May 20, 2003 1
1 Page 2
3
Report to Congress regarding the Terrorism Information Awareness
Program In response to Consolidated Appropriations Resolution,
2003, Pub. L. No. 108-7, Division M, § 111( b)
Executive Summary
May 20, 2003 2
2 Page 3
4
1 Terrorism Information Awareness Program Preface The
Consolidated Appropriations Resolution, 2003, Pub. L. No. 108-7,
Division M, § 111( b) provides for the submission of a report
to Congress, within 90 days of the President's signing the law,
regarding the Total
Information Awareness program, now called the Terrorism Information Awareness (TIA) program, a Defense Advanced Research Projects Agency (DARPA) research and development program initiated in the aftermath of
the September 11, 2001 terrorist attacks on New York and Washington.
Executive Summary The Defense Advanced Research Projects Agency (DARPA) is charged with conducting research and development for the Department of Defense (DoD). By doing so, DARPA
furnishes DoD with leading-edge technologies to help the department execute its critical national security mission. DARPA often produces prototype systems for conducting experiments that address the urgent needs of DoD. If successful and as appropriate, such prototype systems would be transitioned into operational use by executing agencies of the government.
Terrorism Information Awareness (TIA) 1 is such a prototype system/ network. It is a research and development program that will integrate advanced collaborative and decision support tools; language translation; and data search, pattern recognition, and privacy protection technologies into an experimental prototype network focused on combating terrorism through better analysis and decision making. If successful, and if deployed, this program of programs would provide decision-and policy-makers with advance actionable information and knowledge about terrorist planning and preparation activities that would aid in making informed decisions to prevent future international terrorist attacks against the United States at home or abroad. In short, DoD's aim in TIA is to seek to make a significant leap in technology to help those working to "connect the dots" of terrorist-related activity. A TIA-like system/ network could provide the defense and intelligence communities with tools and methods to solve many of the problems that have been identified in the aftermath of the attacks against the United States on September 11, 2001, 2 and that are related to improving information analysis in our continuing war against terrorism.
1 Previously known as Total Information Awareness, this name created in some minds the impression that TIA was a system to be used for developing dossiers on U. S. citizens. That is not DoD's intent in pursuing this program. Rather, DoD's purpose in pursuing these efforts is to protect U. S. citizens by detecting and defeating foreign
terrorist threats before an attack. To make this objective absolutely clear, DARPA has changed the program name to Terrorism Information Awareness.
2 Final Report of the Joint SSCI/ HPSCI Inquiry into the Events
of 9/ 11/ 01 dated Dec 10, 2002. 3
3 Page 4
5
2 DoD's TIA research and development is aimed at providing
capabilities to users/ analysts/ operators to addresses a perennial
array of problems that have beset analysis of complex threats,
including sharing data across agency boundaries and exploiting both
classified and unclassified information, in a more systematic
fashion.
These problems exist in part because of a lack of applied technology to aid the human processes. Today, the amount of information that needs to be considered far exceeds the capacity of the un-aided humans in the system. Adding more people is not necessarily the solution. DoD believes that there is a need to provide a much more systematic, methodological approach that automates many of the lower-level data manipulation tasks that can be done well by machines guided by human users. Such an approach would, in turn, allow users more time for higher-level analysis that depends critically on a human's unique cognitive skills. TIA is one of several research and development programs in DARPA's Information Awareness Office (IAO), which was established in January 2002. In the aftermath of the September 11
terrorist attacks, DARPA formed IAO in part to bring together, under the leadership of one technical office director, several existing DARPA programs focused on applying information technology to combat terrorist threats. DARPA also recognized that new programs would be needed to fully address the technology requirements of a complete prototype system/ network to respond to the particular demands of the terrorist threat. DARPA envisions TIA as the system/ network-level integration program while other IAO programs are designed to furnish technologies and components that compose the overall program. As conceived by DARPA, TIA would integrate these technologies and provide some or all of them to various organizations for experiments, while assessing the system's utility in various operationally relevant contexts. The TIA research and development program began in FY 2003. Funding for FY 2003 through FY 2005 as proposed in the FY 2004 President's Budget submission is $53,752,000. A number of organizations in the DoD and Intelligence Community have shown great interest in working with the TIA program to test and evaluate technologies.
DARPA provides a system/ network infrastructure and concepts; software analytical tools; software installation; training; software performance evaluation; and integration and evaluation of user comments on modifications and additions to the software. Participating organizations from DoD and the Intelligence Community provide facilities and personnel to evaluate these products and use data currently available to them under existing laws, regulations and policies. Five major investigation threads are currently being pursued as a part of TIA and are driving much of the development and experimental activity in the TIA program. These five threads are: secure collaborative problem solving, structured discovery with security, link and group understanding, context aware visualization, and decision making with corporate memory.
· Secure Collaborative Problem Solving. A collaborative environment is sought that would enable ad hoc groups to quickly form within and across agency boundaries to bring relevant data, diverse points of view, and experience together to solve the
complex problems associated with countering terrorism. 4
4 Page 5
6
3 · Structured Discovery with Sources and Methods
Security. A wide range of intelligence data, both classified
and open source, may need to be searched to find relevant
information for understanding the terrorist intent. DARPA believes
that to
have any hope of making sense of this wide range of data, a more structured and automated way of approaching the problem is needed.
· Link and Group Understanding. One of the characteristics of the terrorist threat is that terrorist organizational structures are not well understood and are purposefully designed to conceal their connections and relationships. IAO is researching software
that can discover linkages among people, places, things, and events related to possible terrorist activity.
· Context Aware Visualization. DARPA believes that better ways are needed to visualize information than text-based lists, tables, and long passages of unstructured text. Such visualization concepts should respond to a broad range of potential users
with wholly different roles and responsibilities. · Decision Making with Corporate Memory. Decision-makers must consider a full range of possible options to deal with complex asymmetric threats, particularly in light of rapidly changing circumstances. DARPA's activities in this area are
premised on the view that understanding how certain decisions played out in the past is critical to formulating current decision options.
The TIA program is a research and development project. The program is integrating and testing information technology tools. DARPA affirms that TIA's research and testing activities are only using data and information that is either (a) foreign intelligence and counter intelligence information legally obtained and usable by the Federal Government under existing law, or (b) wholly synthetic (artificial) data that has been generated, for research purposes only, to resemble and model real-world patterns of behavior .
The Department of Defense, which is responsible for DARPA, has expressed its full commitment to planning, executing, and overseeing the TIA program in a manner that protects privacy and civil liberties. Safeguarding the privacy and the civil liberties of Americans is a bedrock principle. DoD intends to make it a central element in the Department of Defense's management and oversight of the TIA program. The Department of Defense's TIA research and development efforts address both privacy and civil liberties in the following ways:
· The Department of Defense must fully comply with the laws
and regulations governing intelligence activities and all other
laws that protect the privacy and constitutional rights of U. S.
persons. · As an integral part of its research, the TIA
program itself is seeking to develop new technologies that will
safeguard the privacy of U. S. persons. 5
5 Page 6
7
4 · TIA's research and testing activities are conducted using
either real intelligence information that the federal government
has already legally obtained, or artificial synthetic information
that, ipso facto, does not implicate the privacy interests of U. S.
persons.
The report does not recommend any changes in statutory laws, but instead contemplates that any deployment of TIA's search tools may occur only to the extent that such a deployment is consistent with current law. Accordingly, the report specifically notes that the strictures of current law protecting certain categories and sources of information may well constrain or (as a logistical matter) completely preclude deployment of TIA search tools with respect to such data. Moreover, to the extent that TIA research and development technology is ever applied to data sources that contain information on U. S. persons, the privacy issues raised by these tools are significant ones that will require careful and serious examination. Because TIA is still largely in the research stage, any analysis of these issues is necessarily tentative and preliminary. Several factors would need to be considered in evaluating TIA's suitability for deployment in particular contexts.
· The efficacy and accuracy of TIA's search tools
must be stress-tested and demonstrated. The tools must be shown to
be sufficiently precise and accurate – i. e., a search query
results in only that information that is responsive to the
query. DARPA has expressed its commitment to the necessary testing
to ensure the technological accuracy of TIA's search tools. ·
It is critical that there be built-in operational safeguards
to reduce the opportunities for abuse. DARPA is already researching
whether and how it may be able to build in controls that, at an
architectural level, would govern the TIA program tools. Among the
controls being researched are automated audit trails to document
who accessed the system and how it was used during the session;
anonymization of sources of data and of the persons mentioned in
the underlying data, so that these data could not be revealed
unless it is lawful and warranted; selective revelation of data, so
that additional permissions would need to be obtained in order to
receive additional data; and rigorous access controls and
permissioning techniques. TIA's ultimate suitability for particular
purposes will depend heavily upon DARPA's success on these
technological issues. · It will also be essential to ensure
that substantial security measures are in place to protect
these tools from unauthorized access by hackers or other intruders.
Some of these measures must be built-in at the architectural level;
others will involve the adoption of policies that prescribe who may
have access, for what purposes, and in what manner. · Any
agency contemplating deploying TIA tools for use in particular
contexts will be required first to conduct a pre-deployment
legal review. In this regard, the DoD General Counsel has
directed each operational component within Do D that hosts TIA
technologies to prepare a substantive legal review that examines
the relationship 6
6 Page 7
8
5 between that component and TIA, and analyzes the legal issues
raised by the underlying program to which the TIA tools will be
applied. The General Counsel has advised that all such
relationships should be documented in a memorandum of agreement to
ensure the relationship is clearly understood by all parties. The
DCI's General Counsel is taking comparable steps with respect to
elements of the Intelligence Community, and the Department of
Justice would do so if it ever decides to deploy any TIA
technology.
· There will be a need for any user agency to adopt policies establishing effective oversight of the actual use and operation of the system before it is deployed in particular contexts. There must be clear and effective accountability for misuse of the system.
