OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xcbf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xcbf] [Fwd: Securing privacy - an oxymoron?]

Though this article doesn't mention identity or biometrics, it was
recently posted to the Biometrics Consortium mailing list. It contains
an interesting view of internet capabilities and of XML as an enabling
technology. And it has quite a few implications for the design of secure
messaging systems.


-------- Original Message --------
December 23, 2002

Many Tools of Big Brother Are Up and Running


 In the Pentagon research effort to detect terrorism by
electronically monitoring the civilian population, the most
remarkable detail may be this: Most of the  pieces of the
system are already in place.

Because of the inroads the Internet and other digital
network technologies have made into everyday life over the
last decade, it is increasingly possible to amass Big
Brother-like surveillance powers through Little Brother
means. The basic components include everyday digital
technologies like e-mail, online shopping and travel
booking, A.T.M. systems, cellphone networks, electronic
toll-collection systems and credit-card payment terminals.

In essence, the Pentagon's main job would be to spin strands
of software technology that would weave these sources of
data into a vast electronic dragnet.

Technologists say the types of computerized data sifting and
pattern matching that might flag suspicious activities to
government agencies and coordinate their surveillance are
not much different from programs already in use by private
companies. Such programs spot unusual credit card activity,
for example, or let people at multiple locations collaborate
on a project.

The civilian population, in other words, has willingly
embraced the technical prerequisites for a national
surveillance system that Pentagon planners are calling Total
Information Awareness. The development has a certain
historical resonance because it was the Pentagon's research
agency that in the 1960's financed the technology that led
directly to the modern Internet. Now the same agency — the
Defense Advanced Research Projects Agency, or Darpa — is
relying on commercial technology that has evolved from the
network it pioneered.

The first generation of the Internet — called the Arpanet —
consisted of electronic mail and file transfer software that
connected people to people. The second generation connected
people to databases and other information via the World Wide
Web. Now a new generation of software connects computers
directly to computers.

And that is the key to the Total Information Awareness
project, which is overseen by John M. Poindexter, the former
national security adviser under President Ronald Reagan. Dr.
Poindexter was convicted in 1990 of a felony for his role in
the Iran-contra affair, but that conviction was overturned
by a federal appeals court because he had been granted
immunity for his testimony before Congress about the case.

Although Dr. Poindexter's system has come under widespread
criticism from Congress and civil liberties groups, a
prototype is already in place and has been used in tests by
military intelligence organizations.

Total Information Awareness could link for the first time
such different electronic sources as video feeds from
airport surveillance cameras, credit card transactions,
airline reservations and telephone calling records. The data
would be filtered through software that would constantly
look for suspicious patterns of behavior.

The idea is for law enforcement or intelligence agencies to
be alerted immediately to patterns in otherwise unremarkable
sets of data that might indicate threats, allowing rapid
reviews by human analysts. For example, a cluster of foreign
visitors who all took flying lessons in separate parts of
the country might not attract attention. Nor would it
necessarily raise red flags if all those people reserved
airline tickets for the same day. But a system that could
detect both sets of actions might raise suspicions.

Some computer scientists wonder whether the system can work.
"This wouldn't have been possible without the modern
Internet, and even now it's a daunting task," said Dorothy
Denning, a professor in the Department of Defense Analysis
at the Naval Postgraduate School in Monterey, Calif. Part of
the challenge, she said, is knowing what to look for. "Do we
really know enough about the precursors to terrorist
activity?" she said. "I don't think we're there yet."

The early version of the Total Information Awareness system
employs a commercial software collaboration program called
Groove. It was developed in 2000 by Ray Ozzie, a well-known
software designer who is the inventor of Lotus Notes. Groove
makes it possible for analysts at many different government
agencies to share intelligence data instantly, and it links
specialized programs that are designed to look for patterns
of suspicious behavior.

Total Information Awareness also takes advantage of a simple
and fundamental software technology called Extended Markup
Language, or XML, that is at the heart of the third
generation of Internet software. It was created by software
designers at companies like Microsoft, Sun Microsystems and
I.B.M., as well as independent Silicon Valley programmers.

