• PC World
• »Security

It might follow you in a crowd and gaze deep into your eyes. It might stroke your fingertips and ask if you are familiar. It might even peek into your credit card records to look up your dinner dates and weekend trips.

Though it may sound like a jilted lover, it's actually the Pentagon's proposed Terrorism Information Awareness program (formerly known as Total Information Awareness), which aims to protect citizens from terrorist threats. The U.S. Defense Advanced Research Projects Agency (DARPA), the agency in charge of the program, recently described to Congress how the TIA program will develop and use technologies to fight terrorism. DARPA also acknowledged the need to balance privacy and civil liberties, while noting which laws might direct its activities, and assessing its funding needs.

DARPA says the expanded surveillance powers would only affect suspected terrorists. Still, privacy and civil liberties groups warn that it would invade the privacy and trample the freedoms of ordinary Americans.

"I don't want someone knowing all my movements and everything I've done all day," said Jay Stanley, a spokesperson for the Technology and Liberty Program at the American Civil Liberties Union. "I don't even want that to be recorded. It will change how I act. It will make me less free."

What Is TIA?

TIA is an umbrella term used to describe more than a dozen surveillance and security applications now in various stages of research and development. The applications are designed to detect suspicious behavior in clusters of people, to identify people in public places, and to determine patterns of behavior by analyzing databases of information.

TIA is intended to be "a revolutionary step forward" in fighting terrorism, according to DARPA's report. The full TIA prototype is scheduled to be completed in 2007, although some components won't be ready until 2009.

A key component of TIA is biometric software now being developed. It is intended to identify suspected terrorists through facial and body recognition, taking into account even the way they walk. A project called Next-Generation Face Technology uses high-resolution and 3D images to read facial expressions in order to determine whether people are telling the truth.

Software called Human Identification at a Distance is designed to recognize someone from as far away as 500 feet. DARPA also is planning to develop radar, thermal, and infrared sensors to identify a person from multiple angles, even in bad weather.

In addition, TIA includes data-mining tools that aim to predict criminal behavior. These applications "connect the dots" within government and business databases that contain information on financial, medical, educational, and travel transactions, according to DARPA.

TIA's Misinformation Detection system would flag possible lies within publicly available Web sites, news stories, and business reports. Another tool would chart criminal networks by drawing relationships between suspected terrorists.

Other programs would automatically type words spoken in multiple languages, detect biological attacks in their early stages by culling hospital records, and practice virtual war games.

Privacy Problems?

The 105-page report on TIA was issued in response to a resolution proposed by Senator Ron Wyden (D-Oregon), which calls for a freeze on TIA funding and development while Congress learns more about what it involves. The report mentions privacy more than 140 times, but privacy and civil liberties advocates call this mere lip service. Wyden himself is among those still unconvinced about TIA: He said he is unsatisfied with the answers, and that Congress needs to closely watch TIA. Funds were frozen until the Pentagon released the report.

A misspelled name in a database could put someone in handcuffs without any recourse to correct a mistaken identity, critics claim. They argue that TIA does not provide a central authority charged with ensuring the accuracy of information in the myriad public and private databases. The TIA system could draw data from credit card companies, hospitals, and schools--all independent sources with different record-keeping systems and different margins of error, these critics say.

Privacy watchdog groups criticized the Justice Department for recently exempting the FBI from the Privacy Act of 1974. The FBI no longer is required to ensure the accuracy of information contained in its National Crime Information Center database.

The report's "broad generalizations" about privacy barely touch civil liberties issues, said Lee Tien of the Electronic Frontier Foundation.

"They're cavalier about the privacy implications," he said.

Biometric programs that pick out faces in a crowd and programs that rifle through databases raise "the same civil liberties issues that we've always seen with secret surveillance of political activist groupsa?|that's been going on for ages, and they don't say a word about that," Tien said.

The Justice Department says these tools would be used only on suspected terrorists. But critics remain wary that the population at large could get caught up in the net.

Some of the software that does what the TIA proposes has been available in the private sector for many years, but it would be dangerous in government hands, said the ACLU's Stanley. He joined other critics that accuse the government of abusing its surveillance powers in the past. Civil liberties watchdog groups point to the FBI's spying and disinformation campaigns to discredit civil rights leaders, including Martin Luther King, Jr.

Companies developing the software include Oracle and the Palo Alto Research Center.

Unfounded Fears?

The Justice Department maintains that it's unrealistic to fear that government data-mining would victimize innocent Americans.

But to address these concerns, DARPA's report lists the laws that TIA must follow. Under the Constitution, TIA operations would observe the right to due process and could not investigate an individual based on activity protected by the First Amendment, such as an expression of political views, the report says. The Privacy Act of 1974 requires government agencies to keep accurate records of people, and prohibits them from sharing that data with other agencies, unless it is for "routine use." The Electronic Communications Privacy Act of 1986 prohibits accessing private electronic communications.

"A grand database of all U.S. transactions" is not the plan, the report says. TIA would make use of myriad databases without housing the data itself, according to DARPA's report.

TIA would not randomly search data--it would be involved only in investigations of suspected terrorists, the report says. It also promises to implement strict cybersecurity, including using passwords and encryption, to ensure that only those authorized for a particular investigation are privy to the relevant information.

While funding for TIA has been on hold since January, DARPA has continued research on the project. Nine government groups are working on TIA, including the National Security Agency, the CIA, and the U.S. Army Intelligence & Security Command.

Ongoing Oversight

The Defense Department "intends to continuously monitor and assess emerging potential privacy and civil liberties issues as part of oversight of the TIA program," said DARPA spokesperson Jan Walker.

A government oversight board and a federal advisory committee of outside experts (which is not yet formed) will explore privacy and civil liberties implications of the systems in development, according to the report. Agencies that want to use TIA tools would first undergo a legal review, she said.

The Defense Department will address specific privacy and civil liberties concerns "as they arise," Walker added.

TIA's name change from Total Information Awareness to Terrorism Information Awareness was just one step in changing the program's image and in reassuring citizens that its purpose is to save lives, not to be every American's nosy neighbor, she noted.

The former label "created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens," Walker said. That is not at all the program's goal, according to the agency.

But DARPA should consider how TIA "would evolve over time, not just how it would look the day after it's installed," said the ACLU's Stanley.

"We need to enact regulations to preserve our privacy in the face of all these amazing technologies, and the TIA program goes in exactly the opposite direction and would exploit the gap in our privacy protections by the fact that so much info is gathered in every facet of our lives by so many different parties," he said.

• See more like this:
• terrorist information awareness,
• tia,
• total information awareness,
• defense department,
• dod,
• darpa,
• defence advanced research projects agency,
• privacy,
• security,
• civil liberties,
• congress,
• legislation