Pentagon agency defends anti-terror data mining initiative

The Defense Department Tuesday submitted a lengthy report to Congress defending its work on the Total Information Awareness project, a controversial research initiative that envisions using technology to detect terrorist attacks before they happen.

The report was required by law and addressed the concerns of lawmakers and civil liberties advocates that TIA would violate individuals' privacy if it were used to inspect personal data, particularly financial transactions and phone records. TIA would consist of a set of technologies, including electronic searching tools to "mine" such records in the hopes of finding patterns indicating an imminent attack.

The TIA report, more than 100 pages in length, largely reiterated what Defense officials have said for months: The program is only in the research phase, and TIA isn't intended to scour large numbers of private databases. Engineers at the Defense Advanced Research Projects Agency (DARPA), which manages the TIA project, have long said that the media and privacy groups have misinterpreted their intentions.

But in reaction to criticism, DARPA announced that TIA would no longer be known as "Total Information Awareness." The name "created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens," the report said. "That is not [Defense's] intent in pursuing this program."

From now on, TIA will be known as Terrorism Information Awareness.

DARPA stressed repeatedly in the report that privacy protection is paramount in the TIA design. "Safeguarding the privacy and the civil liberties of Americans is a bedrock principle," the report said.

Senator Ron Wyden, D-Ore., introduced the legislation that required the TIA report. His spokeswoman said he was unimpressed by DARPA's findings, and added that the report "reinforces the concerns that made [Wyden] introduce the legislation in the first place."

DAPRA hasn't specified how TIA would protect Americans civil liberties and privacy, the spokeswoman said, adding that Wyden continues to be concerned that TIA proponents will "chip away" at those protections as time goes.

As for the project's new name, Wyden's spokeswoman dismissed its significance. "Changing the name doesn't change the concerns," she said.

The report made no recommendations to change laws that keep some information private, and noted that those laws may prevent TIA from ever being used in some cases.

The Fourth and Fifth Amendments to the Constitution, as well as numerous statutes, regulations and laws curtail the government's access to personal data, the report acknowledged. However, it also noted that "few, if any, statutes flatly prohibit government access to information" and that any analysis of the privacy implications of TIA is "tentative and preliminary," because the project is still largely in the research phase.

DARPA also said certain steps must be taken before any agency implements TIA. For example, TIA must be "stress-tested" to ensure that it only returns information germane to a particular query. TIA critics have said that, in all statistical likelihood, the technology would turn up information about innocent people more often than terrorists.

The system also must have internal controls that keep a record of who accessed the system and for what purpose, and ensure "anonymization" of data so that names connected to specific results couldn't be seen without a search warrant. The report said the system would provide "selective revelation" of data, meaning that those who searched for information would receive only a limited portion of it, and would have to seek permission to get more. Strict access controls would be placed on TIA users.

Any agency that sought to use TIA would have to prepare a legal case first. The Defense Department General Counsel has already directed each operational component within the department that is currently testing TIA technologies to prepare such a document, which "analyzes the legal issues raised by the underlying program to which the TIA tools will be applied," the report said.

The general counsel for the Central Intelligence Agency is taking similar steps to require legal reviews, and the Justice Department will also conduct such reviews if it decides to use TIA, the report said.

Meanwhile, testing of various TIA component technologies is moving ahead. A network of nine agencies besides DARPA is conducting tests on TIA using foreign intelligence data. The report said Pentagon officials were pleased with what they'd seen.

"[Defense] believes that the results of these initial experiments are very impressive and have revealed information that was not otherwise detected," the report said. The results of the tests are classified. In some cases, agencies are also testing TIA using fictitious data.

Some tests have focused on culling through large amounts of data to pull out relevant information, thus reducing the amount analysts have to read, the report said.

Two advisory boards were established earlier this year to oversee the TIA project. One consists of Defense Department officials, and the other is made up of outside experts in the field of technology policy and civil rights laws.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.