302 tech govern question
TRANSCRIPT
-
8/9/2019 302 Tech Govern Question
1/4
Total Info System Totally TouchyBy Ryan Singel
Story location: http://www.wired.com/news/politics/0,1283,56620,00.html
02:00 AM Dec. 02, 2002 PT
Can a massive database of information on Americans really preempt terrorist attacks?That's what industry experts are asking about the Pentagon's proposed Total InformationAwareness System, which, according to the proposal (PDF), would aggregate on "anunprecedented scale" credit card, medical, school and travel records.
Critics say looking for terrorists by rooting around in private, commercial databases of Americans'personal information violates the Fourth Amendment -- not to mention citizens' privacy. Some inthe industry even refuse to work on the project on ethical grounds.
While the proposal makes clear that designing such databases would require "revolutionary newtechnology," its goal is to create a working system to hand to law enforcement and intelligenceagencies.
The Total Information Awareness System and related efforts received $137 million ingovernment funding for the 2003 fiscal year. It is the signature project of the Office of InformationAwareness, which operates under the Defense Advanced Research Projects Agency. Leadingthe initiative is Retired Admiral John Poindexter, who is controversial because of his 1991conviction (later overturned) for lying to Congress about the Iran-Contra affair.
"Terrorists operate in shadowy networks," said Pentagon spokeswoman Jan Walker. "Peoplehave to move and plan before committing a terrorist act. Our hypothesis is their planning processhas a signature."
Project coordinators will start by creating a database of fake transactions mixed with realintelligence data and simulated terrorist "clues." Then they will test the ability of pattern-matching
algorithms and data-mining tools to spot the terrorist signatures.
"The proposal is do-able and feasible, but the idea of making it into a single window ontodisparate information and integrating it on a massive scale is the real challenge," said ChrisSherman, associate editor of Search Engine Watch.
Sherman pointed to existing technologies such as software from i2 that the Treasury uses to trackfinancial crimes, as an example of technology that hunts for hidden data patterns.
Others in the industry question the system's feasibility.
"The kind of things they are looking for are hard to find," said Herb Edelstein, president of data-mining company Two Crows. "Terrorism is an adaptive problem. It's pretty unlikely the nextterrorist attack will be people hijacking planes and crashing them into buildings.
"The project is not going to have near-term contributions to the war on terrorism. It's not clear thisis an economically valuable way to fight terrorism."
Simson Garfinkel, author of Database Nation: The Death of Privacy in the 21st Century, also hasdoubts.
"Data mining is good for the purpose of increasing sales and figuring out where to place productsin stores," he said. "This is very different from figuring out if these products are going to be used
-
8/9/2019 302 Tech Govern Question
2/4
for terrorist activities."
Incorrect guesses present problems, too.
"With meaningful pattern recognition, the order of magnitude of errors from inferences is huge,something like ten to the third (power)," said Paul Hawken, author of The Ecology of Commerceand the chairman of information mapping software company Groxis. "There would be an
incalculable expense to monitor a thousand wrong hits for one correct inference."In fact, Hawken said, Groxis spurned, on principle, an offer from Poindexter's group to getinvolved in the project.
"We make tools for people to make sense of the information in the world, not for the world tomake more information out of people," Hawken said.
Hawken is skeptical about the project's ability to attract top industry names. He said he knowsother people, including those who have worked for the National Security Agency, who refused towork on it for ethical reasons.
"I don't know how you profile resentment and anger, but I don't think you do it from how many
times someone goes to Wal-Mart," he said.
And the project faces other problems.
Database fields are not standardized, and the data they contain isn't always reliable. Names getmisspelled, digits are transposed, addresses are outdated or incorrect, and few names areunique.
"The data quality problem is enormous, but what's alarming is the danger of false positivesbased on incorrect data," Edelstein said. "Think of the number of people who get in trouble withthe law because they have the same name as somebody else."
Despite widespread use of Social Security numbers in medical and financial records, there is still
no "unique identifier" that would allow the new system to track individuals with total accuracy.
Wired News: Staff | Contact Us | AdvertisingWe are translated daily into Spanish, Portuguese, and Japanese Copyright 2002, Lycos, Inc. All Rights Reserved.
-
8/9/2019 302 Tech Govern Question
3/4
November 22, 2002Agency Weighed, but Discarded, Plan Reconfiguring the Internet
By JOHN MARKOFF
The Pentagon research agency that is exploring how to create a vast database of electronic transactions andanalyze them for potential terrorist activity considered but rejected another surveillance idea: tagging Internetdata with unique personal markers to make anonymous use of some parts of the Internet impossible.
The idea, which was explored at a two-day workshop in California in August, touched off an angry private disputeamong computer scientists and policy experts who had been brought together to assess the implications of thetechnology.
The plan, known as eDNA, called for developing a new version of the Internet that would include enclaves whereit would be impossible to be anonymous while using the network. The technology would have divided theInternet into secure "public network highways," where a computer user would have needed to be identified, and"private network alleyways," which would not have required identification.
Several people familiar with the eDNA discussions said such secure areas might have first involved governmentemployees or law enforcement agencies, then been extended to security-conscious organizations like financialinstitutions, and after that been broadened even further.
