How National symbols change: In the Pentagon’s Information Awareness Office version, the “eye” is no longer God’s, but the federal government’s, surveying the entire globe in a single glance. The new slogan? Knowledge is Power. (DARPA has since removed the offending logo from its homepage, but the original remains accessible here.)
The Pentagon assures us we have nothing to fear from its new Total Information Awareness (TIA) counter‐terrorism project. This ambitious program seeks to assess the feasibility of assembling and “mining” massive databases of our credit card purchases, car rentals, library books, airline tickets, official records and the like. The aim is to monitor the public’s whereabouts, movements and transactions to glean suspicious patterns that indicate terrorist planning and activity.
The TIA data‐mining project joins other recent and controversial public surveillance initiatives, such as biometric face cameras, red light cameras, wiretap expansions, and National ID proposals. The broader Information Awareness Office, of which TIA is a part, boasts a human “ID at a distance” project to analyze biometric signatures of humans by face recognition and “gait” recognition; that is, identifying people by the way they move.
We would be wise to look at torrent of surveillance through the lens of what the entire society and individuals need to accomplish. The Total Information Awareness project is worrisome in terms of its potential impacts on (1) Fourth Amendment protections (2) E‐commerce (3) and security itself.
TIA and the Fourth Amendment
Most fundamentally, the 4th Amendment to the Constitution, which safeguards us against unreasonable searches, forbids a total surveillance society.
Government may appropriately use certain readily available public information. The problem is that government has become so large and pervasive; there are so many compulsory cradle‐to‐grave databases that the mere act of combining, sorting, sifting and interpreting them may no longer be possible without violating our Fourth Amendment rights. Whether driver’s license, Social Security and tax information, such information collection is mandated by numerous agencies for specific purposes—not general law enforcement—and should not be routinely combined for such purposes without a specific court order.
Yet TIA seeks to amass private data as well. On the one hand, if every individual transaction is scooped up without a court order, it seems equivalent to having no Fourth Amendment protection at all; but on the other, getting a court order for every individual is clearly an impossibility. Yet pattern identification on the scale envisioned by TIA seems unworkable without incorporating every transaction. So what precisely is to be the legal hurdle?
Moreover, while the Homeland Security bill banned a national ID card, the TIA project would seem to accomplish all the data aggregation that would make a national ID both feasible and irresistible to policymakers. That’s not a road to travel lightly, given that mass surveillance paves the way for greater intrusiveness in matters having nothing to do with terrorism, threatens legitimate civil disobedience and political speech, indeed, fundamentally alters the relationship of the individual to the state.
Clearly, as a technological phenomenon, mass transactional and biometric data collection is here to stay. The question is, how do we devise principles to distinguish between proper and improper uses? This may be the privacy fight of our era.
Going forward, our goals should be three: 1) Ban compulsory databases encompassing the entire population. (2) Ensure Fourth Amendment protections, even for public surveillance, that apply before an individual is identified and tracked by the authorities. Such provisions to protect people and not just “places” do not yet exist in law and so require a yet‐to‐be‐developed battery of safeguards. Finally, (3) avoid blurring public, compulsory databases with those amassed in the commercial sector through ordinary, voluntary transactions.
TIA and the Impact on E‐Commerce
The information economy and electronic commerce increasingly depend upon secure and specialized private databases, and TIA would undermine those.
Corporate America needs to be able to make credible privacy assurances to the public. People need to know that the data they relinquish is confined to an agreed‐upon business, transactional or record‐keeping purpose, not automatically put in a government database. If the TIA project ends up routinely requiring banks, airlines, hotels, Internet service providers and other businesses to transfer private information, it will undermine evolving commercial privacy standards, drive transactions underground, perhaps even make criminals out of ordinary people.
Also, TIA could also represent an unfunded mandate on the private sector. How will the information securely move from a private database to the one in the Information Awareness Office? What complex data transfer procedures might government impose on companies, ironically in the name of protecting privacy? And how much would compliance with the rules cost, particularly for smaller firms?
