[ISN] Many Tools of Big Brother Are Up and Running

From: InfoSec News (isnat_private)
Date: Tue Dec 24 2002 - 02:35:54 PST

  • Next message: InfoSec News: "[ISN] Merry Christmas from C4I.org"

    December 23, 2002
    In the Pentagon research effort to detect terrorism by electronically
    monitoring the civilian population, the most remarkable detail may be
    this: Most of the pieces of the system are already in place.
    Because of the inroads the Internet and other digital network
    technologies have made into everyday life over the last decade, it is
    increasingly possible to amass Big Brother-like surveillance powers
    through Little Brother means. The basic components include everyday
    digital technologies like e-mail, online shopping and travel booking,
    A.T.M. systems, cellphone networks, electronic toll-collection systems
    and credit-card payment terminals.
    In essence, the Pentagon's main job would be to spin strands of
    software technology that would weave these sources of data into a vast
    electronic dragnet.
    Technologists say the types of computerized data sifting and pattern
    matching that might flag suspicious activities to government agencies
    and coordinate their surveillance are not much different from programs
    already in use by private companies. Such programs spot unusual credit
    card activity, for example, or let people at multiple locations
    collaborate on a project.
    The civilian population, in other words, has willingly embraced the
    technical prerequisites for a national surveillance system that
    Pentagon planners are calling Total Information Awareness. The
    development has a certain historical resonance because it was the
    Pentagon's research agency that in the 1960's financed the technology
    that led directly to the modern Internet. Now the same agency - the
    Defense Advanced Research Projects Agency, or Darpa - is relying on
    commercial technology that has evolved from the network it pioneered.
    The first generation of the Internet - called the Arpanet - consisted
    of electronic mail and file transfer software that connected people to
    people. The second generation connected people to databases and other
    information via the World Wide Web. Now a new generation of software
    connects computers directly to computers.
    And that is the key to the Total Information Awareness project, which
    is overseen by John M. Poindexter, the former national security
    adviser under President Ronald Reagan. Dr. Poindexter was convicted in
    1990 of a felony for his role in the Iran-contra affair, but that
    conviction was overturned by a federal appeals court because he had
    been granted immunity for his testimony before Congress about the
    Although Dr. Poindexter's system has come under widespread criticism
    from Congress and civil liberties groups, a prototype is already in
    place and has been used in tests by military intelligence
    Total Information Awareness could link for the first time such
    different electronic sources as video feeds from airport surveillance
    cameras, credit card transactions, airline reservations and telephone
    calling records. The data would be filtered through software that
    would constantly look for suspicious patterns of behavior.
    The idea is for law enforcement or intelligence agencies to be alerted
    immediately to patterns in otherwise unremarkable sets of data that
    might indicate threats, allowing rapid reviews by human analysts. For
    example, a cluster of foreign visitors who all took flying lessons in
    separate parts of the country might not attract attention. Nor would
    it necessarily raise red flags if all those people reserved airline
    tickets for the same day. But a system that could detect both sets of
    actions might raise suspicions.
    Some computer scientists wonder whether the system can work. "This
    wouldn't have been possible without the modern Internet, and even now
    it's a daunting task," said Dorothy Denning, a professor in the
    Department of Defense Analysis at the Naval Postgraduate School in
    Monterey, Calif. Part of the challenge, she said, is knowing what to
    look for. "Do we really know enough about the precursors to terrorist
    activity?" she said. "I don't think we're there yet."
    The early version of the Total Information Awareness system employs a
    commercial software collaboration program called Groove. It was
    developed in 2000 by Ray Ozzie, a well-known software designer who is
    the inventor of Lotus Notes. Groove makes it possible for analysts at
    many different government agencies to share intelligence data
    instantly, and it links specialized programs that are designed to look
    for patterns of suspicious behavior.
    Total Information Awareness also takes advantage of a simple and
    fundamental software technology called Extended Markup Language, or
    XML, that is at the heart of the third generation of Internet
    software. It was created by software designers at companies like