A description of the eDNA proposal that was sent to the 18 workshop participants read in part: "We envisage thatall network and client resources will maintain traces of user eDNA so that the user can be uniquely identified ashaving visited a Web site, having started a process or having sent a packet. This way, the resources and thosewho use them form a virtual `crime scene' that contains evidence about the identity of the users, much the sameway as a real crime scene contains DNA traces of people."
The proposal would have been one of a series of technology initiatives that have been pursued by the Bushadministration for what it describes as part of the effort to counter the potential for further terrorist attacks in theUnites States. Those initiatives include a variety of plans to trace and monitor the electronic activities of UnitedStates citizens.
In recent weeks another undertaking of the the Defense Advanced Research Projects Agency, or Darpa, the
Pentagon research organization, has drawn sharp criticism for its potential to undermine civil liberties. Thatproject is being headed by John M. Poindexter, the retired vice admiral who served as national security adviserto President Ronald Reagan.
Dr. Poindexter returned to the Pentagon in January to direct the research agency's Information AwarenessOffice, created in the wake of the Sept. 11 attacks. That office has been pursuing a surveillance system calledTotal Information Awareness that would permit intelligence analysts and law enforcement officials to mount a vastdragnet through electronic transaction data ranging from credit card information to veterinary records, in theUnited States and internationally, to hunt for terrorists.
In contrast, with eDNA the user would have needed to enter a digital version of unique personal identifiers, like afingerprint or voice, in order to use the secure enclaves of the network. That would have been turned into anelectronic signature that could have been appended to every Internet message or activity and thus tracked backto its source.
The eDNA idea was originally envisioned in a private brainstorming session that included the director of Darpa,Dr. Tony Tether, and a number of computer researchers, according to a person with intimate knowledge of theproposal. At the meeting, this person said, Dr. Tether asked why Internet attacks could not be traced back totheir point of origin, and was told that given the current structure of the Internet, doing so was frequently notpossible.
The review of the proposal was financed by a second Darpa unit, the Information Processing Technology Office.This week a Darpa spokeswoman, Jan Walker, said the agency planned no further financing for the idea. In
-
8/9/2019 302 Tech Govern Question
4/4
explaining the reason for the decision to finance the review in the first place, Ms. Walker said the agency hadbeen "intrigued by the difficult computing science research involved in creating network capabilities that wouldprovide the same levels of responsibility and accountability in cyberspace as now exist in the physical world."
Darpa awarded a $60,000 contract to SRI International, a research concern based in Menlo Park, Calif., toinvestigate the concept. SRI then convened the workshop in August to evaluate its feasibility.
The workshop brought together a group of respected computer security researchers, including Whitfield Diffieof Sun Microsystems and Matt Blaze of AT&T Labs; well-known computer scientists like Roger Needham ofMicrosoft Research in Cambridge, England; Michael Vatis, who headed the National Infrastructure ProtectionCenter during the Clinton administration; and Marc Rotenberg, a privacy expert from the Electronic PrivacyInformation Center.
The workshop was led by Mr. Blaze and Dr. Victoria Stavridou, an SRI computer scientist, one of those who hadoriginally discussed the eDNA concept with Darpa officials.
At the workshop, the idea was criticized by almost all the participants, a number of them said, on both technicaland privacy grounds. Several computer experts said they believed that it would not solve the problems it wouldbe addressing.
"Before people demand more surveillance information, they should be able to process the information theyalready have," Mark Seiden, an independent computer security expert who attended the workshop, said in aninterview. "Almost all of our failures to date have come from our inability to use existing intelligence information."
Several of the researchers told of a heated e-mail exchange in September over how to represent the consensusof the workshop in a report that was to be submitted to Darpa. At one point, Mr. Blaze reported to the group thathe had been "fired" by Dr. Stavridou, of SRI, from his appointed role of writing the report presenting thatconsensus.
In e-mail messages, several participants said they believed that Dr. Stavridou was hijacking the report and thatthe group's consensus would not be reported to Darpa.
"I've never seen such personal attacks," one participant said in a subsequent telephone interview.
In defending herself by e-mail, Dr. Stavridou told the other panelists, "Darpa asked SRI to organize the meetingbecause they have a deep interest in technology for identifying network miscreants and revoking their networkprivileges."
In October, Dr. Stavridou traveled to Darpa headquarters in Virginia and after a teleconference from there thatwas to have included Mr. Blaze, Mr. Rotenberg and Mr. Vatis was canceled later told the panelists by e-mailthat she had briefed several Darpa officials on her own about the group's discussions.
In that e-mail message, sent to the group on Oct. 15, she reported that the Darpa officials had been impressedwith the panel's work and had told her that three Darpa offices, including the Information Awareness Office, wereinterested in pursuing the technology.
This week, however, in response to a reporter's question, Darpa said it had no plans to pursue the technology.And an SRI spokeswoman, Alice Resnick, said yesterday, "SRI informed Darpa that the costs and risks wouldoutweigh any benefit."
Dr. Stavridou did not return phone calls asking for comment.
Copyright The New York Times Company