Tech Insider: Total information unawareness

RELATED

In the past week, privacy advocates and media commentators have sounded an alarm, saying that the Defense Department is building a new computer system to spy on personal transactions such as credit card purchases and e-mails. Their fears are unfounded and overblown.

At issue is a project called the Total Information Awareness (TIA) system, run by the Defense Advanced Research Projects Agency (DARPA), the research and development arm of the Pentagon that takes technologies in their prenatal stage and turns them into prototypes, usually over the course of three to four years per project.

The goal of the TIA system is clear, but far from simple: To predict terrorist attacks before they happen. Unfortunately, almost nothing has been published describing what the TIA system is, and more importantly, what it isn't, so that citizens can make up their minds about whether this project is advisable or even feasible.

Instead, assumptions have been based on misguided or false information, and attention has focused more on the fact that the project is being managed by controversial Iran-contra scandal figure John Poindexter than on DARPA's historic reputation as a sponsor of scientific research. None of this anxiety has furthered the debate over the proper role of technology and intelligence in homeland security.

So what is the TIA system? Contrary to recent assertions, it isn't a new computer. Rather, it's a conceptual prototype, a design for how different technological components-some already invented-might one day be integrated into a single system that would be used to predict terrorist attacks. The TIA system is also the top project in DARPA's new Information Awareness Office, which was formed in January to consolidate the numerous research and development projects the agency was already running in the areas of counter-terrorism and asymmetric warfare.

The project is at least three years from completion. When it's finished, DARPA won't build anything, said Robert Popp, deputy director of the Information Awareness Office. Instead, individual agencies that might use the TIA system would have to decide how and for what purpose. And, Popp stressed, it would be up to Congress to address privacy laws governing the use and collection of data that the system might encounter.

So how would the system work? To plan and execute their attacks, Popp said, terrorists must conduct transactions-to buy supplies, purchase airline tickets, make phone calls, and so on. Those transactions leave a record. Much the same way sonar recognizes the acoustic signature of a submarine, the TIA system would use a number of technological components, as well as human analysis, to look at transaction records for patterns that might point to a terrorist scenario.

As a broad example, consider the perpetrators of the Sept. 11 attacks. Some of their names were on government lists of suspected terrorists. Many of them had bank accounts and residences in the United States. If federal officials could have been alerted that some of the men were placing calls to one another, enrolling in the same flight schools and purchasing airline tickets for the same day, a proverbial red flag might have given them away.

Before those dots of information can be connected, they have to be found, and that's the first step of the TIA system. It would use a variety of technological components-such as information search-and-retrieval tools or programs that automatically translate recorded messages-to sift out related dots from the daunting volume of information held mostly in private sector databases.

No one knows yet what technologies would be included in the system or what repositories would be searched, Popp said. DARPA is considering a number of devices, some of which are already being used by the military. U.S. soldiers in Guantanamo Bay, Cuba, for example, use electronic translators to assist in the interrogation of suspected al Qaeda members and Taliban detainees. The device is a DARPA project, and the technology it employs might one day be used in the TIA system, Popp said.

Even if TIA eventually develops into an integrated system, computers will never be able to determine who is or isn't a terrorist, Popp says. Rather, the unconnected dots would be given to a team of experts in terrorism from a variety of federal agencies. It would be their job to make the connections.

Popp likens this process to having many pieces of a jigsaw puzzle, but not the picture on the puzzle box. The team would try to create that picture, using what they know about past terrorist events, and by challenging themselves to think unconventionally about what the data could mean.

Ultimately, analysts would narrow down their hypotheses into a few "plausible futures," Popp says; in other words, the most likely outcomes based on the data and the analysis. Then, the analysts would give their predictions to senior policy-makers-the head of the CIA or the National Security Adviser, for instance-who would have to make a decision about whether to act on the picture the analysts had painted.

The idea that a computer could automatically make these judgments is not only incorrect, but hard to imagine. Quite simply, the government doesn't have a large cache of information on every man, woman and child in the country. Furthermore, what personal information different agencies do collect is stored in different databases, and access to it is frequently restricted by law. And today, the government isn't advanced enough to create an all-powerful computer such as the one critics of the TIA program envision.

That's not to say the government couldn't one day build a highly sophisticated system to intuit people's behavior based on previous patterns, although many companies have tried and failed to do so. DARPA probably would be the best agency to undertake such an effort. But that isn't what's happening today. Nevertheless, New York Times columnist William Safire last week lambasted the TIA system, asserting that "if the Homeland Security Act is not amended before passage," the government would begin tracking people's magazine subscriptions and the pharmaceuticals they use. But there isn't a single reference to the TIA system or the Information Awareness Office in Homeland Security legislation passed by Congress, and the future of DARPA isn't connected to the bill. Popp acknowledges the validity of concerns about accessing information normally off limits to the government. DARPA officials are experimenting with ways to "anonymize" data that the system would use. For example, individuals' names and personal information might never be associated with credit card transactions when seen by analysts or processed by a computer. Analysts might only see a number, and the name behind it could only be accessed by senior officials under specific circumstances. Admittedly, even protections like these won't satisfy everyone. But the TIA system is years from becoming reality, and given the intense scrutiny of DARPA's work, it's unlikely that development of the system will continue far from public view. Indeed, journalists were writing about TIA as early as last summer. Congressional hearings on the system are all but certain in the next legislative session. It's hard to imagine, though, that DARPA, with its history grounded in the advancement of science and research, is nefariously plotting behind the curtain to build Big Brother. And even though the effort is headed by a controversial figure, not even John Poindexter is crafty enough to get dozens of federal agencies to electronically share what scant information about terrorists they do possess. If he were, he'd be the first choice for secretary of the Homeland Security Department. Plenty of information about TIA is available. Popp has been talking to the press about the system for months, and has been speaking about the project at public gatherings. You can read all about the system on DARPA's Web site. As work progresses, and the debate over the project is conducted, those with the responsibility to inform the public would do well to consult the facts, lest they be caught unaware.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

    Download
  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download
  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.

    Download

When you download a report, your information may be shared with the underwriters of that document.