Can Snooping Stop Terrorism?

It's official: the Pentagon's Terrorism (formerly total) Information Awareness program has been a Total Institutional Disaster. Last month Congress pulled the plug on the Department of Advanced Research Projects Agency's (DARPA) high-tech initiative to identify terrorist threats. Certainly everyone concerned with the ability of the government to snoop on its citizens should be satisfied that, in this case at least, legislators stood up for the sanctity of personal information. But I suggest we go easy on the celebrations.

First some explanation. DARPA, the DoD agency known for developing cutting-edge technology for the military that often benefits all of us (best example: the Internet), jumped into the post-9/11 effort to prevent terrorism with a plan that would, in part, "mine" massive amounts of records, including personal transactions of U.S. citizens. The Orwellian implications proved fatal, and Congress closed down that project (while DARPA itself continues). Still, the project's supporters have always had some good points to make. How crazy is it not to innovate with our best technology to fight terrorism? When I visited frustrated DARPA chief Anthony Tether at his office (just before the ax fell on TIA), he kept referring to Congress's own Joint Inquiry into 9/11. Those findings, he said, called for exactly the kind of "connect the dots" programs being developed in the (now shuttered) Information Awareness Office that housed TIA.

But Tether also knew that launching a project that scans billions of personal transactions required extraordinary openness and unimpeachable leadership--and the Department of Defense flunked on both those counts. "Mistakes were made," he said, intoning the Nixonian mantra without irony. One of the biggest was hiring Adm. John Poindexter--Ronald Reagan's former NSC head, known for lying to Congress during Iran-contra--to run the office. Tether was impressed by Poindexter, a closet geek with a doctorate in physics. "This was really the right guy," he says. "And we were in a time-critical situation." But what about the admiral's past? Tether says that ultimately he owed it to 9/11 victims to hire "a guy who really knows what needs to be done [who once] made a bad judg-ment call." Poindexter became a lightning rod for critics, and resigned last summer.

A second huge mistake was circling the wagons when the first public attention--and flak from critics--came in November 2002. This fomented suspicion about what DARPA was up to. The fact is that the Information Awareness Office was actually a collection of technologies. Some were benign tools for collaboration and language translation. DARPA itself didn't actually create the products--contractors in academia and the research community did that--and DARPA had no say on implementation.

Any way you cut it, though, TIA had scary privacy implications. It gave investigators the ability to instantly search through many databases, including private-sector storehouses like phone and credit-card companies. The Information Awareness Office also had ominous ambitions for software to distantly and instantly recognize faces. There was even a project for "gait recognition" that critics called a Monty Python-esque "Ministry of Silly Walks." (Tether, who claims to be a Python fan, says that the software could identify someone carrying a bomb under a trench coat.)

So where are we now? While ending the development and domestic use of TIA, Congress permitted some of the technology to be continued by the intelligence agencies in secret, as long as it isn't used on Americans inside our borders. What we don't know--and now won't find out--is whether such a TIA-style approach actually would work, so we can weigh risks against the benefits. Nor will we know whether privacy-enhancing technologies proposed by DARPA could have created a means to search through records without identifying individuals--and blocked corrupt officials from abusing the programs.

Ultimately, the closure of the Information Awareness Office is only a speed bump in Big Brother's momentum. "We have to be vigilant," says Sen. Ron Wyden of Oregon. "Balancing the need to protect security with privacy intact is a 21st-century teeter-totter." Stopping all government security efforts that push the bounds of privacy will take lots of vigilance. There is the controversial CAPPS II (which data-mines airline travelers' records), the snoop-friendly Patriot Act II and persistent pressure for universal ID cards. Meanwhile, the private sector churns out endless innovations affecting privacy: radio-frequency ID that broadcasts your purchases, cell phones with cameras, Internet spyware that tracks Web surfing and disk storage so cheap that all personal details can be retained.

By banning the use of high-tech tools for domestic antiterrorism--and failing to control their rampant increase otherwise--there's a danger that we might wind up with the worst of both worlds. No privacy. And not much more security.