Total Information Awareness: Down, but not out

Congress may have put the brakes on the most ambitious government surveillance program ever. But for citizens worried about their privacy, TIA still means trouble.

By Farhad Manjoo

Jan. 29, 2003 | The first congressional consideration of Total Information Awareness, President Bush's superpowered spy intitiative, was remarkably brief and uncomplicated. Indeed, it wasn't even a debate.

On Jan. 23, the Senate unanimously passed a measure requiring the government to produce a detailed report on the TIA system's goals, costs and consequences. The senator sponsoring the amendment, Ron Wyden, D-Ore., said he was worried that TIA -- a Defense Department research project that aims to identify terrorists by analyzing personal data collected in computer databases -- was being developed without congressional oversight; his plan, he said, would cause the program to be "respectful of constitutional protections and safeguards, while still ensuring that our nation can continue to fight terrorism."

But while Congress asks for reports, TIA is already steaming forward. According to people with knowledge of the program, TIA has now advanced to the point where it's much more than a mere "research project." There is a working prototype of the system, and federal agencies outside the Defense Department have expressed interest in it.

Most alarmingly, an examination of the research that has been conducted so far into TIA reveals that even while the project has been charging ahead, only token attention has been paid to perhaps its most critical aspect -- privacy and civil liberties protection. The Defense Advanced Research Projects Agency (DARPA), which is taking the lead on TIA, has stymied the efforts of outside groups to find out more about TIA's protections.

Critics of TIA applauded the Senate's move as putting the kibosh on what they see as the most frightening example of government Big Brother-ism yet invented. But even if Wyden's amendment does become law, that doesn't mean that TIA opponents can relax. The federal government is unlikely to stop doing research into how to glean information from credit card databases, driver's license registrations and every other point at which human lives meet the computer.

Sept. 11, 2001, led many Americans to expect some loss of individual liberties in the interest of improved security. But how far is too far? TIA is the most ambitious government attempt ever to gather information on ordinary citizens, and, if realized, it will be a tool that could easily be abused by those who have (or can steal) the keys to use it.

"It's hard to come up with an appropriate analogy for this," says Marc Rotenberg, executive director of Electronic Privacy Information Center, a Washington-based advocacy group. "We're talking about the most massive surveillance program ever tried by the federal government, and you ask them what they're doing for privacy and you get one 26-page paper. I mean, let's get serious."

TIA's lack of attention to privacy has politicians across the political spectrum riled up. The fact that TIA is headed by John Poindexter, the former Reagan administration official who was closely involved in the Iran-Contra affair, also hasn't helped the program's public image.

What is the Defense Department doing to make TIA safe? Not very much. It is on the verge of granting $1 million for the development of what DARPA calls a "privacy appliance" to be used in the system. But participants in a recent study DARPA commissioned to look into the security of databases containing private information -- a study that Poindexter has often said proves his office is serious about privacy -- don't believe the agency is looking closely enough at protections. Some of them say that TIA will never be safe. "I was stunned," said one participant, describing her reaction to a TIA briefing from Poindexter. "I'm too stunned to say anything."

During the past year, many people working on TIA, including Poindexter, have made a number of briefings to prominent engineers and other VIPs. (Poindexter has given only a few interviews to the press and did not respond to an e-mail interview request from Salon.) DARPA officials also presented their scheme at DARPA Tech, the agency's technology conference, held in Anaheim, Calif., in August. The briefings were not classified; people who attended them -- including experts from privacy groups -- are free to talk about what was said, and slides from the DARPA Tech presentations are available online.

The 18th slide out of 20 in Poindexter's standard presentation is titled "Privacy." A subtitle says, "Taking several actions to address." And the first bulleted item on his list is "ISAT summer study."

ISAT is the Information Systems Advanced Technology (ISAT) panel, a group within DARPA. Last year, ISAT commissioned a study of technological methods to protect private data in information systems. The study was not meant to focus on TIA; the participants, several of whom were willing to speak on the condition they were not quoted, took a more general look at methods to protect individual data contained in commercial and government databases. But TIA was discussed at the group's meetings, and not often in the most flattering of terms.

Next page: Catching terrorists before they strike?