From the January 27, 2003 issue: There's a compelling case to be made for the Pentagon's Total Information Awareness program.
Jan 27, 2003, Vol. 8, No. 19 • By HEATHER MAC DONALD
EVERY WEEK brings new evidence of al Qaeda's continuing plots against the United States and the West. Yet the 108th Congress may well shut down one of the most promising efforts to preempt future attacks, thanks to a media misinformation blitz playing to Americans' outsized Big Brother paranoia.
The Pentagon's prestigious research unit, the same Defense Advanced Research Projects Agency that helped invent the Internet, is exploring whether computers could detect terrorist planning activity by searching government and commercial databases across the globe. The program, dubbed Total Information Awareness (TIA), embodies the recognition that before an attack can take place, certain critical activities--casing targets, rehearsing, and procuring financing, supplies, and weapons--must occur, and that those activities will leave computer signatures. Had even a simple data-mining program been in place before 9/11, a majority of the hijackers could have been identified. Remember that two of the 9/11 hijackers were already on a State Department watch list. When Khalid Almidhar and Nawaq Alhazmi bought their tickets on American Airlines Flight 77 in August, a search for people sharing addresses and frequent flier numbers with these al Qaeda operatives, as well as of their telephone contacts, would have uncovered over half the plotters.
In early November, both the Washington Post and the New York Times reported on the Total Information Awareness project without causing a ripple of concern. Then on November 14, New York Times pundit William Safire let fly with a column entitled "You Are a Suspect." He declared that "in the next few weeks," the government would compile a computer dossier on "every public and every private act of every American" unless TIA were stopped.
The media world uncorked the champagne bottles. Stories about the imminent advent of Big Brother rolled non-stop across television screens and newspaper editorial pages. In a typically garbled outburst of zeal, law professor Jonathan Turley wrote in the Los Angeles Times: "Long thought dead, it now appears that Orwell is busy at work in the darkest recesses of the Bush administration and its new Information Awareness Office." Politicians rushed to express their dismay and promised to defund this new Bush initiative to strip Americans of their freedom.
To call the Safire column and its progeny caricatures of the Pentagon project is too charitable. Their disconnection from reality was total. The notion that the program would result in "computer dossiers on 300 million Americans," as Safire exclaimed and dozens of editorialists echoed, is pure fiction. The TIA researchers are trying to teach computers to recognize suspicious patterns of activity in the billions of transactions that occur across the world daily; compiling dossiers on every American never enters the picture. The program--which is still at the idea stage--would start by mapping the personal networks of known terrorists and suspects, a traditional investigative technique merely given more juice by massive computing power. If John Doe placed several calls to Mohamed Atta before 9/11, that information would most certainly be stored for future reference, and any other of Mr. Doe's transactions with Islamic radicals would be flagged. His neighbor's purchase of golf clubs with a Visa card, on the other hand, would be invisible to the TIA computers.
Also left out of the nightmare scenarios are the numerous privacy protections being built into TIA. The program would sever names and other personal information from transactions. An analyst could query, for example, whether anyone had bought unusually large quantities of bomb-making chemicals and rented a large truck recently. The program might say yes, such a pattern had occurred, but it would not reveal the names of the people pursuing it unless the disclosure were approved by a judge or other legal authority. Like criminal investigators, analysts using TIA would be given access to private data only if their case for seeking it met certain legal standards. The program would also contain audit mechanisms automatically tracing where data are sent and who has seen them. Oversight would be built into the system. Policymakers should of course provide for criminal penalties for any abuses.