eugen at leitl.org
Fri Nov 22 01:30:32 PST 2002
Agency Weighed, but Discarded, Plan Reconfiguring the Internet
By JOHN MARKOFF
The Pentagon research agency that is exploring how to create a vast
database of electronic transactions and analyze them for potential
terrorist activity considered but rejected another surveillance idea:
tagging Internet data with unique personal markers to make anonymous use
of some parts of the Internet impossible.
The idea, which was explored at a two-day workshop in California in
August, touched off an angry private dispute among computer scientists and
policy experts who had been brought together to assess the implications of
The plan, known as eDNA, called for developing a new version of the
Internet that would include enclaves where it would be impossible to be
anonymous while using the network. The technology would have divided the
Internet into secure "public network highways," where a computer user
would have needed to be identified, and "private network alleyways," which
would not have required identification.
Several people familiar with the eDNA discussions said such secure areas
might have first involved government employees or law enforcement
agencies, then been extended to security-conscious organizations like
financial institutions, and after that been broadened even further.
A description of the eDNA proposal that was sent to the 18 workshop
participants read in part: "We envisage that all network and client
resources will maintain traces of user eDNA so that the user can be
uniquely identified as having visited a Web site, having started a process
or having sent a packet. This way, the resources and those who use them
form a virtual `crime scene' that contains evidence about the identity of
the users, much the same way as a real crime scene contains DNA traces of
The proposal would have been one of a series of technology initiatives
that have been pursued by the Bush administration for what it describes as
part of the effort to counter the potential for further terrorist attacks
in the Unites States. Those initiatives include a variety of plans to
trace and monitor the electronic activities of United States citizens.
In recent weeks another undertaking of the the Defense Advanced Research
Projects Agency, or Darpa, the Pentagon research organization, has drawn
sharp criticism for its potential to undermine civil liberties. That
project is being headed by John M. Poindexter, the retired vice admiral
who served as national security adviser to President Ronald Reagan.
Dr. Poindexter returned to the Pentagon in January to direct the research
agency's Information Awareness Office, created in the wake of the Sept. 11
attacks. That office has been pursuing a surveillance system called Total
Information Awareness that would permit intelligence analysts and law
enforcement officials to mount a vast dragnet through electronic
transaction data ranging from credit card information to veterinary
records, in the United States and internationally, to hunt for terrorists.
In contrast, with eDNA the user would have needed to enter a digital
version of unique personal identifiers, like a fingerprint or voice, in
order to use the secure enclaves of the network. That would have been
turned into an electronic signature that could have been appended to every
Internet message or activity and thus tracked back to its source.
The eDNA idea was originally envisioned in a private brainstorming session
that included the director of Darpa, Dr. Tony Tether, and a number of
computer researchers, according to a person with intimate knowledge of the
proposal. At the meeting, this person said, Dr. Tether asked why Internet
attacks could not be traced back to their point of origin, and was told
that given the current structure of the Internet, doing so was frequently
The review of the proposal was financed by a second Darpa unit, the
Information Processing Technology Office. This week a Darpa spokeswoman,
Jan Walker, said the agency planned no further financing for the idea. In
explaining the reason for the decision to finance the review in the first
place, Ms. Walker said the agency had been "intrigued by the difficult
computing science research involved in creating network capabilities that
would provide the same levels of responsibility and accountability in
cyberspace as now exist in the physical world."
Darpa awarded a $60,000 contract to SRI International, a research concern
based in Menlo Park, Calif., to investigate the concept. SRI then convened
the workshop in August to evaluate its feasibility.
The workshop brought together a group of respected computer security
researchers, including Whitfield Diffie of Sun Microsystems and Matt Blaze
of AT&T Labs; well-known computer scientists like Roger Needham of
Microsoft Research in Cambridge, England; Michael Vatis, who headed the
National Infrastructure Protection Center during the Clinton
administration; and Marc Rotenberg, a privacy expert from the Electronic
Privacy Information Center.
The workshop was led by Mr. Blaze and Dr. Victoria Stavridou, an SRI
computer scientist, one of those who had originally discussed the eDNA
concept with Darpa officials.
At the workshop, the idea was criticized by almost all the participants, a
number of them said, on both technical and privacy grounds. Several
computer experts said they believed that it would not solve the problems
it would be addressing.
"Before people demand more surveillance information, they should be able
to process the information they already have," Mark Seiden, an independent
computer security expert who attended the workshop, said in an interview.
"Almost all of our failures to date have come from our inability to use
existing intelligence information."
Several of the researchers told of a heated e-mail exchange in September
over how to represent the consensus of the workshop in a report that was
to be submitted to Darpa. At one point, Mr. Blaze reported to the group
that he had been "fired" by Dr. Stavridou, of SRI, from his appointed role
of writing the report presenting that consensus.
In e-mail messages, several participants said they believed that Dr.
Stavridou was hijacking the report and that the group's consensus would
not be reported to Darpa.
"I've never seen such personal attacks," one participant said in a
subsequent telephone interview.
In defending herself by e-mail, Dr. Stavridou told the other panelists,
"Darpa asked SRI to organize the meeting because they have a deep interest
in technology for identifying network miscreants and revoking their
In October, Dr. Stavridou traveled to Darpa headquarters in Virginia and .
after a teleconference from there that was to have included Mr. Blaze, Mr.
Rotenberg and Mr. Vatis was canceled . later told the panelists by e-mail
that she had briefed several Darpa officials on her own about the group's
In that e-mail message, sent to the group on Oct. 15, she reported that
the Darpa officials had been impressed with the panel's work and had told
her that three Darpa offices, including the Information Awareness Office,
were interested in pursuing the technology.
This week, however, in response to a reporter's question, Darpa said it
had no plans to pursue the technology. And an SRI spokeswoman, Alice
Resnick, said yesterday, "SRI informed Darpa that the costs and risks
would outweigh any benefit."
Dr. Stavridou did not return phone calls asking for comment.
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://eugen.leitl.org
83E5CA02: EDE4 7193 0833 A96B 07A7 1A88 AA58 0E89 83E5 CA02
More information about the cypherpunks-legacy