26 September 2003—Terrorism Information Awareness (TIA), a U.S. defense department program to mine credit card, medical, travel, police, and other governmental data, is being disbanded. Originally called Total Information Awareness, TIA got nothing but bad press, because of its Orwellian name, mission, and origin as the brainchild of Admiral John Poindexter, a prominent figure in the ”Irangate” scandal that tarnished Ronald Reagan’s second term.
A joint House-Senate appropriations conference committee voted on 24 September to defund TIA through 2004, along with its bureaucratic parent, the Information Awareness Office (IAO), a branch of the Defense Advanced Research Projects Agency (Darpa) that Poindexter had headed. But the committee allowed some programs to continue under different offices and agencies. The effect, ironically, will be to make some TIA programs less visible and less accountable. ”Killing the Information Awareness Office is a positive first step,” says David Sobel, general counsel of the Electronic Privacy Information Center (Washington, D.C.), ”but it doesn’t eliminate the government’s datamining initiatives. It drives them underground.”
The bill, already passed by the House and the Senate, allows eight information office programs to be continued elsewhere in Darpa. In addition, related research will be carried on by an obscure counterintelligence program known as the National Foreign Intelligence Program (NFIP), according to a statement prepared by the joint conference committee.
NFIP is jointly managed by an assortment of intelligence agencies, including the Central Intelligence Agency, the Federal Bureau of Investigation, and the National Security Agency. The budget for NFIP is classified, as is the full definition of the work it is now authorized to develop—the committee report refers only to ”processing, analysis, and collaboration tools for counterterrorism foreign intelligence.”
Killing it softly
The conference committee was charged with resolving differences in broad bills passed by the two branches of Congress that set the 2004 budget for the entire Department of Defense. The federal fiscal year runs from October to September, and multi-billion-dollar budget decisions are often left to the last minute.
The defense budget bill passed in July by the U.S. House of Representatives eliminated funding for deployment of any TIA systems, but would have allowed research to continue in such areas as data-mining, privacy, and security. A corresponding Senate bill made no such allowances. That version won out in the conference committee only to the extent that TIA and the Information Awareness Office were disbanded. In a real sense, however, the House version won: much IAO research will continue. In addition, the House’s distinction between research and implementation is maintained. The NFIP is enjoined by the new law from using any of those processing, analysis, and collaboration tools domestically.
Documents obtained earlier this year under the Freedom of Information Act by the Electronic Privacy Information Center and a second Washington, D.C., advocacy group, the Center for Public Integrity, make clear that by the end of 2002, TIA had agreed to fund 26 research projects in all. The fiscal 2003 budgets for those programs, running from October 2002 through September 2003, was about US $140 million, according a report prepared by the civil rights group Electronic Frontier Foundation (San Francisco). The 2004 budget for all TIA programs, which are currently all at the research stage, would have been about $169 million.
Some of those programs, to the extent they have been disclosed, have not fared well in the court of public opinion. In May, the press ridiculed a $1 million Georgia Institute of Technology (Atlanta) research effort that analyzed the way people walk and tried to create unique ”gait signatures” for them. The work is part of a larger project, called HumanID, for overall recognition of individuals at a distance, including face and iris identification. Another seemingly outlandish program, LifeLog, was a multimedia überdiary that would record everything a person said and did. Both programs are now defunded.
In late July a New York Times report described FutureMAP, a TIA research project that would have created financial markets in which one could make small investment wagers on possible future events such as when Saddam Hussein would be found or whether or not specific Middle Eastern leaders would be assassinated. [See ”Toward A Bettor Future,” http://www.spectrum.ieee.org/WEBONLY/wonews/aug03/future.html.]
Although FutureMAP was hardly a secret—it was described in a March 2003 report in Security Industry News, and even briefly mentioned by Hendrik Hertzberg in The New Yorker back on 9 December 2002—a spark had been lit. In the resulting firestorm, Poindexter resigned and TIA’s fate in Congress was probably sealed.
The eight Information Awareness Office programs allowed to continue are (with Darpa’s requested fiscal year 2004 budget amounts in parentheses): Bio-Event Advanced Leading Indicator Recognition Technology, ($6.3 million); Rapid Analytical Wargaming ($7.5 million); Wargaming the Asymmetric Environment ($8.2 million); and five projects to translate and analyze spoken and written natural language: TIDES, EARS, and GALE ($46.3 million, combined), and Babylon and Symphony ($10.9 million, combined).
What’s not completely clear is the role NFIP will play in salvaging TIA projects, or which of the many agencies that run NFIP will be involved. The FBI, for example, is the government’s main law enforcement agency, and is the primary organ of the federal government authorized to conduct counterintelligence activities within the United States. However, it normally does no research of the sort that TIA involves.
The NFIP itself is charged, according to an official description, with the tasks of counterintelligence, counter-terrorism, foiling economic espionage, and generally ”thwarting the intelligence collection activities of foreign powers and their agents.”
Another place to which TIA-like research could move is a new Darpa-like entity, the Department of Homeland Security Advanced Research Projects Agency (DHSarpa). With a hefty first-year budget of $800 million and a deputy director who held that title at Darpa, the new Arpa on the block could provide a second string in the bow of any military-related research looking for a sponsor.
TIA is dead, long live TIA?
Even if TIA’s research efforts had been allowed to die on the vine, the Orwellian science of datamining will continue to mature, in just the ways that terrify privacy advocates. For example, the Transportation Security Administration, the U.S. agency responsible for air transport safety, is developing a second-generation of its Computer Assisted Passenger Prescreening System program (CAPPS II). The new version is designed to place all airline passengers into one of three categories (helpfully color-coded): safe to fly with no qualification (green); requires further inspection (yellow); and cannot-fly (red).
Apparently in preparation for CAPPS II and other such programs, a Huntsville, Ala., data-mining research firm, Torch Concepts, Inc., obtained 5 million travel records from the air carrier JetBlue Airways (Forest Hills, N.Y.) and correlated it with data from a commercial database vendor. The result: profiles of millions of travelers and the types of trips they made, included their Social Security numbers, income, number of children, addresses, length of residency, and other information.
Many other government agencies, in other words, will be funding much the same work TIA was intended to do. But with TIA itself ”gone,” that work may well be done with a lot less public scrutiny.