Protection In Federal Databases Act". This is a disclosure bill. It does not actually restrict the government's collection or use of data. Rather, it would cut off funding for certain enumerated government entities to obtain or access commercial databases, unless these entities first provide a detailed report to the Congress and the public explaining their use of these databases.

The covered entities are the Department of Justice (DOJ), the Department of Defense (DOD), the Department of Homeland Security (DHS), the Central Intelligence Agency (CIA), the Department of Treasury (DOT), or the Federal Bureau of Investigation (FBI). The DOD includes the Defense Advanced Research Projects Agency (DARPA), which is running the Terrorism Information Awareness (TIA) project.

Sen. Ron WydenSen. Wyden (at right) issued a release that states that the bill "is a response to the Defense Department’s Terrorism (formerly Total) Information Awareness (TIA) Program, among other federal initiatives, that propose to gather private information on law-abiding Americans from numerous public and private databases." (Parentheses in original.)

The bill recites in its findings that "Many Federal national security, law enforcement, and intelligence agencies are currently accessing large databases, both public and private, containing information that was not initially collected for national security, law enforcement, or intelligence purposes."

It further finds that "Risks to personal privacy are heightened when personal information from different sources, including public records, is aggregated in a single file and made accessible to thousands of national security, law enforcement, and intelligence personnel", and that "The Federal Government should not access personal information on United States persons without some nexus to suspected counterintelligence, terrorist, or other illegal activity.

The bill provides that "Notwithstanding any other provision of law, commencing 60 days after the date of the enactment of this Act, no funds appropriated or otherwise made available to the Department of Justice, the Department of Defense, the Department of Homeland Security, the Central Intelligence Agency, the Department of Treasury, or the Federal Bureau of Investigation may be obligated or expended by such department or agency on the procurement of or access to any commercially available database unless such head of such department or agency submits to Congress the report required by subsection (b) not later than 60 days after the date of the enactment of this Act."

The bill would require that the contents of these reports include "a list of all contracts, memoranda of understanding, or other agreements entered into by the department or agency, or any other national security, intelligence, or law enforcement element under the jurisdiction of the department or agency for the use of, access to, or analysis of databases that were obtained from or remain under the control of a non-Federal entity, or that contain information that was acquired initially by another department or agency of the Federal Government for purposes other than national security, intelligence, or law enforcement".

The reports would also have to include a statement of the types of data contained in the databases, the "purposes for which such databases are used, analyzed, or accessed", and the "extent to which information from such databases is retained".

The reports would also have to contain a discussion of plans and policies regarding who would have access to the databases, how unauthorized access would be monitored, and "an outline of enforcement mechanisms for accountability to protect individuals and the public against unlawful or illegitimate access or use of databases."

The bill defines the term database as follows: "any collection or grouping of information about individuals that contains personally identifiable information about individuals, such as individual's names, or identifying numbers, symbols, or other identifying particulars associated with individuals, such as fingerprints, voice prints, photographs, or other biometrics. The term does not include telephone directories or information publicly available on the Internet without fee."