TR: Are any of these technologies anything like those people have expressed concern over-examining public or private-sector databases, for instance?
Popp: Let me answer this by describing the two threads of activity we’re pursuing in TIA, namely, an operational thread and a purely R&D thread. This distinction is important to understand because it has been a major source of confusion in the public about what we’re doing in TIA.
The premise driving the operational thread is a widely held belief that the data necessary to effectively counter the terrorism threat is already in government-owned databases. This was certainly one of the conclusions from the joint House-Senate inquiry of the events that led to the failure of 9/11. For example, two of the 19 hijackers were on the State Department/INS watch list; these same two hijackers were also sought by the CIA and FBI as suspected terrorists. The problem is, the data exist in different databases and are managed by different agencies. Within this thread, TIA is essentially doing two things: first, we’re building an R&D network to allow agencies to collaborate and experiment with prototype information technology for counterterrorism, and secondly, we’re empowering these analysts with a variety of tools enabling better analysis and decision-making.
There is another community of people who believe that all the data necessary to effectively counter the terrorism threat is in fact not entirely in government databases; this premise drives the R&D thread. Instead, there may be more information in the greater information space that might prove valuable for the government to exploit in its counterterrorism operations, but currently this data is not used due to legal or policy restrictions. This thread is testing the hypothesis that when terrorist organizations engage in adverse actions against the United States, they make transactions in support of their plans and activities, and those transactions leave a signature in the information space. Those transactions will most likely span government, private, and public databases.
The challenge for TIA here is twofold: First, is the signature detectable when embedded within a world of information noise? Second, in what part of the information space does that signature manifest itself? Ultimately, our goal within this thread is to understand the level of improvement possible in our counterterrorism capabilities if the government were able to access a greater portion of the information space, while at the same time considering the impact-if any-on the right to privacy, and then mitigate this impact with privacy protection technology. If our research does show a significant improvement in the government’s ability to predict and preempt terrorism, then it would be up to the policymakers, Congress, and the public at large-not DARPA-to decide whether to change law and policy to permit access to such data. One footnote: because the government today does not typically access some types of transactional data that may prove meaningful, all of this research is being done with synthetic, simulated data.
TR: There’s quite a bit of public concern over ideas like that, and about technologies TIA is developing like facial recognition that people worry could be used to track them. How valid are those worries?
Popp: All of us know that technology has shaped how hard or easy it can be to invade people’s privacy. The government already has plenty of technology right now that could be used to invade people’s privacy if used maliciously. But our laws are what control how the technologies may be used and applied and on what information. Our privacy is protected by the law, not the fact that it is technically difficult for the government to quickly make sense out of the information that it already possesses. But this difficulty sorting through government information does make it harder to stop terrorists.
Americans’ basic privacy will not change unless Congress changes the law on what information the government may collect and how it may be used. The issue in our view really isn’t a matter of technology. The difference between the tools and the rules, what can be done and what may be done, is crucial. Does protecting privacy mean we should take away the few rudimentary tools that our agencies in the federal government have now to share data and collaborate-phone, fax, and e-mail? Of course not. Ultimately, what TIA is trying to do is give our counterterrorism agencies far better tools to do their job.