9/11: The First National Scare of the Computer Age
The terrorist attacks of September 11, 2001, changed the terms of the debate. Suddenly, the issue was no longer whether Congress should protect consumer privacy or let business run wild. Instead, the question became: Should Congress authorize the Bush administration to use the formidable power of state surveillance to find terrorists operating inside the United States and stop them before they could carry out their next attack?
The administration itself had no doubts. Where laws protecting privacy got in the way of its plans to prevent attacks, it set out to change those laws. The pinnacle of this effort was the USA Patriot Act, signed on October 26, 2001, which dramatically expanded government power to investigate suspected terrorism. In the months that followed, representatives for the administration repeatedly denounced those who complained about threats to privacy and liberty; they were, said Attorney General John Ashcroft, “giv[ing] ammunition to America’s enemies.”
It was a strong, simple, and remarkably effective message–so effective that we know of only a few cases in which Congress pushed back. The first and most public such case involved a Department of Defense research project called Total Information Awareness (TIA).
Soon renamed Terrorism Information Awareness, TIA was the brainchild of the Defense Advanced Research Projects Agency’s newly created Information Awareness Office, which was run by retired admiral John Poindexter (a former national security advisor) and his deputy, Robert L. Popp. The idea, which drew heavily on both men’s earlier work in undersea surveillance and antisubmarine warfare, was to use new advances in data mining and transactional analysis to catch terrorists while they were planning their attacks.
One way to find submarines is to wire the ocean with listening sensors and then to try to filter the sounds of the sea to reveal the sounds of the subs. The terrorist problem is similar, Poindexter explained at the 2002 DARPATech conference. The key difference is that instead of being in an ocean of water, the terrorists were operating in an ocean of data and transactions. “We must find terrorists in a world of noise, understand what they are planning, and develop options for preventing their attacks,” he said in his published remarks.
The approach isn’t so far-fetched. Consider that the 1995 Oklahoma City bombing used explosives made of fertilizer and fuel oil, delivered in a rented Ryder truck. One way to stop similar plots in advance might be to look for people other than farmers who are purchasing large quantities of fertilizers used in making bombs–with extra points if the person (or one of his friends) has also rented a moving truck.
That task will be made a bit easier when stores that sell ammonium nitrate are registered with the Department of Homeland Security (a federal law to that effect was passed in 2007). Still: even when we have such registration, the prevention of an attack using fertilizer will require real-time purchase information from every fertilizer seller in the United States.
While I was a graduate student at MIT during the summer of 2003, I got a job working on the TIA project, because I thought that data mining would be a way to objectively look through mountains of personal information without compromising privacy. Congress, however, opposed TIA on the grounds that it treated everyone in the country as a suspect, and because it feared that a massive data surveillance system might be used for purposes other than catching terrorists. This prospect was not so hypothetical: in 1972 Richard Nixon had ordered the IRS to investigate his political opponents, including major contributors to George McGovern’s presidential campaign. (Many believe that opposition to TIA was also a kind of payback against Poindexter, who had been convicted of lying to Congress in the Iran-Contra scandal of the 1980s but had his conviction overturned on appeal.) Congress defunded the program in 2003.