Yesterday the NYPD unveiled its Domain Awareness System, which aggregates and analyzes existing public safety data streams (including license plate readers and video surveillance camera systems) in real time. Over at the Council on Foreign Relations, I wrote a short essay on some of the legal and policy issues it raises: "The NYPD's Domain Awareness System shows the significant intelligence value of analytic technologies for integrating various government information caches. In announcing the program, which is governed by guidelines and safeguards developed several years ago, the mayor's office emphasized the important collaborative role that police officers and private sector software developers played in designing the system. But surprisingly, given recent controversies, its written press release did not explicitly address potential privacy and oversight concerns."
I conclude that:
The fact, however, that the NYPD's Domain Awareness System is a city program (a uniquely large city, to be sure) shows that resolution of appropriate limits and oversight will play out at multiple levels of government: federal, state, and local. Besides federal data-mining programs, most states, and many major cities, for example, now have intelligence fusion centers for combining and analyzing threat information and coordinating across many jurisdictions. Herein lies additional legal and policy complexity, but also opportunity to work through it.
Given that it is highly unlikely that comprehensive federal legislation in this area will be enacted anytime soon, we will not have uniform rules to govern these growing capabilities. That is a good thing, because different locales face such different threats. Moreover, experimentation and adaptation, along with the public debate that accompanies them, can help cultivate and extend best-practices as these powerful analytic technologies continue to advance and spread.