May 20, 2003
The Defense Department Tuesday submitted a lengthy report to Congress defending its work on the Total Information Awareness project, a controversial research initiative that envisions using technology to detect terrorist attacks before they happen.
The report was required by law and addressed the concerns of lawmakers and civil liberties advocates that TIA would violate individuals' privacy if it were used to inspect personal data, particularly financial transactions and phone records. TIA would consist of a set of technologies, including electronic searching tools to "mine" such records in the hopes of finding patterns indicating an imminent attack.
The TIA report, more than 100 pages in length, largely reiterated what Defense officials have said for months: The program is only in the research phase, and TIA isn't intended to scour large numbers of private databases. Engineers at the Defense Advanced Research Projects Agency (DARPA), which manages the TIA project, have long said that the media and privacy groups have misinterpreted their intentions.
But in reaction to criticism, DARPA announced that TIA would no longer be known as "Total Information Awareness." The name "created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens," the report said. "That is not [Defense's] intent in pursuing this program."
From now on, TIA will be known as Terrorism Information Awareness.
DARPA stressed repeatedly in the report that privacy protection is paramount in the TIA design. "Safeguarding the privacy and the civil liberties of Americans is a bedrock principle," the report said.
Senator Ron Wyden, D-Ore., introduced the legislation that required the TIA report. His spokeswoman said he was unimpressed by DARPA's findings, and added that the report "reinforces the concerns that made [Wyden] introduce the legislation in the first place."
DAPRA hasn't specified how TIA would protect Americans civil liberties and privacy, the spokeswoman said, adding that Wyden continues to be concerned that TIA proponents will "chip away" at those protections as time goes.
As for the project's new name, Wyden's spokeswoman dismissed its significance. "Changing the name doesn't change the concerns," she said.
The report made no recommendations to change laws that keep some information private, and noted that those laws may prevent TIA from ever being used in some cases.
The Fourth and Fifth Amendments to the Constitution, as well as numerous statutes, regulations and laws curtail the government's access to personal data, the report acknowledged. However, it also noted that "few, if any, statutes flatly prohibit government access to information" and that any analysis of the privacy implications of TIA is "tentative and preliminary," because the project is still largely in the research phase.
DARPA also said certain steps must be taken before any agency implements TIA. For example, TIA must be "stress-tested" to ensure that it only returns information germane to a particular query. TIA critics have said that, in all statistical likelihood, the technology would turn up information about innocent people more often than terrorists.
The system also must have internal controls that keep a record of who accessed the system and for what purpose, and ensure "anonymization" of data so that names connected to specific results couldn't be seen without a search warrant. The report said the system would provide "selective revelation" of data, meaning that those who searched for information would receive only a limited portion of it, and would have to seek permission to get more. Strict access controls would be placed on TIA users.
Any agency that sought to use TIA would have to prepare a legal case first. The Defense Department General Counsel has already directed each operational component within the department that is currently testing TIA technologies to prepare such a document, which "analyzes the legal issues raised by the underlying program to which the TIA tools will be applied," the report said.
The general counsel for the Central Intelligence Agency is taking similar steps to require legal reviews, and the Justice Department will also conduct such reviews if it decides to use TIA, the report said.
Meanwhile, testing of various TIA component technologies is moving ahead. A network of nine agencies besides DARPA is conducting tests on TIA using foreign intelligence data. The report said Pentagon officials were pleased with what they'd seen.
"[Defense] believes that the results of these initial experiments are very impressive and have revealed information that was not otherwise detected," the report said. The results of the tests are classified. In some cases, agencies are also testing TIA using fictitious data.
Some tests have focused on culling through large amounts of data to pull out relevant information, thus reducing the amount analysts have to read, the report said.
Two advisory boards were established earlier this year to oversee the TIA project. One consists of Defense Department officials, and the other is made up of outside experts in the field of technology policy and civil rights laws.
May 20, 2003