NYTimes.com Article: Many Tools of Big Brother Are Already Up and Running

[Dave Farber <dave () farber net>]

Many Tools of Big Brother Are Already Up and Running

December 23, 2002
By JOHN MARKOFF and JOHN SCHWARTZ




 

In the Pentagon research effort to detect terrorism by
electronically monitoring the civilian population, the most
remarkable detail may be this: Most of the pieces of the
system are already in place.

Because of the inroads the Internet and other digital
network technologies have made into everyday life over the
last decade, it is increasingly possible to amass Big
Brother-like surveillance powers through Little Brother
means. The basic components include everyday digital
technologies like e-mail, online shopping and travel
booking, A.T.M. systems, cellphone networks, electronic
toll-collection systems and credit-card payment terminals.

In essence, the Pentagon's main job would be to spin
strands of software technology that would weave these
sources of data into a vast electronic dragnet.

Technologists say the types of computerized data sifting
and pattern matching that might flag suspicious activities
to government agencies and coordinate their surveillance
are not much different from programs already in use by
private companies. Such programs spot unusual credit card
activity, for example, or let people at multiple locations
collaborate on a project.

The civilian population, in other words, has willingly
embraced the technical prerequisites for a national
surveillance system that Pentagon planners are calling
Total Information Awareness. The development has a certain
historical resonance because it was the Pentagon's research
agency that in the 1960's financed the technology that led
directly to the modern Internet. Now the same agency - the
Defense Advanced Research Projects Agency, or Darpa - is
relying on commercial technology that has evolved from the
network it pioneered.

The first generation of the Internet - called the Arpanet -
consisted of electronic mail and file transfer software
that connected people to people. The second generation
connected people to databases and other information via the
World Wide Web. Now a new generation of software connects
computers directly to computers.

And that is the key to the Total Information Awareness
project, which is overseen by John M. Poindexter, the
former national security adviser under President Ronald
Reagan. Dr. Poindexter was convicted in 1990 of a felony
for his role in the Iran-contra affair, but that conviction
was overturned by a federal appeals court because he had
been granted immunity for his testimony before Congress
about the case. 

Although Dr. Poindexter's system has come under widespread
criticism from Congress and civil liberties groups, a
prototype is already in place and has been used in tests by
military intelligence organizations.

Total Information Awareness could link for the first time
such different electronic sources as video feeds from
airport surveillance cameras, credit card transactions,
airline reservations and telephone calling records. The
data would be filtered through software that would
constantly look for suspicious patterns of behavior.

The idea is for law enforcement or intelligence agencies to
be alerted immediately to patterns in otherwise
unremarkable sets of data that might indicate threats,
allowing rapid reviews by human analysts. For example, a
cluster of foreign visitors who all took flying lessons in
separate parts of the country might not attract attention.
Nor would it necessarily raise red flags if all those
people reserved airline tickets for the same day. But a
system that could detect both sets of actions might raise
suspicions. 

Some computer scientists wonder whether the system can
work. "This wouldn't have been possible without the modern
Internet, and even now it's a daunting task," said Dorothy
Denning, a professor in the Department of Defense Analysis
at the Naval Postgraduate School in Monterey, Calif. Part
of the challenge, she said, is knowing what to look for.
"Do we really know enough about the precursors to terrorist
activity?" she said. "I don't think we're there yet."

The early version of the Total Information Awareness system
employs a commercial software collaboration program called
Groove. It was developed in 2000 by Ray Ozzie, a well-known
software designer who is the inventor of Lotus Notes.
Groove makes it possible for analysts at many different
government agencies to share intelligence data instantly,
and it links specialized programs that are designed to look
for patterns of suspicious behavior.

Total Information Awareness also takes advantage of a
simple and fundamental software technology called Extended
Markup Language, or XML, that is at the heart of the third
generation of Internet software. It was created by software
designers at companies like Microsoft, Sun Microsystems and
I.B.M., as well as independent Silicon Valley programmers.