As DARPA endeavors to achieve these technological developments, the Secretary of Defense will, as an integral part of oversight of TIA research and development, continue to assess emerging potential privacy and civil liberties impacts through an oversight board composed of senior representatives from DoD and the Intelligence Community, and chaired by the Under Secretary of Defense (Acquisition, Technology and Logistics). The Secretary of Defense will also receive advice on legal and policy issues, including privacy, posed by TIA research and development from a Federal Advisory Committee composed of outside experts. The Department of Defense has expressed its intention to address privacy and civil liberties issues squarely as they arise, in specific factual and operational contexts and in full partnership
with other Executive Branch agencies and the Congress. The
protection of privacy and civil liberties is an integral and
paramount goal in the development of counterterrorism technologies
and in their implementation. If these technologies can be
developed, the privacy and civil liberties issues noted above would
have to be carefully considered and resolved in advance of
deployment. 7
7 Page 8
9
Report to Congress regarding the Terrorism Information Awareness
Program In response to Consolidated Appropriations Resolution,
2003, Pub. L. No. 108-7, Division M, § 111( b)
Detailed Information
May 20, 2003 8
8 Page 9
10
i TABLE OF CONTENTS Program Information
__________________________________________________________
1 DARPA's Information Awareness Office
__________________________________________ 1 TIA and High-Interest
TIA-Related Program Information _____________________________ 3
Terrorism Information Awareness (TIA)
_________________________________________________ 3
Genisys __________________________________________________________________________ 5 Genisys Privacy Protection____________________________________________________________ 6 Evidence Extraction and Link Discovery (EELD)___________________________________________ 7
Scalable Social Network Analysis (SSNA)________________________________________________ 9 MisInformation Detection (MInDet)_____________________________________________________ 9 Human Identification at a Distance (HumanID) Program ____________________________________ 10
Activity, Recognition and Monitoring (ARM) ____________________________________________ 11 Next-Generation Face Technology (NGFR) ______________________________________________ 12
TIA Efficacy_________________________________________________________________ 13 The Promise of TIA__________________________________________________________ 13 How TIA Would Work _______________________________________________________ 14 Measuring TIA Progress and Effectiveness ________________________________________ 15 Status of Component Research _________________________________________________ 17 Laws and Regulations Governing Federal Government Information Collection___________ 18 TIA's Impact on Privacy and Civil Liberties, and Recommended Practices, Procedures, Regulations or Legislation for TIA Deployment and Implementation
to Eliminate or Minimize Adverse Effects _________________________________________ 27 Overview__________________________________________________________________ 27 Relevant Information Privacy Principles__________________________________________ 28 Preliminary Assessment of Privacy Implications of TIA and Pertinent Recommendations ____ 30 Appendix A – Detailed Description of TIA and High-Interest TIA-Related Programs_____ A-1 Terrorism Information Awareness (TIA) _______________________________________________ A-1
Genisys _______________________________________________________________________ A-10 Genisys Privacy Protection_________________________________________________________ A-12 Evidence Extraction and Link Discovery (EELD)________________________________________ A-14 Scalable Social Network Analysis (SSNA)_____________________________________________ A-16 MisInformation Detection (MInDet)__________________________________________________ A-17
Human Identification at a Distance (HumanID) Program __________________________________ A-18 Activity, Recognition, and Monitoring (ARM) __________________________________________ A-21 Next-Generation Face Technology (NGFR) ____________________________________________ A-22
Appendix B – Other IAO Programs _____________________________________________ B-1 Genoa II________________________________________________________________________ B-1 Wargaming the Asymmetric Environment (WAE) ________________________________________ B-5 Rapid Analytical Wargaming (RAW)__________________________________________________ B-7 Futures Markets Applied to Prediction (FutureMAP) ______________________________________ B-8
Automated Speech and Text Exploitation in Multiple Languages _____________________________ B-9 Effective, Affordable, Reusable Speech-to-Text (EARS) ________________________________ B-10 Translingual Information Detection, Extraction, and Summarization (TIDES) ________________ B-12
Global Autonomous Language Exploitation (GALE)
___________________________________ B-16 9
9 Page
10 11
ii Situation Presentation and
Interaction_________________________________________________ B-17
Babylon_____________________________________________________________________
B-17
Symphony___________________________________________________________________
B-20 Bio-Event Advanced Leading Indicator Recognition
Technology____________________________ B-21 (Bio-ALIRT)
___________________________________________________________________
B-21 Appendix C – Information Paper on Intelligence
Oversight of INSCOM's Information Operations Center
(IOC)______________________________________________________
C-1
Appendix D – TIA Program Directives___________________________________________ D-1 Appendix E – DARPA– U. S. Army INSCOM Memorandum of Agreement ______________ E-1
FIGURES Figure 1 -IAO Organization
_________________________________________________________________ 2
Figure 2 -TIA Reference
Model_____________________________________________________________
A-7 10
10 Page
11 12
1 Program Information DARPA's Information Awareness
Office Since 1996, the Defense Advanced Research Projects
Agency (DARPA) has been developing information technologies to
counter asymmetric threats. Although the individual efforts
attacked
significant pieces of the problem, they lacked an integrated approach. September 11, 2001, brought home the need for a new research focus on counterterrorism. Already in possession of individual pieces of the counterterrorism puzzle, DARPA created the Information Awareness Office (IAO) in January 2002 to integrate advanced technologies and accelerate their transition to operational users. The relevant existing programs were moved to this new technical office, and some new programs were started in FY 2003. About the same time, the U. S. Army Intelligence and Security Command (INSCOM) was developing the Information Dominance Center (now titled the Information Operations Center). Discussions between DARPA and INSCOM resulted in a joining of forces to create a unique environment for research and development (R& D) to directly and immediately enhance the capabilities of intelligence analysts grappling with ongoing real-world threats. DoD believes this will help ensure transition of the R& D programs to eventual operational use and respond to the urgency of problem solutions. The events of September 11 heightened awareness of the increasing frequency, complexity, and lethality of these threats. In response, the IAO is directing a portfolio of R& D programs focused on significantly improving counterterrorism capabilities in DoD and other agencies within the greater Intelligence Community.
The organization of IAO is shown in the following Figure 1. IAO
is one of eight technical offices under the leadership and
management of the Director of DARPA. The mission statement for IAO
states in part: The DARPA Information Awareness Office (IAO) will
imagine, develop, apply, integrate, demonstrate and transition
information technologies, components, and prototype closed-loop
information systems that will counter asymmetric threats by
achieving total information awareness useful for preemption,
national security warning, and national security decision making.
There are two major sections of the IAO. One section (left side of
diagram) shows the technology side of the office which is organized
by programs that develop technologies and components. Each program
is led by a program manager who has contracts with universities,
commercial companies, and government laboratories to perform the
actual R& D. Technologies and components from all these
programs (except Babylon and Symphony) may be provided to the
Terrorism Information Awareness (TIA) effort, which is the
system-level effort (right side of diagram). These programs are
supplemented with components from other government programs and
commercial sources where appropriate and necessary to create early
versions of a prototype system. In the TIA R& D program, a
prototype network has been established for integrating and testing
tools and concepts in an operational environment. The main node of
TIA network is located in the INSCOM Information Operations Center.
Additional TIA network nodes are located at subordinate INSCOM
commands and other participating organizations from DoD and the
Intelligence Community. DARPA affirms that these age ncies and
commands are using data that is available to them under existing
laws and procedures for the tests. 11
11 Page
12 13
2 Figure 1 -IAO Organization The R& D being conducted in
these programs can be divided into four categories: ·
Technology Integration and Experimentation Programs
-Terrorism Information Awareness (TIA)
· Advanced Collaborative and Decision Support
Programs -Genoa II (collaboration and decision support)
-Wargaming the Asymmetric Environment (WAE) -Rapid Analytical
Wargaming (RAW) -Futures Markets Applied to Prediction (FutureMAP)
· Language Translation Programs -Effective, Affordable,
Reusable Speech-to-Text (EARS) -Translingual Information Detection,
Extraction and Summarization (TIDES) -Global Autonomous Language
Exploitation (GALE) -Babylon (natural language two-way translation
for military field operations) -Symphony (natural language
human-to-computer interface for field operations) 12
12 Page
13 14
3 · Data Search, Pattern Recognition, and Privacy
Protection Programs -Genisys (data base access, data
repository, and privacy protection) -Evidence Extraction and Link
Discovery (EELD) -Scalable Social Network Analysis (SSNA)
-MisInformation Detection (MInDet) -Bio-Event Advanced Leading
Indicator Recognition Technology (Bio-ALIRT) -Human Identification
at a Distance (HumanID) Program -Activity, Recognition, and
Monitoring (ARM) -Next-Generation Face Recognition (NGFR) This
report addresses for TIA and high-interest TIA-related programs:
· Program overview · Program schedule · FY 2004
President's Budget TIA research and development and high-interest
TIA-related programs are discussed in further detail in Appendix A,
which provides each program's technical approach, relationship to
TIA, and program transition/ deployment plans. The high-interest
TIA-related programs, those programs involving data access, data
search, pattern recognition and privacy protection, are those that
are deemed relevant to any discussion of technologies which, if
applied to data on U. S. persons, would raise serious issues about
privacy. These programs are: TIA, Genisys, Genisys Privacy
Protection, EELD, SSNA, MInDet, HumanID, ARM, and NGFR. The details
of other IAO programs are included in Appendix B for
completeness.
TIA and High-Interest TIA-Related Program Information Note: The target date for the deployment of each project listed in this report is the completion date listed, unless identified differently in the descriptive paragraphs.
Terrorism Information Awareness (TIA) The TIA research and development program aims to integrate information technologies into a prototype to provide tools to better detect, classify, and identify potential foreign terrorists. TIA's research and development goal is to increase the probability that authorized agencies of the United States can preempt adverse actions.
The TIA research and development efforts seek to integrate
technologies developed by DARPA (and elsewhere, as appropriate)
into a series of increasingly powerful prototype configurations
that can be stress-tested in operationally relevant environments
using real-time feedback to refine concepts of operation and
performance requirements down to the technology component level. In
a sense, TIA is a program of programs whose goal is the creation of
a counterterrorism information architecture that would: 13
13 Page
14 15
4 · Increase the information coverage by an order-of-magnitude
via access and sharing that can be easily scaled. · Provide
focused warnings within an hour after a triggering event occurs or
an articulated threshold is passed. · Automatically cue
analysts based on partial pattern matches and has patterns that
cover at least 90 percent of all known previous foreign terrorist
attacks. · Support collaboration, analytical reasoning, and
information sharing so analysts can hypothesize, test, and propose
theories and mitigating strategies about possible futures, thereby
enabling decision-makers to effectively evaluate the impact of
current or future policies.
DARPA will work in close collaboration with other participating organizations from DoD and the Intelligence Community for TIA research and development evaluation, technology maturation, and possible transition partners. In the near-term, the main effort will take place within the U. S. Army Intelligence and Security Command (INSCOM). Using output from other programs in IAO, other government programs, and commercial products, the TIA Program intends to create fully functional, integrated, leave-behind component prototypes that are reliable, easy to install, and packaged with documentation and source code (though not necessarily complete in terms of desired features) that will enable the Intelligence Community to evaluate new TIA technology through experimentation and rapidly transition it to operational use, as appropriate.
DoD, on its own, has taken several measures in an effort to ensure that TIA research and development program managers and performing contractors are acutely aware of the unique R& D environment at INSCOM and the special requirements for properly handling sensitive data in such a setting. See Appendix C, "Information Paper on Intelligence Oversight of INSCOM's Information Operations Center (IOC)"; Appendix D, "TIA Program Directives"; and Appendix E, "DARPA-U. S. Army INSCOM Memorandum of Agreement." 1 DoD reaffirms its commitment to ensuring that TIA Program activities are conducted in full compliance with relevant policies, laws, and regulations, including those governing information about U. S. persons. TIA PROGRAM -FY 2004 PRESIDENT'S BUDGET ($ 000):
FY 2002 FY 2003 FY 2004 FY 2005 Completion Date $000 $9,233 $20,000 $24,519 FY 2007
1 DARPA intends to use the memorandum of agreement in Appendix E
as a model to support the establishment of additional TIA test
nodes. 14
14 Page
15 16
5 PROGRAM SCHEDULE: TIA began in FY 2003. The current
schedule through FY 2005 follows. Milestone FY/ Quarter
Design and develop an initial TIA system architecture and document
in a system design document. FY03 (1Q)
Develop, integrate, and deploy initial TIA system prototype based on a suite of COTS, GOTS, and various analytical and collaborative software tools from several IAO programs (i. e., Genoa, TIDES, EELD). FY03 (1Q)
Establish a baseline-distributed infrastructure consisting of software, hardware, and users to support end-to-end continuous experiment environment for TIA system technology. FY03 (1Q)
Submit TIA system performance measurement processes and metrics (v1.0). FY03 (2Q) Initial review Phase II metrics. FY03 (4Q) Final exam and transition to info-cockpit prototype design. FY03 (4Q) Midterm exam – metrics. FY03 (4Q) Plan and execute threat-based red teaming experiments spanning various types of terrorist attacks, CONOPS, and information signals. FY03-FY04
Apply TIA system technology using real-world data and real users to solve real-world problems. FY03-FY05 Identify and assess emerging information technology and CONOPS for use in TIA system network infrastructure and for analytical tools. FY03-FY05 Explore concepts and techniques for analyzing and correlating new data sources applicable to counter terrorism. FY03-FY05 Develop enhanced TIA system prototypes, metrics, and experiments. FY03-FY05 Harden and mature fragile TIA system technology and corresponding CONOPS successfully demonstrated within experiments. FY04-FY05
Genisys The Genisys Program seeks to produce technology for integrating and broadening databases and other information sources to support effective intelligence analysis aimed at preventing terrorist
attacks on the citizens, institutions, and property of the
United States. DARPA's goal is to make databases easy to use so
users can increase the level of information coverage, get answers
when needed, and share information among agencies faster and
easier. DARPA believes that, in order to predict, track, and thwart
attacks, the United States needs databases, containing information
15
15 Page
16 17
6 about potential terrorists and possible supporters, terrorist
material, training/ preparation/ rehearsal activities, potential
targets, specific plans, and the status of our defenses. In DARPA's
view, current commercial technology is far too complex and
inflexible to easily integrate relevant existing databases or to
create new databases for systems that collect legally obtained data
in paper and unstructured formats. DARPA's premise is that
information systems need to be easier to use; thus, technologies
must be more sophisticated.
DARPA's vision is that Genisys technologies will make it possible for TIA properly to access the massive amounts of data on potential foreign terrorists. In FY 2003, the program aims to develop a federated database architecture and algorithms that would allow analysts and investigators to more easily obtain answers to complex questions by eliminating their need to know where information resides or how it is structured in multiple databases. In FY 2004, the program aims to create technology for effectively represent ing and resolving uncertainty and inconsistency in the data values so that intelligence analysis will be faster and more certain. GENISYS -FY 2004 PRESIDENT'S BUDGET ($ 000): FY 2002 FY 2003 FY 2004 FY 2005 Completion Date $000 $6,964 $7,241 $8,588 FY 2007
PROGRAM SCHEDULE: The Genisys Program began in FY 2003 and will conclude in FY 2007. Milestone FY/ Quarter Develop abstract schema (Phase I). FY03 (4Q)
Create technology for effectively representing uncertainty in the database (Phase II). FY04 (4Q)
Develop virtually centralized databases with no practical size limit (Phase III). FY05 (4Q) Improve performance and transition (Phase IV). FY07 (4Q)
Genisys Privacy Protection The Genisys Privacy Protection Program aims to create new technologies to ensure personal privacy in the context of improving data analysis for detecting, identifying, and tracking terrorist
threats. Information systems and databases have the potential to
identify terrorist signatures through the transactions they make,
but Americans are rightfully concerned that data collection,
integration, analysis, and mining activities implicate privacy
interests. The Genisys Privacy Protection Program aims to provide
security with privacy by providing certain critical data to
analysts while controlling access to unauthorized information,
enforcing laws and policies through software mechanisms, and
ensuring that any misuse of data can be quickly detected and
addressed. Research being conducted under other IAO programs may
indicate that information about terrorist planning and preparation
activities exists in databases that also contain 16
16 Page
17 18
7 information about U. S. persons. Privacy protection technologies
like those being developed under the Genisys Priva cy Protection
Program would be essential to protect the privacy of U. S. citizens
should access to this sort of information ever be contemplated. In
FY 2003, DARPA aims to develop algorithms that prevent unauthorized
access to sensitive identity data based on statistical and logical
inference control, and create roles-based rules to distinguish
between authorized and unauthorized uses of data and to automate
access control. In FY 2004, DARPA will seek to enhance these
algorithms and provide an immutable audit capability so
investigators and analysts cannot misuse private data without being
identified as the culprits. These technologies are also applicable
to protecting intelligence methods and sources and reducing the
potential "insider threat" in intelligence organizations.
GENISYS PRIVACY PROTECTION -FY 2004 PRESIDENT'S BUDGET ($ 000): FY 2002 FY 2003 FY 2004 FY 2005 Completion Date $000 $3,921 $3,982 $5,900 FY 2007
PROGRAM SCHEDULE: The Genisys Privacy Protection Program began in FY 2003 and will conclude in FY 2007. The current schedule through FY 2006 follows.
Milestone FY/ Quarter Create privacy algorithms (Phase I). FY03 (4Q)
Create a trusted guard for safeguarding the personal privacy of U. S. citizens (Phase II). FY04 (4Q)
Develop algorithms for automating audit and detecting privacy violations (Phase III). FY06 (4Q)
Evidence Extraction and Link Discovery (EELD) The
objective of the EELD program is to develop a suite of technologies
that will automatically extract evidence about relationships among
people, organizations, places, and things from unstructured textual
data, such as intelligence messages or news reports, which are the
starting points for further analysis. In DARPA's view, this
information can point to the discovery of additional relevant
relationships and patterns of activity that correspond to potential
terrorist events, threats, or planned attacks. These technologies
would be employed to provide more accurate, advance warnings of
potential terroris t activities by known or, more important,
unknown individuals or groups. DARPA believes that they will allow
for the identification of connected items of information from
multiple sources and databases whose significance is not apparent
until the connections are made. To avoid needless, distracting, and
unintended analysis of ordinary, legitimate activities, these
technologies seek to ensure that intelligence analysts view
information about only those connected people, organizations,
places, and things that are of interest and concern and that
require more detailed analysis. 17
17 Page
18 19
8 In FY 2002, the EELD Program demonstrated the ability to extract
relationships in several sets of text; the ability to distinguish
characteristic, relevant patterns of activity from similar
legitimate activities; and improvements in the ability to classify
entities correctly based on their connections to other entities.
These advances have been applied to significant intelligence
problems. In FY 2003, the diversity of detectable relationships is
being increased, the complexity of distinguishable patterns is
being increased, and the ability to automatically learn patterns
will be demonstrated. In FY 2004, the program will evaluate and
transition selected components to the emerging TIA network nodes in
the Defense and intelligence communities and will integrate the
ability to learn patterns of interest with the ability to detect
instances of those patterns. In summary, the EELD Program seeks to
develop technology not only for "connecting the dots, " but also
for deciding which dots to connect— starting with suspect
people, places, or organizations known or suspected to be
suspicious based on intelligence reports; recognizing patterns of
connections and activity corresponding to scenarios of concern
between these people, places, and organizations; and learning
patterns to discriminate as accurately as possible between real
concerns and apparently similar but actually legitimate activities.
EELD -FY 2004 PRESIDENT'S BUDGET ($ 000):
FY 2002 FY 2003 FY 2004 FY 2005 Completion Date $12,309 $16,552 $10,265 $5,515 FY 2005
PROGRAM SCHEDULE: The EELD effort began in FY 2001 and will conclude in FY 2005. Milestone FY/ Quarter Develop Test Set FY02 (1Q)
1st Extraction Evaluation FY02 (4Q) 1st Link Discovery
Evaluation FY02 (4Q) 1st Pattern Learning Evaluation FY02 (4Q) 2nd
Extraction Evaluation FY03 (3Q) 2nd Link Discovery Evaluation FY03
(4Q) 2nd Pattern Learning Evaluation FY03 (4Q) Integrated
Extraction Module FY03 (4Q) Integrated Link Discovery Module FY04
(3Q) Integrated Pattern Learning Module FY05 (2Q) Classified
Evaluation FY04 (3Q) Final Evaluation FY05 (3Q) 18
18 Page
19 20
9 Scalable Social Network Analysis (SSNA) The purpose of the
SSNA algorithms program is to extend techniques of social network
analysis to assist with distinguishing potential terrorist cells
from legitimate groups of people, based on
their patterns of interactions, and to identify when a terrorist group plans to execute an attack. Current techniques in social network analysis take into account only a link among individuals without characterizing the nature of the connection. DARPA believes that there is a need to simultaneously model multiple connection types (e. g., social interactions, financial transactions, and telephone calls) and combine the results from these models. DARPA also believes that there is a need to analyze not only a single "level," such as connections between people or between organizations, but multiple "levels" simultaneously, such as interactions among people and the organizations of which they are a part. Based on publicly available information about the September 11 hijackers, contractors working under the EELD Program and Small Business Innovation Research (SBIR) contracts have demonstrated the feasibility of using these techniques to identify the transition of terrorist cell activity from dormant to active state by observing which social network metrics changed significantly and simultaneously.
In FY 2003, DARPA will develop a library of models of social network features that represent potential terrorist groups. In FY 2004, DARPA will develop algorithms that allow for the discovery of instances of these models in large databases. SSNA -FY 2004 PRESIDENT'S BUDGET ($ 000):
FY 2002 FY 2003 FY 2004 FY 2005 Completion Date $000 $000 $3,348 $4,040 FY 2007
PROGRAM SCHEDULE: SSNA begins in FY 2004 and concludes in FY 2007. A milestone schedule is under consideration.
MisInformation Detection (MInDet) The purpose of the
MInDet Program is to reduce DoD vulnerability to open source
information operations by developing the ability to detect
intentional misinformation and to detect inconsistencies in open
source data with regard to known facts and adversaries' goals. As a
new program, MInDet seeks to improve national security by
permitting the intelligence agencies to evaluate the reliability of
a larger set of potential sources and, therefore, exploit those
determined to be reliable and discount the remainder. Other
potential uses include the ability to detect misleading information
on various Government forms (e. g., visa applications) that would
suggest further investigation is warranted, to identify foreign
sources who provide different information to home audiences and to
the United States, and to identify false or misleading statements
in textual documents. 19
19 Page
20 21
10 In FY 2002, researchers under SBIR contracts demonstrated the
ability to detect public corporations that might be potential
targets of Securities and Exchange Commission (SEC) investigations,
based on their SEC filings, well in advance of actual SEC
investigations. They also demonstrated the ability to distinguish
between news reports of deaths in a particular country as suicides
or murders, depending on whether the sources were the official news
agency or independent reports. In FY 2003, the MInDet Program will
explore a number of techniques for detection of intentional
misinformation in open sources, including linguistic genre
analysis, learning with background knowledge, business process
modeling, and adversarial plan recognition. In FY 2004, MInDet will
select techniques with demonstrated ability to discriminate
misinformation and transition them to selected intelligence and
Defense users.
MINDET -FY 2004 PRESIDENT'S BUDGET ($ 000): FY 2002 FY 2003 FY 2004 FY 2005 Completion Date $000 $3,000 $5,000 $12,000 FY 2007
PROGRAM SCHEDULE: MInDet begins in FY 2003 and concludes in FY 2007. Milestone FY/ Quarter Proof-of-Concept Studies FY03 (2Q)
Proof of Concept Prototypes for Single Document Mis-Information Detection FY03 (4Q)
Multiple Document Mis-Information Detection FY04 (4Q) Multiple Channel Mis-Information Detection FY05 (3Q) Multiple Author Mis-Information Detection FY06 (4Q) Multiple Language Mis-Information Detection FY07 (4Q)
Human Identification at a Distance (HumanID) Program The
HumanID Program seeks to develop automated, multimodal biometric
technologies with the capability to detect, recognize, and identify
humans at a distance. DARPA believes that automated biometric
recognition technologies could provide critical early warning
support against terrorist, criminal, and other human-based threats.
Obtaining this information may prevent or decrease the success rate
of such attacks and provide more secure force protection of DoD
operational facilities and installations. The HumanID Program seeks
to develop a variety of individual biometric identification
technologies capable of identifying humans at great distances in
DoD operational environments. Once these individual technologies
are developed, HumanID will develop methods for fusing these
technologies into an advanced human identification system. This
system will be capable of multimodal fusion using different
biometric techniques with a focus on body parts identification,
face identification, and human kinematics. Biometric signatures
will be acquired from various collection sensors including video,
infrared and multispectral sensors. These sensors will be networked
to allow for complete 20
20 Page
21 22
11 coverage of large facilities. The goal of this program is to
identify humans as unique individuals (not necessarily by name) at
a distance, at any time of the day or night, during all weather
conditions, with noncooperative subjects, possibly disguised and
alone or in groups. HUMANID -FY 2004 PRESIDENT'S BUDGET ($
000):
FY 2002 FY 2003 FY 2004 FY 2005 Completion Date $16,710 $11,120 $4,325 $000 FY 2004
PROGRAM SCHEDULE: The HumanID Program began in FY 2000 and will conclude in FY 2004. Milestone FY/ Quarter Initial development FY01 (1-3Q)
In-situ evaluations FY02 (1Q) FY02 (3Q)
Database development assessments FY01 (2Q) FY02 (1Q) FY02 (3Q) Biometric component evaluation FY02 (1Q) Decision milestone FY02 (2Q) Initial fusion experiments FY03 (1Q) Fusion experiments FY04 (1Q) Final technology evaluation FY04 (1Q)
Activity, Recognition and Monitoring (ARM) The ARM Program seeks to develop an automated capability to reliably capture, identify and classify human activities in surveillance environments. Currently, these types of activities are
identified and analyzed by humans studying real-time and
recorded video sequences. DARPA's premise is that the capability to
automatically identify and classify anomalous or suspicious
activities will greatly enhance national security initiatives by
providing increased warning for terrorist attacks, and increase the
reconnaissance and surveillance capabilities for Intelligence and
Special Operations Forces. ARM capabilities will be based on human
activity models. From human activity models, the ARM Program will
develop scenario-specific models that will enable operatives to
differentiate among normal activities in a given area or situation
and activities that should be considered suspicious. The program
aims to develop technologies to analyze, model, and understand
human movements, individual behavior in a scene, and crowd
behavior. The approach will be multisensor and include video, agile
sensors, low power radar, infrared, and radio frequency tags. The
ARM Program will produce component technologies, and protosystems
for demonstrating and evaluating performance for multiple
scenarios. ARM is 21
21 Page
22 23
12 a new program for FY 2004 that begins with new research areas
identified in the HumanID Program. ARM -FY 2004 PRESIDENT'S
BUDGET ($ 000): FY 2002 FY 2003 FY 2004 FY 2005 Completion Date
$000 $000 $5,500 $9,500 FY 2008
PROGRAM SCHEDULE: The ARM Program begins in FY 2004 and concludes in FY 2008. A milestone schedule is under consideration.
Next-Generation Face Recognition (NGFR) Face recognition technology has matured over the last decade, with commercial systems recognizing faces from frontal still imagery (e. g., mug shots). These systems operate in
structured scenarios where physical and environmental characteristics are known and controlled. Performance under these conditions was documented in the Face Recognition Vendor Test (FRVT) 2000 and FRVT 2002. These evaluations demonstrated the advances in this technology; however, the y also identified performance shortfalls in critical operational scenarios, including unstructured outdoor environments. The ability to operate in these operational scenarios is critical if these technologies are to be deployed in military, force protection, intelligence, and national security applications. DARPA believes that new techniques have emerged that have the potential to significantly improve face recognition capabilities in unstructured environments. These include three-dimensional imagery and processing techniques, expression analysis, use of temporal information inherent in video, and face recognition from infrared and multispectral imagery. The NFGR Program seeks to initiate development of a new generation of facially based biometrics that can be successfully employed in a wide variety of unstructured military and intelligence scenarios. The major components of this program are a systematic development and evaluation of new approaches to face recognition; maturing of prototype systems at operational sites; experimentation on databases of at least one million individuals; and collection of a large database of facial imagery, which includes the variations in facial imagery found in unstructured environments. The NGFR Program aims to produce face recognition systems that are robust to time differences among facial imagery (aging) and variations in pose, illumination, and expression. NGFR is a new program for FY 2004 that begins with new research areas identified in the HumanID Program.
NGFR -FY 2004 PRESIDENT'S BUDGET ($ 000): FY 2002 FY 2003 FY 2004 FY 2005 Completion Date $000 $000 $7,000 $10,140 FY 2007
PROGRAM SCHEDULE: The NGFR Program begins in FY 2004 and
concludes in FY 2007. A milestone schedule is under consideration.
22
22 Page
23 24
13 TIA Efficacy The Promise of TIA
The Terrorism Information Awareness effort is an R& D program focused on a system/ network concept. DoD's efforts are premised on the notion that individual and collective performa nce of those dealing with the terrorist threat can be improved dramatically with the assistance of computer tools working in a system/ network environment.
The counterterrorism problem is characterized by new challenges for intelligence analysts, operators, and policy makers. More than ever before, attempts to "connect the dots" quickly overwhelm unassisted human abilities. The potentially important data sets are massive. The patterns sought are sparse, yet they may be anywhere in huge temporal and spatial regions. Frequently, analysts do not know what they are looking for. DARPA believes that current stovepipe systems do not allow appropriate analysts to have access to all relevant information. Human limitations, biases, and other frailties often lead to consideration of a small part of the data that is available, failure to fully enumerate and evaluate the range of possibilities and outcomes, and failure to provide for adequate consideration of different points of view. The net result can be devastating. In sum, neither individuals nor teams of unaided humans can function with maximum effectiveness in the present environment.
DARPA's aim in TIA research and development is to seek a
revolutionary leap forward by augmenting human performance in
dealing with several facets of the terrorist problem. Through an
aggressive program to harness and integrate a group of computer
tools in various stages of R& D, DARPA plans to assist humans
cope with massive and varied data sets, think and reason about the
counterterrorism problem, and work together in ad hoc teams to
bring diverse points of view to the solutions of the problems. By
augmenting human performance using these computer tools, the TIA
Program expects to diminish the amount of time humans must spend in
discovering information and allow humans more time to focus their
powerful intellects on things humans do best— thinking and
analysis. If successful, the TIA research and development effort
will demonstrate that some or all the tools under development
really do contribute to the successful accomplishment of the
counterterrorism mission— in particular, dramatically improve
the predictive assessments of the plans, intentions, or
capabilities of terrorists or terrorist groups. If successful, TIA
and its component tools would foster the following five goals:
· Secure Collaborative Problem Solving : Would enable
ad hoc groups to form quickly within and across agency boundaries
to bring relevant data, diverse points of view, and experience to
bear in solving the complex problems associated with countering
terrorism. 23
23 Page
24 25
14 · Structured Discovery with Sources and Methods
Security: Would aid in the process of discovering planning and
preparation for international terrorist attacks against the United
States at home and abroad by examining transactions that may be
made in carrying out these planning and preparation activities. If
appropriate and lawful, DARPA envisions that large data sources
including open source and classified intelligence information could
be examined under appropriate strictures, rules, and oversight
mechanisms. · Link and Group Understanding: Would help
identify terrorists and terrorist groups by discovering linkages
amongst people, places, things and events related to suspected
terrorist activities. · Context Aware Visualization:
Would make the information more understandable in a shorter time
and by viewing data in new ways would help reveal otherwise
undetected information such as patterns of activities that may be
detected only by an experienced analyst.
· Decision Making with Corporate Memory: Would deliver to the decision-maker an understanding of history as well as an understanding in breadth and depth of the plausible outcomes of the current situation including a risk analysis of the various actionable options.
How TIA Would Work For an understanding of the potential benefits that DoD believes may be achieved with TIA, it is important to understand how DoD envisions it would work if implemented. Teams of very experienced analysts and other experts (a red team) would imagine the types of terrorist attacks that might be carried out against the United States at home or abroad. They would develop scenarios for these attacks and determine what kind of planning and preparation activities would have to be carried out in order to conduct these attacks. These scenarios (models) would be based on historical examples, estimated capabilities, and imagination about how these tactics might be adapted to take into account preventive measures the United States has in place. The red team would determine the types of transactions that would have to be carried out to perform these activities. Examples of these transactions are the purchase of airlines tickets for travel to potential attack sites for reconnaissance purposes, payment for some kind of specialized training, or the purchase of materials for a bomb. These transactions would form a pattern that may be discernable in certain databases to which the U. S Government would have lawful access. Specific patterns would be identified that are related to potential terrorist planning. It is not a matter of looking for unusual patterns, but instead searching for patterns that are related to predicted terrorist activities.
Analysts from the Intelligence Community would use these models
and other intelligence to guide their use of discovery tools to
search, as appropriate, the permitted databases available to their
respective communities. Procedures and techniques would be in place
to protect the security of sensitive intelligence sources and,
where applicable, the anonymity of U. S. persons if 24
24 Page
25 26
15 access to these types of databases were ever contemplated. The
databases may contain various forms of data including video, text,
and voice in foreign languages. Relevant data would be transcribed
and translated into English. The analysts would work together using
computer tools that allow them to remain with their parent
organizations, yet meet in virtual spaces (something like an
Internet chat room) to reason about a particular problem and share
ideas and information related to the problem. Other computer tools
would identify linkages and relationships with other potentially
relevant information. Requirements for collecting specific new
intelligence to verify or refute the hypothesis being developed
would be identified. There will always be uncertainty and ambiguity
in interpreting the information available. Thus, different
hypotheses would be developed by the analysts to reflect their
differing points of view. These "competing hypotheses" would be
passed to other groups of analysts working in similar virtual
spaces in the operations and policy communities where they would
estimate what these hypotheses might mean for a range of plausible
future attacks. Options for taking actions to prevent the broadest
range of plausible attacks would be developed. Analyses to
determine the risks involved in taking these actions would be
developed. Computer tools would assist the analysts in reasoning
about all these issues and preparing the case for the
decision-maker. Finally, all this information would be presented to
the decision-maker in a manner and form that makes it quickly and
easily understood even though these are almost always complex
issues. The overall objective would be to get the facts and issues
before the decision-maker as early as possible so the
decision-maker has the maximum number of viable options. TIA and
its supporting programs are working on computer tools to aid the
humans in all stages of this process. No stage of the analysis
would stand by itself.
Measuring TIA Progress and Effectiveness Funding for TIA research and development began in FY 2003. It is very early in the prototype TIA system/ network development process to fully assess its efficacy; however, detailed plans are in place to evaluate the added value of a TIA-like system/ network if it were made fully operational. As the R& D and experiments continue, DoD will establish quantitative measures of this added value. This is a fundamental purpose of R& D. Some anecdotal views have been captured during the limited experiments conducted to date.
The major problem in measuring added value in a system/ network
such as TIA is we seldom know the actual truth of the situation. We
can never know for certain that there is a terrorist plan out there
to be detected until after the fact; therefore, DoD is developing
collateral measures of performance. The TIA R& D plan to
measure added value is divided into four categories. DARPA is
developing measures that help it understand performance in these
categories. · Technical. Processing-related system goals; e.
g., numbers of documents ingested, patterns discovered,
associations identified, and data sources investigated. 25
25 Page
26 27
16 · Operational. How the technologies enhance the ways
analysts approach their missions. · Cognitive. How a
technology can effectively increase an analyst's time for thinking
as well as the true effect of a technology in this environment by
normalizing and validating anecdotal evidence that demonstrates how
the computer tools assist the analysts in accomplishing their
missions more effectively.
· Network Interactions. Different ways analysis teams use the network to work together. Researchers will assess the value of individual metrics within these categories in focused experiments. These metrics measurements were started in December 2002, and are just becoming established. This evaluation process will help guide the R& D and eventually influence implementation decisions.
The infrastructure and collection of software tools to be tested and evaluated under the 5-year R& D program are at varying levels of maturity. Some tools are ready for preliminary testing and evaluation, while others will require considerable R& D. At the beginning of the TIA Program, authorization was obtained to establish a virtual private network (VPN) over one of the classified DoD operational networks. The authorization included the ability to use experimental software on this VPN. Agreement has been reached with nine agencies and commands of the intelligence, counterintelligence, and military operational communities to participate in this experimental network. (These entities are listed on page 17.) The tools from the supporting programs that were ready for testing and evaluation were installed. These tools were supplemented with some from commercial sources. The most significant objective achieved is the establishment of a collaborative environment in which these participants can form ad hoc groups across the organizations, discover new experts and ideas, and begin to work operational problems in the global war on terrorism such as: · Analyzing data from detainees from Afghanistan and finding relationships among entities in that data and with additional relationships from all-source foreign intelligence information. · Assessing various intelligence aspects including weapons of mass destruction in the Iraqi situation.
· Aggregating very large quantities of information based on
patterns into a visual representation of very complex
relationships, which enabled rapid discovery of previously unknown
relationships of operational significance. The introduction of a
systematic way of addressing these problems through structured
argumentation has enabled a rapid understanding of issues and
engendered prompt input from the various organizations. One
organization may not have all the expertise required to address
issues, but can quickly obtain assistance from others who do have
the expertise. 26
26 Page
27 28
17 The introduction of easy-to-use collaboration tools has slowly
begun to change the way analysts find expertise to help them answer
a question or resolve a discrepancy. They are becoming less
hesitant to reach out to other acknowledged experts and participate
in online discussions of the issues. Documents and pointers are
provided. The result is a deeper understanding and a measurable
increase of the supporting evidence for a position— all
gained in reduced time. The collaboration tools are also
facilitating the rapid use of feedback from the results of
higher-level analyses to adjust the filter parameters used on the
incoming data.
