Pentagon agency defends anti-terror data mining initiative

The Defense Department Tuesday submitted a lengthy report to Congress defending its work on the Total Information Awareness project, a controversial research initiative that envisions using technology to detect terrorist attacks before they happen.

The report was required by law and addressed the concerns of lawmakers and civil liberties advocates that TIA would violate individuals' privacy if it were used to inspect personal data, particularly financial transactions and phone records. TIA would consist of a set of technologies, including electronic searching tools to "mine" such records in the hopes of finding patterns indicating an imminent attack.

The TIA report, more than 100 pages in length, largely reiterated what Defense officials have said for months: The program is only in the research phase, and TIA isn't intended to scour large numbers of private databases. Engineers at the Defense Advanced Research Projects Agency (DARPA), which manages the TIA project, have long said that the media and privacy groups have misinterpreted their intentions.

But in reaction to criticism, DARPA announced that TIA would no longer be known as "Total Information Awareness." The name "created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens," the report said. "That is not [Defense's] intent in pursuing this program."

From now on, TIA will be known as Terrorism Information Awareness.

DARPA stressed repeatedly in the report that privacy protection is paramount in the TIA design. "Safeguarding the privacy and the civil liberties of Americans is a bedrock principle," the report said.

Senator Ron Wyden, D-Ore., introduced the legislation that required the TIA report. His spokeswoman said he was unimpressed by DARPA's findings, and added that the report "reinforces the concerns that made [Wyden] introduce the legislation in the first place."

DAPRA hasn't specified how TIA would protect Americans civil liberties and privacy, the spokeswoman said, adding that Wyden continues to be concerned that TIA proponents will "chip away" at those protections as time goes.

As for the project's new name, Wyden's spokeswoman dismissed its significance. "Changing the name doesn't change the concerns," she said.

The report made no recommendations to change laws that keep some information private, and noted that those laws may prevent TIA from ever being used in some cases.

The Fourth and Fifth Amendments to the Constitution, as well as numerous statutes, regulations and laws curtail the government's access to personal data, the report acknowledged. However, it also noted that "few, if any, statutes flatly prohibit government access to information" and that any analysis of the privacy implications of TIA is "tentative and preliminary," because the project is still largely in the research phase.

DARPA also said certain steps must be taken before any agency implements TIA. For example, TIA must be "stress-tested" to ensure that it only returns information germane to a particular query. TIA critics have said that, in all statistical likelihood, the technology would turn up information about innocent people more often than terrorists.

The system also must have internal controls that keep a record of who accessed the system and for what purpose, and ensure "anonymization" of data so that names connected to specific results couldn't be seen without a search warrant. The report said the system would provide "selective revelation" of data, meaning that those who searched for information would receive only a limited portion of it, and would have to seek permission to get more. Strict access controls would be placed on TIA users.

Any agency that sought to use TIA would have to prepare a legal case first. The Defense Department General Counsel has already directed each operational component within the department that is currently testing TIA technologies to prepare such a document, which "analyzes the legal issues raised by the underlying program to which the TIA tools will be applied," the report said.

The general counsel for the Central Intelligence Agency is taking similar steps to require legal reviews, and the Justice Department will also conduct such reviews if it decides to use TIA, the report said.

Meanwhile, testing of various TIA component technologies is moving ahead. A network of nine agencies besides DARPA is conducting tests on TIA using foreign intelligence data. The report said Pentagon officials were pleased with what they'd seen.

"[Defense] believes that the results of these initial experiments are very impressive and have revealed information that was not otherwise detected," the report said. The results of the tests are classified. In some cases, agencies are also testing TIA using fictitious data.

Some tests have focused on culling through large amounts of data to pull out relevant information, thus reducing the amount analysts have to read, the report said.

Two advisory boards were established earlier this year to oversee the TIA project. One consists of Defense Department officials, and the other is made up of outside experts in the field of technology policy and civil rights laws.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.