[IP] more on WORTH READING "Total Information Awareness" - secretly funded in defiance of Congress]]]

Dave Farber dave at farber.net
Sat Feb 25 16:40:49 PST 2006

-------- Original Message --------
Subject: Re: [IP] WORTH READING "Total Information Awareness" - secretly
funded in defiance of Congress]]
Date: Sat, 25 Feb 2006 14:41:51 -0800
From: Lee Tien <tien at eff.org>
To: dave at farber.net
References: <43FFBB04.9070108 at farber.net>


The problem IMHO is that killed programs can be and are reanimated in
this secret, black-budget, nudge-wink underground out of public view,
not that privacy advocates sought to stop TIA.

The "you naive fools drove it underground" attitude is a bit like
blaming the Supreme Court, Congress, and the Constitution for the
president's warrantless surveillance program:   "You really shouldn't
have insisted on procedural/substantive restraints and
accountability, because you're just forcing me to do it secretly."
(Would that privacy advocates had a tiny fraction of the power
implied here!)

Put another way, the programs' proponents don't seem to like
meaningful civil-liberties accountability and have institutional
escape hatches for avoiding such.

Accordingly, I think it's dumb to criticize privacy advocates in this
or other similar contexts.
--Why not blame those who resurrected or permitted the resurrection
of the "more potentially nefarious bits"?
--Why not blame those who didn't continue to fund the privacy and
security research?*

More important, how do we create truly workable public
accountability/oversight mechanisms for a politically powerful,
extremely secretive executive branch?  Sadly, I no longer believe
that  congressional intelligence committees provide meaningful
oversight on civil-liberties issues.


*My recollection is that the "privacy appliance" (Genisys Privacy
Protection, Teresa Lunt) either wasn't part of the original TIA
portfolio (see http://www.eff.org/Privacy/TIA/overview.php, where we
presented the TIA program as it was when we first learned about it)
or was buried inside Genisys and then trotted out in response to
privacy concerns.   Also see Poindexter's presentation at DARPAtech
2002 near the bottom of http://www.eff.org/Privacy/TIA/, which
mentions Genisys but not Genisys Privacy Protection.

