From the January 27, 2003 issue: There's a compelling case to be made for the Pentagon's Total Information Awareness program.
Jan 27, 2003, Vol. 8, No. 19 • By HEATHER MAC DONALD
EVERY WEEK brings new evidence of al Qaeda's continuing plots against the United States and the West. Yet the 108th Congress may well shut down one of the most promising efforts to preempt future attacks, thanks to a media misinformation blitz playing to Americans' outsized Big Brother paranoia.
The Pentagon's prestigious research unit, the same Defense Advanced Research Projects Agency that helped invent the Internet, is exploring whether computers could detect terrorist planning activity by searching government and commercial databases across the globe. The program, dubbed Total Information Awareness (TIA), embodies the recognition that before an attack can take place, certain critical activities--casing targets, rehearsing, and procuring financing, supplies, and weapons--must occur, and that those activities will leave computer signatures. Had even a simple data-mining program been in place before 9/11, a majority of the hijackers could have been identified. Remember that two of the 9/11 hijackers were already on a State Department watch list. When Khalid Almidhar and Nawaq Alhazmi bought their tickets on American Airlines Flight 77 in August, a search for people sharing addresses and frequent flier numbers with these al Qaeda operatives, as well as of their telephone contacts, would have uncovered over half the plotters.
In early November, both the Washington Post and the New York Times reported on the Total Information Awareness project without causing a ripple of concern. Then on November 14, New York Times pundit William Safire let fly with a column entitled "You Are a Suspect." He declared that "in the next few weeks," the government would compile a computer dossier on "every public and every private act of every American" unless TIA were stopped.
The media world uncorked the champagne bottles. Stories about the imminent advent of Big Brother rolled non-stop across television screens and newspaper editorial pages. In a typically garbled outburst of zeal, law professor Jonathan Turley wrote in the Los Angeles Times: "Long thought dead, it now appears that Orwell is busy at work in the darkest recesses of the Bush administration and its new Information Awareness Office." Politicians rushed to express their dismay and promised to defund this new Bush initiative to strip Americans of their freedom.
To call the Safire column and its progeny caricatures of the Pentagon project is too charitable. Their disconnection from reality was total. The notion that the program would result in "computer dossiers on 300 million Americans," as Safire exclaimed and dozens of editorialists echoed, is pure fiction. The TIA researchers are trying to teach computers to recognize suspicious patterns of activity in the billions of transactions that occur across the world daily; compiling dossiers on every American never enters the picture. The program--which is still at the idea stage--would start by mapping the personal networks of known terrorists and suspects, a traditional investigative technique merely given more juice by massive computing power. If John Doe placed several calls to Mohamed Atta before 9/11, that information would most certainly be stored for future reference, and any other of Mr. Doe's transactions with Islamic radicals would be flagged. His neighbor's purchase of golf clubs with a Visa card, on the other hand, would be invisible to the TIA computers.
Also left out of the nightmare scenarios are the numerous privacy protections being built into TIA. The program would sever names and other personal information from transactions. An analyst could query, for example, whether anyone had bought unusually large quantities of bomb-making chemicals and rented a large truck recently. The program might say yes, such a pattern had occurred, but it would not reveal the names of the people pursuing it unless the disclosure were approved by a judge or other legal authority. Like criminal investigators, analysts using TIA would be given access to private data only if their case for seeking it met certain legal standards. The program would also contain audit mechanisms automatically tracing where data are sent and who has seen them. Oversight would be built into the system. Policymakers should of course provide for criminal penalties for any abuses.
Equally specious has been the critics' personalizing of TIA as the devilish ambition of its director, Admiral John Poindexter. Poindexter was President Reagan's national security adviser and a lead player in the Iran-contra scandal. Safire claims that "Poindexter is now realizing his 20-year dream: getting the data mining power to snoop on every public and private act of every American." Safire doesn't reveal how he knows what Poindexter has been dreaming for the last 20 years. Every privacy paranoiac has milked Poindexter's involvement in Iran-contra for all it's worth, and indeed, the Bush administration should have foreseen the ad hominem potential of his appointment. But the critics' charge that TIA represents Poindexter's personal desire to "monitor every aspect of your life," in the words of the Atlanta Journal-Constitution, is absurd. Should the technology prove feasible, Pentagon researchers would deliver it to law enforcement agencies like the FBI and the CIA to operate; Poindexter would have nothing to do with its implementation.
