Pentagon Readies Massive Spying System
By Michael J. Sniffen
The Guardian Unlimited
Tuesday 20 May 2003
WASHINGTON (AP) - The Pentagon assured Congress that its planned anti-terror surveillance system will only analyze legally acquired information and changed the name of the project to help allay privacy concerns that prompted congressional restrictions.
The Total Information Awareness program now under development by the Defense Advanced Research Projects Agency, or DARPA, will henceforth be named the Terrorism Information Awareness program.
In report ordered by Congress 90 days ago, DARPA said the old name ``created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens. That is not DoD's (Department of Defense's) intent in pursuing this program.''
Rather the goal is ``to protect U.S. citizens by detecting and defeating foreign terrorist threats before an attack'' and the new name was chosen ``to make this objective absolutely clear.''
While the name changed, the description of the program being developed remained essentially the same. DARPA did, however, emphasize that it has let contracts to enhance privacy and security protections for personal data analyzed by U.S. agents who might ultimately use the software tools that are being tested or are under development.
During research and testing, DARPA is ``only using data and information that is either foreign intelligence and counter intelligence information legally obtained and usable by the federal government or wholly synthetic (artificial) data that has been generated, for research purposes only, to resemble ... real-world patterns of behavior.''
Looking ahead to the possible implementation of the system by various U.S. counter intelligence agencies and policy-makers, DARPA did not propose any changes in the laws regulating government access to databases full of information about private commercial transactions, like airplane ticket purchases or apartment rentals.
But DARPA noted that some current laws governing some categories of private information ``may well constrain or ... completely preclude deployment of TIA search tools with respect to some data.'' The agency did not specify which data-mining software tools or private databases would fall into this forbidden category.
DARPA has acknowledged that it is developing software data-mining tools capable of giving U.S. agents fingertip access to government and commercial records from around the world that could fill the Library of Congress more than 50 times.
The library's collection of more than 18 million books would be dwarfed by the size of the computerized files the government wants to search for patterns of behavior that betray an imminent terrorist attack.
This prospect has alarmed privacy advocates on both ends of the political spectrum. In February, Congress barred use the TIA system against American citizens pending further congressional review. It also ordered the report that DARPA delivered Tuesday.
Also Tuesday, the Center for Democracy and Technology, a group that advocates online privacy, was giving a House Judiciary subcommittee a report that concluded, ``There are few legal constraints on government access to commercial databases.'' Neither the Privacy Act nor the Constitution protects consumer data held by private companies, and other laws ``are riddled with exceptions for law enforcement or intelligence uses.''
The center's executive director, Jim Dempsey, said in prepared testimony, ``Since 9/11, the FBI is authorized by the attorney general to go looking for information about individuals with no reason to believe they are engaged in, or planning, or connected to any wrongdoing.''
In advice to would-be TIA contractors, DARPA disclosed that the project will require ``gathering a much broader array of data than we do currently'' and break down barriers that keep separate data already collected by a host of agencies.
``The amounts of data that will need to be stored and accessed will be unprecedented, measured in petabytes,'' the agency instructions said. A byte amounts to the electronic representation of one letter of the alphabet, and a petabyte is a quadrillion - 1,000,000,000,000,000 - bytes.
DARPA, which developed the Internet, is again trying to expand the boundaries of existing technology. Among the largest databases on the Internet is an archive of the last five years of Web pages; it consumes 100 terabytes, or one-tenth of a petabyte.
Despite privacy fears, government documents reviewed by The Associated Press show that scores of major defense contractors and prominent universities applied last year for the first research contracts to design the surveillance and analysis system.
Conceived and managed by retired Adm. John Poindexter, the TIA surveillance system is based on his theory that ``terrorists must engage in certain transactions to coordinate and conduct attacks against Americans, and these transactions form patterns that may be detectable.''
DARPA said the goal is to predict terrorist actions by analyzing such transactions as passport applications, visas, work permits, driver's licenses, car rentals, airline ticket purchases, arrests or reports of suspicious activities.
Other databases DARPA wants to make available to U.S. agents include financial, education, medical and housing records and biometric identification databases based on fingerprints, irises, facial shapes and gait.
TIA is developing breakthrough software ``for treating these databases as a virtual, centralized grand database'' capable of being quickly mined by counterintelligence officers even though the data will be held in many places, many languages and many formats, DARPA documents say.