DOD Releases Report on DARPA's Total Information Awareness Program, 12/31/03.

DOD Releases Report on DARPA's Total Information Awareness Program

December 31, 2003. The Department of Defense's (DOD) Office of Inspector General (OIG) released a report [42 pages in PDF], titled "Information Technology Management: Terrorism Information Awareness Program", and dated December 12, 2003.

The report concludes that DOD's Defense Advanced Research Projects Agency's (DARPA) Terrorism Information Awareness (TIA) Program, which was previously named "Total Information Awareness", "could prove valuable in combating terrorism", but "DARPA could have better addressed the sensitivity of the technology to minimize the possibility of any Governmental abuse of power and could have assisted in the successful transition of the technology into the operational environment."

The report recommends that Undersecretary of Defense for Acquisition, Technology and Logistics (ATL) and the Director of the DARPA "should perform a privacy impact assessment before TIA type technology research continues". The report also recommends that the Undersecretary "should appoint a Privacy Ombudsman".

The report is numbered D-2004-003. The report is addressed to the Undersecretary for ATL, and the Director of the DARPA, Anthony Tether (at right). However, it also states that it addresses questions raised in letters to the DOD from Sen. Charles Grassley (R-IA), Sen. Bill Nelson (D-FL) and Sen. Chuck Hagel (R-NE). These letters were written in late 2002, and are included in the report. The report was prepared by Thomas Gimble, the Acting Deputy Inspector General for Intelligence.

The report offers this summary of TIA. "DARPA conducts research for DoD and was developing the TIA program to combat terrorist threats. The TIA research and development effort will integrate information technologies into a prototype system that will assist intelligence analysts in detecting, classifying, and identifying potential terrorist activities."

It adds that "The TIA program seeks to develop information technology in three areas. Those areas are language translation, data search with pattern recognition and privacy protection, and advanced collaborative and decision support tools. Language translation technology would enable the rapid analysis of foreign languages, both spoken and written, and allow analysts to quickly search the translated materials for clues about emerging threats. The data search, pattern recognition, and privacy protection technologies would permit analysts to search vast quantities of data for patterns that suggest terrorist activity while at the same time controlling access to the data, enforcing laws and policies, and ensuring detection of misuse of the information obtained. The collaborative reasoning and decision support technologies would allow analysts from different agencies to share data."

However, the Congress passed legislation late last year terminating most of the funding for TIA. On October 1, 2003, President Bush signed HR 2658, the "Department of Defense Appropriations Act, 2004". Section 8131 of the bill prohibits, subject to certain classified exceptions, funds from being used to support the TIA program. See, story titled "President Signs Defense Appropriations Bill, With Total Information Awareness Ban" in TLJ Daily E-Mail Alert No. 751, October 2, 2003.

John Poindexter, who recently resigned as head of the DARPA's Information Awareness Office (IAO), which ran the TIA program, wrote a public letter [5 pages in PDF] addressed to Tether, in which he explained and advocated the activities of his office. See also, story titled "Poindexter Writes About Uses of Information Technology to Fight Terrorism" in TLJ Daily E-Mail Alert No. 719, August 15, 2003.

The OIG report further states that "For domestic law enforcement purposes, DARPA should consider more fully during development the impact of the technology on an individual’s privacy by conducting a privacy impact assessment. Statute does not require a privacy impact assessment for systems that involve intelligence activities. However, an assessment could provide decision-makers with enough information to help them make fully informed policy, program, system design, funding, and procurement decisions that are based on an understanding of the privacy implications, the involved risks, and the options available for avoiding or mitigating risks. A privacy impact assessment could also help reduce the risk of terminating or modifying TIA type technology after implementation to comply with privacy laws and regulations."

The report recommends that the Undersecretary "should appoint a Privacy Ombudsman or equivalent official specifically for the development of Terrorism Information Awareness type technology who will ensure that individual Terrorism Information Awareness type technology are scrutinized from a privacy perspective as a means of safeguarding individual privacy. The appointee, in consultation with the Office of the General Counsel, should conduct assessments on the impact of Terrorism Information Awareness type technology on privacy."

It recommends that the Undersecretary for ATL and the Director of the DARPA "should perform a privacy impact assessment before TIA type technology research continues". The report elaborates that this assessment should:
"a. Identify any personally identifiable information associated with business processes.
b. Document any collection, use, disclosure, and destruction of personally identifiable information.
c. Assess potential privacy risk and the options available for mitigating that risk.
d. Ensure that accountability for privacy issues is clearly incorporated in the program.
e. Create a consistent format and structured process for analyzing both technical and legal compliance with relevant regulations."

For more on stories on recent legislative activity pertaining to the TIA program, see:

• "Senators Write AG Ashcroft Re Data Mining by DOJ" and "Groups Write House Armed Service Committee Re Total Information Awareness" in TLJ Daily E-Mail Alert No. 584, January 16, 2003.
• "DARPA States FBI Is Involved in Total Information Awareness Program" in TLJ Daily E-Mail Alert No. 588, January 22, 2003.
• "Senate Approves Total Information Awareness Amendment" in TLJ Daily E-Mail Alert No. 590, January 24, 2003.
• "House and Senate Pass FY 2003 Appropriation Package With TIA Amendment" in TLJ Daily E-Mail Alert No. 604, February 14, 2003.
• "Tether States that DARPA's Total Information Awareness Project Does Not Data Mine" and "Tether Addresses TIA and Other Defense Info Tech Projects" in TLJ Daily E-Mail Alert No. 633, March 31, 2003.
• "DARPA Releases TIA Report" in TLJ Daily E-Mail Alert No. 666, May 21, 2003.
• "House Passes Defense Appropriations Bill" in TLJ Daily E-Mail Alert No. 694, July 9, 2003.