    Microsoft, Sun Microsystems and I.B.M., as well as independent Silicon
    Valley programmers.
    The markup language allows data that has long been locked in isolated
    databases, known in the industry as silos, to be translated into a
    kind of universal language that can be read and used by many different
    systems. Information made compatible in this way can be shared among
    thousands, or even hundreds of thousands, of computers in ways that
    all of them can understand.
    It is XML, a refinement of the Internet's original World Wide Web
    scheme, that has made it possible to consider welding thousands of
    databases together without centralizing the information. Computer
    scientists said that without such new third-generation Web
    technologies, it would have never been possible to conceive of the
    Total Information Awareness system, which is intended to ferret out
    the suspicious intentions of a handful of potential terrorists from
    the humdrum everyday electronic comings and goings of millions of
    average Americans.
    Civil libertarians have questioned whether the government has the
    legal or constitutional grounds to conduct such electronic searches.
    And other critics have called it an outlandishly futuristic and
    ultimately unworkable scheme on technical grounds.
    But on the latter point, technologists disagree. "It's well grounded
    in the best current theory about scalable systems," said Ramano Rao,
    chief technology officer at Inxight, a Sunnyvale, Calif., company that
    develops text-searching software. "It uses all the right buzzwords."
    People close to the Pentagon's research program said Dr. Poindexter
    was acutely aware of the power and the invasiveness of his
    experimental surveillance system. In private conversations this
    summer, according to several Department of Defense contractors, he
    raised the possibility that the control of the Total Information
    Awareness system should be placed under the jurisdiction of an
    independent, nongovernmental organization like the Red Cross because
    of the potential for abuse.
    Dr. Poindexter declined to be interviewed for this article. A Darpa
    spokeswoman, Jan Walker, wrote in an e-mail reply to questions that
    "we don't recall ever talking about" having a nongovernmental
    organization operate the Total Information Awareness program and that
    "we've not held any discussions with" such an organization.
    The idea of using an independent organization to control a technology
    that has a high potential for abuse has been raised by previous
    administrations. An abortive plan to create a backdoor surveillance
    capability in encrypted communications, known as Clipper, was
    introduced by the Clinton administration in 1993. It called for keys
    to the code to be held by an organization independent of the F.B.I.
    and other law enforcement agencies.
    Speaking of Dr. Poindexter, John Arquilla, an expert at the Naval
    Postgraduate School in Monterey on unconventional warfare, said, "The
    admiral is very concerned about the tension between security and civil
    liberties." He added that because of the changing nature of warfare
    and the threat of terrorism, the United States would be forced to make
    trade-offs between individuals' privacy and national security.
    "In an age of terror wars, we have to learn the middle path to craft
    the security we need without incurring too great a cost on our civil
    liberties," he said.
    Computer scientists who work with Darpa said that Dr. Poindexter was
    an enthusiastic backer of a Darpa-sponsored advisory group that had
    been initiated by a Microsoft researcher, Eric Horvitz, in October
    2001 in the wake of the Sept. 11 terrorist attacks.
    The group, which was composed of 41 computer scientists, policy
    experts and government officials, met three times to explore whether
    it was possible to employ sophisticated data-mining technologies
    against potential terrorist attacks while protecting individuals'
    A number of the scientists proposed "black box" surveillance systems
    that would alert human intelligence analysts about suspicious
    patterns. Once the alerts were issued in such a system, they
    suggested, legal processes like those used for wiretapping could be
    But a number of the scientists and policy experts who attended the
    meetings were skeptical that technical safeguards would be adequate to
    ensure that such a system would not be abused.
    The debate is a healthy one, said Don Upson, who is senior vice
    president of the government business unit of a software company in
    Fairfax, Va., webMethods, and the former secretary of technology for
    "I'm glad Darpa is doing this because somebody has to start defining
    what the rules are going to be" about how and when to use data, he
    said. "I believe we're headed down the path of setting the parameters
    of how we're going to use information."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Dec 24 2002 - 09:10:58 PST