Data Mining

This site has been created to log references to technology issues in data mining.
If you have any suggested additions, please contact me.

Also check out the DSS Students Patriot Act Blog Index.

  Sorry, I am no longer updating this blog ...

You might check with ACM's Tech News for more information.

. From ACM TechNews, August 22, 2003

"Total Information Overload"
Technology Review (08/03) Vol. 106, No. 6, P. 68; Jonietz, Erika

Privacy advocates allege that the Defense Department's Terrorism Information Awareness (TIA) project would merge public and private databases into a vast "metabase" that would be mined to gather data on innocent American citizens, but Robert L. Popp of the Defense Advanced Research Projects Agency's (DARPA) Information Awareness Office denies these allegations, insisting that TIA's purpose "is developing a variety of information technologies into a prototype system/network to detect and preempt foreign terrorist attacks." He explains that DARPA is supplying operational agencies within the Defense Department and the intelligence community with analytical counterterrorism tools, adding that these agencies are using only the data and databases that existing legislation, policies, and regulations give them access to. Popp says TIA is not devising data-mining technologies to sift through transactional data such as the purchase of plane tickets to potential sites of terrorist attacks, emails, phone conversations, and newswire stories; instead, TIA is focused on the development and integration of tools that facilitate collaboration, analytics, and decision support, as well as biometrics, security, pattern recognition and predictive modeling, and foreign-language translation. He discusses the two threads that make up TIA activity--an operational thread and a pure R&D thread. The operational thread is built upon the premise that government-owned databases already contain the data needed for an effective counterterrorism strategy, while the R&D thread seeks to determine whether that strategy could be improved if the government had wider access to the information space, as well as address any related privacy issues. Popp attributes the privacy community's backlash against TIA to a misinterpretation of the project's purpose picked up by many news outlets and Web sites last November, yet admits that DARPA ought to have been more straightforward with Congress and the public.
. From ACM TechNews, August 1, 2003

"Homeland Security Courts Silicon Valley"
CNet (07/31/03); Gilbert, Alorie

Silicon Valley technology firms and entrepreneurs caught in a IT spending downturn could have reason to smile with the Department of Homeland Security's announcement of a roughly $1 billion budget for academic and private-sector research and development projects focusing on technology that could fortify the national infrastructure and enhance defensive and responsive measures to terrorist incidents. Homeland Security Advanced Research Projects Agency (HSARPA) deputy director Jane Alexander told tech executives at Veritas Software's headquarters in Mountain View, Calif., that projects must adhere to certain criteria in order to qualify for funding. The technology must be relatively cheap if it is to be widely used by local law enforcement and emergency workers; the technology must be incapable of generating false positives if its purpose is to identify the signs of a terror attack; and the technology must be able to adjust to protocols and infrastructure that may vary between states and local governments. Alexander noted that HSARPA will concentrate heavily on technology that facilitates the detection and handling of bioterrorism threats, but will also listen to proposals designed to aid domestic disaster response by the Coast Guard, the Federal Emergency Management Agency, and other security-related departments and entities. Alexander reported that her staff have been flooded with more than 3,000 proposals sent to HSARPA. The deputy director said that HSARPA, unlike the Defense Advanced Research Projects Agency (DARPA), will focus on technology concepts that can be developed within a relatively short time--six months to two years. http://news.com.com/2100-1020_3-5058618.html
. From ACM TechNews, July 14, 2003

