Americans weigh the future of national security and personal privacy,
the Pentagon's controversial Information Awareness Office breaks its
silence about plans to use technology to stop tomorrow's terrorists.
By Bruce Auster
very DARPA-esque." Granted, that not-ready-for-prime-time adjective
won't likely make it into the next edition of Webster's
dictionary. But that's the term Robert Popp settles on to describe
what he believes is the visionary work on counterterrorism being performed
by the Pentagon's elite Defense Advanced Research Projects Agency
an electrical engineer by training, is deputy director of DARPA's
controversial new Information Awareness Office, which aims to be able
to spot potential terrorists by tracking their financial footprints.
The new DARPA shop, which got its start in January 2002 and is led by
retired Adm. John Poindexter, has inspired editorial writers across
the country to dust off old copies of George Orwell's 1984: It
seems that by pairing the one-time Reagan national security adviser
and Iran-Contra defendant with a scheme to snoop on people's purchases,
the Pentagon may have crossed the civil-liberties line.
exactly, is Poindexter's Information Awareness Office all about?
In the first interview the Pentagon has permitted on the subject since
the controversy exploded, Popp spoke with Prism about DARPA's
role in the counterterror fight, about the technical challenges that
the IAO seeks to meet, and about the privacy issues raised by this "DARPA-esque"
effort to try to identify terrorists operating inside the United States—and
stop them before they strike.
like many organizations, began refocusing its efforts after September
11 to help in the war against terrorism. The agency, of course, has
a special mission. Created following the Soviet launch of Sputnik, its
role is to find ways to use technology to protect the nation's
security. In the past that meant breakthroughs such as the development
of the Internet. Now, with help from the university engineering community,
DARPA is focusing much of its counterterror expertise on a path-breaking
enterprise: to use information technology to detect suspicious behavior
by potential terrorists—and this is the controversial part—in
the world of electronic commerce. The difficulty, as Albert Einstein
observed long ago, is that science sometimes offers technological choices
that society is not quite morally equipped to make. Even if DARPA's
team succeeds in finding a technological silver bullet, a national debate
on whether such a system could or should be used in America's
open society must surely follow.
underlying the new DARPA initiative—a $100 million effort that
involves a handful of specific technology projects within IAO and could
grow to $137.5 million next year—is that terrorists such as the
September 11 hijackers leave tracks: They hold bank accounts, rent cars,
buy plane tickets, even take flight lessons. "If terror organizations
are going to engage in adverse actions against the United States,"
Popp explains, "it must involve people and those people will make
transactions and those transactions will leave a signature in the information
then, is to detect that signature before the potential terrorist acts
or even runs afoul of the law by running a red light. For scientists
like Poindexter and Popp—Poindexter was trained as a physicist,
Popp as an electrical engineer—the problem recalls an earlier
technological challenge of Cold War vintage. In submarine warfare, signal-processing
techniques were refined so that enemy subs could be detected in the
vast ocean. "Instead of trying to find enemy submarines using
acoustic signatures in an ocean of noise, we're trying to understand
terrorist activity," says Popp. "The ocean of noise is the
world of information."
DARPA propose to catch the sharks in the sea? The challenge in this
new age of terror is that a small number of people—operating across
borders and without the backing of a sovereign state—can do grievous
damage to innocent lives. After September 11, there was much talk about
connecting the dots; if only the FBI had recognized that Arab men were
taking flying lessons, for example, the catastrophe might have been
averted. This is, as Poindexter noted at a recent DARPA conference,
the heart of the matter: "The intelligence collection targets
are thousands of people whose identities and whereabouts we do not always
know... One of the problems is to know which dots to connect."
The Pentagon's Defense Science Board, in a study on so-called
"transnational threats" came to the same conclusion: "The
making of connections between otherwise meaningless bits of information
is at the core of (transnational) threat analysis," the DSB states.
It goes on to add that "search methods currently in use are not
up to the challenge."
where DARPA hopes to make a contribution. Within IAO are programs looking
for technological breakthroughs in a host of fields: strategic analysis
tools, knowledge discovery and collaboration tools, biometrics to help
identify people, language technologies, data bases, privacy protection,
link analysis and data mining, and predictive modeling and estimation.
Much of the expertise required to make advances in these areas will
come from the computer sciences, software engineering, and artificial
Poindexter's agenda represents the chief DARPA contribution to
the war on terror, it is not its lone effort. The agency has also initiated
a major Biological Warfare Defense project. Among its components is
an effort to develop advanced sensors that can quickly detect biological
agents. The Biological Time-of-Flight Sensor, for instance, is a mass
spectrometer designed to quickly identify biological warfare agents.
The program is nearly at the prototype stage. DARPA is also undertaking
what it calls an "Immune Building" program, designed to
make military installations resistant to chemical or biological attack.
For example, to avoid future anthrax attacks, DARPA is looking at ways
to create barriers as well as to screen and isolate agents in the mail.
