Thinking about your data, the Defense Department’s “Critical Watchlist,” or the way your application was processed could change the way the next big data leak occurs.
For example, it could result in the Department of Defense tapping into a database that recently made nearly 2 million Americans aware that they had been registered as sex offenders by the National Crime Information Center. While NCIC records are private, many private and government organizations use the data to answer questions or build models that help pinpoint individuals or targets of interest in real time.
The NCIC data are collected only after people have voluntarily given a government agency permission to keep their names on the database.
While the information in the database might sound a little disturbing, no one expects that the NCIC will start keeping information on every individual who is currently eligible to vote in the U.S.
And that is a good thing.
For the first time, private citizens can directly access NCIC data through a new site called MyCrimeMap.gov. Once a voter’s data is set, the site allows the individual to search for local records, recent offenses and court data.
The information can be used to detect people who might otherwise be missed in public record searches, or for the investigation of violent crime. It’s a better system than the currently available private-sector database through LexisNexis that is available only to law enforcement agencies for the past 20 years.
Bans on repeated behavior, or reports that offenders are sexually active with minors can be triggered by the NCIC. There is even an interactive website that allows citizens to assign a value to the violation. Someone using MyCrimeMap will see someone receiving an “X” on a report when accused of common crimes like assault, disorderly conduct and animal cruelty.
While MyCrimeMap is a step in the right direction, there are many challenges associated with offering more access to a federally funded database. While there are guidelines from the Defense Department stating that the information must be exempt from public record disclosure, there is no clear federal policy regarding privacy of the data. So far, most efforts to avoid security vulnerabilities through vulnerability scanning in a federally funded database have not been successful.
Further, social media reports have been a growing concern in the recent past. Recent data breaches, like the ones at the University of Hawaii-Manoa and Aloha Tower Marketplace, helped break the news of these incidents. On top of that, data breaches of private databases are now routine and increasing in frequency.
While NCIC data are kept separately from other data considered private data, including health records, criminal history and credit information, social media reports are deemed public information under the federal Freedom of Information Act.
The most pressing challenge with launching a private-sector-style government database lies in the challenges associated with building a private-sector database — a challenge we haven’t faced yet with the existing NCIC database. MyCrimeMap hasn’t yet fully launched, and there isn’t a clear plan for how to integrate the new database with the existing department.
One option would be to adopt a strategy commonly used in other departments to improve access to private data. The Defense Department’s Chief Information Officer and others in the department could adopt a variant of the federal open government initiative. Another option is to expand the relationship between the department and the Internet Corporation for Assigned Names and Numbers, or ICANN, through a contract for special access to the default records for the Citizen Attic program, currently called ICANN Canada.
A third option might be to adopt a federal “notify” provision, such as the federal notification process for other essential health records. Members of the public could request access to the current NCIC data in the “Frozen” section of NCIC Online.
However, this option does not allow access to secret records. And you can be sure that any requests that aren’t properly flagged will get tossed out.
As privacy concerns grow, citizens are increasingly using alternative means to access government databases. As a last resort, only citizen volunteers like Dr. Ronald Roy would be allowed to view, save and study any data that isn’t public information. This would allow MyCrimeMap to eventually retain historical NCIC data, similar to the original NCIC, for future use.
Gurbaksh Chahal is chief executive of LightSquared.