"Funding for TIA All But Dead"
Wired News (07/14/03); Singel, Ryan

A 2004 defense spending bill that the U.S. Senate might pass as early as next week could effectively kill the Terrorism (formally Total) Information Awareness program through a defunding provision. The bill states, "No funds appropriated or otherwise made available to the Department of Defense...or to any other department, agency or element of the Federal Government, may be obligated or expended on research and development on the Terrorism Information Awareness program." TIA, which has a projected 2004 budget of $169 million, aims to uncover evidence of terrorist activity by mining a vast database of Americans' personal records, but both left-wing and right-wing critics oppose the program on the grounds that it would be used to spy on innocent American citizens. Following the Senate vote, a joint committee will have the final say on the TIA defunding provision, and seek to align the Senate bill with a House version that does not explicitly block TIA funding. Both bills indicate that the use of TIA on American citizens is dependent on congressional approval, a provision requested by Sen. Ron Wyden (D-Ore.), who amended an earlier bill to deny TIA funding unless the Defense Advanced Research Projects Agency (DARPA) furnished Congress with a detailed report on the program. DARPA submitted such a report in May, but privacy proponents such as the Electronic Frontier Foundation declared that the study merely paid lip service to TIA's privacy implications. http://www.wired.com/news/politics/0,1283,59606,00.html

"Privacy Rights Under Threat by Lawmakers"
SiliconValley.com (07/13/03); Gillmor, Dan

Dan Gillmor writes that California legislators are displaying contempt for the public good by failing to institute privacy legislation because such actions benefit their financial supporters rather than their constituencies. Gillmor cites the political death of SB 1, a bill that would have given people more control over how financial giants handle their personal information, as an example of this perfidy: Most legislators on a key committee did not vote on the measure, which in their view demonstrates that they were not taking an anti-privacy stance. Gillmor hopes that voters will make such "craven" politicos pay for such behavior by ousting them from office and passing the California Financial Privacy Initiative next year. Following the enactment of the financial privacy law, Gillmor believes elected officials and the public should then focus on radio frequency identification (RFID) tags, an emergent technology that could make supply-chain management cheaper and more efficient, but could also be exploited as a surveillance tool. He argues that the RFID industry is not being honest with the public about how the technology could affect privacy: Embedding the tags in products could make them easier to track in a supply chain, but could also be used to keep tabs on the consumers who purchase such products long after they have left the store. Gillmor contends that the RFID threat should be dealt with on a federal level, but concedes that state legislation may be the only answer, given the current "pro-business tilt" on Capitol Hill. He suggests that people who shop at Wal-Mart, a major RFID advocate, should warn the company that deploying RFID tags would make them alter their shopping behavior. Gillmor recommends that voters concerned about privacy contact their U.S. representatives and senators and urge them to either refuse to weaken already-enervated federal legislation further or institute solid privacy provisions. Click Here to View Full Article

. From ACM TechNews, July 9, 2003

"The Lure of Data: Is It Addictive?"
New York Times (07/06/03) P. 3-1; Richtel, Matt

Psychology experts such as Harvard University's Edward M. Hallowell and John Rately are studying a new form of addiction: Pseudo-attention deficit disorder, a malady that affects highly wired types--executives, businesspeople, consumers, and others--who develop short attention spans in order to keep up with technology and the frenetic speed of contemporary life. Behavior typical of such people includes conversing via digital devices while in a meeting, and multitasking. David E. Meyer of the University of Michigan reports that multitaskers' behavior can actually slow down their productivity; he estimates that people who flip back and forth between two tasks may spend half as much more time on those tasks than if they carry them out separately. Meyer postulates that multitasking could be attractive for several reasons--it makes multitaskers feel they are being productive, provides a "macho" display of efficiency, and carries a chemical stimulation akin to an amphetamine buzz. Charles Lax of GrandBanks Capital adds that multitasking is a cure for boredom, which people characterized as "Always On" seem highly prone to. Sprint PCS' Jeff Hallock argues that technology providers should not be blamed for problems associated with multitasking, and posits that gadgets that facilitate multitasking are designed to help users stay organized. "We're enhancing people's lives so they can have more control of the flurry of activity that's seemingly coming in," he insists. Assistant commerce secretary for technology policy Bruce P. Mehlman also discounts the data addiction theory, and contends that using multiple gadgets offers people more balance, claiming that executives now enjoy more family time thanks to technology. Click Here to View Full Article