The markup language allows data that has long been locked in
isolated databases, known in the industry as silos, to be
translated into a kind of universal language that can be
read and used by many different systems. Information made
compatible in this way can be shared among thousands, or
even hundreds of thousands, of computers in ways that all of
them can understand.

It is XML, a refinement of the Internet's original World
Wide Web scheme, that has made it possible to consider
welding thousands of databases together without centralizing
the information. Computer scientists said that without such
new third-generation Web technologies, it would have never
been possible to conceive of the Total Information Awareness
system, which is intended to ferret out the suspicious
intentions of a handful of potential terrorists from the
humdrum everyday electronic comings and goings of millions
of average Americans.

Civil libertarians have questioned whether the government
has the legal or constitutional grounds to conduct such
electronic searches. And other critics have called it an
outlandishly futuristic and ultimately unworkable scheme on
technical grounds.

But on the latter point, technologists disagree. "It's well
grounded in the best current theory about scalable systems,"
said Ramano Rao, chief technology officer at Inxight, a
Sunnyvale, Calif., company that develops text-searching
software. "It uses all the right buzzwords."

People close to the Pentagon's research program said Dr.
Poindexter was acutely aware of the power and the
invasiveness of his experimental surveillance system. In
private conversations this summer, according to several
Department of Defense contractors, he raised the possibility
that the control of the Total Information Awareness system
should be placed under the jurisdiction of an independent,
nongovernmental organization like the Red Cross because of
the potential for abuse.

Dr. Poindexter declined to be interviewed for this article.
A Darpa spokeswoman, Jan Walker, wrote in an e-mail reply to
questions that "we don't recall ever talking about" having a
nongovernmental organization operate the Total Information
Awareness program and that "we've not held any discussions
with" such an organization.

The idea of using an independent organization to control a
technology that has a high potential for abuse has been
raised by previous administrations. An abortive plan to
create a backdoor surveillance capability in encrypted
communications, known as Clipper, was introduced by the
Clinton administration in 1993. It called for keys to the
code to be held by an organization independent of the F.B.I.
and other law enforcement agencies.

Speaking of Dr. Poindexter, John Arquilla, an expert at the
Naval Postgraduate School in Monterey on unconventional
warfare, said, "The admiral is very concerned about the
tension between security and civil liberties." He added that
because of the changing nature of warfare and the threat of
terrorism, the United States would be forced to make
trade-offs between individuals' privacy and national

"In an age of terror wars, we have to learn the middle path
to craft the security we need without incurring too great a
cost on our civil liberties," he said.

Computer scientists who work with Darpa said that Dr.
Poindexter was an enthusiastic backer of a Darpa-sponsored
advisory group that had been initiated by a Microsoft
researcher, Eric Horvitz, in October 2001 in the wake of the
Sept. 11 terrorist attacks.

The group, which was composed of 41 computer scientists,
policy experts and government officials, met three times to
explore whether it was possible to employ sophisticated
data-mining technologies against potential terrorist attacks
while protecting individuals' privacy.

A number of the scientists proposed "black box" surveillance
systems that would alert human intelligence analysts about
suspicious patterns. Once the alerts were issued in such a
system, they suggested, legal processes like those used for
wiretapping could be employed.

But a number of the scientists and policy experts who
attended the meetings were skeptical that technical
safeguards would be adequate to ensure that such a system
would not be abused.

The debate is a healthy one, said Don Upson, who is senior
vice president of the government business unit of a software
company in Fairfax, Va., webMethods, and the former
secretary of technology for Virginia.

"I'm glad Darpa is doing this because somebody has to start
defining what the rules are going to be" about how and when
to use data, he said. "I believe we're headed down the path
of setting the parameters of how we're going to use

The preceding was forwarded by the Biometric Consortium's Electronic
Discussion Group.  Any opinions expressed here do not necessarily
reflect those of the Biometric Consortium.  Further distribution
is prohibited.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC