THE BALTIMORE housing department has a new tool to find homeowners who have been building rooftop decks without a permit: aerial mapping. Baltimore bought aerial photographs of the entire city and used software to correlate the images with databases of address information and permit records. Inspectors have just begun knocking on doors of residents who built decks without permission. On the face of it, this is nothing new. Police always have been able to inspect buildings for permit violations. The difference is they would do it manually, and that limited its use. It simply wasn't feasible for the police to automatically document every building code violation in any city. What's different isn't the police tactic but the efficiency of the process.
Technology is fundamentally changing the nature of surveillance. Years ago, surveillance involved trench-coated detectives following people down streets. It was laborious and expensive, and was only used when there was reasonable suspicion of a crime. Modern surveillance is the police officer sitting at a computer with a satellite image of an entire neighborhood. It's the same, but it's completely different. It's wholesale surveillance.
And it disrupts the balance between the powers of the police and the rights of the people.
Wholesale surveillance is fast becoming the norm. Security cameras are everywhere, even in places satellites can't see. Automatic toll road devices track cars at tunnels and bridges. We can all be tracked by our cell phones. Our purchases are tracked by banks and credit card companies, our telephone calls by phone companies, our Internet surfing habits by Web site operators.
Like the satellite images, the electronic footprints we leave everywhere can be automatically correlated with databases. The data can be stored forever, allowing police to conduct surveillance backward in time.
The effects of wholesale surveillance on privacy and civil liberties is profound, but unfortunately, the debate often gets mischaracterized as a question about how much privacy we need to give up in order to be secure. This is wrong. It's obvious that we are all safer when the police can use all possible crimefighting techniques. The Fourth Amendment already allows police to perform even the most intrusive searches of your home and person.
What we need are mechanisms to prevent abuse and hold the police accountable and assurances that the new techniques don't place an unreasonable burden on the innocent. In many cases, the Fourth Amendment already provides for this in its requirement of a warrant.
The warrant process requires that a "neutral and detached magistrate" review the basis for the search and take responsibility for the outcome. The key is independent judicial oversight; the warrant process is itself a security measure that protects us from abuse and makes us more secure.
This works for some searches, but not for most wholesale surveillance. The courts already have ruled that the police cannot use thermal imaging to see through the walls of your home without a warrant, but that it's OK for them to fly overhead and peer over your fences without a warrant. They need a warrant before opening your paper mail or listening in on your phone calls.
Wholesale surveillance calls for something else: lessening of criminal penalties. The reason criminal punishments are severe is to create a deterrent because it is hard to catch wrongdoers. As they become easier to catch, a realignment is necessary. When the police can automate the detection of a wrongdoing, perhaps there should no longer be any criminal penalty attached. For example, red-light cameras and speed-trap cameras issue citations without any "points" assessed against drivers.
Another obvious protection is notice. Baltimore should send mail to every homeowner announcing the use of aerial photography to document building code violations, urging individuals to come into compliance.
Wholesale surveillance is not simply a more efficient way for the police to do what they've always done. It's a new police power, one made possible with today's technology and one that will be made easier with tomorrow's. And with any new police power, we as a society need to take an active role in establishing rules governing its use. To do otherwise is to cede ever more authority to the police.
Bruce Schneier, a security technologist, is author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World.
By Robert O'Harrow Jr., Washington Post Staff Writer
It began as one of the Bush administration's most ambitious homeland security efforts, a passenger screening program designed to use commercial records, terrorist watch lists and computer software to assess millions of travelers and target those who might pose a threat.
The system has cost almost $100 million. But it has not been turned on because it sparked protests from lawmakers and civil liberties advocates, who said it intruded too deeply into the lives of ordinary Americans. The Bush administration put off testing until after the election.
Now the choreographer of that program, a former intelligence official named Ben H. Bell III, is taking his ideas to a private company offshore, where he and his colleagues plan to use some of the same concepts, technology and contractors to assess people for risk, outside the reach of U.S. regulators, according to documents and interviews.
Bell's new employer, the Bahamas-based Global Information Group Ltd., intends to amass large databases of international records and analyze them in the coming years for corporations, government agencies and other information services. One of the first customers is information giant LexisNexis Group, one of the main contractors on the government system that was known until recently as the second generation of the Computer Assisted Passenger Pre-screening Program, or CAPPS II. The program is now known as Secure Flight.
The company plans to do such things as assess foreign job candidates for risk, conduct background checks on cargo ship crews or take stock of people who want to open bank accounts in the United States, documents and interviews show. It also will provide something the company calls "terrorist risk identity assessment," a company document shows.
Bell and his business associates said they are trying to fill wide gaps in existing commercial databases that enable criminals and terrorists to roam the globe, sometimes under false identities. Company founder Donald Thibeau, a former LexisNexis executive, said he formed Global Information in the island nation to take advantage of regulations there that he thinks will make it easier to collect data than in the United States, which has a hodgepodge of information and privacy laws that he said would making doing business far more costly.
"You can realize the CAPPS dream in the commercial world," Thibeau said. "We live in a world where data can go anywhere and be warehoused anywhere."
Legal and privacy specialists said the company raises troubling new questions about the ability of computers -- in both the government and private sectors -- to collect and analyze personal information for homeland security. These critics said Global's initiative echoes the aims of the troubled government passenger-screening system, as well as another controversial program at the Defense Department that was shut down by Congress called Total Information Awareness.