. From ACMTechNews, July 7, 2003

"Government Prying, the Good Kind"
Wired News (07/04/03); Delio, Michelle

One argument goes that as the government feels entitled to monitor the affairs of American citizens, so too are Americans entitled to keep tabs on government activities; this reasoning is illustrated by Government Information Awareness (GIA), a Web site developed by the MIT Media Lab that amasses data about politicians, government projects, and plans from a variety of sources. MIT graduate student and GIA developer Ryan McKinley explains, "Our goal is develop a technology which empowers citizens to form their own intelligence agency; to gather, sort and act on information they gather about the government." The open-source GIA takes a cue from the Terrorist Information Awareness (TIA) federal program that seeks to uncover terrorist activity by combing through numerous databases, and which has aroused the ire of critics who contend that the project would trample over citizens' right to personal privacy. MIT's Christopher Csikszentmihalyi adds that GIA "brings that American spirit of self-governance into the era of networked information technology." GIA users can anonymously post data about government programs and public figures on the Web site, and the system checks the accuracy of such postings by automatically contacting the proper government officials and inquiring whether the data is true. The system notes if such information is refuted by officials, but preserves it nonetheless. McKinley says GIA is open to the participation of anyone who is interested, including attorneys, political activists, and programmers. He comments that much of the information GIA is designed to consolidate and make accessible lies in the public domain rather than in online databases. http://www.wired.com/news/privacy/0,1848,59495,00.html

"Who's Watching You Surf?"
PCWorld.com (07/04/03); Wenzel, Elsa

Certain privacy advocates are concerned that the Department of Justice is keeping its exact figures on how many telephone and email wiretaps it is carrying out a secret under the auspices of the Foreign Intelligence Surveillance Act (FISA), while ACLU staff attorney Jameel Jaffer warns that broader surveillance powers bequeathed to law enforcement by the 2001 Patriot Act will "create a chilling effect that would discourage people from exercising their First Amendment rights." FISA court records indicate that the court approved 30 percent more surveillance orders between 2001 and 2002, though released government reports claim that federal and state court orders approving wiretaps fell 6 percent. A court recently shot down an ACLU effort to force the Justice Department to release detailed documents of its surveillance protocols and incidences of wiretapping by invoking the Freedom of Information Act. The Justice Department argued that revealing such information would interfere with ongoing criminal probes and endanger national security. A number of "sunshine" bills seek to amend such reporting practices: An upcoming proposal from Reps. John Conyers (D-Mich.) and Joseph Hoeffel (D-Penn.) would require the Justice Department to furnish yearly public reports on how many people are wiretapped. Meanwhile, the Domestic Surveillance Oversight Act introduced in February by Sens. Patrick Leahy (D-Vt.), Daniel Inouye (D-Hawaii), Arlen Specter (R-Penn.) and Charles Grassley (R-Iowa) takes a similar approach. Mark Corallo of the Justice Department argues that only suspected criminals are being targeted for federal wiretapping, while Stroz Friedberg surveillance law specialist Beryl Howell insists that "electronic surveillance is not running amok and out of control." http://www.pcworld.com/news/article/0,aid,111451,00.asp

. From Knowledge@Wharton, July 2-29, 2003

In Search of Serendipity: Bridging the Gap That Separates Technologies and New Markets

It took 37 years before Kevlar – a bullet-proof, fire-resistant material first used for tires – was applied to making home shelters strong enough to resist tornadoes. It took decades before advances in reinforced fiberglass technology used for the Apollo space project were applied to tennis rackets. In retrospect, these crossover applications of technology may seem inevitable – but they are not, suggest two Wharton researchers and a third colleague who have developed a patented process to help companies analyze databases of information about technologies and suggest new markets where they might be commercialized. http://knowledge.wharton.upenn.edu/articles.cfm?catid=14&articleid=812

. From ACM News, June 23, 2003

"Watching Him Watching You"
New Scientist (06/14/03) Vol. 178, No. 2399, P. 44; Samuel, Eugenie

The Pentagon's Terrorism Information Awareness (formerly Total Information Awareness) project, or TIA, is supposed to help authorities track down terrorists by mining databases of commercial transactions, credit card bills, online news releases, and other types of data for signs of suspicious activity. Critics charge that such a tool could be used to monitor Americans and target innocent parties as terrorists. However, such a system could both prevent terrorism and not infringe on civil liberties, provided that an electronic overseer is deployed to monitor TIA itself for indications of misuse or abuse. The chief component of TIA are software bots that sift through databases for specific behavioral patterns that may mark terrorist activity; these bots can be kept in check by enabling the database to inspect the bots before they start scanning. George Necula of the University of California at Berkeley has developed a methodology in which a bot must be equipped with a "proof" subroutine that details its function, the idea being that a database would compare the proof to the bot's actual structure to see if they match, thus determining whether the bot could be too intrusive and should therefore be halted. So that TIA research can continue, the Defense Advanced Research Projects Agency (DARPA) recently submitted a report to Congress describing how the project would uphold personal privacy. The report not only acknowledges the possibilities of an electronic guardian, but suggests that TIA itself will build safeguards to prevent abuse, including automated audit trails that record TIA users and their behavior. For TIA to be widely accepted, public attitudes toward surveillance technologies, tempered by past instances of abuse, must change.

. From ACM News, June 13, 2003

"Internet Providers Say Users' Privacy Is Eroding Fast"
Cox News Service (06/12/03); Emling, Shelley

The right to online privacy has been worn down by a raft of legislation and lawsuits, ostensibly to ensure security and protect the livelihoods of copyright holders. A sore point among ISPs and consumer advocates is the Digital Millennium Copyright Act (DMCA), which allows content owners to pressure ISPs to reveal the names of subscribers who allegedly infringe digital copyrights; critics claim the DMCA shows favoritism toward copyright holders. "Anyone alleging copyright infringement can just walk into a court office and get a subpoena without going through adequate due process," comments EarthLink chief privacy officer Les Seagraves. The Recording Industry Association of America (RIAA) has been particularly fervent in hounding pirates through the DMCA: Verizon associate general counsel Sarah Deutsch predicts that content owners will make hundreds, perhaps thousands, of requests for subscriber IDs this summer. The RIAA is also aggressively going after colleges, a recent example being four students' agreement to each pay $12,000 to $17,500 to compensate record labels for downloading music on campus without authorization. Also raising privacy proponents' hackles is the Patriot Act, which broadens the FBI's authority to access Internet, financial, and commercial transaction databases for signs of terrorist activity without search warrants. Center for Democracy and Technology attorney Lara Flint notes that the inaccuracy of commercial data is likely to lead to false positives, and adds that few people know exactly how far the government's clout stretches, or have a clear idea how law enforcement agencies will share data. "Another concern is that we aren't sure to what degree the government is monitoring traffic on the Internet, although the service providers say it is extensive," says Barry Steinhardt of the ACLU. http://www.ecommercetimes.com/perl/story/21688.html

"Enough Already: Curbing Info Glut"
Wired News (06/10/03); Delio, Michelle

So that military and emergency personnel will be able to make critical decisions faster and respond to threats with greater efficacy, researchers from Texas A&M University, Penn State's School of Information Sciences, and Wright State University have developed open-source software designed to bypass information overload. Collaborative Agents for Simulating Teamwork (CAST) employs semi-autonomous software agents to infer what information people will need to optimize operational performance, and provide that data on a need-to-know basis. CAST's organizing principle is "shared mental models"--concepts, aims, and concerns related to a project coordinated by a specific team of workers--and the software is programmed to learn the best behavioral procedure to follow under certain conditions. The CAST system kernel consists of a series of algorithms used by CAST agents to determine their course of action as the situation evolves, and each algorithm uses a computational template of the team's mental processes. One algorithm, dynamic role selection, delegates specific tasks to agents according to limitations defined in the general strategy as it unfolds; another, dynamic inter-agent rule generator, finds critical information before team members are aware that they need the data. Both algorithms work in concert to determine the best way to send the most critical data to the most qualified person. The software can also sift through information much faster than people, and is particularly adept at finding related pieces of data. http://www.wired.com/news/technology/0,1282,59170,00.html