Experiments have focused on automatically filtering very large amounts of foreign intelligence data to find relevant information in order to reduce the amount of material that must be read by analysts. DoD believes that the results of these initial experiments are very impressive and have revealed information that was not otherwise detected. The details of these experiments are classified and are available in a classified briefing. The most significant measure of future potential is the interest and participation of the nine organizations of the experimental network.
· U. S. Army Intelligence and Security Command (INSCOM) · National Security Agency (NSA) · Defense Intelligence Agency (DIA JITF-CT)
· Central Intelligence Agency (CIA) · DoD's Counterintelligence Field Activity (CIFA) · U. S. Strategic Command (STRATCOM) · Special Operations Command (SOCOM) · Joint Forces Command (JFCOM) · Joint Warfare Analysis Center (JWAC)
These represent a critical cross section of the relevant user domains that are involved in counter-terrorism.
Status of Component Research The development,
testing, and evaluation of some computer tools are in very
preliminary stages and are being conducted in the individual
component programs rather than in TIA. Some of this testing
involves technologies to find specific patterns of transactions
that are related to terrorist planning activities. In these cases,
testing involves the use of synthetic data by research entities
rather than real data by operational users. A portion of this
research is addressing the problems of false alarms. DARPA is faced
with a very difficult problem and only through research will DARPA
be able to determine whether it is possible to find these sparse
pieces of evidence in the vast amount of information about
transactions with an accuracy that can be managed successfully in
later stages of analysis. DARPA is just beginning these tests and
does not yet have any results to report. 27
27 Page
28 29
18 Laws and Regulations Governing Federal Government Information
Collection Public Law 108-7 requires that this report "set[]
forth a list of the laws and regulations that govern the
information to be collected by the Total Information Awareness
program." If and when the TIA Program succeeds in developing
technologies that operational agencies may wish to deploy in the
effort to detect and preempt terrorist activity, those agencies may
need to retrieve specific information from a variety of sources,
including, for example, records of transactions such as airline
reservations. In addition to the restrictions imposed by various
provisions of the Constitution of the United States, such as the
Fourth and Fifth Amendments, there are numerous statutory,
regulatory, and other legal constraints upon the accessing or
gathering of information by Federal Agencies. While few, if any,
statutes flatly prohibit government access to information, Congress
has often prescribed particularized procedures for obtaining
information that falls within specific categories. We interpret
Congress's mandate to set forth "a list of the laws and regulations
that govern the information to be collected by" the TIA Program to
be a directive to enumerate the statutes and regulations that would
constrain any future data collection by federal agencies if and
when they began to deploy the information technology the TIA
program had developed. To the extent that this list goes beyond the
requirements of Public Law 108-7, we have erred on the side of
being over-inclusive.
This task has been accomplished substantively by the Congressional Research Service (CRS) of the Library of Congress, in its Report for Congress: Privacy: Total Information Awareness Programs and Related Information Access, Collection, and Protection Laws (updated version March 21, 2003) (the "CRS Report"). The CRS Report states (at CRS-5), and we agree, that
". . . federal law tends to employ a sectoral approach to the
regulation of personal information. . . . These laws generally
carve out exceptions for the disclosure of personally identifiable
information to law enforcement officials and authorize access to
personal information through use of search warrants, subpoenas, and
court orders. Notice requirements vary according to statute." The
CRS Report identifies and summarizes at some length a large
number of Federal statutes that regulate access to personal
information. See CRS Report at CRS-6— 16;
CRS-21— 29. The statutes identified by the CRS comprise those
that are likely to have the most significant impact on any future
deployment by the operational agencies of technology developed by
the TIA Program. In addition to the laws noted in the CRS
Report, we have identified, and summarize below, further
statutory and regulatory provisions that constrain certain types of
data collection by Federal Agencies. In doing so, we do not in
any way suggest that TIA's search tools should be authorized to
analyze all these forms of data; quite the opposite is true.
Our point— and what we understand Congress to have intended
for us to do— is to enumerate the laws that protect various
kinds of information and that might either constrain or (as a
logistical matter) completely block deployment of TIA search tools
with respect to such data. 28
28 Page
29 30
19 The Fourth Amendment of the United States Constitution imposes
fundamental limits on the types of searches and seizures that may
be conducted, and the Fifth Amendment requires that due process of
law be afforded. In addition, the following statutes, all
identified and described in general detail in the CRS
Report, may be listed:
· Privacy Act, 5 U. S. C. § 552a, as amended by the Computer Matching and Privacy Protection Act of 1988, 5 U. S. C. A. § 552a note · Family Educational Rights and Privacy Act of 1974, 20 U. S. C. § 1232g · Cable Communications Policy Act of 1984, 47 U. S. C. § 551 · Video Privacy Protection Act of 1988, 18 U. S. C. § 2710 · Telecommunicatio ns Act of 1996, 47 U. S. C. § 222 · Health Insurance Portability and Accountability Act of 1996, 42 U. S. C. § 1320d, et seq., together with the Department of Health and Human Service's implementing regulation, Standards for Privacy of Individually Identifiable Health Information, 45 C. F. R. Pts. 160, 164
· Driver's Privacy Protectio n Act of 1994, 18 U. S. C. § 2721 · Title III of the Omnibus Crime Control and Safe Streets Act of 1968, as amended by the Electronic Communications Privacy Act of 1986, 18 U. S. C. §§ 2510 et seq.
· Foreign Intelligence Surveillance Act of 1978, 50 U. S.
C. §§ 1861 et seq. · Electronic
Communications Privacy Act of 1986, 18 U. S. C. §§ 2701
et seq. · Pen Registers and Trap and Trace Devices Act,
18 U. S. C. § 3121 et seq. · U. S. A Patrio t Act
of 2001, Pub. L. No. 107-56 · Homeland Security Act of 2002,
Pub. L. No. 107-296 · Fair Credit Reporting Act of 1970, 15 U.
S. C. §§ 1681 et seq. · Right to Financial
Privacy Act of 1978, 12 U. S. C. §§ 3401 et seq.
· Gramm-Leach-Bliley Act of 1999, 15 U. S. C. §§
6801 et seq. · Children's Online Privacy Protection Act
of 1998, 15 U. S. C. § 6501 29
29 Page
30 31
20 The CRS Report further notes that a variety of
category-specific statutes regulate the use and disclosure of
particular types of information held by the Federal Government,
such as restrictions on the disclosure of tax returns, 26 U. S. C.
§ 6103, or on information collected by the Census Bureau, 13
U. S. C. § 221.
In addition, we note the following statutes, regulations, and other materials. We do not intend to suggest that authorization be given to use TIA's search tools with respect to such data; our point is to enumerate the major statutes protecting many particularly sensitive types of information (statutes that, in many cases, might effectively prevent the use of TIA search tools).
STATUTES: · Child Victims' and Child Witnesses' Rights (18 U. S. C. § 3509): In cases where a child (a person under the age of 18) is or is alleged to be a victim of a crime of physical abuse, sexual abuse, or exploitation, or is a witness to a crime committed against another person, all documents that disclose the name or any other information concerning a child must be kept in a secure place to which no person who does not have reason to know their contents has access. Further, these documents or the information in them that concerns a child can be disclosed only to persons, who, by reason of their participation in the proceeding, have reason to know such information. These restrictions apply to law enforcement personnel as well, including employees of the Department of Justice (DOJ). The name or other information concerning a child may be disclosed to the defendant, the attorney for the defendant, a multidisciplinary child abuse team, a guardian ad litem, or an adult attendant, or to anyone to whom, in the opinion of the court, disclosure is necessary to the welfare and well-being of the child.
· Federal Juvenile Delinquency Act (18 U. S. C.
§§ 5031 et seq.): The Federal Juvenile Delinquency
Act contains a provision at § 5038 which limits the release of
records compiled during federal juvenile delinquency proceedings.
The records may only be released (and only to the extent necessary)
to respond to: (1) inquiries from another court, (2) inquiries from
an agency that is preparing a presentence report for another court,
(3) inquiries from law enforcement agencies if the request is
related to a criminal investigation or to employment in that
agency, (4) inquiries from the director of a treatment or detention
facility to which the juvenile has been committed, (5) inquiries
from an agency considering an applicant for a national security
position, and (6) inquiries from the victim or the deceased
victim's family about the disposition of the juvenile by the court.
· Acquisition, Preservation, and Exchange of Identification
Records and Information (28 U. S. C. § 534): This Act requires
the Attorney General to acquire, collect, classify, and preserve
identification, criminal identification, crime, and other records
and exchange such records and information with and for the official
use of, authorized officials of the Federal Government, the States,
cities, and penal and other institutions. The exchange of records
and information is subject to cancellation if dissemination is made
outside the receiving departments or related agencies. 30
30 Page
31 32
21 · Financial Crimes Enforcement Network (31 U. S. C. §
310): This Act establishes the Financial Crimes Enforcement Network
(FinCEN) as a bureau in the Treasury Department. It authorizes
FinCEN to maintain a government-wide data access service to several
categories of privately and publicly maintained financial
information and to records and data maintained in Federal, state,
local, and foreign governmental agencies, including information
regarding national and international currency flows. FinCEN is to
analyze and disseminate the available data in accordance with
applicable legal requirements and Treasury Department guidelines in
order to identify possible criminal activity, support ongoing
investigations, prosecutions, and other proceedings, support
intelligence or counterintelligence activities to protect against
international terrorism, and for other purposes. Treasury
Department operating procedures in accordance with the Privacy Act
and the Right to Financial Privacy Act of 1978 are to establish
standards and guidelines for determining who is to be given access
to FinCEN data and what limits are to be imposed on the use of such
information, and for screening out of the data maintenance system
information about activities or relationships that involve or are
closely associated with the exercise of constitutional rights.
· Alcohol and Drug Abuse Records (42 U. S. C. § 290dd-2)
and Drug Test Results (Pub. L. No. 100-71, § 503): The Title
42 provision mandates that certain alcohol and drug abuse patient
records may be disclosed, absent consent, only under certain
circumstances: (1) to medical personnel in a bona fide emergency;
(2) to qualified personnel for scientific research (but personnel
may not directly or indirectly ident ify an individual patient in a
report of such research); or (3) under order of a court of
competent jurisdiction. Section 503 mandates that the results of a
drug test of a Federal employee may be disclosed, absent consent,
only under certain circumstances: (1) to the employee's medical
review official; (2) to the administrator of any employee
assistance program in which the employee is receiving counseling or
treatment or is otherwise participating; (3) to any supervisory or
management official within the employee's agency having authority
to take adverse personnel action against such employee; or (4)
pursuant to the order of a court of competent jurisdiction where
required by the U. S. Government to defend against any challenge
against any adverse personnel action. · Americans with
Disabilities Act and the Rehabilitation Act (42 U. S. C.
§§ 12111-12117; 29 U. S. C. §§ 701-797; 38 U.
S. C. §§ 2011-2014; 5 U. S. C. § 2301, § 2302;
Exec. Order No. 11478, as amended by Exec. Order No. 12106): Under
applicable Federal law, the improper release of medical
information, whether inside or outside an agency, may be considered
an act of disability discrimination. 2 Several Federal laws
prohibit employment discrimination against disabled employees or
job applicants because of their disabilities: (1) the Americans
with Disabilities Act of 1990 (ADA) which applies, in general, to
private and state and local government
2 Although the Federal Government is excluded from the definition of "employers" covered by the ADA, the standards of Title I of that Act still apply to Federal employers through the Rehabilitation Act. Federal Agencies are prohibited from discriminating based on physical or mental disability by Section 501 of the Rehabilitation Act. The
standards for determining whether Section 501 has been violated
are the same as those applicable to the ADA. 31
31 Page
32 33
22 employers; (2) the Rehabilitation Act of 1973, which applies to
Federal contractors, private employers receiving Federal funds, and
the Federal Government; (3) the Vietnam-Era Veterans Readjustment
Assistance Act, which applies to federal contractors and
subcontractors and the Federal Government; and (4) the Federal
civil service statutes and related Executive Orders. · The
National Security Act of 1947: The National Security Act contains a
number of provisions that affect the ability of Federal law
enforcement agencies to share information. -50 U. S. C. § 435:
This statutory provision directs the President to establish
procedures to govern access to classified information. The Act
requires that these procedures limit access to those Executive
Branch employees who have
cleared an appropriate background investigation. These procedures were established by Executive Order 12958, signed on April 17, 1995; that Order was comprehensively amended by Executive Order 13292, signed March 25, 2003. Both Orders are discussed below.
