DOD: Terrorist system will protect privacy

DARPA's report to Congress on the Terrorism Information Awareness Project

The Defense Advanced Research Projects Agency pledged last week that it would protect Americans' privacy when developing a controversial system to track terrorist activity, but privacy advocates questioned if the agency's plans would be adequate.

In a report submitted to Congress, DARPA officials outlined steps in the agency's development of its Total Information Awareness program taken to alleviate criticism that the system would jeopardize Americans' privacy — such as changing the system's name to the Terrorism Information Awareness network.

TIA would access databases run by airlines, financial and educational institutions, and other groups to find patterns that might identify terrorist activity. DARPA, which is part of the Defense Department, also plans to study the use of biometric technology to scan people's facial features, movements, behavior and even the way they walk in order to identify suspected terrorists.

Concerned the system would delve too much into people's private lives, Congress temporarily blocked the development of the system in February until DARPA reported on the measures the agency is taking to protect privacy.

In the report, DARPA officials said they would comply with laws governing intelligence activities and protecting constitutional rights. The system would use only foreign intelligence and counterintelligence information legally obtained and usable by the government under the law. The system would also use information from artificial data generated to model behavior patterns. Further, as part of its TIA research, DARPA will develop new technologies that ensure privacy.

"Safeguarding privacy and the civil liberties of Americans is a bedrock principle," the report stated. DOD "intends to make it a central element in [its] management and oversight of the TIA program."

According to the report, TIA is a group of programs that integrates technologies and databases to better detect and identify potential terrorists. However, DARPA stressed that TIA is still in the research stage and privacy concerns will continue to be taken into account. DOD has created an oversight board composed of senior agency and intelligence representatives and chaired by the undersecretary of Defense for acquisition, technology and logistics.

"The protection of privacy and civil liberties is an integral and paramount goal in the development of counterterrorism technologies and in their implementation," the report stated.

Jay Stanley, spokesman for the American Civil Liberties Union, said the greatest failure of the report was ignoring the future implications of such a system. Once deployed, the system could be expanded beyond terrorism to investigate criminals or minor offenses, he said.

"They're sugar-coating it and making it as palatable as possible, but once we swallow it, it will corrode our privacy protections," Stanley said.

Privacy advocates also criticized DARPA's decision to change the program's name, calling it a public relations campaign to ease privacy concerns. "It seems to me they view this as a public relations problem, an image problem, so they've tried to change those things," said Mihir Kshirsagar, a policy analyst for the Electronic Privacy Information Center. "But the American public is very concerned about the substance of the program. That's going to show through."

"The name change doesn't change the issues that prompted Sen. Wyden to propose the amendment in the first place," said Carol Guthrie, spokeswoman for Sen. Ron Wyden (D-Ore.), the senator who first proposed to halt the funding of TIA until further review. "Sen. Wyden believes it's essential that Congress retain oversight."

"This name created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens," according to the DARPA report. "That is not [DOD's] intent in pursuing this program."

***

TIA safeguards

Officials at the Defense Advanced Research Projects Agency pledged last week to take privacy concerns into account in the development of the renamed Terrorism Information Awareness system. For TIA to be deemed ready for deployment, according to a DARPA report, several factors must be addressed:

* Search tools must be tested for accuracy and efficiency.

* Safeguards, such as audit tools, should be built into the system to track who accesses private information and to keep that information confidential.

* Proper security to protect against hackers and other unauthorized users must be installed.

* Agencies that want to access TIA must first conduct a legal review to determine if their use of the system is appropriate.

* Before TIA will be deployed at an agency, that office must develop effective oversight of its designated users.