Researchers still defending terror program

Researchers working on the Defense Advanced Research Projects Agency's Terrorism Information Awareness program said today the program died prematurely largely because the agency didn't better explain its uses and safeguards.

When Congress passed the Defense Appropriations Bill for fiscal 2004, it included specific language to effectively kill the TIA project that had been run by the Defense Advanced Research Projects Agency for less than a year.

At a Sept. 30 meeting of the Defense Department's Technology and Privacy Advisory Committee (TAPAC), researchers involved in the program outlined their participation in an attempt to show that the much-maligned system was not the all-encompassing spy technology it had been made out to be.

Originally called Total Information Awareness, TIA would help national security analysts track and pre-empt terrorist attacks by spotting patterns in credit card and travel records, biometric authentication technologies, intelligence data and automated virtual data repositories.

Privacy advocates have sharply criticized the program, arguing that it could be used as a tool to spy on American citizens without the due process given more conventional surveillance techniques. DOD established TAPAC as an external board in February to ensure that the information awareness program maintains proper regard for constitutional laws and existing privacy policies. An internal DOD committee has the same goal.

"Our responsibility is to implement and maintain this experimental [research and development] network and to provide experimental software tools to the uniformed user analysts who have the choice to use them in the performance of their missions," said J. Brian Sharkey, a researcher with Hicks and Associates Inc., which works on TIA. "We are not mining data on U.S. citizens, are not searching credit card histories, or library records, or gun ownership records, or building files or dossiers on any U.S. citizens, or developing a Big Brother system to invade the privacy of anyone."

Other researchers outlined how their technology was designed to prevent just the type of spying that had privacy advocates and Congress so disturbed. Genysis Privacy Protection, for example, involves use of a privacy appliance — a piece of middleware that would prevent the analyst from determining the identity of a subject under scrutiny unless firm and compelling evidence mandated it for a follow-up investigation.

"It would be similar to firewalls on a computer," operating between the analyst and the database being queried, explained Teresa Lunt, an area manager for the Palo Alto Research Center.

Nils Sandell, who works for AlphaTech Inc., the contractor working on the application side of the Genysis project, said the company was looking for ways to develop software that can access multiple databases and determine the relationships of the data therein.

"The project is only four months old," he said. "And it looks like it will end prematurely."

"DARPA was caught in the path of a perfect storm of public opinion," said David Jensen, a computer science professor at the University of Massachusetts at Amherst and project member of Evidence Extraction and Link Discovery, another TIA component. "It was just in the wrong place at the wrong time. They did a rotten job at communicating the research they were doing and [communicating] that they are not an intelligence agency."

The DOD appropriations bill states that no money can be designated for TIA or any similar program.

"None of the funds provided for processing, analysis and collaboration tools for counterterrorism foreign intelligence shall be available for deployment or implementation" in TIA, the bill states. It made exceptions for lawful military operations outside the country or foreign intelligence activities conducted overseas or against non-U.S. citizens.