Why the Pentagon will watch where you shop
New Total Information Awareness project will sniff company databases for terrorists.
WASHINGTON — Should Uncle Sam know as much about you as MasterCard does?
In essence, that may be the key question posed by the Pentagon's new Total Information Awareness (TIA) project.
This effort - whose Latin motto translates as "knowledge is power" - aims to create huge databases that sift through the purchases, travel, immigration status, income, and other data of hundreds of millions of Americans. Its purpose: to sniff out the terrorists among us.
Credit-card companies already carry out such paper profiling as an antifraud device, say proponents of the new effort. That's why you get a call when you suddenly start spending lots of money far from home, or exceed your daily allotment of transactions. Using such techniques to prevent another Sept. 11 may thus be simply a natural progression in technology.
But the recent theft of thousands of identities from commercial databases points out what can happen when such data falls into the wrong hands, say critics. And the federal government is not American Express. It has far greater power, and citizens thus need to assiduously protect their privacy from its snooping.
"Data files that become available [to the government] are likely to be used beyond their initial purpose, and we need to guard against that somehow," says Robert Pfaltzgraff, professor of international security at Tufts University's Fletcher School of Law and Diplomacy in Medford, Mass.
A prototype of TIA - funded at $10 million this fiscal year and expected to grow in the next few years - is now being set up, using mostly fabricated information, although some "real" data will be used from public records.
"There are three parts to the TIA project," says Edward Aldridge, undersecretary of Defense for acquisition, technology, and logistics.
The first part of the technology is voice recognition, which would include sifting through electronically recorded transmissions and provide rapid translations of foreign languages.
The second part is to develop a tool that would discover connections between transactions, such as passports, airline tickets, rental cars, gun or chemical purchases, as well as arrests and other suspicious activities.
And the third part is collaborative - a mechanism to allow information- and analysis-sharing among agencies.
"If [the testing] proves useful," Mr. Aldridge says, "TIA will then be turned over to the intelligence, counterintelligence, and law enforcement communities as a tool to help them in their battle against domestic terrorism."
To some, this concept is a no-brainer in light of the 9/11 attacks and subsequent terror activity. "We're talking about data-mining systems that credit-card companies in particular use," says Lee McKnight, a professor of information studies at Syracuse University in New York. "Lots of this they can buy off the shelf."
He cites an example of how the government could have utilized technology used by credit-card companies to alert airport personnel to some of the hijackers boarding planes on Sept. 11.
Dr. McKnight recently tried to purchase a washing machine in upstate New York after moving to the state, and ended up getting a call from his credit card company on the store's phone after it detected that he - a Massachusetts resident - was accruing big charges in upstate New York.
Similarly, shouldn't an alarm bell go off if three known terrorists board planes within minutes of each other, he asks.
The government should be able to have this technology up and running within a year, McKnight says. Some of the more advanced - like voice recognition and face recognition - may take longer.
The key seems to be in information sharing among departments. The CIA, for example, had information linking at least two hijackers to Al Qaeda before Sept. 11, and knew they were in the US. But CIA employees did not get the names into FBI or State Department computer systems. If it had, at least those two may have been prohibited from boarding planes.
Getting government agencies, who have guarded information for their own reasons for decades, to cooperate is one thing. Motivating credit card, telephone, and other private companies to share valuable marketing information, like a customer's personal shopping practices, is another.
"A credit-card company that knows your purchasing patterns can market to you in a way that makes you happier, and makes you a better customer," says Jean Camp, an expert on the interaction of technical design and social systems at Harvard's Kennedy School of Government. "It's good for them not to share that information."
(Attention shoppers: think those strategically timed $25-rebates from your favorite clothier.)
Moreover, the technology to mine these data sources is there, but developing systems to "talk" to other systems is much more challenging. Professor Camp says it was pretty easy to develop an online checking account system. But it has been much more difficult to get those programs to talk to banks, all of which have their own coded systems. She says it's the same with most industries - getting those systems to talk are multiyear projects.
Germany is one country that has long experience with this. In the 1970s, its federal police pulled together databases from private and public records. From crosschecking data, they were able to determine where terrorists belonging to the Red Brigades Faction lived, and even the places they frequently visited.
After the group was crushed, Germany's privacy protections were enhanced. But this past fall, Germany attempted to launch the world's largest computer dragnet after it was discovered that the principal 9/11 hijackers had lived in Germany while plotting their attacks.
Some 4,000 German companies were asked by the police to dump their electronic files into the government's database. The plan was to run all these transactions through a computer against a basic profile of hijackers - men 18 to 40 years old from Arab or Muslim countries with technical expertise or training.
Only 212 of the 4,000 companies reportedly complied with the request to give up their records, due to privacy concerns.
It also became evident that German states each had their own systems of coding, as did private companies.
"They haven't got far due to the incompatibility of computers between states and the federal government," a German official says.
The program has now stopped and has been outsourced to a private company to determine how to develop a new computer system, like the one the Pentagon is trying to design.