Terrorist-tracking tools

By William New

September 10, 2002

A controversial Defense Department counterterrorism office created this year is moving ahead with plans to create terrorist-catching technologies, amid concerns raised by civil-liberties groups about the office's mission and its leader.

The Information Awareness Office-within the Defense Advanced Research Projects Agency, the Pentagon's high-tech idea factory-was created in February to develop technologies that can mine private communications and commercial transactions looking for patterns of behavior that might reveal terrorist activity, and to determine options for dealing with it. The IAO's director is John Poindexter, a former national security adviser to President Reagan.

"People are positioning themselves to do this job, but there are many questions that need to be answered," said Jerry Berman, executive director of the Center for Democracy & Technology, a nonprofit group that advocates "free expression and privacy in global communications technologies." He added, "Underneath all this are significant privacy issues and significant public-right-to-know issues."

Last month, Poindexter made his first public appearance since taking the new post. His deputy, Robert Popp, also spoke in recent weeks on the significant progress being made by the office.

"During the years I was in the White House, it was relatively simple to identify our intelligence collection targets," Poindexter said on Aug. 2 at a DARPA conference in Anaheim, Calif. Now, however, the United States is faced with "asymmetrical" threats, which are loosely organized and difficult to find, and which require new, technology-driven defenses, he said. An overarching goal for the office is "Total Information Awareness": the consideration of every information source available worldwide to uncover terrorists.

Transactions will be a key source of information, Poindexter said. "If terrorist organizations are going to plan and execute attacks against the United States, their people must engage in transactions, and they will leave signatures in this information space," he said. Transactions of interest might include credit card purchases, or the issuance of pilot's licenses or science degrees.

Other IAO projects include developing biometric technologies to identify people from a distance, and tools that can find information in thousands of foreign languages and convert speech to text. The office is also working to create linkages between databases and to mine vast amounts of data for clues. However, the IAO has not yet defined exactly what kind of data it will be looking at, fueling concern among privacy advocates.

A DARPA project called Genoa, which Poindexter worked on from the private-sector side, is entering a second incarnation under his leadership at the IAO. The project will develop information technology for the intelligence community that is designed to pre-empt terrorist threats.

Both the office's activities and Poindexter's past have put civil-liberties advocates on edge. Poindexter, who declined National Journal's request for an interview, was convicted in 1990 of misleading and obstructing Congress during the Iran-Contra investigation, a decision later overturned on appeal because immunized testimony had been used to win the conviction. Also, during the 1980s Poindexter authored a plan to put information about commercial computer security under military jurisdiction and out of the public's reach.

A former Navy vice admiral, Poindexter is recognized for his intelligence and his knowledge of information technology. "He is very sharp, extremely brainy, and has done a lot of thinking on these issues while in the private sector," said James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. Lewis worked under Poindexter, on Central America issues, at the National Security Council. But, Lewis added, "I was a little surprised that they resurfaced him. He was too radioactive for Bush 41."

Bruce McConnell is a consultant who spent 15 years as a White House technology-policy specialist and also headed the international center that worked on the technological transition to Y2K. He said his initial reaction to the office and to Poindexter's appointment was: "DARPA is a research organization. This initiative addresses one of the most pressing problems of the day. It sounds like a good idea."

During the legislative process leading to the Computer Security Act of 1987, Poindexter issued a memorandum advocating an expansion of the National Security Agency's authority, to include "all computer and communications security for the federal government and private industry." His proposal would have moved standard-setting for computers from the National Institute of Standards and Technology to the NSA. The memo raised privacy concerns, because information handled by the NSA would have become exempt from future public disclosure under the Freedom of Information Act. Poindexter's plan failed.

The Department of Homeland Security proposal now before Congress includes a provision to move the NIST Computer Security Division to the new department. The administration has also proposed a FOIA exemption for computer-security information shared with the government by the private sector.

In a recent interview, Marc Rotenberg, the executive director of the Electronic Privacy Information Center, who was a leading watchdog of the Reagan administration's computer-security initiatives, reacted to Poindexter's appointment: "Here we are almost 20 years later, with John Poindexter once again battling the civil libertarians over the question of government computer-security policy." Rotenberg added, "I would say Poindexter does match this administration's penchant for secrecy, which I think was apparent well before September 11."

Poindexter has tried to settle the privacy concerns. "More than just making sure that different databases can talk to one another, we need better ways to extract information from those unified databases, and to ensure that the private information on innocent citizens is protected," he said in his August speech.

He pointed out that the DARPA office will not actually put the data-mining technology to use, but will merely build a prototype. He also acknowledged, "There are significant information-policy issues related when considering data-mining in actual transaction spaces."

But some critics argue that the computer architecture created by such a prototype system will determine what information will be collected, what will be considered important, and how it will be used.

Poindexter said DARPA is examining ways to balance security with privacy through its Information Systems and Technology panel, and through discussions with the National Academy of Sciences.

Rotenberg countered that after recent conversations with Poindexter, he thinks Poindexter is sincere but does not understand the difference between privacy and secrecy. "When he hears the word `privacy' and he hears privacy groups talking about keeping information private, I think he simply substitutes the term `classified' or `secret' and says that we should apply the same kind of rules to this personal information that people say should be kept private, that we might apply to government documents that might be stamped `top secret.' "

Privacy involves the consideration of who gets access to information and how it is used, Rotenberg said. If a central database is built and becomes the basis for making determinations about, say, who can enter a federal building, obtain a federal job, set up an e-mail account, or access a public Web site, "you implicate a whole range of procedural rights, because the government in effect is now making determinations about who is entitled to do some things and who's not," he said.

Rotenberg also said he finds it surprising that Americans now appear more willing to give up their civil liberties after one "horrific" terrorist attack than they were during the battle over computer security in the 1980s, when members of Congress, industry groups, and civil-liberties groups "beat back" Poindexter's proposal despite the Cold War-era threats.

Harris Miller, president of the Information Technology Association of America, said the high-tech industry generally supports the IAO's objectives-as long as the new office does not duplicate existing technology and keeps computer users' privacy in mind. "The IT industry believes government should invest in IT R&D, and this is IT R&D," he said.

Chris Hoofnagle, EPIC's legislative counsel, said there has been talk about large private consumer profilers, such as credit-checking agencies, sharing data with the government. "There is a significant threat now that individuals' consumer transactional data will be swept up ... to determine who is a deviant and who is not. So if you use anything besides cash, you are going to be leaving footprints in their system."

Patrice McDermott, assistant director of government relations at the American Library Association's Washington office, said that if a government agency can retrieve information by name or by an identifier tied to an individual, then the agency has to provide notice that the retrieval system exists. Users would also have the right to ask what information, if any, the government collected.

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, said, "The office has established very ambitious, almost visionary, objectives for itself, which amount to a technological solution to the terrorist threat. In fact, it is so ambitious, it's unclear whether it's visionary or delusional."

The White House has defended Poindexter's current role. When asked in a February 25 press conference about the new appointment, White House Press Secretary Ari Fleischer said, "Admiral Poindexter is somebody who this administration thinks is an outstanding American, an outstanding citizen, who has done a very good job in what he has done for our country, serving the military."

He was then asked by veteran White House reporter Helen Thomas, "How can you say that, when he told Colonel [Oliver] North to lie?" Fleischer disagreed and said, "I understand. The president thinks that Admiral Poindexter has served our nation very well."


By William New

September 10, 2002

http://www.govexec.com/defense/defense-beat/2002/09/terrorist-tracking-tools/12461/