[ISN] All eyes on Total Info Awareness

From: InfoSec News (isnat_private)
Date: Mon Dec 16 2002 - 03:19:41 PST

  • Next message: InfoSec News: "Re: [ISN] The good and bad of computer hacking"

    Forwarded from: Frode E. Nyboe <frodeenat_private>
    By Dan Caterinicchia 
    Dec. 16, 2002
    Perhaps no project being developed as a result of the Sept. 11, 2001, 
    terrorist attacks has caused such intense public scrutiny and debate 
    as the Defense Advanced Research Projects Agency's Total Information 
    Awareness (TIA) system.
    TIA, in theory, will enable national security analysts to detect, 
    classify, track, understand and pre-empt terrorist attacks against the 
    United States by spotting patterns using public and private 
    transaction and surveillance methods.
    The system, parts of which are already operational, incorporates 
    transactional data systems, including private credit card and travel 
    records, biometric authentication technologies, intelligence data and 
    automated virtual data repositories. Its goal is to create an 
    "end-to-end, closed-loop system," to help military and intelligence 
    analysts make decisions related to national security, said Robert 
    Popp, deputy director of DARPA's Information Awareness Office (IAO), 
    which is heading up the effort.
    "The purpose of TIA would be to determine the feasibility of searching 
    vast quantities of data to determine links and patterns indicative of 
    terrorist activities," said Pete Aldridge, undersecretary of Defense 
    for acquisition, logistics and technology, at a Nov. 20 press 
    But the system poses concerns. Speaking Dec. 12 at a briefing entitled 
    "Yellow Light on Total Information Awareness," sponsored by the Cato 
    Institute  a libertarian, market-oriented think tank  Robert Levy, 
    senior fellow in constitutional studies at Cato, said the TIA system 
    poses three potential risks:
    * Misuse of the database information.
    * Blurring of the enforcement lines between terrorism and 
      nonterror-related crimes.
    * Overall ineffectiveness because terrorists will learn the rules or 
      patterns and adjust, as well as "false positives" on targeting 
      innocent citizens.
    'They Have Adapted' 
    Levy's concern about terrorists' ability to adapt appear to be 
    justified, based on remarks that Air Force Gen. Richard Myers, 
    chairman of the Joint Chiefs of Staff, made Nov. 4 at the Brookings 
    Institution. Myers said that U.S. military efforts in Afghanistan may 
    need to be revamped because of the ability of al Qaeda to adapt to 
    DOD's tactics.
    "They have adapted," Myers said. "They adapt the way they talk to each 
    other, the way they pass money. They've made lots of adaptations to 
    our tactics, and we've got to continue to think and try to out-think 
    them and to be faster at it." 
    Despite the need for new tactics in the near-term, Aldridge said the 
    TIA "experiment" would be demonstrated using test data resembling 
    real-life events, but that the "feasibility" of actually using the 
    system is "several years away, based upon the ability to understand 
    the technology."
    "We'll not use detailed information that is real," Aldridge said. "In 
    order to preserve the sanctity of individual privacy, we're designing 
    this system to ensure complete anonymity of uninvolved citizens, thus 
    focusing the efforts of law enforcement officials on terrorist 
    investigations. The information gathered would then be subject to the 
    same legal protections currently in place for the other law 
    enforcement activities."
    Such assurances did not satisfy Levy, who repeatedly questioned the 
    civil liberties infringements that may result from using the TIA 
    system and said DOD still has many questions to answer, including: 
    * Who has access to the system and how are those people selected and 
    * What oversight procedures are in place and what are the sanctions 
      for misuse?
    * What restrictions apply to the use of private data? 
    Charles Pe-a, senior defense policy analyst at Cato, said that TIA 
    might better stand for "totally innocent Americans." He added that the 
    way the "law of large numbers" works means that many innocent people 
    will be falsely accused if the government's intention is to keep a 
    dossier on every adult American, of which there are about 240 million.
    Pe-a said the only way that the TIA system could be useful is if it is 
    used to look for behavior and transaction patterns of a small number 
    of people that are suspected of having terrorist potential.
    "The pool of suspects must number in the hundreds" and be preceded by 
    solid law enforcement and detective work, he said.
    Some Components Already at Work 
    The TIA system will combine strategic analysis with knowledge 
    discovery and will promote collaboration among users worldwide by 
    providing access to the most relevant and timely information, Popp 
    "There are currently subsets of the tools and technologies being used 
    by analysts to help us understand if they are useful or not," Popp 
    told Federal Computer Week in October.
    Several TIA components are housed at the Army Intelligence and 
    Security Command's Information Dominance Center. That partnership 
    enables DARPA to maintain its research and development focus while 
    working with the command on testing and evaluation and "getting 
    technology into the hands of the user" as quickly as possible, Popp 
    Clyde Wayne Crews Jr., technology policy director at Cato, said that 
    the TIA system could also have a freezing effect on the nation's 
    e-commerce activity for many reasons including:
    * Data transfer procedures for turning over private records to the 
    * Loss of business due to increased public fear that previously 
      private transactions and records could be turned over to the 
    * Companies' right to refuse to turn over citizen records to the 
      government being jeopardized.
    E-commerce is still in its infancy, and "the last thing we need is an 
    impediment to assuring people their data is private," Crews said.
    TIA Leader Causes Greater Concern 
    DARPA created the Information Awareness Office in mid-January 2002 
    with the mission of developing and demonstrating information 
    technology such as data-mining tools designed to counter "asymmetric 
    threats," such as terrorist attacks.
    John Poindexter, national security adviser to President Reagan, who 
    may be most well known for his part in the infamous Iran-Contra 
    dealings, is the director of the new agency. His involvement in the 
    project has only fanned the flames of controversy. 
    Sen. Charles Schumer (D-N.Y.), Cato analysts, and many privacy and 
    government watchdog groups have expressed serious reservations about 
    Poindexter's involvement in the program. 
    But no one may have taken a tougher stance against Poindexter than New 
    York Times columnist William Safire, who in a scathing Nov. 14 
    editorial, wrote: "He is determined to break down the wall between 
    commercial snooping and secret government intrusion. The disgraced 
    admiral dismisses such necessary differentiation as bureaucratic 
    'stovepiping.' And he has been given a $200 million budget to create 
    computer dossiers on 300 million Americans." 
    DOD's Aldridge said Poindexter came to the department with the TIA 
    project proposal after Sept. 11, but that his involvement will end in 
    the research stage. 
    "Once the tool is developed...John will not be involved," Aldridge 
    said. "What John Poindexter is doing is developing a tool. He's not 
    exercising the tool. He will not exercise the tool. That tool will be 
    exercised by the intelligence, counterintelligence and law enforcement 
    The TIA project is funded in the fiscal 2003 budget at $10 million, 
    and DOD is developing future funding requirements, Aldridge said.
    However, the Electronic Privacy Information Center obtained DARPA 
    budget documents and found that although the TIA budget is $10 
    million, related programs that may become part of the system are 
    funded at $240 million for fiscal 2001 through 2003.
    Popp said IAO's budget for fiscal 2003 is about $150 million, up from 
    about $96 million last year. He added that DARPA received more than 
    170 proposals after issuing a broad agency announcement for the TIA 
    system in March and is in the process of funding the most relevant 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 18:57:45 PST