-50 U. S. C. § 403-3( c)( 6): This statutory provision gives the Director of Central Intelligence (DCI) the responsibility for "protect[ ing] intelligence sources and methods from unauthorized disclosure." The DCI exercises this
authority by issuing "Director of Central Intelligence Directives" (DCIDs) that address security procedures, protection of information, etc. The DCIDs also apply to the intelligence elements of the Federal Bureau of Investigation (FBI) and the handling of classified information within the FBI generally.
-50 U. S. C. § 403( g): This statutory provision details the responsibilities of the Assistant Director of Central Intelligence for Analysis and Production. These responsibilities, among others, include oversight of the analysis and
production of intelligence by the Intelligence Community; establishing standards and priorities; and monitoring the allocation of resources for analysis and production within the Intelligence Community. -50 U. S. C. § 421: This statutory provision criminalizes the identification of a covert agent to any unauthorized individual.
FEDERAL RULES OF PROCEDURE: · Federal Rule of Criminal Procedure 6( e): Rule 6( e) prohibits government attorneys who supervise grand juries from disclosing "matters occurring before the grand jury," except under the limited circumstances enumerated in the Rule itself. Law enforcement personnel may gain access to grand jury material under the exception to secrecy set forth in Rule 6( e)( 3)( A)( ii), which allows disclosure otherwise prohibited to be made to government personnel deemed necessary by an attorney for the government to assist that attorney in the performance of his/ her duty to enforce federal criminal law.
Section 203 of the U. S. A Patriot Act amended Rule 6( e) to
permit the disclosure of grand jury information involving
intelligence information "to any Federal law 32
32 Page
33 34
23 enforcement, intelligence, protective, immigration, national
defense, or national security official in order to assist the
official receiving that information in the performance of his
official duties." This section requires subsequent notice to the
court of the age ncies to which information was disseminated and
adds a definition of "foreign intelligence information" to Rule 6(
e). This section also requires the Attorney General to develop
procedures for the sharing of grand jury information that
identified a U. S. citizen. The Attorney General issued the
required Guidelines for Disclosure of Grand Jury and Electronic,
Wire, and Oral Interception Information Identifying United States
Persons on September 23, 2002. The provision dealing with the
sharing of grand jury information (§ 203( a)) is not subject
to the sunset provision of the Patriot Act. · Federal Rule of
Criminal Procedure 32: A probation officer must prepare a
presentence report and present it to the court before a sentence is
imposed. The report includes such information as the defendant's
criminal history, financial condition, and a recommended sentencing
range. The report is furnished to the defendant, his/ her attorney,
and the attorney for the Government for objections. The report
cannot be submitted to the court or its contents disclosed to
anyone unless the defendant has consented in writing, has pleaded
guilty or nolo contendere, or has been found guilty.
EXECUTIVE ORDERS: · Executive Order 12333: This Order
governs the conduct of intelligence activities, including
intelligence analysis, to provide the President and the National
Security Council with the necessary information to develop foreign,
defense, and economic policy to protect U. S. interests from
foreign security threats. It seeks to protect the rights of U. S.
persons. It requires the Director of Central Intelligence (DCI) to
ensure the establishment by the Intelligence Community of common
security and access systems for managing and handling foreign
intelligence systems, information, and products; to ensure the
timely exploitation and dissemination of data gathered by national
foreign intelligence collection means; and, in accordance with law
and relevant procedures approved by the Attorney General, to give
the heads of the departments and agencies access to all
intelligence developed by the Central Intelligence Agency (CIA) or
staff elements of the DCI relevant to the national intelligence
needs of the departments and agencies. Other departments and
agencies, including the State Department, Treasury Department, DoD,
and FBI are tasked with specific information collection and
dissemination functions. The Order further authorizes agencies
within the Intelligence Community to collect, retain, or
disseminate information concerning U. S. persons only in accordance
with
procedures approved by the Attorney General. Information of
several kinds relating to U. S. persons may be collected, retained,
and disseminated, including information that is publicly available;
information constituting foreign intelligence or
counterintelligence; information obtained in the course of a lawful
foreign intelligence, counterintelligence, or international
terrorism investigation; information needed to protect foreign
intelligence or counterintelligence sources or methods from
unauthorized disclosure; and information arising out of a lawful
personnel, or 33
33 Page
34 35
24 physical or communications security investigation. Intelligence
Community agencies are directed to use the least intrusive
collection techniques feasible within the United States or against
U. S. persons abroad. Certain information collection techniques may
not be used except in accordance with procedures approved by the
Attorney General; other particular techniques are not permissible.
· Executive Orders 12958 and 13292: These Orders, referenced
above, create an orderly system for handling classified
information. Information is classified based on the damage that
unauthorized disclosure would cause to national security, which
includes defense against transnational terrorism. The most
sensitive information is restricted to the smallest group of people
with a need to know. The classification level of information is
controlled by the agency that owns the information. The "third
agency rule" provides that an agency receiving classified
information must obtain the approval of the disseminating agency
prior to any further dissemination. Further safeguards to restrict
access and prevent unauthorized access or disclosure are required.
In particular circumstances, the Departments of State, Defense, and
Energy and the CIA may establish special access programs. It is a
crime to disclose certain classified information (pertaining to
cryptographic or communication intelligence activities) to an
unauthorized person. See 18 U. S. C. § 798.
REGULATIONS: · 28 CFR 100.20 Confidentiality of Trade
Secrets/ Proprietary Information: Any company proprietary
information provided to the FBI under this part shall be treated as
privileged and confidential and shared only within the government
on a need-to-know basis. It shall not be disclosed outside the
government for any reason inclusive of the Freedom of Information
requests, without the prior written approval of the company.
DEPARTMENT OF JUSTICE GUIDANCE / ORDERS: · Attorney General Guidelines on General Crimes, Racketeering Enterprise and Domestic Security/ Terrorism Investigations: These Guidelines were revised on May 30, 2002, and provide guidance for general crimes and criminal intelligence investigations by the FBI. The standards and requirements set forth therein govern the circumstances under which such investigations may begin and the permissible scope, duration, subject matters, methods, and objectives of these investigations.
· Attorney General Guidelines Applicable to FBI Foreign
Counterintelligence Investigations: The FBI may disseminate
information under these guidelines to other Federal agencies if the
information relates to a crime or violation of law or regulation
that falls within the recipient agency's investigative
jurisdiction, otherwise relates to the recipient agency's
authorized responsibilities, is required to be furnished by
Executive Order 10450, or is required to be disseminated by
statute, Presidential directive, National Security Council
directive, or an interagency agreement that has been approved by
the Attorney General. The FBI may disseminate information to 34
34 Page
35 36
25 state and local governments with appropriate jurisdiction if
such dissemination is consistent with national security.
Dissemination to a foreign government is permitted under specified
circumstances, as is dissemination to Congressional committees and
the White House.
· Attorney General Guidelines Regarding Disclosure to the Director of Central Intelligence and Home land Security Officials of Foreign Intelligence Acquired in the Course of a Criminal Investigation: These guidelines were issued on September 23, 2002, pursuant to § 905( a) of the U. S. A Patriot Act. The guidelines formalize a framework pursuant to § 905( a) for facilitating and increasing the expeditious sharing of foreign intelligence acquired in the course of criminal investigations.
· DOJ 1792.1B Chapter 4, Maintenance of Records and Reports
Systems, Alcohol and Drug Abuse Records: The DOJ's policy is one of
nondisclosure of client records, except to the extent that
nonconsensual disclosure is authorized by law or to the extent
necessary to prevent an imminent and potential crime which directly
threatens loss of life or serious bodily injury. · DOJ 1900.5A
National Security Emergency Preparedness Program and
Responsibilities: The FBI is responsible for providing a response
to foreign counterintelligence and domestic security and terrorism
threats that includes (1) disseminating information, to the extent
that conditions permit, concerning hostile intentions and
activities toward government officials and agencies and (2)
responding to specific requests from senior government officials
and agencies for FBI information related to foreign
counterintelligence and domestic security matters. · DOJ
2620.5A Safeguarding Tax Returns and Tax Return Information:
Employees of the DOJ to whom tax return information is entrusted
are responsible for its safeguarding and are prohibited from
disclosing such information except as permitted by law. Tax
information shall not be disseminated to, discussed with, or
exposed to unauthorized persons. · DOJ 2620.7 Control and
Protection of Limited Official Use Information, Dissemination and
Transmission: Information which has been identified and is known by
recipient as "Limited Official Use" shall be safeguarded from
disclosure to unauthorized individuals whether or not the material
is physically marked. Safeguarding from disclosure includes
precautions against oral disclosure, prevention of visual access to
the information, and precautions against release of the material to
unauthorized personnel. · DOJ 2640.1 Privacy Act Security
Regulations for Systems of Records: This order applies to all DOJ
organizations that maintain systems of personal records. 35
35 Page
36 37
26 DEPARTMENT OF DEFENSE REGULATIONS AND GUIDANCE: ·
DoD 5240.1-R Procedures Governing the Activities of DoD
Intelligence Components That Affect United States Persons: These
procedures, which were approved by the Attorney General, implement
Executive Order 12333. · DoD 5200.27 Acquisition of
Information Concerning Persons and Organizations not Affiliated
with the Department of Defense: This directive governs the
acquisition of information by DoD components other than those with
intelligence and counterintelligence responsibilities. DoD
components are prohibited from collecting, reporting, processing,
or storing information on individuals or organizations not
affiliated with DoD, except when such information is essential to
the accomplishment of specified DoD missions. · 32 CFR 311,
312, 318, 319, 321 through 323, 326, 505, 701.100, and 806b,
Exemption of Records under the Privacy Act: The referenced DoD
systems of records are exempt from various requirements of the
Privacy Act. Each Part of the CFR identifies a DoD Component, such
as the Army, Defense Security Service, Defense Intelligence Agency,
etc., which has claimed an exemption for the record system
identified.
· 32 CFR 310, DoD Privacy Program: This regulation governs
how the DoD protects records covered by the Privacy Act, and under
what conditions, it may, absent consent of the individual about
whom the records pertain, disclose such records. · 32 CFR 275,
Obtaining Information From Financial Institutions : This regulation
governs the procedures for the DoD to use to gain access to
financial records maintained by financial institutions. 36
36 Page
37 38
27 TIA's Impact on Privacy and Civil Liberties, and Recommended
Practices, Procedures, Regulations or Legislation for TIA
Deployment and Implementation to Eliminate or Minimize Adverse
Effects
Overview Public Law 108-7 requires that this report "assess[ ] the likely impact of the implementation of a system such as the Total Information Awareness program on privacy and civil liberties."
Preliminary to any such analysis, DoD wishes to make certain points clear. In seeking to develop innovative information technology that DoD hopes will improve the nation's capabilities to detect, deter, preempt, and counter terrorist threats, TIA's research and testing activities have depended entirely on (1) information legally obtainable and usable by the Federal Government under existing law, or (2) wholly synthetic, artificial data that has been generated to resemble and model real-world patterns of behavior. Further, the TIA Program is not attempting to create or access a centralized database that will store information gathered from various publicly or privately held databases.