At 9:03 PM -0500 2/24/06, Dave Farber wrote:
>-------- Original Message --------
>Subject: Re: [IP] "Total Information Awareness" - secretly funded in
>defiance of Congress]
>Date: Fri, 24 Feb 2006 20:02:20 -0500
>From: Peter Harsha <harsha at cra.org>
>To: dave at farber.net
>References: <43FF92D2.1050908 at farber.net>
>Hi Dave,
>I blogged a bit about this way back in April 2004, noting some of my
>frustration that the rush to kill TIA would kill the privacy and
>security research that was underway and drive the more potentially
>nefarious bits of the program deeper into the black, hidden from view.
>The post was in the context of a review of some of the interesting
>sessions I'd attended at the Computers Freedom and Privacy conference
>that year, but here's the relevant bit about TIA (see the blog for
>all the embedded links):
>A number of speakers made the point (though Doug Tygar probably made
>it most emphatically) that the government spends a disproportionate
>amount of its IT privacy and security research funding on security
>rather than privacy. Given the current state of funding for federal
>cyber security R&D (see previous blog entry), that's a sobering
>thought. But the frustrating part for me is that many of the same
>people at CFP who are now clamoring for more federal R&D for privacy
>related research were among the loudest voices calling for
>cancellation of DARPA's TIA project (I'm not including Tygar in this,
>as I don't know where he stood on TIA). Let me explain.
>DARPA's Total Information Awareness (pdf) project was an attempt to
>"design a prototype network that integrates innovative information
>technologies for detecting and preempting foreign terrorist
>activities against Americans." In order to do this, DARPA was funding
>research into a range of technologies including real-time translation
>tools, data mining applications, and "privacy enhancing technologies"
>including development of a "privacy appliance" that would protect the
>identities of all individuals within any of the databases being
>searched until the government had the appropriate court order to
>reveal them. At CFP, Philippe Golle, from Xerox's Palo Alto Research
>Center, described one such project at PARC (led by Teresa Lunt), that
>DARPA agreed to fund for 3 years as part of TIA. The plan was to
>create a "privacy appliance" that owners of commercial databases of
>interest to the government could deploy that would control government
>access to the databases using inference control (deciding what types
>of queries -- individually or in aggregate -- might divulge
>identifying information), access control and an immutable audit trail
>to protect individual privacy. Really neat stuff.
>Anyway, the idea that the government might one day deploy a TIA-like
>system before all of the privacy and security challenges had been
>sorted out and thereby imperil American civil liberties and security
>was worrying to a great many people and organizations, including CRA.
>However, there seemed to be a number of different approaches among
>the various people and organizations to deal with the concerns. There
>was a vocal contingent that believed Congress should cancel TIA
>outright -- the threat the research posed was greater than any
>possible good. CFP participant Jim Harper, of Privacilla.org,
>addressed this approach directly at the conference, saying the reason
>groups like his try to kill government programs when they're still in
>R&D and small is because they're too hard to kill when they get big.
>CRA had a more nuanced view, I believe, that argued that the
>challenges that needed to be overcome before any TIA-esque system
>would ever be fit for deployment were large and that CRA would oppose
>any deployment until concerns about privacy and security were met.
>However, we also argued that the research required to address those
>concerns was worthy of continued support -- the problems of privacy
>and security (as well as the challenge of ever making something like
>TIA actually work) were truly difficult research problems..."DARPA
>hard" problems -- and so we opposed any research moratorium.
>Unsurprisingly, the "nuanced" position failed to carry the day once
>Congress got involved. At about the same time Congress was deciding
>TIA's fate, stories broke in the press about DARPA's FutureMAP
>project -- which attempted to harness the predictive nature of
>markets to glean information about possible terrorist activities --
>and JetBlue airline's release of customer data to the Defense
>Department (in violation of their privacy policies) that helped
>cement opinion that DARPA was out of control. It also didn't help
>that the TIA program resided in DARPA's Information Assurance Office,
>headed by the controversial Adm. John Poindexter. TIA's fate was
>sealed. Congress voted to cut all funding for the program and
>eliminate the IAO office at DARPA that housed it.
>However, Congress also recognized that some of the technologies under
>development might have a role to play in the war against terrorism.
>They included language in the appropriations bill (Sec 8131(a)) that
>allowed work on the technologies to continue at unspecified
>intelligence agencies, provided that work was focused on non-US
>citizens. As a result, much of the research that had been funded by
>DARPA has been taken up by the Advanced Research Development Agency,
>the research arm of the intelligence agencies. Because it's
>classified, we have no way of knowing how much of TIA has been
>resurrected under ARDA. We also have no way of overseeing the
>research, no way of questioning the approach or implementation, no
>way of questioning the security or privacy protections (if any)
>included. In short, those who argued in support of a research