. From ACM News, June 9, 2003

"Antiterrorism Measures Under Scrutiny"
The Hill (06/04/03) Vol. 10, No. 30, P. 12; Lesher, Sarah

Two congressional hearings were recently held relating to two reports, one on the Justice Department's handling of the USA PATRIOT Act and the Foreign Intelligence Surveillance Act (FISA), and the other on the Total Information Awareness program, now called Terrorism Information Awareness (TIA). The reports were produced by the Justice Department and DARPA (Defense Advanced Research Projects Agency), respectively. TIA calls for pursuing terrorists by using data mining techniques. This entails searching through various databases from the Internet and the financial, travel, and health sectors in order to detect irregularities. Hearing witness James Dempsey, executive director of the Center for Democracy and Technology, told the judiciary subcommittee that existing laws "are totally inadequate to deal with the reality of decentralized commercial databases and the new techniques of data mining." At the Government Reform subcommittee hearing, witnesses expressed doubt whether TIA's data mining approach would catch terrorists at all. Paul Rozenwieg, a legal fellow at The Heritage Foundation, said models involving people who rent vehicles and purchase fertilizer set a pattern for "not only Timothy McVeigh, but most farmers in Nebraska." He added that if such a system must be implemented, it should require ample supervision and cause minimal invasion. Rep. Michael Turner (R-Ohio) questioned the cost-effectiveness of data-mining, and asked for alternatives, while Barry Steinhardt, director of the American Civil Liberties Union's Technology and Liberty Program, said that such systems, if they don't work, increase the threat potential since they create only the illusion of security. http://www.hillnews.com/news/060403/antiterrorism.aspx

. From ACM News, May 30, 2003

"Study: CIA Behind the Times in IT"
IDG News Service (05/28/03); Roberts, Paul

An unclassified report furnished by Bruce Berkowitz of the CIA's Sherman Kent Center for Intelligence Analysis finds that the CIA's reliance on outdated technology has put Directorate of Intelligence (DI) analysts about five years behind their equivalents in the private sector and other agencies in terms of networking and information-searching proficiency. The agency's chief IT component is the Corporate Retrieval and Storage (CIRA) database, which dates back to the 1970s, according to Berkowitz's study; furthermore, information gathering must proceed throughout multiple closed systems, and each analyst must use separate desktop systems to access the public Internet and the agency's classified network. The most common information searching technology is inaccessible to DI analysts, while sharing classified data with authorized intelligence staff outside the agency or accessing information from other classified federal databases is a difficult proposition. Analysts still deeply depend on an "informal source network" of associates in other agencies to provide them with information that popular search engines can supply automatically, Berkowitz contends. He says the CIA's intense focus on secrecy gives analysts the impression that IT is nonessential and too risky. In addition, the report indicates that the CIA's bureaucracy, which requires each intelligence item to be reviewed multiple times before being disseminated to information consumers, is obsolete and does not align with consumer expectations and the transformation of intelligence spurred by the Internet. Solutions that Berkowitz suggests include deploying integrated desktop environments and IT "SWAT teams" tasked with devising unique tools for collecting and studying information. http://www.pcworld.com/news/article/0,aid,110905,00.asp

"Blazing the Trail for Tech"
San Francisco Chronicle (05/26/03) P. B1; Pimentel, Benjamin