An important difference from those programs, these critics said, is that Global operates in private hands, offshore and beyond the oversight that stymied the government programs. "As a business matter, there are layers of legal protections and public relations protections they can get by going offshore," Peter P. Swire, a law professor at Ohio State University and privacy counselor in the Clinton administration. "It might meet business interests, but not necessarily the public interest."
Charles Lewis, executive director of the Center for Public Integrity, said he worries that Global will become a contractor for government work that government officials could not get backing to do themselves. "He is making a highly controversial program more controversial," Lewis said about Bell. "Now he's doing it offshore and making money off of it."
The effort comes at a sensitive time in the debate about the use of personal information for screening and profiling, as law enforcement and intelligence authorities embrace commercial databases and other technology like never before to fight the war on terror. The Senate recently approved legislation that would wire together hundreds or thousands of local, state, federal and commercial data systems. But that "information-sharing environment" would be accompanied by complex rules to govern the proposed network's use and prevent abuses.
Company officials said they are not trying to evade scrutiny. They contend that Bahamian law also protects privacy but is not as cumbersome as U.S. regulations. They said the company's location will help them collect information from abroad because businesses and information brokers would be more likely to ship electronic records to the Bahamas than to the United States. Commercial information services in the United States have billions of records about Americans, but far fewer about people living abroad. Bell and Thibeau argue their services will eventually make the United States and other countries safer.
"The intent was not to run offshore and hide stuff," said Bell, Global's chief executive. He left the government at the end of March as director of the Office of National Risk Assessment, which ran the aviation screening program, and previously served as an intelligence official with the Immigration and Naturalization Service. "Global information is the brass ring."
Global was registered as an international business company in the Bahamas two years ago. It recently received a license to conduct business on the islands. Thibeau also registered an entity in Delaware called Global Information Group. It is part of a broad push by businesses and governments to examine digital personal histories more closely in the aftermath of the Sept. 11, 2001, attacks.
Some of these efforts are driven by mandates in the USA Patriot Act that require banks and other companies to be more vigilant -- in some cases, by sending customer information to the government. The data-analysis efforts also are part of initiatives designed to minimize companies' exposure to lawsuits or insurance claims.
Global wants to work as a partner to large information services like LexisNexis. Thibeau said such companies can run into obstacles trying to gather international data themselves. For instance, critics in Latin America accused another large information service in the United States, ChoicePoint Inc., also a government contractor, of spying when it became public that the company was buying databases of information about citizens in Mexico and other countries. ChoicePoint officials said they were misled by unscrupulous data brokers, who sold information that should not have been sold.
"We're experimenting in places they can't," Thibeau said of the large data companies. "They have too much to lose."
In interviews, company officials said Global is working with the government in the Bahamas and other nations. Bell said he has had only informal contacts with U.S. government officials.
The company's work could involve some of the same contractors hired to build the U.S. government's screening system, documents and interviews show. LexisNexis, for instance, hired Global as a consultant to explore the viability of using the Bahamas as a base for collecting international information, officials said.
A subsidiary of Britain-based Reed Elsevier Group PLC, LexisNexis is known for its databases of legal and news documents. But it has also taken on major roles in homeland security initiatives. It recently paid $775 million for Seisint Inc., another information company that created the Matrix computer system used by law enforcement authorities for counterterrorism and criminal investigations.
One LexisNexis executive who worked closely with Bell while he was in government is Norman A. Willox Jr., the chief officer for privacy, industry and regulatory affairs at LexisNexis. Willox worked with Bell on the aviation screening project. He and LexisNexis also worked with Bell on a previous counterterrorism project at the Department of Justice (news - web sites), shortly after the terror attacks on the Pentagon (news - web sites) and the World Trade Center.
Willox and Bell participated in industry and academic discussions about the growing need for collecting international information. In February, the two men traveled to the Bahamas, where they met Erik Russell, the general manager for Cable Bahamas, a firm that manages an island fiber-optic network, according to Willox and Russell. "They were hoping to open a business in the Bahamas and hoping we would provide bandwidth," Russell said. "My understanding is, they're going to need a lot of bandwidth."
In an interview, Bell said he went to the Bahamas on vacation and did not attend the meeting. But Willox and Russell said Bell was there, though Willox said Bell did not participate in the discussion. Willox said he himself was representing LexisNexis during the discussions.
Federal rules generally restrict public employees from engaging in outside business that might conflict with work they oversee, according to government ethics regulations. Bell said he did not become involved with Global until after he left government in March.
After Bell left the government, Willox helped arrange the lease for a Global office in Maryland, near where Bell lived; when asked about the arrangement, Thibeau said Willox did so as a personal favor because he lives in the area and knows the landlord.
It was not long after he left government that Bell was named chief executive of Global. Several weeks later, in June, LexisNexis sponsored a symposium in the Bahamas that featured the company. Attending the event were financiers, a private investigator, technology executives, Willox, LexisNexis lobbyists and Bahamian leaders, documents show. Also attending were contractors from at least three other companies that worked with Bell on the government's passenger "risk assessment program," documents from the meeting show.
In a statement prepared for the event, Allyson Maynard-Gibson, the Bahamian minister of financial services and investment, extolled efforts to build a "state-of-the-art facility" with data centers and a high-speed telecommunications network. This has "resulted in the development of a new industry to manage, process and store information in a safe and secure environment so that it is easily retrievable when needed," she said.
Along with new business development on the island, "all of this makes it seem natural," Maynard-Gibson's statement said, "for Grand Bahama to become an important through point for the movement of international data."
Market Data 
Markets 
