Snooping in All the Wrong Places
(Business Week / December 18, 2002) - Not only would the Administration's
plan to centralize every American's records destroy privacy, the security
payoff would be minimal.
The 2002 elections proved one thing: The promise of security wins votes.
The GOP campaigned on a pledge to make the country safer, and it brought
home one of the biggest midterm victories in decades. That huge win may
have emboldened the Bush Administration to ignore widespread criticism
of the Defense Dept.'s $240 million effort to develop a Total Information
Awareness system (TIA).
The outrage over TIA doesn't seem to have reached the President's ear,
but it should. It's not too late for him to realize the folly of such
a plan. Funded by the Defense Advanced Research Projects Agency (DARPA),
the project would combine every American's bank records, tax filings,
driver's license information, credit-card purchases, medical data, and
phone and e-mail records into one giant centralized database. This would
then be combed through for evidence of suspicious activity.
TAINTED LEADER. If that's not scary enough, consider who's overseeing
the project: Former Reagan National Security Adviser and Bush loyalist
John Poindexter, a man who was convicted (though later acquitted on appeal)
of five felonies, including lying to Congress, after the Iran-Contra
scandal of the 1980s.
The DARPA plan shocked the media and individual citizens across the
country. The program wouldn't catch terrorists, but it would terrorize
ordinary citizens by logging their every movement in a federal government
database. Why, many asked, would the Bush Administration stand behind
such an intrusive plan? My question: Why ask why?
The furor over TIA is déjà vu all over again. DARPA's
project is just one of a series of salvos in the Bushies' war on terrorism
that promise security but lay waste to personal privacy. Some antiprivacy
proposals have sailed through. The U.S. Patriot Act, which significantly
expanded law-enforcement agencies' surveillance and investigative powers,
and did so with few checks and balances, passed the Senate 99-1. (Only
Russell Feingold (D-Wis.) courageously stood against the Administration.)
BAD POLICIES. Fortunately, vigilant lawmakers stopped other proposals
in their tracks, such as the Justice Dept.'s TIPS program, which proposed
a national database to which postal workers, cable repairpeople, and
others could report suspicious activity. The politicians understood that
the certain loss of privacy outweighed any potential security gain (see
BW Online 7/25/02, "Some TIPS for John Ashcroft").
What these plans, including TIA, have in common is the goal of collecting
in a central repository what innocent citizens do, where, and with whom.
The war on terrorism is a serious matter. But spying on everybody in
an effort to catch a few bad guys is lousy policy -- whether it's a giant
new federal agency like the Homeland Security Dept., TIPS, or the TIA
database, which in addition to collecting personal data also proposes
to use special software attached to high-tech security cameras for monitoring
and categorizing the way you walk.
Centralizing data won't stop terrorists. As everyone knows from the
September 11 terrorist attacks, al Qaeda cells "sleep" in the
U.S. for years while they plot their attacks. Even if America had a system
that could monitor border movements and cross-reference them with money
transfers and one-way airline tickets, does anyone really think terrorists
will act in ways that would alert TIA's attention? "TIA is not likely
to be an effective way to prohibit future terrorist acts, but it will
have an enormous impact on the government's ability to monitor things
not related to terrorism," says Marc Rotenberg, executive director
of Washington (D.C.)-based privacy rights group Electronic Privacy Information
DECENTRALIZED INTELLIGENCE. It's time to switch gears. America doesn't
need huge centralized databases that track each and every citizen. What
it needs is decentralized intelligence. And that means extensive training
for law-enforcement and government personnel on the ground, across the
country. The country needs Customs personnel who know what to look for
at the borders, like the officer in Port Angeles, Wash., who noticed
a suspicious driver trying to enter the U.S., investigated further, and
found a load of bomb components intended for attacks on Millennium celebrations.
America needs flight-training instructors like the one in Minnesota
who alerted the FBI to Zacarias Moussaoui's alleged desire to learn to
fly a plane but not to land one. The country needs alert passengers on
airplanes, like those who noticed and took down shoe-bomber Robert Reid
on American Airlines Flight 63 from Paris.
Who knows what will work better? Where centralized solutions à la
TIA are still untested, decentralized security has a proven record. According
to Marc Hedlund, vice-president for engineering at computer-security-software
firm Sana Security and an intelligent voice in the privacy debate, distributed
defenses work better because a hacker (or terrorist) never knows where
he or she might be caught. Sana's technology is modeled on the human
immune system, seeking out threats throughout the network and responding
to them. Hedlund says if security is centralized -- in cyberspace or
the real world -- attackers have a better chance of success because they
need to find only one loophole in the core intelligence machine.
TIME TO RETHINK. Certainly, more coordination is necessary. September
11 proved that, too often, the federal government's right hand doesn't
always know what its left hand is doing. In July, 2001, FBI agent Kenneth
Williams warned colleagues in a memo that supporters of Osama bin Laden
were attending civil-aviation colleges in Arizona. That important information
never made it into the right hands. Six months after two hijacked jetliners
brought down the World Trade Center, the Immigration & Naturalization
Service sent a letter to the flight school that suspected ringleader
Mohammed Atta had attended in Florida, saying his student-visa application
had been approved.
Solving those problems doesn't require a huge electronic infrastructure
to snoop on innocent citizens. Before moving forward, the Bush Administration
should step back and rethink its priorities. The Bushies say they oppose
Big Government. Yet key security initiatives, including the U.S. Patriot
Act, the Homeland Security Dept., and the TIPS program, centralize reams
of information on individual citizens and give the feds free rein to
slice it and dice it any way they see fit.
President Bush campaigned as a privacy-rights candidate. Yet none of
his Administration's proposals have explicit privacy safeguards. In the
case of TIA, Americans are asked to take the word of admitted liar Poindexter
that their information will be in good hands.
The Bush Administration is nothing if not persistent. Its motto here
-- and everywhere -- seems to be: If at first you don't succeed, try
again. But in this case, it should remember what the GOP's very own Poindexter
said to Congress during the Iran-Contra hearings: "The buck stops
here." The White House should draw a line in the sand and refuse
to let government invasion of privacy go any further. That's the only
way to win the war on terrorism.