The markup language allows data that has long been locked
in isolated databases, known in the industry as silos, to
be translated into a kind of universal language that can be
read and used by many different systems. Information made
compatible in this way can be shared among thousands, or
even hundreds of thousands, of computers in ways that all
of them can understand.

It is XML, a refinement of the Internet's original World
Wide Web scheme, that has made it possible to consider
welding thousands of databases together without
centralizing the information. Computer scientists said that
without such new third-generation Web technologies, it
would have never been possible to conceive of the Total
Information Awareness system, which is intended to ferret
out the suspicious intentions of a handful of potential
terrorists from the humdrum everyday electronic comings and
goings of millions of average Americans.

Civil libertarians have questioned whether the government
has the legal or constitutional grounds to conduct such
electronic searches. And other critics have called it an
outlandishly futuristic and ultimately unworkable scheme on
technical grounds. 

But on the latter point, technologists disagree. "It's well
grounded in the best current theory about scalable
systems," said Ramano Rao, chief technology officer at
Inxight, a Sunnyvale, Calif., company that develops
text-searching software. "It uses all the right buzzwords."


People close to the Pentagon's research program said Dr.
Poindexter was acutely aware of the power and the
invasiveness of his experimental surveillance system. In
private conversations this summer, according to several
Department of Defense contractors, he raised the
possibility that the control of the Total Information
Awareness system should be placed under the jurisdiction of
an independent, nongovernmental organization like the Red
Cross because of the potential for abuse.

Dr. Poindexter declined to be interviewed for this article.
A Darpa spokeswoman, Jan Walker, wrote in an e-mail reply
to questions that "we don't recall ever talking about"
having a nongovernmental organization operate the Total
Information Awareness program and that "we've not held any
discussions with" such an organization.

The idea of using an independent organization to control a
technology that has a high potential for abuse has been
raised by previous administrations. An abortive plan to
create a backdoor surveillance capability in encrypted
communications, known as Clipper, was introduced by the
Clinton administration in 1993. It called for keys to the
code to be held by an organization independent of the
F.B.I. and other law enforcement agencies.

Speaking of Dr. Poindexter, John Arquilla, an expert at the
Naval Postgraduate School in Monterey on unconventional
warfare, said, "The admiral is very concerned about the
tension between security and civil liberties." He added
that because of the changing nature of warfare and the
threat of terrorism, the United States would be forced to
make trade-offs between individuals' privacy and national
security. 

"In an age of terror wars, we have to learn the middle path
to craft the security we need without incurring too great a
cost on our civil liberties," he said.

Computer scientists who work with Darpa said that Dr.
Poindexter was an enthusiastic backer of a Darpa-sponsored
advisory group that had been initiated by a Microsoft
researcher, Eric Horvitz, in October 2001 in the wake of
the Sept. 11 terrorist attacks.

The group, which was composed of 41 computer scientists,
policy experts and government officials, met three times to
explore whether it was possible to employ sophisticated
data-mining technologies against potential terrorist
attacks while protecting individuals' privacy.

A number of the scientists proposed "black box"
surveillance systems that would alert human intelligence
analysts about suspicious patterns. Once the alerts were
issued in such a system, they suggested, legal processes
like those used for wiretapping could be employed.

But a number of the scientists and policy experts who
attended the meetings were skeptical that technical
safeguards would be adequate to ensure that such a system
would not be abused.

The debate is a healthy one, said Don Upson, who is senior
vice president of the government business unit of a
software company in Fairfax, Va., webMethods, and the
former secretary of technology for Virginia.

"I'm glad Darpa is doing this because somebody has to start
defining what the rules are going to be" about how and when
to use data, he said. "I believe we're headed down the path
of setting the parameters of how we're going to use
information." 

http://www.nytimes.com/2002/12/23/technology/23PEEK.html?ex=1041610653&ei=1&;
en=b12aef2b68c6a6bc

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/