A fast-growing FBI data-mining system billed as a tool for hunting terrorists is being used in hacker and domestic criminal investigations, and now contains tens of thousands of records from private corporate databases, including car-rental companies, large hotel chains and at least one national department store, declassified documents obtained by Wired.com show.

Wired News

September 23, 2009

Headquartered in Crystal City, Virginia, just outside Washington, the FBI’s National Security Branch Analysis Center (NSAC) maintains a hodgepodge of data sets packed with more than 1.5 billion government and private-sector records about citizens and foreigners, the documents show, bringing the government closer than ever to implementing the “Total Information Awareness” system first dreamed up by the Pentagon in the days following the Sept. 11 attacks.

Such a system, if successful, would correlate data from scores of different sources to automatically identify terrorists and other threats before they could strike. The FBI is seeking to quadruple the known staff of the program.

But the proposal has long been criticized by privacy groups as ineffective and invasive. Critics say the new documents show that the government is proceeding with the plan in private, and without sufficient oversight.

“We have a situation where the government is spending fairly large sums of money to use an unproven technology that has a possibility of false positives that would subject innocent Americans to unnecessary scrutiny and impinge on their freedom,” said Kurt Opsahl, a lawyer with the Electronic Frontier Foundation. “Before the NSAC expands its mission, there must be strict oversight from Congress and the public.”

The FBI declined to comment on the program.

. . .The NSAC was born as two separate systems designed to improve information-sharing between government agencies following the Sept. 11 attacks. The Foreign Terrorist Tracking Task Force database has been used to screen flight-school candidates and assist anti-terror investigations. The Investigative Data Warehouse is the more general system, and is the principal element now under expansion.

“The IDW objective was to create a data warehouse that uses certain data elements to provide a single-access repository for information related to issues beyond counterterrorism to include counterintelligence, criminal and cyber investigations,” stated a formerly secret fiscal year 2008 budget request document. “These missions will be refined and expanded as these capabilities are folded into the NSAC.”

When the bureau unified the systems under the NSAC banner in 2007, the move set off alarm bells with lawmakers, who thought it sounded a lot like the Pentagon’s widely-criticized Total Information Awareness project, which had sought to identify terrorist sleeper cells by linking up and searching through U.S. credit card, health and communication databases. The TIA program had moved into the shadows of the intelligence world after Congress voted to revoke most of its funding.

Read More

http://www.wired.com/threatlevel/2009/09/fbi-nsac/