Total Info System Totally Touchy

By Ryan Singel

Story location: http://www.wired.com/news/politics/0,1283,56620,00.html

02:00 AM Dec. 02, 2002 PT

Can a massive database of information on Americans really preempt terrorist attacks?

That's what industry experts are asking about the Pentagon's proposed Total Information
Awareness System, which, according to the proposal (PDF), would aggregate on "an
unprecedented scale" credit card, medical, school and travel records.

Critics say looking for terrorists by rooting around in private, commercial databases of Americans'
personal information violates the Fourth Amendment -- not to mention citizens' privacy. Some in
the industry even refuse to work on the project on ethical grounds.

While the proposal makes clear that designing such databases would require "revolutionary new
technology," its goal is to create a working system to hand to law enforcement and intelligence
agencies.

The Total Information Awareness System and related efforts received $137 million in
government funding for the 2003 fiscal year. It is the signature project of the Office of Information
Awareness, which operates under the Defense Advanced Research Projects Agency. Leading
the initiative is Retired Admiral John Poindexter, who is controversial because of his 1991
conviction (later overturned) for lying to Congress about the Iran-Contra affair.

"Terrorists operate in shadowy networks," said Pentagon spokeswoman Jan Walker. "People
have to move and plan before committing a terrorist act. Our hypothesis is their planning process
has a signature."

Project coordinators will start by creating a database of fake transactions mixed with real
intelligence data and simulated terrorist "clues." Then they will test the ability of pattern-matching
algorithms and data-mining tools to spot the terrorist signatures.

"The proposal is do-able and feasible, but the idea of making it into a single window onto
disparate information and integrating it on a massive scale is the real challenge," said Chris
Sherman, associate editor of Search Engine Watch.

Sherman pointed to existing technologies such as software from i2 that the Treasury uses to track
financial crimes, as an example of technology that hunts for hidden data patterns.

Others in the industry question the system's feasibility.

"The kind of things they are looking for are hard to find," said Herb Edelstein, president of data-
mining company Two Crows. "Terrorism is an adaptive problem. It's pretty unlikely the next
terrorist attack will be people hijacking planes and crashing them into buildings.

"The project is not going to have near-term contributions to the war on terrorism. It's not clear this
is an economically valuable way to fight terrorism."

Simson Garfinkel, author of Database Nation: The Death of Privacy in the 21st Century, also has
doubts.

"Data mining is good for the purpose of increasing sales and figuring out where to place products
in stores," he said. "This is very different from figuring out if these products are going to be used
for terrorist activities."

Incorrect guesses present problems, too.

"With meaningful pattern recognition, the order of magnitude of errors from inferences is huge,
something like ten to the third (power)," said Paul Hawken, author of The Ecology of Commerce
and the chairman of information mapping software company Groxis. "There would be an
incalculable expense to monitor a thousand wrong hits for one correct inference."

In fact, Hawken said, Groxis spurned, on principle, an offer from Poindexter's group to get
involved in the project.

"We make tools for people to make sense of the information in the world, not for the world to
make more information out of people," Hawken said.

Hawken is skeptical about the project's ability to attract top industry names. He said he knows
other people, including those who have worked for the National Security Agency, who refused to
work on it for ethical reasons.

"I don't know how you profile resentment and anger, but I don't think you do it from how many
times someone goes to Wal-Mart," he said.

And the project faces other problems.

Database fields are not standardized, and the data they contain isn't always reliable. Names get
misspelled, digits are transposed, addresses are outdated or incorrect, and few names are
unique.

"The data quality problem is enormous, but what's alarming is the danger of false positives
based on incorrect data," Edelstein said. "Think of the number of people who get in trouble with
the law because they have the same name as somebody else."

Despite widespread use of Social Security numbers in medical and financial records, there is still
no "unique identifier" that would allow the new system to track individuals with total accuracy.

Wired News: Staff | Contact Us | Advertising

We are translated daily into Spanish, Portuguese, and Japanese
© Copyright 2002, Lycos, Inc. All Rights Reserved.
November 22, 2002
Agency Weighed, but Discarded, Plan Reconfiguring the Internet
By JOHN MARKOFF

The Pentagon research agency that is exploring how to create a vast database of electronic transactions and
analyze them for potential terrorist activity considered but rejected another surveillance idea: tagging Internet
data with unique personal markers to make anonymous use of some parts of the Internet impossible.

The idea, which was explored at a two-day workshop in California in August, touched off an angry private dispute
among computer scientists and policy experts who had been brought together to assess the implications of the
technology.

The plan, known as eDNA, called for developing a new version of the Internet that would include enclaves where
it would be impossible to be anonymous while using the network. The technology would have divided the
Internet into secure "public network highways," where a computer user would have needed to be identified, and
"private network alleyways," which would not have required identification.

Several people familiar with the eDNA discussions said such secure areas might have first involved government
employees or law enforcement agencies, then been extended to security-conscious organizations like financial
institutions, and after that been broadened even further.