>moratorium just succeeded in driving the research underground.
>Finally, one thing we do know about current TIA-related research
>efforts is that PARC's work on privacy-enhancing technologies is no
>longer being funded.
>I'm glad to see the National Journal article has the specifics on
>where much of that research actually went....
>Peter Harsha
>Director of Government Affairs
>Computing Research Association
>1100 17th St. NW, Suite 507
>Washington, DC 20036
>p: 202.234.2111 ext 106
>c: 202.256.8271
>CRA's Computing Research Policy Blog: http://www.cra.org/govaffairs/blog
>On Feb 24, 2006, at 6:12 PM, Dave Farber wrote:
>>  -------- Original Message --------
>>  Subject: Fwd: [sv4dean] "Total Information Awareness" - secretly
>>  funded
>>  in defiance of Congress
>>  Date: Fri, 24 Feb 2006 14:55:06 -0800
>>  From: Hasan Diwan <hasan.diwan at gmail.com>
>>  To: dave at farber.net
>>  References: <a1.70dbecb5.312ff09a at aol.com>
>>  For IP, if you wish.
>>  ---------- Forwarded message ----------
>>  From: Chinarock at aol.com <Chinarock at aol.com>
>>  Date: 23-Feb-2006 21:16
>>  Subject: [sv4dean] "Total Information Awareness" - secretly funded in
>>  defiance of Congress
>>  To: sv4dean at yahoogroups.com
>>  *http://nationaljournal.com/about/njweekly/stories/2006/0223nj1.htm*
>>  *TIA Lives On *
>>  By Shane Harris <sharris at nationaljournal.com>, *National Journal*
>>  (c) National Journal Group Inc.
>>  Thursday, Feb. 23, 2006
>>  A controversial counter-terrorism program, which lawmakers halted
>>  more than
>>  two years ago amid outcries from privacy advocates, was stopped in
>>  name only
>>  and has quietly continued within the intelligence agency now
>>  fending off
>>  charges that it has violated the privacy of U.S. citizens.
>>  Research under the Defense Department's Total Information Awareness
>>  program
>>  -- which developed technologies to predict terrorist attacks by
>>  mining
>>  government databases and the personal records of people in the
>>  United States
>>  -- was moved from the Pentagon's research-and-development agency to
>>  another
>>  group, which builds technologies primarily for the National
>>  Security Agency,
>>  according to documents obtained by *National Journal* and to
>>  intelligence
>>  sources familiar with the move. The names of key projects were
>>  changed,
>>  apparently to conceal their identities, but their funding remained
>>  intact,
>>  often under the same contracts.
>>  It is no secret that some parts of TIA lived on behind the veil of the
>>  classified intelligence budget. However, the projects that moved,
>>  their new
>>  code names, and the agencies that took them over haven't previously
>>  been
>>  disclosed. Sources aware of the transfers declined to speak on the
>>  record
>>  for this story because, they said, the identities of the specific
>>  programs
>>  are classified.
>>  Two of the most important components of the TIA program were moved
>>  to the
>>  Advanced Research and Development Activity, housed at NSA
>>  headquarters in
>>  Fort Meade, Md., documents and sources confirm. One piece was the
>>  Information Awareness Prototype System, the core architecture that
>>  tied
>>  together numerous information extraction, analysis, and
>>  dissemination tools
>>  developed under TIA. The prototype system included privacy-protection
>>  technologies that may have been discontinued or scaled back
>>  following the
>>  move to ARDA. .....
>>  Sharkey played a key role in TIA's birth, when he and a close friend,
>>  retired Navy Vice Adm. *John Poindexter*, *President Reagan*'s
>>  national
>>  security adviser, brought the idea to Defense officials shortly
>>  after the
>>  9/11 attacks. The men had teamed earlier on intelligence-technology
>>  programs
>>  for the Defense Advanced Research Projects Agency, which agreed to
>>  host TIA
>>  and hired Poindexter to run it in 2002. In August 2003, Poindexter was
>>  forced to resign
>>  <http://www.washingtonpost.com/ac2/wp-dyn/A51578-2003Aug12>as TIA
>>  chief amid howls that his central role in the Iran-Contra scandal of
>>  the mid-1980s made him unfit to run a sensitive intelligence program.
>>  ....etc.
>>   Links to Democracy for America...
>>  <http://www.democracyforamerica.com/>
>>  <http://www.dfa.meetup.com/>
>>  <http://dfasv.org/>
>>    Presidential
>>  election<http://groups.yahoo.com/gads?t=ms&k=Presidential
>>  +election&w1=Presidential+election&w2=Silicon
>>  +valley&c=2&s=47&.sig=XVKuwwahoV8Hm_1e5O_oIw>
>>   Silicon
>>  valley<http://groups.yahoo.com/gads?t=ms&k=Silicon
>>  +valley&w1=Presidential+election&w2=Silicon
>>  +valley&c=2&s=47&.sig=pIWbpNAt6BNx-rmFh-brVg>
>>   ------------------------------
>>     -  Visit your group "sv4dean <http://groups.yahoo.com/group/
>>  sv4dean>"
>>     on the web.
>>     -  To unsubscribe from this group, send an email to:
>>  sv4dean-unsubscribe at yahoogroups.com<sv4dean-
>>  unsubscribe at yahoogroups.com?subject=Unsubscribe>
>>     -  Your use of Yahoo! Groups is subject to the Yahoo! Terms of
>>  Service<http://docs.yahoo.com/info/terms/>
>>     .
>>   ------------------------------
>>  --
>>  Cheers,
>>  Hasan Diwan <hasan.diwan at gmail.com>
>You are subscribed as harsha at cra.org
>To manage your subscription, go to
>   http://v2.listbox.com/member/?listname=ip
>Archives at: http://www.interesting-people.org/archives/interesting-
>You are subscribed as tien at well.sf.ca.us
>To manage your subscription, go to
>   http://v2.listbox.com/member/?listname=ip
>Archives at: http://www.interesting-people.org/archives/interesting-people/

You are subscribed as eugen at leitl.org
To manage your subscription, go to

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list