Canary In a Data Mine

By J.A. Savage, AlterNet
December 17, 2002

A few items at the local Wal-Mart find their way into your basket – a computer hard drive, a wrench, a discounted Halloween mask, a gallon of lighter fluid, and a CD of The Coup’s album Party Music. You look in your wallet. No cash. You pay with the ATM card. The bored woman at the register asks for your zip code, and, distracted, you give it to her.

Wal-Mart’s streaming data secrets your purchase data to Arlington, Virginia, where it hooks up with a speeding ticket you got at the Canadian border last week and your subscription to The Nation. Next thing you know, two FBI agents are at your door with probable cause to sift through your belongings. They find a small bag of pot your old roommate left behind and a copy of the book "Bomb the Suburbs." Your patriotism is suddenly questioned at headquarters.

This scenario is being painted by even those only moderately fearful of how the new Total Information Awareness program under Defense Advanced Research Projects Agency (DARPA) will work with the new, encompassing, Homeland Security Act. TIA’s intended purposes is to catch potential terrorists before they strike. While the moderately fearful have their point, computer-savvy techies say this scenario isn’t likely to happen – yet.

"It’s the Three Stooges Go to Data Mining School," says Paul Hawken, environmental/capitalist and chair of Groxis, a data mining software company.

"The good news is Americans don’t have much to fear soon," Hawken says. "It will take 10 years to get going." In addition, "the brilliant, cutting-edge technology companies won’t touch this," he says. "DARPA’s going to get the second-rate companies."

Those companies, like IBM that Hawken calls "second rate," have repeatedly received government contracts leading to billions of dollars worth of technology that doesn’t work. IBM, for instance, wasted much of a $15 billion contract on upgrading the nation’s aviation system a decade ago.

In late November, Hawken was approached by DARPA with a request to allow the military to license Groxis. Hawken said no. As far as he knows, his company is the only one to publicly decline the millions of dollars involved with licensing data mining software to the government for Total Information Awareness.

"We got a lot of e-mails from companies – even conservative ones – saying, ‘Thank you. Finally someone won’t do something for money.’"

But the rest of those companies, the IBMs of the nation, will be happy to go along with DARPA’s plan. "All those vendors whose stock has crashed in the last few months are rubbing their hands at the tons of pork," said Cory Doctorow, the Electronic Frontier Foundation outreach coordinator.

So far, a traditional technology company, Booz Allen Hamilton, has been awarded a contract by DARPA to start technology integration. Telcordia, a communications company and Cycorp, which has a sort of artificial intelligence product that sorts questions and answers have also been hired, according to DARPA spokesperson Jan Walker.

While those companies might waste taxpayer money, they may still be able to get the job done. Doctorow and others believe the data mining necessary to compile dossiers on the public is feasible. DARPA doesn’t even need supercomputers. It can set up a basement full of white box PCs to crawl through incoming data.

There are two main technical questions. Can software make sense of it in a way for government agencies to use without being overwhelmed by nonsense and can the vast numbers of sources of data agree on ways to talk in the same language?

It’s not simple, but it’s also not very high-tech, according to Doctorow. "It’s like how to get Sears and Macys to agree on a Dewey Decimal system."

Yet, government isn’t good at figuring out even the most basic technology. One of the first aspects of the Homeland Security Act to be made public was that the 22 agencies involved will have to set up a common e-mail system so they can talk to each other – presumably they cannot do so now and have yet to discover Yahoo! groups.

According to DARPA, after the e-mail system is in place, the plan is to gather "transactional data" on individuals, including information about their financial, educational (such as high school permanent record), travel, medical, veterinary (terrorist cats?), transportation, housing and communications activities.

But even if they are able to pull all this information together, compiling data in one massive center as DARPA plans is unlikely to catch the intended terrorist targets. The military and the big technology companies expected to sign onto the Total Information Awareness program are structured in a way that could well thwart the initiative.

"The response of this administration is to build a new hierarchy, when the [model] is the flat framework of al Qaeda," said Paul Saffo, director of the Institute for the Future and a technology sage. Because al Qaeda works in small relatively independent cells, it's unlikely TIA would uncover an entire network.

Putting all that information in one hierarchical, centralized situation could very well backfire, especially if more and more people start getting knocks on their doors. Many Americans are used to being able to do as they please and while they seem relatively complacent now, if all this data gathering starts to impinge on their daily lives, they could start holding politicians accountable.

Hawken expects TIA to have an enormous error rate, one that Americans will not endure. "The error rate is ten to the third power. That means for every person TIA identifies who might possibly have information leading to something that could have the potential to affect security, it’s mistakenly identifying at least a thousand who are totally innocent. The error rate comes from the problem with inferring meaning from the information, not the tracking of the information itself.

"Yes, all this data can be mined. But then what?" Hawkins asks. "You have to sort, analyze and make sense of it. I don’t think anyone knows how it’s going to work."

That doesn’t mean the military can’t pull it off. TIA was granted $137 million to spend in the next fiscal year and expects to have a research prototype in five years, according to DARPA’s Walker.

Much has been made of the director of the Total Awareness Program, John Poindexter, whose reign as President Ronald Reagan’s national security adviser was most noted for his hip-deep involvement with Iran Contra. He was convicted, and his conviction was overturned. Saffo calls him "extraordinarily smart" though "vile." "But," Saffo says, "he knows his information technology."

"There are ways in which technology can help preserve rights and protect people’s privacy while helping to make us all safer," said Poindexter in a speech this summer. He gave no specifics.

If the government can pull off the technology, at its very core, the technology has to have a set of criteria that defines potential terrorism. It’s doubtful that a chief executive officer of a corporation that pollutes drinking water, for example, will be considered a terrorist. The set of criteria will be based on the current government’s ideology. This means that basically anything that questions the government or government policies can be programmed into the computer to turn up a terrorist.

Hawken asks, "Is a terrorist someone who opposes a proto-fascist government in D.C.?" If he asks the question, does he get put on the list?

In any event, Hawken and others say that anyone who actually is a threat to U.S. security can easily learn to evade any Total Information Net. For at least the next five to 10 years, while the government fumbles with its computers, so can the rest of us.

J.A. Savage is a regular AlterNet contributor and former tech reporter.