The Defense Advanced Research Projects Agency (DARPA) has pursued new technology frontiers since its establishment in 1958 as a response to the Soviet Sputnik launch. Today, the group funds academic and corporate research projects such as an IBM and Stanford University effort to develop holographic data storage and an Hewlett-Packard and UCLA program to develop molecular electronics. DARPA funded Sun Microsystems' first product, a computer workstation, and is giving the Santa Clara firm another grant to develop a new supercomputer. DARPA's mission is to find and fund new technology research applicable to national security, and it does so with an approximately $3 billion annual budget and program managers who are experts in their particular field. Private firms often contribute funds as well, and are able to commercialize the resulting research. GlobalSecurity.org director John Pike says the Defense Department has become increasingly dependent on IT produced for the private sector and seeks to bolster the industry for that reason. Recently, DARPA's reputation has been tarnished by civil liberties and privacy advocates who say the agency is pursuing domestic espionage work, especially the Terrorist Information Awareness (TIA) project. In March, DARPA director Tony Tether testified before Congress that his agency's goal in TIA was not "developing technology so it can maintain dossiers on every American citizen." Although Federation of American Scientists senior researcher Steven Aftergood says DARPA has been associated in many people's minds with the Patriot Act and other governmental encroachments on privacy and civil liberties, he believes that "the mission of DARPA is as important as ever," and doubts that the controversy over TIA will hurt the agency long term. Click Here to View Full Article

. From ACM News, May 23, 2003

"Data Collection Is Up Sharply Following 9/11"
Wall Street Journal (05/22/03) P. B1; Davis, Ann

Data collection efforts have expanded in the wake of the Sept. 11 attacks, but the same commercial and government databases that would ostensibly be used to thwart future terrorist incidents could also be used to gather information on innocent American citizens. Claiming most of the attention--and criticism--from privacy advocates are the Capps airline passenger profile system and Total Information Awareness, which was recently renamed Terrorist Information Awareness; but lesser-known systems such as the Violent Gang and Terrorist Organization File (VGTOF) and the FBI's Terrorism and Intelligence Data Information Sharing Data Mart are also being developed to connect previously uncommunicative databases and combine public records with intelligence based on investigative conjecture. VGTOF, originally devised to gather information on gangs, has been extended to include anyone being probed by the FBI in domestic or overseas terrorist investigations, including people with no records of criminal activity. More than 7,000 people are listed in the database, along with gang members numbering in the tens of thousands. The Data Mart imports data from federal agencies and connects to local law enforcement databases, and employs text-mining software to scan for possible signs of terrorist activity throughout more than 1 billion documents collated from FBI field offices. Furthermore, the scope of police intelligence files is being widened through projects such as Rissnet. However, how often such systems produce false positives is unknown, because the databases are not open to the public. Meanwhile, the General Accounting Office believes the meshing of all these databases will be hindered by non-interoperable operating systems and computing languages.

. From ACM News, May 21, 2003

"Pentagon Details New Surveillance System"
Washington Post (05/21/03) P. A6; Cha, Ariana Eunjung

The Pentagon released a comprehensive report about the proposed Terrorist Information Awareness (TIA) program (previously known as Total Information Awareness) to legislators on Tuesday, but the details about the computer surveillance system--its projected budget, the technologies and programs involved, etc.--have failed to mollify critics who say TIA could erode citizens' personal privacy and civil liberties. The Defense Advanced Research Projects Agency (DARPA) stated that the name change came about to get rid of the impression that TIA would be used to profile Americans, when the program's goal is to identify and thwart foreign terrorists before they can launch an attack. The initiative, which has a three-year budget in excess of $50 million, would involve a massive core database of public and private data--airline ticket purchases, financial and medical records, video surveillance, biometric identification, and more--that could be mined to detect signs of potential terrorist activity. The report states, "By augmenting human performance using...computer tools, the TIA Program expects to diminish the amount of time humans must spend discovering information and allow humans more time to focus their powerful intellects on things humans do best--thinking and analysis." The report says technologies and programs could be incorporated into TIA include FutureMAP, a system that evaluates sentiment on certain topics by studying public market fluctuations. Another speculative TIA component is a "Misinformation Detection" system designed to scan text for indications of fake or misleading data. However, Sens. Ron Wyden (D-Ore.) and Russell Feingold (D-Wis.) agreed that the report "fails to propose any specific new rules to address the [abuse] concerns raised by Congress." Click Here to View Full Article

