06:15 PM

Amid Government Data Gathering, Businesses Mull Their Options

A Justice Department proposal that ISPs retain records for two years is just the latest in a growing list of data collection initiatives by federal agencies.

With safety at issue, the airline industry understands the need to participate in government-mandated data sharing. But industry officials in the States and Europe are urging the U.S. government to better organize its efforts. Airlines don't want to be subject to both the TSA Secure Flight program and Customs and Border Protection's Advanced Passenger Information program, which requires that passenger information be communicated to the government within 15 minutes of a flight's departure to the United States.

"Both should be designed to function through coordinated information feeds and avoid unnecessary duplication of communications, programming, and information requirements," James May, CEO of the Air Transport Association, and Ulrich Schulte-Strathaus, secretary general of the Association of European Airlines, wrote in an October letter to Homeland Security Secretary Michael Chertoff. May and Schulte-Strathaus requested that Secure Flight and Advanced Passenger Information supersede the government's no-fly lists and that the amount of redundant data required from the airlines be reduced.

Financial services companies are likewise no strangers to handing data to the government, and the hunt for terrorist financing has only added to the burden. Suspicious Activity Report filings to the Treasury Department's Financial Crimes Enforcement Network have increased every year since they were first required in 1996, with 919,000 such reports sent last year alone.

Banks have expressed anxiety over Suspicious Activity Reports, especially in light of the Patriot Act, which punishes noncompliant companies with fines of up to $1 million a day or, in the extreme, by taking away bank charters. "It's definitely changed the compliance environment for banks since 9/11," says Kelly Etherington, corporate compliance manager for Zions Bancorp, which operates more than 450 branches and offices. Like other banks, Zions has always reported suspicious activity, but it finds law enforcement requests are up in the last few years.

Suspicious Activity Reports "create a very significant burden" on financial services companies without any clear benefits to them, says John Carlson, a director with BITS, a consortium of the 100 largest U.S. financial services companies. Given the industry's heavy regulations and what Carlson calls its culture of protecting customer privacy, he says financial services companies generally wouldn't provide data to a government agency unless required to by law or a court-issued document.

Biggest Fears

What might government agencies do with all the business and Internet data they're collecting? Some skeptics worry about a single massive database where all kinds of information gets crunched together, providing a complete picture of Joe Citizen. That seems a remote possibility, though researchers at the Defense Advanced Research Projects Agency did work on a system several years ago that would have mined data in that way to identify terrorists. That program, dubbed Total Information Awareness, was scrapped more than two years ago under public pressure.

A different but related concern is that data collected for one purpose could get used for another. USA Today last week reported that the FBI plans to use its database of DNA evidence, collected from convicted criminals and some others upon arrest, to help identify thousands of dead people whose identities aren't known.

There's also the concern that once the feds gets their hands on data, they can't be trusted to secure it. Look no further than last month's news of a stolen laptop and external hard drive containing data on 26.5 million military veterans and family members. The Veterans Affairs Department has been fingered for its lack of security before, but it's not the only agency with low marks. Security becomes even more of an issue as more data accumulates and gets retained longer.

Encryption is one solution, but encrypted data can't be searched easily and is thus less useful to the government. Nothing, it seems, about data sharing between businesses and government is destined to be easy.

--With Thomas Claburn, J. Nicholas Hoover, and Rick Whiting

Continue to the sidebars:
Illegal EU Data-Sharing Deal With The U.S. Shows Transparency Not Always Enough
and IBM Has The Tools For Digging Deeper Into Data

3 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of August 21, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.