All eyes on Total Info Awareness

Perhaps no project being developed as a result of the Sept. 11, 2001, terrorist attacks has caused such intense public scrutiny and debate as the Defense Advanced Research Projects Agency's Total Information Awareness (TIA) system.

TIA, in theory, will enable national security analysts to detect, classify, track, understand and pre-empt terrorist attacks against the United States by spotting patterns using public and private transaction and surveillance methods.

The system, parts of which are already operational, incorporates transactional data systems, including private credit card and travel records, biometric authentication technologies, intelligence data and automated virtual data repositories. Its goal is to create an "end-to-end, closed-loop system," to help military and intelligence analysts make decisions related to national security, said Robert Popp, deputy director of DARPA's Information Awareness Office (IAO), which is heading up the effort.

"The purpose of TIA would be to determine the feasibility of searching vast quantities of data to determine links and patterns indicative of terrorist activities," said Pete Aldridge, undersecretary of Defense for acquisition, logistics and technology, at a Nov. 20 press briefing.

But the system poses concerns. Speaking Dec. 12 at a briefing entitled "Yellow Light on Total Information Awareness," sponsored by the Cato Institute — a libertarian, market-oriented think tank — Robert Levy, senior fellow in constitutional studies at Cato, said the TIA system poses three potential risks:

* Misuse of the database information.

* Blurring of the enforcement lines between terrorism and nonterror-related crimes.

* Overall ineffectiveness because terrorists will learn the rules or patterns and adjust, as well as "false positives" on targeting innocent citizens.

'They Have Adapted'

Levy's concern about terrorists' ability to adapt appear to be justified, based on remarks that Air Force Gen. Richard Myers, chairman of the Joint Chiefs of Staff, made Nov. 4 at the Brookings Institution. Myers said that U.S. military efforts in Afghanistan may need to be revamped because of the ability of al Qaeda to adapt to DOD's tactics.

"They have adapted," Myers said. "They adapt the way they talk to each other, the way they pass money. They've made lots of adaptations to our tactics, and we've got to continue to think and try to out-think them and to be faster at it."

Despite the need for new tactics in the near-term, Aldridge said the TIA "experiment" would be demonstrated using test data resembling real-life events, but that the "feasibility" of actually using the system is "several years away, based upon the ability to understand the technology."

"We'll not use detailed information that is real," Aldridge said. "In order to preserve the sanctity of individual privacy, we're designing this system to ensure complete anonymity of uninvolved citizens, thus focusing the efforts of law enforcement officials on terrorist investigations. The information gathered would then be subject to the same legal protections currently in place for the other law enforcement activities."

Such assurances did not satisfy Levy, who repeatedly questioned the civil liberties infringements that may result from using the TIA system and said DOD still has many questions to answer, including:

* Who has access to the system and how are those people selected and trained?

* What oversight procedures are in place and what are the sanctions for misuse?

* What restrictions apply to the use of private data?

Charles Pe-a, senior defense policy analyst at Cato, said that TIA might better stand for "totally innocent Americans." He added that the way the "law of large numbers" works means that many innocent people will be falsely accused if the government's intention is to keep a dossier on every adult American, of which there are about 240 million.

Pe-a said the only way that the TIA system could be useful is if it is used to look for behavior and transaction patterns of a small number of people that are suspected of having terrorist potential.

"The pool of suspects must number in the hundreds" and be preceded by solid law enforcement and detective work, he said.

Some Components Already at Work

The TIA system will combine strategic analysis with knowledge discovery and will promote collaboration among users worldwide by providing access to the most relevant and timely information, Popp said.

"There are currently subsets of the tools and technologies being used by analysts to help us understand if they are useful or not," Popp told Federal Computer Week in October.

Several TIA components are housed at the Army Intelligence and Security Command's Information Dominance Center. That partnership enables DARPA to maintain its research and development focus while working with the command on testing and evaluation and "getting technology into the hands of the user" as quickly as possible, Popp said.

Clyde Wayne Crews Jr., technology policy director at Cato, said that the TIA system could also have a freezing effect on the nation's e-commerce activity for many reasons including:

* Data transfer procedures for turning over private records to the government.

* Loss of business due to increased public fear that previously private transactions and records could be turned over to the government.

* Companies' right to refuse to turn over citizen records to the government being jeopardized.

E-commerce is still in its infancy, and "the last thing we need is an impediment to assuring people their data is private," Crews said.

TIA Leader Causes Greater Concern

DARPA created the Information Awareness Office in mid-January 2002 with the mission of developing and demonstrating information technology such as data-mining tools designed to counter "asymmetric threats," such as terrorist attacks.

John Poindexter, national security adviser to President Reagan, who may be most well known for his part in the infamous Iran-Contra dealings, is the director of the new agency. His involvement in the project has only fanned the flames of controversy.

Sen. Charles Schumer (D-N.Y.), Cato analysts, and many privacy and government watchdog groups have expressed serious reservations about Poindexter's involvement in the program.

But no one may have taken a tougher stance against Poindexter than New York Times columnist William Safire, who in a scathing Nov. 14 editorial, wrote: "He is determined to break down the wall between commercial snooping and secret government intrusion. The disgraced admiral dismisses such necessary differentiation as bureaucratic 'stovepiping.' And he has been given a $200 million budget to create computer dossiers on 300 million Americans."

DOD's Aldridge said Poindexter came to the department with the TIA project proposal after Sept. 11, but that his involvement will end in the research stage.

"Once the tool is developed...John will not be involved," Aldridge said. "What John Poindexter is doing is developing a tool. He's not exercising the tool. He will not exercise the tool. That tool will be exercised by the intelligence, counterintelligence and law enforcement agencies."

The TIA project is funded in the fiscal 2003 budget at $10 million, and DOD is developing future funding requirements, Aldridge said.

However, the Electronic Privacy Information Center obtained DARPA budget documents and found that although the TIA budget is $10 million, related programs that may become part of the system are funded at $240 million for fiscal 2001 through 2003.

Popp said IAO's budget for fiscal 2003 is about $150 million, up from about $96 million last year. He added that DARPA received more than 170 proposals after issuing a broad agency announcement for the TIA system in March and is in the process of funding the most relevant ones.