Nevertheless, ultimate implementation of some of the component programs of TIA may raise significant and novel privacy and civil liberties policy issues. Largely because of the greater power and resolution of TIA's search and data analysis tools, questions will arise concerning whether the safeguards against unauthorized access and use are sufficiently rigorous, and whether the tools can or should be applied at all with respect to certain types of particularly sensitive information. In addition, privacy and civil liberties issues may arise because some would argue that the performance and promise of the tools might lead some U. S. Government agencies to consider increasing the extent of the collection and use of information already obtained under existing authorities. The DoD has expressed it s full commitment to planning, executing, and overseeing the TIA Program in a manner that is protective of privacy and civil liberties values. Safeguarding the
privacy and the civil liberties of Americans is a bedrock
principle. DoD intends to make it a pervasive element in the DoD
management and oversight of the TIA Program. These two sets of
interests— privacy and civil liberties— are
complementary, yet distinct. Privacy relates primarily to the right
of the individual person to freedom from various forms of
governmental intrusion and unwanted exposure of sensitive
information; while civil liberties relate primarily to the
protection of the individual's constitutional rights to, among
others, freedom of expression, freedom of the press and assembly,
freedom of religion, interstate travel, equal protection, and due
process of law. The DoD's TIA work addresses both privacy and civil
liberties in three principal ways: · In its TIA work, as in
all of its missions, the DoD must fully comply with the laws and
regulations governing intelligence collection, retention, and
dissemination, and all other laws, procedures, and controls
protecting the privacy and constitutional rights of U. S. persons.
37
37 Page
38 39
28 · TIA is seeking to develop new technologies, including
Genisys Privacy Protection, that will safeguard the privacy of U.
S. persons by requiring, documenting, and auditing compliance with
the applicable legal requirements and procedures. · TIA's
research and testing activities are conducted using either real
information that the Federal Government has already legally
obtained under existing legal regimes, or synthetic, wholly
artificial information generated in the laboratory about imaginary
persons engaged in imaginary transactions— data that by
definition does not implicate the privacy interests of U. S.
persons. In addition to these measures, the DoD intends, as an
integral part of oversight of TIA, to continuously monitor and
assess emerging potential privacy and civil liberties issues.
Because
TIA is still largely in the developmental stage, any effort to identify such issues is, of necessity, preliminary. Nonetheless, we believe that certain overall privacy policy issues can be identified, and we have made preliminary recommendations below with respect to those issues. As TIA research efforts move forward, examination of these issues will require a detailed and rigorous understanding of the particular tool and data involved, their present and potential future
contributions to the public safety and other national interests, their impact on privacy values, and the legal, policy, technological, and human engineering checks and balances that are already in place as well as additional checks and balances that may be imposed on the use of the particular tool and data. Addressing these issues will lead to a careful determination of the correct course of action after assessing these values and interests in light of our Nation's commitment to security and privacy. These issues will be illuminated by the progress of TIA in developing and testing tools by lawful means and applying these tools against both synthetically generated and lawfully acquired data.
To accomplish this objective of ongoing and effective oversight and review, a senior representative of the DoD will chair an oversight board. This oversight board and the Secretary of Defense will receive advice on legal and policy issues, including privacy, posed by TIA from a Federal Advisory Committee composed of outside experts.
This report does not recommend any changes in statutory law, but instead contemplates that any deployment of TIA's search tools may occur only to the extent that such a deployment is consistent with current law. Accordingly, the strictures of current law protecting certain categories and sources of information may well constrain or (as a logistical matter) completely preclude deployment of TIA search tools with respect to such data. Relevant Information Privacy Principles
As with any intelligence activity, the use of TIA tools and
technologies by operational agencies must be conducted in
accordance with all relevant regulations, statutes, and
constitutional principles. Moreover, the development of TIA tools
and techniques by DARPA must comply with all applicable laws. Above
and beyond these basic legal requirements, however, a proper
consideration and resolution of the privacy policy issues that are
raised by TIA is necessary. 38
38 Page
39 40
29 A proper analysis of the privacy policy issues that would be
raised by deployment of TIA should first begin with some
articulation of the general privacy principles that should
guide that analysis. In light of the unspeakable terrorist acts to
which our country has been subjected and the further terrorist
threats we may face in the future, there can be no question but
that the government must devise ways to better enable it to detect
such threats before they occur. The question is how to accomplish
that in a manner that preserves, and even strengthens, our basic
commitment to privacy and civil liberties. In a sense, one simple
idea captures both sides of the coin in the security versus privacy
debate: "Knowledge is power." The more information the government
has, the more it can find out about terrorists' plans and act to
prevent them. On the other hand, the more information the
government has about our citizens, the more opportunities there are
that such information could be seriously misused. The goal of any
sensible information privacy policy must be to help to ensure that
activities relating to information collection, storage, sharing,
and analysis do not threaten privacy and civil liberties. Any
attempt to articulate overall policy principles concerning
information privacy will necessarily be somewhat generalized. The
answer in any given case will depend upon the particular issue and
the competing values at stake. Nonetheless, some general
considerations can be described that can help to structure and
guide the analysis of such issues:
The importance of identifying the nature and magnitude of the particular privacy interests implicated
· There are a variety of different privacy interests, and they are not all of the same magnitude. Saying that something presents "privacy concerns" should be the beginning of an analysis as to the nature and severity of those concerns, the strength of the countervailing interests, and whether and how the privacy concerns identified can be mitigated. The basic concept of informational privacy includes several key concerns, not all of which are of the same degree and character. Among the most important are the following concerns : -Access to particularly sensitive information. Certain kinds of information about a person (e. g., medical records and tax records) are particularly
sensitive, because access to such information presents serious opportunities for abuse. Most such sensitive categories of information are already covered by detailed statutory and regulatory regimes. -Access to aggregate individually identifiable information. Even when individual items of data are not particularly sensitive, access to an aggregation
of significant quantities of personal data on specific persons presents opportunities for misuse and for unwarranted intrusion into personal matters.
-Maintaining and storing individually identifiable
information. The storage by the government of individually
identifiable information, precisely because of its permanence,
increases the practical possibilities for misuse of the
information. 39
39 Page
40 41
30 -Capacity for unauthorized access to individually
identifiable information. Any system for accessing or storing
personal information must be secure against intruders and other
unauthorized users, who may seek to use it for improper
purposes.
-Capacity for unauthorized use of particular investigatory tools. Consideration must be given as to whether there is anything about the particular characteristics or usage of a given tool that itself creates additional possibilities for misuse by persons who have authorized access.
-Accuracy of individually identifiable information. If inaccurate information is publicly disseminated, that may harm reputational interests, and if it is used as a basis for important decisions affecting the individual, it will have additional and potentially significant adverse impacts.
The importance of practical, operational safeguards · When it comes to analyzing privacy issues, "thou shalt not" is good, but "thou cannot" is better. Anyone who has ever worked to design a system to protect valuable information (such as a trade secret) appreciates the need for internal operational safeguards that reduce the opportunities for mischief. There is a need to have legally enforceable prohibitions against any mischief that nonetheless occurs, but additional internal operational safeguards are also necessary.
Consideration of the weight of competing values · In light of the nature and magnitude of the particular privacy interests implicated, the available practical means for mitigating those concerns, and an assessment of the actual practical value of the tools in question for protecting against terrorist threats, an evaluation must then be made as to whether particular deployments of the technology can be carried out in a way that achieves those objectives without sacrificing privacy.
Preliminary Assessment of Privacy Implications of TIA and Pertinent Recommendations
Introduction With these basic principles in mind, some
preliminary observations can be made about the likely impact of the
implementation of TIA on privacy and civil liberties, and some
recommendations concerning the measures that may be warranted to
eliminate or minimize adverse concerns on privacy and other civil
liberties. Because TIA is still largely in the developmental stage,
these observations are, of necessity, preliminary. 40
40 Page
41 42
31 DoD, however, wishes to emphasize two fundamental points at the
outset. First, DoD must pursue any technological breakthroughs in
the various TIA programs, which are described in this report, in
full compliance with existing law. Second, the Department of
Defense, the Department of Justice, and the Central Intelligence
Agency take very seriously the obligation to protect privacy and
civil liberties. Accordingly, any deployment of TIA tools would
occur only after careful analysis of the relevant policy issues and
in accordance with the recommendations set forth below. One measure
of the importance DoD attaches to privacy and civil liberties
issues is reflected in the fact that, in addition to the other
measures undertaken by DoD in analyzing these issues, the
Secretary of Defense has sought the guidance of outside experts. DoD has established a Federal Advisory Committee to advise the Secretary of Defense on the legal and policy issues, particularly those related to privacy, that are raised by the application of advanced technologies to be used in the war on terrorism, such as TIA. This advisory committee is expected to hold its first meeting in late May 2003. Particular TIA Programs that Have Raised Privacy Concerns The privacy concerns that have been raised with respect to TIA focus on the data search and pattern recognition tools that are being researched. Broadly speaking, the data search, pattern recognition, and privacy protection programs include eight different technologies: Genisys, Evidence Extraction and Link Discovery (EELD), Scalable Social Network Analysis (SSNA), MisInformation Detection (MInDet), Bio-Event Advanced Leading Indicator Recognition Technology (Bio-ALIRT), Human Identification at a Distance (HumanID) Program, Activity Recognition Monitoring (ARM), and Next-Generation Face Recognition (NGFR). These eight programs do not all raise the same issues or the same level of concern. Bio-ALIRT relies on using aggregate statistical data or anonymized data that eliminates concerns about individually identifiable data. DARPA affirms that use and collection of data by Bio-ALIRT must be done in accordance with all applicable laws. The various tools for human identification at a distance (HumanID, ARM, and NGFR) would raise significant privacy issues, depending upon their efficacy and accuracy, the places and circumstances in which they were deployed, and whether they were used to analyze (or to justify longer retention of) stored surveillance tapes of public places. DoD is committed to ensuring that these issues receive careful analysis as these programs move forward, but they are not the programs that have given rise to the greatest level of concern (or that gave rise to this report).
The primary privacy concerns raised about TIA focus on the data
search and analysis tools: Genisys, EELD, SSNA, and MInDet. The
privacy concerns raised by TIA's search tools, of course, will
depend significantly upon the types of information contained in the
databases for which use of these tools is authorized, and upon the
authorities, procedures, and safeguards that are established. At
the present time, the only tools from this category that are being
used in TIA network tests come from the EELD Program and they are
being applied only with respect to foreign intelligence data.
41
41 Page
42 43
32 As research on the tools progresses and additional deployments
are considered, different concerns will be raised depending upon
the types of information in the authorized databases. If, for
example, a particular deployment permitted only querying of
databases on non-U. S. persons, that would present less concern
than would querying for information about foreigners in databases
that also happen to contain information on U. S. persons, which in
turn would raise less concern than would querying about U. S.
persons directly. With this important reservation in mind, a number
of general observations can be made about the likely privacy
concerns and the possible methods for analyzing and resolving those
concerns.
Privacy Issues that TIA Does Not Raise In analyzing the privacy issues that are raised by these particular TIA programs, it is important to recognize what they do not do.
· Nothing in the TIA Program changes anything about the types of underlying information to which the go vernment either does or does not have lawful access, nor does it change anything about the standards that must be satisfied for accessing particular types of data. TIA does not grant the government access to data that is currently legally unavailable to it. On the contrary, any deployment of TIA would have to operate within the confines imposed by current law. Accordingly, to the extent that access to certain particularly sensitive categories of information is restricted by law, the deployment of TIA search tools with respect to such data would comport with such standards, or (depending upon the nature of the legal restriction) in some cases might be logistically infeasible altogether.