The reaction to TIA is a textbook case of privacy hysteria. The Bush administration had better learn how to counter such outbreaks, for they will resurface with every new initiative to improve the country's intelligence capacity. They follow a predictable script:
-Barely mention the motivation for the initiative, if at all. Safire, like several of his followers, writes an entire column on TIA without once referring to terrorism or the 9/11 strikes.
-Never, ever suggest an alternative. Islamic terrorists wear no uniforms, carry no particular passport, and live inconspicuously among the target population for years. Many, sometimes all, of the steps leading up to an attack are legal; they become suspicious only when combined in a particular way in a particular context. TIA's critics adamantly oppose using data mining to detect suspicious patterns of activity in civilian populations, but they never propose an alternative method to find the terrorist enemy before he strikes.
Remember the outcry after 9/11 over the intelligence community's failure to "connect the dots"? TIA is nothing other than a connect-the-dots tool, with a global scope that individual analysts cannot hope to match. Do its detractors simply hope that as the next attack nears, the same intelligence analysts who failed us last time, using the same inadequate tools, will get it right this time? They do not say.
-Assume the worst; ignore the best. The Kansas City Star editorializes that if TIA proceeds, "Uncle Sam could end up listening to your phone conversations, reading your e-mail and monitoring your shopping trips." Well, yes, if defense intelligence analysts lose interest in al Qaeda and develop so strong a fascination with the quotidian affairs of John Q. Public that they are willing to risk their careers to abuse the system, that could happen. But the lawful use of TIA could also stop a smallpox release at Disneyland. TIA would allow investigators to identify, say, visa holders from terror-associated countries who had spent more than a month in Afghanistan during Taliban days and who also shared addresses, phone numbers, or credit cards; it could spot airline ticket holders who had telephoned people on terror watch lists over the past year; and it could determine which visa applicants had traveled to certain cities contemporaneously with terrorist activity.
-Use a privacy balancing test when pursuing your own interests, but demand privacy absolutism regarding the public good. Americans are credit card junkies, cell phone aficionados, ATM devotees, and Internet shoppers. All of these consumer conveniences transfer vast swaths of personal information to corporations, which then often sell it for additional profit. Americans happily balance the privacy risk of electronic communications against the concomitant increase in personal ease, and often decide that convenience trumps privacy. But let the government propose to protect the public good by using data that Americans have freely provided to companies, and the citizenry become privacy dogmatists. No matter how many lives might be saved if the government could analyze nameless bytes of data for signs of deadly transactions, one's own alleged right not to have a government computer scan a database containing one's Christmas purchases is more important.
-Never specify to what exactly in the proposed program you object. Every element of TIA is now legal and already in effect. The government already has access to private databases for investigatory purposes, but searching them is extremely cumbersome for lack of decent software. Likewise, the government can legally search its own computers, but that capacity, too, is constrained by primitive technology. TIA's enemies have not called for ending intelligence access to private or public databases, so their gripe ultimately boils down to the possibility that the government might do what it is already doing more efficiently. The rule appears to be of Luddite origin: The terrorists can expertly exploit our technology against us, but we must fight back with outdated, inadequate tools.
-Confuse cause and effect. TIA critics warn of impending totalitarianism should the research continue. A syndicated columnist for the Orlando Sentinel announced that the country was being "Stalinized." But totalitarian states do not arise because they marginally increase their access to personal data, they arise when social order is collapsing, as Amitai Etzioni has pointed out. The chance that the U.S. government will become a police state because it is better able to analyze private transactions for signs of terrorism is virtually nil; the chance would be greater, however, if the country were to experience a series of devastating attacks and confidence in the government's ability to protect the public safety were to evaporate.
The Pentagon's data mining project could easily go down in the next few months. A mongrel coalition of advocacy groups, ranging from the Free Congress Foundation and Grover Norquist's Americans for Tax Reform on the right to the ACLU on the left, has made the defeat of TIA its top priority for the year. Last year a similar effort killed off TIPS--a Justice Department proposal for reporting possible terrorist activity. Senator Ron Wyden introduced an amendment last week to defund TIA until Congress reviews it; other senators planning similar legislation include Dianne Feinstein, Daniel Inouye, and Russell Feingold. And the coalition of critics is pressuring a range of congressional committees to pull the plug. Should they succeed, Americans will be deprived of an essential tool to stop terrorist plots before they climax, even as al Qaeda's operatives are busily logging on and designing their next evil deed.
Heather Mac Donald is a contributing editor at the Manhattan Institute's City Journal and the author of "Are Cops Racist? How the War Against the Police Harms Black Americans" (Ivan R. Dee, 2003).