When officials at the Defense Advanced Research Projects Agency--the Pentagon office that helped invent everything from the stealth bomber to the Internet--launched a "data mining" project to uncover terrorist plots, it was bound to cause consternation. It wasn't just the program's ominous name (Total Information Awareness), menacing logo (an all-seeing Masonic eye), or disreputable director (Iran-Contra conspirator John Poindexter). The proposed system would tap into commercial and government databases across the country, download every bit of personal information stored--credit card statements, medical records, travel plans, phone bills, grocery receipts--then scan through it all in search of "suspicious" activity. Designed to catch, say, someone flying from the Middle East to the Midwest and then buying a lot of fertilizer, it might finger a farmer vacationing in Jerusalem as easily as it did a terrorist building a truck bomb. Worse, the planned system would have virtually no oversight, no safeguards, and no privacy guidelines to protect the people being snooped on.
"There was no balance," recalls James X. Dempsey, executive director of the Center for Democracy and Technology (CDT), a wonkish Internet policy shop that aims to preserve civil liberties in the digital age. "There were no rules." When the TIA story broke in November 2002, Dempsey mobilized a left-right coalition of libertarian organizations and politicians who had been loose allies for years. Many supported data mining in principle, but felt the unprecedented government surveillance of TIA demanded congressional oversight, and they quickly succeeded in convincing others.
By February of last year, Congress had passed legislation reining in TIA. The administration, desperate to save the program, went into "high damage control," notes Dempsey. Pentagon officials formed showy "privacy advisory councils," testified before Congress extensively, changed the name of the program (to the more innocuous "Terrorism Information Awareness), and even fired Poindexter--but none of it ended the controversy. "No one wanted to defend what the Bush administration was doing," Dempsey says. Last fall, Congress voted to close down the program for good; a House-Senate conference committee declared TIA "terminated." Privacy activists cheered, as did most Democrats and many Republicans. The New York Times announced, simply, "Surveillance Program Ends." Thus resolved, the issue disappeared.
But TIA did not. As Dempsey eventually learned, a program can survive even when the media, the public, and most of Congress wants it killed. It turns out that, while the language in the bill shutting down TIA was clear, a new line had been inserted during conference--no one knew by whom--allowing "certain processing, analysis, and collaboration tools" to continue. At the time, Dempsey didn't know what the new language meant.
But the intelligence establishment did. Thanks to the Central Intelligence Agency and the National Security Agency, which had lobbied for the provision, TIA didn't die--it metastasized. As the AP reported in February, the new language simply outsourced many TIA programs to other intelligence offices and buried them in the so-called "black budget." What's more, today, several agencies are pursuing data mining projects independent of TIA, including the Department of Homeland Security, the Justice Department, the CIA, the Transportation Security Administration, and NASA. Airline passengers will soon get their first taste of the new technology once a system called CAPPS II goes online, which will sort through passengers' travel histories, rental car arrangements, methods of payment, and destinations to locate "high risk" flyers. And even with TIA ostensibly shut down, many of the private contractors who worked on the program can continue their research with few controls.
Responding to reports that portions of TIA lived on at the Department of Homeland Security, Sen. Ron Wyden (D-Ore.) hauled Tom Ridge before a Senate committee in February and demanded a full account of DHS data mining. So far, he hasn't received a response. But even if Ridge decides to be more forthcoming, Dempsey isn't optimistic we'll ever know the truth about TIA. "One of the true ironies of the whole story is now we have far less transparency and far less oversight of data mining than we had a year ago," Dempsey said. "Now it's all hidden." Which is, of course, precisely what the Bush administration wanted.