[Politech] Ross Stapleton-Gray on CIA funding chatroom surveillance [priv]

From: Declan McCullagh (declan@private)
Date: Thu Dec 02 2004 - 22:43:42 PST


-------- Original Message --------
Subject: Re: [Politech] CIA funded study to spy on chat rooms [priv]
Date: Mon, 29 Nov 2004 09:19:33 -0800
From: Ross Stapleton-Gray <ross@stapleton-gray.com>
To: Declan McCullagh <declan@private>, politech@private
CC: david Farber <dfarber@private>
References: <41AACA1F.5040806@private>

At 11:05 PM 11/28/2004, Declan McCullagh wrote:
>http://news.com.com/2100-7348_3-5466140.html
>
>Security officials to spy on chat rooms
>Published: November 24, 2004, 10:28 AM PST
>
>The CIA is quietly funding federal research into surveillance of Internet 
>chat rooms as part of an effort to identify possible terrorists, newly 
>released documents reveal.
>
>In April 2003, the CIA agreed to fund a series of research projects that 
>the documents indicate were intended to create "new capabilities to combat 
>terrorism through advanced technology." One of those projects is research 
>at the Rensselaer Polytechnic Institute in Troy, N.Y., devoted to 
>automated monitoring and profiling of the behavior of chat-room users.

Not to pick a nit, but funding research on tools doesn't guarantee that
*they* (the CIA, here) will use them; it could be that the CIA is concerned
that law enforcement needs tools that they (law enforcement) can't/won't
afford.  Stranger things have happened... I saw an NSF grant go by earlier
this year that seemed to be aimed at buying an NSF IT security person's
time on behalf of the (abysmally insecure) Department of Interior (where
there've been several court-directed shutdowns of the Dept's Internet
access, because of lax security in the Bureau of Indian Affairs).

A couple more comments... firstly, whatever the stated purpose of the
grant, the CIA could have a use for such tools *internally*.  As we may or
may not recall, the "CIA chat room incident," from 2000, involved Agency
employees communicating "inappropriately" on CIA computers and networks:
http://www.washingtonpost.com/ac2/wp-dyn/A64444-2000Nov11
I was a CIA employee during some of the period of concern, and knew many of
those affected in the subsequent crackdown (I left the Agency in October
1994).  Robert Steele's comments in that article are on the mark... these
were bright people, who were, at worst, involved in the electronic
equivalent of chatting around the virtual watercooler about their
pointy-haired bosses.  Be that as it may, organizations will want
appropriate tools to detect and alarm on abuses of corporate resources;
arguably, a national security agency entrusted with the most-classified
secrets will be more paranoid than most.

Secondly, there are a variety of federal sources for research grants on
issues of interest to the Intelligence Community, including unclassified
grants.  In addition to this (perhaps anomalous) NSF source, agencies would
include DARPA (of course); ARDA (http://www.ic-arda.org), whose web site
could be more current, but which does fund some rather far-thinking,
innovative "thrusts;" the DOD more generally; and the National
Geospatial-Intelligence Agency (NGA, formerly NIMA), which is alone among
the Intelligence Community agencies in availing itself of the Small
Business Innovative Research (SBIR) program, making small (six month,
$100K) awards for speculative research, largely on issues around
visualization (and not just geospatial imagery).  There is also In-Q-Tel
(http://www.in-q-tel.org), though their focus is later-stage R&D, i.e.,
investible small companies focused on technologies of potential interest to
the CIA and IC, but ultimately intended to be self-sufficient in larger
markets.

Ross




-----

Ross Stapleton-Gray, Ph.D., CISSP
Stapleton-Gray & Associates, Inc.
http://www.stapleton-gray.com



_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Thu Dec 02 2004 - 23:06:04 PST