The government should not be building predictive data-mining programs systems that attempt to figure out who among millions is a terrorist, a privacy and terrorism commission funded by Homeland Security reported Tuesday. The commission found that the technology would not work and the inevitable mistakes would be un-American.

The committee, created by the National Research Council in 2005, also expressed doubts about the effectiveness of technology designed to decide from afar whether a person had terrorist intents, saying false positives could quickly lead to privacy invasions.

"Automated identification of terrorists through data mining (or any other known methodology) is neither feasible as an objective nor desirable as a goal of technology development efforts," the report found. "Even in well-managed programs, such tools are likely to return significant rates of false positives, especially if the tools are highly automated."

The 376-page report – entitled "Protecting Individual Privacy in the Struggle Against Terrorists" – comes as a rebuke to the Bush administration's attempts to use high-tech surveillance and data-sifting tools to prevent another terrorist attack inside the United States.

Most memorable of these was the Total Information Awareness project, which wanted to search every possible database – from credit card records to veterinary records – to spot terrorists before they acted.

The controversial program was largely shuttered by Congress, but its central dream and secret progeny live on inside the government's anti-terrorism agencies.

In particular, the report continually stresses need for the government to follow the law – a none-too-subtle reference to the government's secret warrantless wiretapping of Americans' communications.

The committee was comprised of a number of technical and policy experts from government contractors, tech firms and academia. The group's official name was the Committee on Technical and Privacy Dimensions of Information for Terrorism Prevention and Other National Goals.

The committee reiterated that the government should have useful tools to fight terrorism, but that they must be useful and respect Americans' privacy.

To help make such decisions, the committee laid out a step-by-step framework for how government agencies should develop new programs or expand old ones, relying on traditional information privacy concepts that include telling people when and why data is collected, limiting how it is shared and allowing them to correct or challenge inaccurate data.

At the report's unveiling in Washington, D.C., Tuesday, co-chair Charles Vest – the president of the National Academy of Engineering – made it clear the committee was not dismissing the threat terrorism poses to us physically and as a nation.

"Terrorists can damage our country and way of life in two ways: through physical, psychological damage and through our own inappropriate response to that threat," Vest said in opening remarks (.mp3).

His co-chair former defense secretary William Perry opened by noting that the subject of data mining and privacy was controversial, even within the government and the panel.

He also noted that the report was not an evaluation of any classified program.

Indiana University Professor Fred Cate – who authored much of the report – said the framework came down to two basic questions: whether the program worked and how invasive was it.

The report also suggested that the next administration and Congress look closely at current privacy law which is currently largely a hodgepodge of laws that cover e-mail, video records and government databases – to see how to update the law to keep up with changes in technology.

For example, if the government had a database of who shops at Macy's, and then used that to look up people by name, the database would be covered the the Privacy Act, which limits how it can be used and lets people find out what the government's databases say about them.

But if the database were only searched with patterns – show me all the people who spend more than $1,000 a week on clothes – the database would not be covered by the Privacy Act.