Fortunately companies retain a right to say no; privacy laws forbid the government’s acquiring information from unwilling companies without a subpoena. TIA will therefore likely require new legislation, so for now at least, TIA faces a formidable barrier; it can’t occur without high profile floor debate in Congress.
There exists yet another concern with forced data‐mining: Companies would very likely request immunity for any breaches of personal information, by extension of provisions in the Homeland Security Act that grant immunity from liability for certain failures of security technologies; so who does one sue for damages if markets no longer regulate privacy standards?
Still another worry is that private industry can profit handsomely from being enlisted in the cause of surveillance against citizens—an inappropriate state of affairs in a free society. We don’t want private profit‐making ventures to take on a law enforcement role. In this regard the debate echoes that over red‐light traffic cameras: In San Diego, a judge threw out nearly 300 traffic tickets because of the contingency fee of $70 per ticket paid to the private vendor of the equipment, Lockheed Martin IMS. The more tickets issued, the more profit. What is to be the status of data‐mining companies in partnership with the federal government?
A False Sense of Cybersecurity?
An aggressive TIA project will threaten privacy and chill healthy civil disobedience, and interfere in unanticipated ways with healthy electronic commerce and consumer expectations about their privacy. Ironically the project could also increase some security risks, despite its intents to reduce those risks.
For starters, while information sharing has its place in the broader cybersecurity and critical infrastructure debates, private companies may prefer keeping systems info secure and unshared. That has advantages in its own right.
Second, information overload is a risk. Even the Pentagon’s resources are limited: Most people are not terrorists, and it can be a costly diversion to attempt to monitor the torrent of chatter that will be generated by TIA. Terrorists already immerse themselves in mainstream society, even using their real names and official government documents. They can learn and anticipate the trigger patterns that will supposedly generate red flags, then avoid them. You won’t likely see terrorists buying one‐way airline tickets, for example.
Adaptability of terrorists means they’ll increasingly resemble ordinary people, meaning even more magnifying‐glass surveillance of ordinary folks, wasting more time, all in a vicious, misdirected circle.
Finally, to the extent TIA is implemented, it can create a honeypot of everyone’s personal data. Putting all our eggs in one basket undermines security. That’s because the government has proven notoriously bad at safeguarding its information databases. Hackers have gained access to secret DOD satellite photos and nuclear missile information since September 11, for example.
Across the board, the state of security of government’s own networks and websites is hardly inspiring. The General Accounting Office’s new survey grading of 24 departments and agencies on computer security found 15 failures, only three “C” or better. A B‐minus was highest. Thus a massive TIA database will be an irresistible target for hackers who, based on the track record so far, will succeed in breaching it.
If we’re interested in protecting America’s security and critical infrastructure, the case that more surveillance ordinary citizens is the best response has yet to be made. Data‐mining is merely one tool, with possibly high opportunity costs given other concerns that may remain unaddressed while energy is expended on TIA.
Revelations have poured forth since the attacks: of advance knowledge about Middle Eastern non‐citizens receiving training at U.S. flight schools; extraordinarily lax background checks at airports; FBI field reports about proposed attacks‐by‐airliner not being taken seriously by headquarters; and poor awareness of the whereabouts and status of non‐citizens, embarrassingly demonstrated when student visa approvals for terrorists from the INS arrived—at the flight school!—six months to the day after their deeds. Still criticized is been a lack of adequate communication between domestic law enforcement and foreign intelligence agencies, a split that is legislatively mandated.
What do all these have in common? They demonstrate that often we require only “Partial Information Awareness,” not total.
It’s one thing to give up privacy for security if there’s no other choice. With TIA we may be sacrificing privacy for no security benefit at all. And potential unintended effects on e‐commerce, and a raft of likely new mandates give all the more reason to reconsider.