Other elements of the program include using technology to protect heating,
ventilation, and air-conditioning systems from being exploited in a
chemical or biological attack. DARPA's other major effort—aside
from the Information Awareness Office—involves protecting information
from attack. DARPA programs are underway to both prevent cyber attacks
and to allow military commanders to combat such attacks. One effort,
the Fault Tolerant Networks program, aims to allow Defense Department
networks to withstand attacks that outwit efforts to block them. As
part of this program, technology is being developed to minimize the
effects of so-called denial-of-service attacks, in which corporate or
government computer systems are overwhelmed by a flood of demands from
outsiders. One solution might involve "reducing the amount of
network bandwidth available to the attacker," as well as developing
technologies to help a network recover from an attack.
heart of DARPA's effort remains Poindexter's goal of achieving
Total Information Awareness, or TIA. "We think a large part of
the solution is information technology," says Popp, "and
how information technology can be utilized to detect and understand
different kinds of signatures that correspond to terrorist activity."
And to take on the central challenge of that effort—identifying
those dots and then connecting them—the IAO created the Evidence
Extraction and Link Discovery Program, or EELD. According to program
manager Ted Senator, EELD aims to find ways to find information about
people, organizations, places, and so on, and to spot patterns of suspicious
behavior. It is not as simple as it sounds. "Traditional fraud
detection techniques look for outliers," Senator explains. For
example, credit card companies flag suspicious charges if a purchase
does not fit a pattern of spending that a customer has already established.
But the credit card companies have a starting point: the customer, who
has a known history of purchases. "The most dangerous adversaries,"
Senator notes, "will be the ones who successfully disguise their
individual transactions to appear normal, reasonable, and legitimate."
task then, is to identify the people who might be potential suspects.
To tackle the problem, the EELD program is looking to find ways of spotting
links between "people, organizations, places, and things"
by advancing technology in three areas: evidence extraction, link discovery,
and pattern learning. At Carnegie Mellon University, for example, researchers
working with DARPA are studying ways to find unknown links among individuals.
EELD program manager Senator believes the techniques might be able to
provide a reasonable guess as to whether different individuals are members
of the same group, based on their transactions. Analysts might also
be able to determine whether a single person might be using multiple
prior to September 11, of course, were not only that patterns were not
detected. In some cases—and certainly among field officers inside
the FBI—red flags were waved, memos were sent to headquarters,
and nothing happened. If IAO does nothing but burden already overloaded
analysts and policymakers with even more nightmare scenarios, it won't
necessarily help prevent future attacks. "What we're really
trying to do is develop and utilize information technology in all different
kinds of areas that can…weed out the noise," says Popp.
"So then you can feed actionable intelligence to a decision maker."
program designed to help analysts manage the flood of information, called
Genoa II, aims to find ways to have teams of specialists—from
law enforcement, intelligence, and so on—collaborate to make sense
of information and develop a plan of action based on it. The trick is
to speed that process up. "There is too much that must be read
to actually read," program manager Tom Armour said at a recent
DARPA conference. His solution: "Read everything without reading
is to use technology to marshal information and evidence with grace
and subtlety, the way a lawyer might craft a closing argument. Storytelling,
in this vision, becomes an important element of technological design,
since the object is to provide very busy senior policy makers—the
target audience for all IAO efforts, it should be noted, are top government
officials, including the president, four-star combatant commanders,
and top intelligence officials—with a narrative that can help
them make critical decisions. "You can't go to [a decision
maker] and say ‘Here are the 8,000 targets you need to worry about,'
" says Popp. "You need to tell a story, provide information
to decision makers so he or she can make a decision." Solicitations
for the Genoa II program were issued in March 2002, remain open for
a year (Information about DARPA announcements can be found at www.darpa.mil),
and involve such disciplines as software agent technology and human
is another ocean of information that analysts have so far failed to
tap, and that is foreign language texts. To correct this problem, DARPA
has created a program, called TIDES, to mine databases and other sources
of information. The intelligence community is notoriously shorthanded
when it comes to language specialists and translators, and this problem
is particularly acute in so-called target languages such as Arabic or
Chinese. And yet there is a vast amount of information already in the
public domain, waiting to be read, The trouble is that the current technological
state of the art for language-processing is an error rate of about 50
percent—meaning that the chance of mistranslation is so high that
the entire enterprise is all but pointless. The TIDES program aims to
improve technology so that an analyst's query, submitted in English,
will explore foreign-text databases and give a well-translated answer
back. It is a complicated technical endeavor, to say the least: The
software must be able to detect what is relevant. It must be able to
extract key facts from text. And it must be able to summarize more than
one document, culled from more than one language, in a simple way. DARPA
is working with computer scientists and engineers at a number of universities,
including Carnegie Mellon, Columbia, Johns Hopkins, NYU, the University
of Massachusetts, and the University of Pennsylvania. Key technologies
include metadata exploitation, natural language processing, and acoustic
foreign-language texts does not necessarily require the government to
intrude into the private world of transactions. But the bulk of work
at the Information Awareness Office effort does entail finding technologies
that will allow analysts to follow more effectively the trails people
leave as they go about everyday business. "Where are things people
do captured electronically?" asks Popp. "In the transaction
space. We want to supplement traditional intelligence with other types
is that the very nature of hunting for almost-invisible terrorists invites
invasions of the rights of innocents. Typically, when law enforcement
officials went looking for a bad guy, they usually had a good idea who
they were looking for. Now, explains Popp, "This is the problem
that we face, which is really, really hard. You don't necessarily
know a priori the bad guy." To find out means hunting in databases
not typically available to the police. "That's where you
run into the issue of privacy," he says. But Popp stresses that
protecting privacy remains critical and that the IAO is not intended
to allow the government to snoop on innocent Americans. To that end,
DARPA is creating a database of "synthetic" transactions,
a sort of parallel world of buyers and sellers going about their business
in the ether. The research can be realistic. "This will generate
billions of transactions constituting realistic background noise,"
Poindexter explained at a recent conference. "We will insert into
this noise simulated transactions by a red team acting as a terrorist
organization to see if we can detect and understand this activity."