"A Spy Machine of Darpa's Dreams"
Wired News (05/20/03); Shachtman, Noah

The Pentagon's Defense Advanced Research Projects Agency (Darpa) is sponsoring a new project that aims to record every movement, consumed media, transaction, and action in a person's life. The LifeLog project could be used as a computer training tool, battlefield computer assistant, or as a method to track epidemics, according to the agency. Opponents of the Total Information Awareness (TIA) project, however, say the new LifeLog program is even more threatening to individual privacy. "LifeLog has the potential to become something like 'TIA cubed,'" says Federation of American Scientists defense analyst Steven Aftergood. Unlike the TIA, which records just a person's transactions, LifeLog would capture transactions as well as every bit of TV, Internet, and print media they consume and all digital images taken. A GPS transmitter could track movement and audio sensors would record conversations. By making all this information available through a search engine interface, people could "retrieve a specific thread of past transactions, or recall an experience from a few seconds ago or from many years earlier," according to a Darpa briefing. Commercial and academic efforts are underway to do some of the same things, such as Microsoft's MyLifeBits project being developed by Gordon Bell. University of Toronto professor Steve Mann, who claims cyborg status, has been wearing sensors and video-recording equipment since the 1970s in an effort to develop "existential technology." The Darpa researchers will be their own subjects and the agency is soliciting proposals for an 18-month study with a possible two-year extension. http://www.wired.com/news/business/0,1367,58909,00.html

"New System Developed by Pentagon Identifies Walkers"
Associated Press (05/19/03); Sniffen, Michael J.

One possible element of the Defense Advanced Projects Research Agency's (DARPA) proposed Total Information Awareness (TIA) U.S. citizen surveillance database could be "gait signatures" extracted by a device developed by Georgia Institute of Technology researchers with Pentagon funding. The device employs a radar that can record unique qualities of a person's walk even from 600 feet away, according to project leader Gene Greneker, who also notes that the technique has certain advantages over video cameras, such as being able to detect gait signatures in darkness, inclement weather, and with walkers wearing obscuring apparel. The radar is keyed to small changes in frequency in the reflected signal off the walker's legs, arms, and torso. The system could be used, for example, to alert security officers that an unauthorized person is in a restricted area by comparing his or her gait signature with those in a database, or to identify a suspicious individual who is repeatedly seen outside a sensitive location, possibly for nefarious purposes. Greneker says his team is not concerned about the privacy implications of the device, insisting that the government must address this issue. DARPA is also funding other research at Georgia Tech that uses computers and video cameras to determine gait signatures. http://www.nandotimes.com/technology/story/892547p-6218025c.html

. From ACM News, May 7, 2003

"Data Mining Proponents Defend Technology"
eWeek (05/06/03); Carlson, Caron

Federal agency heads reported to Congress on new data mining systems that critics say will unnecessarily sacrifice personal privacy. In hearings before the House subcommittee on technology and information policy, Transportation Security Administration Chief James Loy said the group was developing a next-generation Computer Assisted Passenger Prescreening system to replace the current one. The new system would rely on commercially available passenger data to find persons who present more of a risk and tag them for gate searches. Loy said the added intelligence would cut down significantly the overall number of people searched and that personal information would not be stored, but deleted after travel is done. Defense Advance Research Projects Agency director Anthony Tether informed congressional representatives about his agency's pattern-recognition system that identifies potential terrorists in the population. Behavioral data is matched against pre-set patterns based on past knowledge of terrorist planning, intelligence, and scenarios created through war games. Critics say this method will simply target suspicious but innocent civilians, while terrorists will go unnoticed because they are able to adapt and use unprecedented techniques. The House subcommittee will meet again in two weeks to discuss these data mining projects with privacy and personal liberties experts. http://www.eweek.com/article2/0,3959,1060558,00.asp