· As conceived, TIA's search tools, if and when used by
operationa l agencies, would leave the underlying data where it is,
extracting only what is responsive to a specific and defined query,
and not engaging in random searches. While this does not eliminate
all privacy concerns, this feature of TIA is an important and, on
balance, privacy-enhancing logistical limitation, because the
practical risks for misuse of personal data would be increased if
complete possession and control of the relevant data were assumed
by the government. · Just as TIA would leave the underlying
data where it is, it would, in terms of the substance of such
information, take the data as it finds it. That is, nothing in the
implementation of TIA envisions that parties whose databases would
be queried should begin collecting data that they do not already
collect. This avoids a significant privacy concern that would
otherwise be present. · It follows as a corollary to the
previous points that TIA does not, in and of itself, raise any
particular concerns about the accuracy of individually identifiable
information. On the contrary, TIA is conceived of as simply a tool
for more efficiently inquiring about data in the hands of others,
and in theory these inquiries currently could be made by more
labor-intensive human efforts. Although (quite apart from TIA)
various concerns have been raised about the quality and accuracy of
databases that are in private hands, these general concerns would
exist regardless of the method 42
42 Page
43 44
33 chosen to query these databases and, thus, do not present a
concern specific to TIA. Of course, to ensure the accuracy and
utility of any information retrieved by TIA's search tools,
consideration should be given, in implementation, to the quality of
the databases to be queried.
Privacy Issues Raised by TIA and Recommendations for Addressing these Issues The primary privacy issues raised by TIA are threefold: · Aggregation of data · Unauthorized access to TIA · Unauthorized use of TIA
To the extent that TIA's search tools would ever be applied to data sources that contain information on U. S. persons, the privacy issues raised by these tools are significant ones that would require careful and serious examination. As a logistical matter, there is a "practical obscurity" inherent in the dispersal of scattered bits of personal data. TIA's search tools have the capacity to eliminate this practical obscurity and to provide a user with quick access to a wide range of information. The potential benefits of such a tool in identifying terrorist activity could be significant. On the other hand, the potential harm that could result from misuse of this effective aggregation of large quantities of data are obvious. Several factors need to be considered in evaluating TIA's suitability for deployment in particular contexts.
· The efficacy and accuracy of TIA's search tools must be stress-tested and demonstrated. The tools must be shown to be sufficiently precise and accurate; i. e., a search query results in only that information that is responsive to the query. TIA's tools must be demonstrated to be sufficiently precise so that, if only a limited query is legally authorized, the data retrieved remains within the strictures of the law and the query does not grant access to data that may not lawfully be accessed. DARPA has expressed its commitment to the necessary testing to ensure the technological accuracy of TIA's search tools. 3 Moreover, the Secretary of Defense has established an oversight framework governing the R& D phases of this project. To ensure the R& D activities being pursued under the TIA Program continue to be conducted in accordance with all applicable laws, regulations, and policies, the Secretary of Defense established in February 2003 an internal oversight board to oversee and monitor the manner in which TIA tools are being developed and prepared for transition to real world use. This board, composed of senior DoD and Intelligence Community officials, will establish policies and procedures for testing of the TIA-developed tools. In addition, the board will examine the various tools in light of existing privacy protection laws and policies and recommend appropriate program modifications to DARPA.
3 This particular efficacy concern is distinct from, and in addition to, the basic question of whether the TIA tools can produce the positive value contemplated. As made clear elsewhere in this Report, if the tools developed in TIA "cannot extract terrorist signatures from a world of noise, even for simulated data, then there is no reason to
proceed." See infra at Appendix A-11. 43
43 Page
44 45
34 · This is a situation in which the need for built-in
operational safeguards to reduce the opportunities for abuse
are absolutely critical. DARPA is already researching whether and
how it may be able to build in controls that, at an architectural
level, would govern TIA's search tools. Among the controls being
researched are automated audit trails to document who accessed the
system and how it was used during the session; anonymization of
sources of data and of the persons mentioned in the underlying
data, so these data could not be revealed unless it is lawful and
warranted; selective revelation of data, so additional permissions
would need to be obtained in order to receive additional data; and
rigorous access controls and permissioning techniques. TIA's
ultimate suitability for particular purposes will depend heavily
upon DARPA's success on these technological issues. · It will
be essential to ensure that substantial security measures
are in place to protect these tools from unauthorized access by
hackers or other intruders. Some of these measures must be built-in
at the architectural level; others will involve the adoption of
policies that prescribe who may have access, for what purposes, and
in what manner. · Any agency contemplating deploying TIA's
search tools for use in particular contexts will be required to
conduct a pre-deployment legal review of whether the
contemplated deployment is consistent with all applicable laws,
regulations, and policies. Some particular deployments, for
example, might only be legally permissible if the tools developed
had been shown, as a technological matter, to properly avoid
retrieving data on U. S. persons, whether through anonymization
techniques or otherwise. In this regard, it should be noted that
the DoD General Counsel has directed each operational component
within DoD that hosts TIA tools or technologies to prepare a
substantive legal review that examines the relationship between
that component and TIA and analyzes the legal issues raised by the
underlying program to which the TIA tools will be applied. The
General Counsel also has advised that all such relationships should
be documented in a memorandum of agreement between TIA and the
component to ensure that the relationship is clearly understood by
all parties. These memoranda of agreement with non-DoD components
will specify that a similar legal review be conducted by the
non-DoD component.
· There will be a need for any user agency to adopt
policies establishing effective oversight of the actual use
and operation of the system before it is deployed in particular
contexts. This will include periodic and spot auditing and testing
of the system, periodic review of its operation, restrictions on
access to the system, and prompt and effective procedures for
detecting and correcting misuse of the system and for punishing the
violators. There must be clear and effective accountability for
misuse of the system. 44
44 Page
45 46
35 An additional privacy issue is whether there is anything about
the particular technological architecture of the TIA tools
that implicates specific privacy concerns, i. e., issues over and
above those inherent in the overall nature of the task the tool is
performing. One such issue relates to the manner in which the TIA
tools would achieve interoperability with the databases with which
they interact. If, for example, this would require installation of
government-developed software code onto privately owned databases,
this will raise a potentially significant privacy concern. Analysis
of this issue would require a consideration of a number of
different factors, including the feasibility of alternative
mechanisms and whether transparency could be achieved, without loss
of security, by making publicly available the underlying software
code installed.
Finally, the various tools for human identification at a distance (HumanID, ARM, and NGFR) may raise significant privacy issues if deployed in particular contexts. As an initial matter, any deployment of these tools in the United States would need to be reviewed in advance in order to ensure compliance with the strictures of the Fourth Amendment. Cf. Kyllo v. United States, 533 U. S. 27 (2001) (use of infrared technology can constitute a "search"). In addition, certain privacy policy issues would need to be considered. These issues primarily relate to the accuracy of these tools, the potential concerns about aggregation of data, and concerns about misuse. Resolution of these issues requires an evaluation of whether these tools can be shown to be accurate for their intended purposes, whether a particular location would be appropriate for their use, and whether they would be used to analyze (or to justify longer retention of) stored surveillance tapes of public places. These issues should receive careful analysis as these programs move forward.
In closing, DoD would like to underscore its realization that
the successful development and the effective deployment and use of
TIA tools may pose additional specific and currently unidentifiable
privacy policy issues. DoD believes that the best way to navigate
these issues consistent with our Nation's most cherished values is
to pursue the development of the most effective and most
privacy-protecting tools possible and to address privacy and civil
liberties issues squarely and continua lly as they arise, in
specific factual contexts and in full partnership with other
Executive Branch agencies and the Congress. DoD has expressed its
commitment to the rule of law in this endeavor and views the
protection of privacy and civil liberties as an integral and
paramount goal in the development of counterterrorism technologies.
45
45 Page
46 47
A-1 Appendix A – Detailed Description of TIA and
High-Interest TIA-Related Programs The target date for the
deployment of each program is the completion date listed, unless
identified differently in the descriptive paragraphs. Besides TIA,
other TIA-related programs considered as high interest within the
context of this report include: · Genisys · Genisys
Privacy Protection · Evidence Extraction and Link Discovery
(EELD)
· Scalable Social Network Analysis (SSNA) · MisInformation Detection (MInDet) · Human Identification at a Distance (HumanID) · Activity, Recognition and Monitoring (ARM) · Next Generation Face Recognition (NGFR)
Terrorism Information Awareness (TIA) OVERVIEW: TIA is a Defense Advanced Research Projects Agency (DARPA) research program that will integrate advanced collaborative and decision support tools; language translation; and data search, pattern recognition, and privacy protection technologies into an experimental prototype network focused on the problems of countering terrorism through better analysis. If successful and transitioned to operational uses, this program of programs would provide decision-and policy-makers with information and knowledge about terrorist planning and preparation activities that would aid in prevent ing future international terrorist attacks against the United States at home and abroad. If deployed, a TIA-like system/ network could provide the Department of Defense (DoD) and Intelligence Community with tools and methods to solve many of the problems that have been identified in the aftermath of the attacks against the United States on September 11, 2001, and that call for improved analysis in our continuing war against terrorism. The report of the Congressional Joint SSCI-HPSCI Inquiry into the Events of 9/ 11/ 01 4 concludes that the failure to identify the threat prior to the attacks of September 11, 2001, had less to do with the ability of authorities to gather information than with their inability to analyze, understand, share, and act on that information. The major problems that TIA research and development aim to address include: the difficulties of sharing of data across agency boundaries; mistaking absence of evidence for evidence of absence; confusing unfamiliar with improbable; having too many unknown unknowns, generating a single hypothesis versus competing hypotheses; and better exploitation of all permitted and open source information. DARPA believes that, in most cases, these problems exist in part because of a lack of applied technology to aid the human assessment and analytic processes. In today's world, the amount of information that needs to be considered far exceeds the capacity of the unaided humans in the system. Adding more people is not necessarily the
4 Final Report of the Joint SSCI/ HPSCI Inquiry into the Events
of 9/ 11/ 01 dated Dec 10, 2002 46
46 Page
47 48
A-2 solution. In DARPA's view, we need to provide a much more
systematic methodological approach that automates many of the lower
level functions that can be done by machines guided by the human
users and gives the users more time for the higher level analysis
functions which require the human's ability to think.
TIA is one of the research and development programs of DARPA's Information Awareness Office (IAO), which was established in January 2002. IAO was formed to bring together, under the leadership of one technical office director, several existing DARPA programs that were largely focused on R& D in various information technologies relevant to DoD's future capabilities in combating the asymmetric threat, and for imagining and creating some new programs that would be needed to fully address the technology needs for a complete prototype system/ network to respond to the terrorist threat (one kind of asymmetric threat) in the wake of September 11. TIA is the system/ network-level integration program, while other IAO programs are designed to provide technologies and components needed by TIA. TIA will integrate these technologies and provide them to various organizations for experiments and will assess their utility in operationally relevant contexts. The TIA research and development program began in FY 2003. Funding for FY 2003 through FY 2005 as proposed in the FY 2004 President's Budget submission is $53,752, 000. A number of organizations in the Intelligence Community have shown great interest in working with the TIA research and development effort to test and evaluate technologies. The organizations already participating or planning to participate in the near future in TIA's spiral development and experiments include:
· U. S. Army Intelligence and Security Command (INSCOM)
· National Security Agency (NSA) · Defense Intelligence
Agency (DIA JITF-CT) · Central Intelligence Agency (CIA)
· DoD's Counterintelligence Field Activity (CIFA) · U. S.
Strategic Command (STRATCOM) · Special Operations Command
(SOCOM) · Joint Forces Command (JFCOM) · Joint Warfare
Analysis Center (JWAC) DARPA is providing these agencies and
commands with system/ network infrastructure and concepts; software
analytical tools; installing this software; providing training on
its use; observing experiments; evaluating the performance of the
software; and collecting user comments on needed changes,
modifications, and additions to the software. The operational
agencies and commands are providing facilities and personnel to
conduct these experiments and they are using data available to them
in accordance with existing laws, regulations and policies
applicable to each of them. In the TIA research and development
vision, four user domains must work together to comprehensively
counter the terrorist threat: intelligence, counterintelligence,
operations, and policy. Three of these domains are represented in
the above list of agencies and commands 47
47 Page
48 49
A-3 participating in experiments with TIA. It is envisioned that a
national security policy organization will be added to the
experiments. To help realize the TIA vision, fiv