This approach, at least for now, skirts the privacy problem.
for a time. After all, DARPA is simply a research organization. It provides
technology. One reason there has been no great debate in this country
about snooping on private citizens is that the tools—the software,
and so on—haven't been sophisticated enough to make such
snooping a real possibility. But some four years from now, if IAO does
what it has set out to do, that may change. "Today we can't
[use it] because it doesn't exist... If we were able to create
the capability using simulated data to prove out the concept, maybe
you show . . . you would get this kind of benefit . . . but it comes
at a cost," says Popp, "The policy makers, the country,
the public have to have that dialogue about where they want to go."
Simply put, it will then be up to American citizens, not John Poindexter,
to decide whether to use the tools DARPA is conjuring up.
Auster is a freelance writer based in Washington, D.C.
He can be reached at email@example.com.
it dawned on the national press that the White House had picked Reagan-era
National Security Adviser John Poindexter to head the Total Information
Awareness project, the tiny operation at DARPA became the focus withering
attacks. "To civil libertarians, TIA, with its Orwellian dossiers
on each and every American, would constitute a huge invasion,"
The New York Times offered on its editorial page. Calling for a congressional
inquiry, The Times concluded: "The last thing we need is a vast
new system of domestic surveillance engineered by John Poindexter."
Congress may well get into the act: Senator Charles Grassley (R-Iowa)
has taken an interest in the TIA program. "I am at a loss to understand
why [DoD] resources are being spent on research for domestic law enforcement,"
he has said. Other opinion makers, like Kathleen Parker of the Tribune
company, were more breathless: "Big Brother, no longer a fictional
character in a scary futuristic sci-fi novel, would know where you go,
with whom you chat and e-mail, what web sites you visit, where you travel,
eat, and sleep."
Is DARPA—and by extension the universities that have teamed to
work on TIA projects—involved in a covert effort to erode American
The question might never have been asked had someone other than Poindexter
been appointed to head the DARPA effort. The retired admiral, a physicist
by training, has been described as "passionate" about the
possibility of tackling the counterterrorism problem with information
technology. But Poindexter's role in the secretive Iran-Contra affair
arouses suspicion. He was convicted of lying to Congress and destroying
evidence connected to the Reagan administration effort to bypass a congressional
ban on aid to the Nicaraguan contras by funneling money from arm sales
to Iran. Poindexter's conviction was eventually overturned on appeal
because he was granted immunity from prosecution in order to win his
testimony before a congressional investigative panel.
Poindexter's return to public service is proving very nearly as controversial.
But DARPA officials suggest that the scope of the TIA program has been
misunderstood and that privacy concerns remain central to their efforts.
"We are not developing any technology that allows any organization
the capability above and beyond what it is authorized to do today,"
says Poindexter's deputy, Robert Popp. "We're not developing any
technology that changes the way the intelligence community collects
If DARPA succeeds in its research effort however, Congress may be asked
to broaden the authority of the law enforcement and intelligence communities
to use TIA's tools to monitor transactions of people living in the United
States. Current law, Popp notes, does not allow analysts to search private-sector
databases without a warrant. But the entire premise of the TIA effort
is that transactions—car rentals, hotel stays, and all the other
signs that leave a trace in electronic space—offer a remarkable
opportunity to spot the footsteps of potential terrorists and stop them
before they strike. "The data lives in the private sector,"
Popp says. The trouble is that today's terrorists—like the 9/11
hijackers—purposely operate within the rules so as to avoid attracting
the attention of law enforcement. "If we knew who the bad guys
were, we could set up filters and never look at the data of good guys,"
says Popp. "That's not possible. We want to ensure that if bad
guy behavior is going on, we make sure their behavior passes through
so analysts see it. The problem is . . . that it's likely innocent data
will pass through and be looked at."
And that's the trouble. DARPA is aware that it has a problem. It is
negotiating with the National Academies of Science, for instance, to
design a small effort to explore the policy and technical questions
arising from its counterterror efforts. Privacy protection is among
the topics being addressed. And TIA is looking to see if technology—the
prospect of which has stirred up this privacy controversy—might
also be able to offer a solution. But it will be several years before
any of the programs underway at DARPA are ready to be pressed into action.
At that time, Americans will have to decide what price in lost liberty
they are willing to pay for a greater sense of security.