Security and Privacy

Stephen DeAngelis

July 21, 2006

Life is filled with tensions, some good and some not so good. Creative tensions, for example, help generate innovations and those who must deal with them are seldom complacent. One of the current tensions being confronted in the global war on terrorism is between security and privacy. The tension is so palpable that any program which confronts it is automatically (and rightfully) viewed with suspicion. There was a time when the government could ask for people’s trust in the name of security and it was more-or-less freely given. Unfortunately, government excesses and an increasingly blatant disregard for checks and balances have almost completely eroded people’s uncritical trust of secret government programs. This tension recently surfaced again in a USA Today article on government data mining [“Feds sharpen secret tools for data mining,” by Matt Kelley, 20 July 2006].

The article talks about programs that are continuing to be developed and deployed to help the government track potential terrorists. The programs “search through financial, communications, travel and other personal records of people in the USA and around the world for connections to terrorism, according to public records and security experts.” No one doubts that there is potential for abuse with such programs.

At least five of the data-mining programs were developed under a Pentagon program, called Total Information Awareness (TIA), that Congress disbanded nearly three years ago because of concerns that it threatened personal privacy, according to government records and participants in the projects. … The law eliminating TIA allowed some areas of research to continue: detecting biological weapons, analyzing recorded speech or written text in multiple languages, and creating two computer simulations to test various counterterrorism scenarios. The law also allowed work to continue on an unspecified number of projects authorized in a classified appendix.

I have no doubts that such programs are needed. The global war on terrorism involves what some analysts call fourth generation warfare (4GW). This type of conflict is characterized by asymmetries. The 11 September attack was a classic example. Terrorists did not attempt to confront America’s military might; instead, they used commercial aircraft to attack symbols of America’s financial, military, and political might. America’s military could only patrol empty skies in the aftermath of the attack. That is the purpose of assymetric warfare, to render an enemy’s strengths impotent. A resilient nation, however, learns how to adapt and use its stengths in new ways. One of America’s strengths is its IT sector and the U.S. needs to use that expertise to its advantage.

One surviving TIA program is a data-mining software development effort led by researchers at the University of Connecticut. The software, called Adaptive Safety Analysis and Monitoring (ASAM), was designed to uncover patterns of terrorist activity and suggest ways to intervene and stop terrorist plots. ASAM is meant to computerize the tedious work of examining reams of data to find links that may reveal terrorism, such as travel or communication patterns, says Peter Willett, one of the University of Connecticut researchers. “I heard someone say that an intelligence analyst’s job is like watching 100 channels of TV at a time, looking for the right information,” Willett says. “If we can tell them what channel to tune to, we’d be doing our job.”

That is a great analogy. The challenge is to mine data in such a way that abuses are minimized. That is no easy challenge. Until recently Congress and the courts showed little appetite for fulfilling the checks and balances role the Constitution places on them and a politically-appointed oversight group would never achieve the public’s trust. Marc Rotenberg, executive director of the Electronic Privacy Information Center, expresses the greatest concern about oversight in this way: “The key problem here is the absence of accountability.”

Because these programs are and must remain secret in order to be effective, how does one achieve accountability and foster public trust? The courts have recently undermined whistleblower laws, which means “going public” can be problematic. Even internal whistleblowing can be hazardous to your job. An article in today’s Washington Post discusses the firing a of BAE Systems contractor who was blogging on a top secret net and discussed the politically-sensitive issues of torture and the Geneva Conventions [“Top-Secret World Loses Blogger,” by Dana Priest, 21 July 2006]. Neither the USA Today article nor the Washington Post article proffered solutions to the oversight problem.

The challenges involved in the war on terrorism certainly require extraordinary measures and I’m convinced that we can meet these challenges and reduce the tensions created when security meets privacy. An independent oversight board (whose members are appointed by both the executive and legislative branches) complemented by judicial oversight court appears to be the most obvious solution for providing checks and balances. The stature, integrity, and credentials of oversight board members should help assuage public fears and their having direct access to the court would make the process both quick and effective. Tying our hands in this asymmetrical fight is not the right answer. However, effective tools must also be ethical tools.