A description of the eDNA proposal that was sent to the 18 workshop participants read in part: "We envisage that
all network and client resources will maintain traces of user eDNA so that the user can be uniquely identified as
having visited a Web site, having started a process or having sent a packet. This way, the resources and those
who use them form a virtual `crime scene' that contains evidence about the identity of the users, much the same
way as a real crime scene contains DNA traces of people."

The proposal would have been one of a series of technology initiatives that have been pursued by the Bush
administration for what it describes as part of the effort to counter the potential for further terrorist attacks in the
Unites States. Those initiatives include a variety of plans to trace and monitor the electronic activities of United
States citizens.

In recent weeks another undertaking of the the Defense Advanced Research Projects Agency, or Darpa, the
Pentagon research organization, has drawn sharp criticism for its potential to undermine civil liberties. That
project is being headed by John M. Poindexter, the retired vice admiral who served as national security adviser
to President Ronald Reagan.

Dr. Poindexter returned to the Pentagon in January to direct the research agency's Information Awareness
Office, created in the wake of the Sept. 11 attacks. That office has been pursuing a surveillance system called
Total Information Awareness that would permit intelligence analysts and law enforcement officials to mount a vast
dragnet through electronic transaction data ranging from credit card information to veterinary records, in the
United States and internationally, to hunt for terrorists.

In contrast, with eDNA the user would have needed to enter a digital version of unique personal identifiers, like a
fingerprint or voice, in order to use the secure enclaves of the network. That would have been turned into an
electronic signature that could have been appended to every Internet message or activity and thus tracked back
to its source.

The eDNA idea was originally envisioned in a private brainstorming session that included the director of Darpa,
Dr. Tony Tether, and a number of computer researchers, according to a person with intimate knowledge of the
proposal. At the meeting, this person said, Dr. Tether asked why Internet attacks could not be traced back to
their point of origin, and was told that given the current structure of the Internet, doing so was frequently not
possible.

The review of the proposal was financed by a second Darpa unit, the Information Processing Technology Office.
This week a Darpa spokeswoman, Jan Walker, said the agency planned no further financing for the idea. In
explaining the reason for the decision to finance the review in the first place, Ms. Walker said the agency had
been "intrigued by the difficult computing science research involved in creating network capabilities that would
provide the same levels of responsibility and accountability in cyberspace as now exist in the physical world."

Darpa awarded a $60,000 contract to SRI International, a research concern based in Menlo Park, Calif., to
investigate the concept. SRI then convened the workshop in August to evaluate its feasibility.

The workshop brought together a group of respected computer security researchers, including Whitfield Diffie
of Sun Microsystems and Matt Blaze of AT&T Labs; well-known computer scientists like Roger Needham of
Microsoft Research in Cambridge, England; Michael Vatis, who headed the National Infrastructure Protection
Center during the Clinton administration; and Marc Rotenberg, a privacy expert from the Electronic Privacy
Information Center.

The workshop was led by Mr. Blaze and Dr. Victoria Stavridou, an SRI computer scientist, one of those who had
originally discussed the eDNA concept with Darpa officials.

At the workshop, the idea was criticized by almost all the participants, a number of them said, on both technical
and privacy grounds. Several computer experts said they believed that it would not solve the problems it would
be addressing.

"Before people demand more surveillance information, they should be able to process the information they
already have," Mark Seiden, an independent computer security expert who attended the workshop, said in an
interview. "Almost all of our failures to date have come from our inability to use existing intelligence information."

Several of the researchers told of a heated e-mail exchange in September over how to represent the consensus
of the workshop in a report that was to be submitted to Darpa. At one point, Mr. Blaze reported to the group that
he had been "fired" by Dr. Stavridou, of SRI, from his appointed role of writing the report presenting that
consensus.

In e-mail messages, several participants said they believed that Dr. Stavridou was hijacking the report and that
the group's consensus would not be reported to Darpa.

"I've never seen such personal attacks," one participant said in a subsequent telephone interview.

In defending herself by e-mail, Dr. Stavridou told the other panelists, "Darpa asked SRI to organize the meeting
because they have a deep interest in technology for identifying network miscreants and revoking their network
privileges."

In October, Dr. Stavridou traveled to Darpa headquarters in Virginia and — after a teleconference from there that
was to have included Mr. Blaze, Mr. Rotenberg and Mr. Vatis was canceled — later told the panelists by e-mail
that she had briefed several Darpa officials on her own about the group's discussions.

In that e-mail message, sent to the group on Oct. 15, she reported that the Darpa officials had been impressed
with the panel's work and had told her that three Darpa offices, including the Information Awareness Office, were
interested in pursuing the technology.

This week, however, in response to a reporter's question, Darpa said it had no plans to pursue the technology.
And an SRI spokeswoman, Alice Resnick, said yesterday, "SRI informed Darpa that the costs and risks would
outweigh any benefit."

Dr. Stavridou did not return phone calls asking for comment.

Copyright The New York Times Company