The Brady Law, Privacy, and the Bat-Computer

Sorry for my blogging absence — I am grading. (It would be easier if I used this technique, but I don’t.)

I’ve wanted for a while to post something about proposals to improve the database used to conduct background checks for gun purchases under the Brady Law. Last month’s tragic shootings at Virginia Tech demonstrated that this background check does not do a good job of screening out mentally ill gun purchasers. As we now know, in December 2005 a Virginia court found Seung Hui Cho, the perpetrator of that crime, an imminent danger to himself as a result of mental illness. Cho was ordered to receive involuntary outpatient treatment, but never did. Putting aside what this says about the inadequacies of our mental health system, why was Cho allowed to buy a gun?

The short answer is that he wasn’t allowed. Since 1968, federal law has barred persons who are “adjudicated mentally defective” (the age of the statute shows from the antiquated language) — along with others including convicted felons — from purchasing firearms. Since 1994, the Brady Law has required background checks of firearms purchasers to ensure that they qualify for gun ownership under these 1968 provisions.

But as all info/law types know, a database is only as good as the data you feed it. And the data going in to the National Instant Check System, or NICS, is not always the best. Since most of the relevant legal determinations (such as felony convictions or involuntary mental health commitments) are made by states, the states hold the data. And the federal government has no real power to require that the states make data about these decisions available, as the Supreme Court held in Printz v. United States, a major federalism decision stemming from the Brady Law. Absent any requirement with teeth, states have not added all the relevant records to NICS for a variety of reasons — cost, opposition to gun control, adherence to state privacy laws, lack of initiative or disorganization. (There are many more complexities here. For one, in some states gun dealers contact local authorities for background checks, meaning that records available from other states may not even be consulted. But you get the idea.)

The media has reported the discovery of this “loophole” with incredulity. And I understand the sentiment. But for those of us who have followed this issue for a long time, this is not news. Indeed, Fox Butterfield, the veteran gun issues reporter for the New York Times, wrote lengthy exposes of these problems, including the lack of mental health records in NICS, all the way back in the year 2000. The problem is that, despite the fantasy of high technology on shows like 24 or CSI: Paducah, there is no Bat-Computer. Law enforcement access to data is not as sophisticated as the general public believes.

Predictably, there are now proposals to improve the system. Virginia’s governor plans to provide more information about the state’s mental health decisions to NICS; other states are following suit. At the federal level, Congresswoman Carolyn McCarthy, a long-time gun control advocate, is promoting her bill to give states more funds to improve the quality of data, and withdrawing funds to penalize those that do not, as reported here. These seem like good ideas, generally speaking.

But there is a big catch: data privacy. Understandably, mental health advocates are concerned about assembling a big national database of everyone diagnosed with such problems. And they should be. In other contexts, big government databases rightfully make us nervous. The federal government’s sorry history in maintaining an accurate and useful no-fly list shows that, even when the intended purpose of the database is worthy, the details of implementation can change a good database into a bad one. Likewise, critics associated with both the left and the right have questioned the employee-verification requirements embodied in the immigration bill now before Congress because they threaten to create another privacy-infringing and error-riddled database. Inaccuracies and misuses harm individuals and undermine the purpose for which the database is designed.

The Brady Law proposals now on the table focus on getting more records into NICS, but they seem pretty light on the how — the features of law and system design necessary to protect privacy. One fundamental precept embodied in NICS is that it functions as a “red light/green light” system, telling firearm dealers whether or not they may “PROCEED” to sell the gun, period, without any further details. It would be good to move that same principle upstream from the output to gun dealers and into the collection and warehousing of the data. Both law and code should create a database that is usable to check names for firearm sales, but not as a source for other purposes. And there also must be the capacity to audit, correct, and update. There is no omniscient Bat-Computer, but anyway we’re better off with smaller, nimbler, privacy-protective databases that provide limited disclosures for limited and important purposes.

These are complex issues. I certainly hope they don’t get overlooked in the understandable rush to prevent the next Virginia Tech shooting.
[Full disclosure: I worked as an aide on Capitol Hill in support of the Brady Law, and later on for its House sponsor.]

One Response to “The Brady Law, Privacy, and the Bat-Computer”

  1. One thing people should start discussing is that older fathers cause the kind of mental illness that Cheung-hui Cho demonstrated and more and more kids like him have been born and will continue to be born until the public finds out about the male biological clock and what cause non-familial madness.