By Shane Harris
November 20, 2002
In the past week, privacy advocates and media commentators have sounded an alarm, saying that the Defense Department is building a new computer system to spy on personal transactions such as credit card purchases and e-mails. Their fears are unfounded and overblown.
At issue is a project called the Total Information Awareness (TIA) system, run by the Defense Advanced Research Projects Agency (DARPA), the research and development arm of the Pentagon that takes technologies in their prenatal stage and turns them into prototypes, usually over the course of three to four years per project.
The goal of the TIA system is clear, but far from simple: To predict terrorist attacks before they happen. Unfortunately, almost nothing has been published describing what the TIA system is, and more importantly, what it isn't, so that citizens can make up their minds about whether this project is advisable or even feasible.
Instead, assumptions have been based on misguided or false information, and attention has focused more on the fact that the project is being managed by controversial Iran-contra scandal figure John Poindexter than on DARPA's historic reputation as a sponsor of scientific research. None of this anxiety has furthered the debate over the proper role of technology and intelligence in homeland security.
So what is the TIA system? Contrary to recent assertions, it isn't a new computer. Rather, it's a conceptual prototype, a design for how different technological components-some already invented-might one day be integrated into a single system that would be used to predict terrorist attacks. The TIA system is also the top project in DARPA's new Information Awareness Office, which was formed in January to consolidate the numerous research and development projects the agency was already running in the areas of counter-terrorism and asymmetric warfare.
The project is at least three years from completion. When it's finished, DARPA won't build anything, said Robert Popp, deputy director of the Information Awareness Office. Instead, individual agencies that might use the TIA system would have to decide how and for what purpose. And, Popp stressed, it would be up to Congress to address privacy laws governing the use and collection of data that the system might encounter.
So how would the system work? To plan and execute their attacks, Popp said, terrorists must conduct transactions-to buy supplies, purchase airline tickets, make phone calls, and so on. Those transactions leave a record. Much the same way sonar recognizes the acoustic signature of a submarine, the TIA system would use a number of technological components, as well as human analysis, to look at transaction records for patterns that might point to a terrorist scenario.
As a broad example, consider the perpetrators of the Sept. 11 attacks. Some of their names were on government lists of suspected terrorists. Many of them had bank accounts and residences in the United States. If federal officials could have been alerted that some of the men were placing calls to one another, enrolling in the same flight schools and purchasing airline tickets for the same day, a proverbial red flag might have given them away.
Before those dots of information can be connected, they have to be found, and that's the first step of the TIA system. It would use a variety of technological components-such as information search-and-retrieval tools or programs that automatically translate recorded messages-to sift out related dots from the daunting volume of information held mostly in private sector databases.
No one knows yet what technologies would be included in the system or what repositories would be searched, Popp said. DARPA is considering a number of devices, some of which are already being used by the military. U.S. soldiers in Guantanamo Bay, Cuba, for example, use electronic translators to assist in the interrogation of suspected al Qaeda members and Taliban detainees. The device is a DARPA project, and the technology it employs might one day be used in the TIA system, Popp said.
Even if TIA eventually develops into an integrated system, computers will never be able to determine who is or isn't a terrorist, Popp says. Rather, the unconnected dots would be given to a team of experts in terrorism from a variety of federal agencies. It would be their job to make the connections.
Popp likens this process to having many pieces of a jigsaw puzzle, but not the picture on the puzzle box. The team would try to create that picture, using what they know about past terrorist events, and by challenging themselves to think unconventionally about what the data could mean.
Ultimately, analysts would narrow down their hypotheses into a few "plausible futures," Popp says; in other words, the most likely outcomes based on the data and the analysis. Then, the analysts would give their predictions to senior policy-makers-the head of the CIA or the National Security Adviser, for instance-who would have to make a decision about whether to act on the picture the analysts had painted.
The idea that a computer could automatically make these judgments is not only incorrect, but hard to imagine. Quite simply, the government doesn't have a large cache of information on every man, woman and child in the country. Furthermore, what personal information different agencies do collect is stored in different databases, and access to it is frequently restricted by law. And today, the government isn't advanced enough to create an all-powerful computer such as the one critics of the TIA program envision.
That's not to say the government couldn't one day build a highly sophisticated system to intuit people's behavior based on previous patterns, although many companies have tried and failed to do so. DARPA probably would be the best agency to undertake such an effort. But that isn't what's happening today. Nevertheless, New York Times columnist William Safire last week lambasted the TIA system, asserting that "if the Homeland Security Act is not amended before passage," the government would begin tracking people's magazine subscriptions and the pharmaceuticals they use. But there isn't a single reference to the TIA system or the Information Awareness Office in Homeland Security legislation passed by Congress, and the future of DARPA isn't connected to the bill. Popp acknowledges the validity of concerns about accessing information normally off limits to the government. DARPA officials are experimenting with ways to "anonymize" data that the system would use. For example, individuals' names and personal information might never be associated with credit card transactions when seen by analysts or processed by a computer. Analysts might only see a number, and the name behind it could only be accessed by senior officials under specific circumstances. Admittedly, even protections like these won't satisfy everyone. But the TIA system is years from becoming reality, and given the intense scrutiny of DARPA's work, it's unlikely that development of the system will continue far from public view. Indeed, journalists were writing about TIA as early as last summer. Congressional hearings on the system are all but certain in the next legislative session. It's hard to imagine, though, that DARPA, with its history grounded in the advancement of science and research, is nefariously plotting behind the curtain to build Big Brother. And even though the effort is headed by a controversial figure, not even John Poindexter is crafty enough to get dozens of federal agencies to electronically share what scant information about terrorists they do possess. If he were, he'd be the first choice for secretary of the Homeland Security Department. Plenty of information about TIA is available. Popp has been talking to the press about the system for months, and has been speaking about the project at public gatherings. You can read all about the system on DARPA's Web site. As work progresses, and the debate over the project is conducted, those with the responsibility to inform the public would do well to consult the facts, lest they be caught unaware.
By Shane Harris
November 20, 2002