. From ACM News, April 11, 2003

"Databases Ripe for Attacks"
eWeek (04/07/03); Vaas, Lisa

Reported online security incidents and confirmed attacks climbed 37 percent from the fourth quarter of 2002 to the first quarter of 2003, according to a report from Internet Security Systems (ISS). ISS' Pete Allor says the Slammer worm outbreak in late January played a substantial role in the report increase: Over the past three months, his group logged 160 million security events, over 2 million of which occurred in the two-day period when Slammer contagion was at its peak. Such figures indicate that hackers appear to be more focused on databases, while database administrators (DBAs) are not devoting enough attention to the installation of patches. A patch for the Microsoft SQL vulnerability that Slammer exploited was released half a year before the attack was launched, but many DBAs held off on deploying it because they wanted to test it in a production environment first. "They're very conservative in what they do to upgrade," Allor observes. He notes that companies who need to test patches thoroughly before implementation should at least boost their database defenses, and one measure involves installing a network segment that supports the ongoing testing of patches. "What you're looking to do is put the risk where you can tolerate it," Allor explains. "Each organization has to go through its own risk assessment on that: how valuable is the information, how vulnerable is a machine on this network setup, what kind of intrusion detection is in front of it, what kind of firewall protections you have in front of it." http://www.eweek.com/article2/0,3959,1007007,00.asp

. From ACM News, April 9, 2003

"Digging Through Data for Omens"
U.S. News & World Report (04/07/03) Vol. 134, No. 11, P. 46; Hawkins, Dana

Although the Transportation Security Administration (TSA) has begun using data mining technology to verify the identity of travelers, privacy fears hinder the government from extensively mining personal information in order to nab terrorists. The screening program of the TSA and other agencies are considered to be smaller operations, but the Department of Defense has plans to use far more powerful technology for its Total Information Awareness (TIA) program. Such technologies would mine databases for purchase records, email, phone logs, travel arrangements, and more. TIA critics view the effort as an attempt to create a single centralized database that would hold every scrap of information about citizens. Congress has already voted that the Pentagon must justify the need for TIA and seek its approval to monitor citizens. Some data-mining experts maintain that there are bound to be errors when applying mathematical pattern-finding tools to databases, considering 10% of credit reports contain errors in names or in other identifying information. Meanwhile, ACM's Barbara Simons wonders, "Is it even possible to put together a database with sensitive financial, medical, educational, communication, and travel records--without providing a new target for exploitation and attack by hackers and terrorists?" Moreover, Robert Grossman of the National Center for Data Mining at the University of Illinois-Chicago warns that due to the enormous amount of data that would be collected and analyzed, and the ability of terrorists to adjust their tactics to avoid detection, innocent people likely would get falsely identified by a data-mining system while potential terrorists would get missed. http://www.usnews.com/usnews/issue/030407/tech/7data.htm

. From ACM News, April 4, 2003

"TIA Proponents Defend Domestic Spy Plan"
CNet (04/02/03); McCullagh, Declan

Critics and supporters of the Pentagon's Total Information Awareness (TIA) project voiced their views during a debate at the ACM's Computers, Freedom, and Privacy Conference on Wednesday. Manhattan Institute fellow and lawyer Heather MacDonald argued that privacy advocates, in criticizing TIA, are making "hysterical vociferous cries" against improving the government's abilities to protect innocent Americans and apprehend criminals, and taking "a Luddite approach that says al-Qaida can get its hands on the best possible technology to attack us, but we're stuck with [an] outdated mechanism." TIA opponents such as the ACLU's Katie Corrigan have decried the project as insupportable, ill-conceived, and rife with the potential for abuse. Heritage Foundation analyst Michael Scardaville admitted at the conference that the possibility of abuse exists, but denied that TIA is an "Orwellian monster," as many critics have called it. Congress approved an omnibus federal spending bill in late February requiring TIA research and development to be studied in detail. The bill calls for the Defense Advanced Research Projects Agency (DARPA) to furnish Congress with a "schedule for proposed research and development" that assesses how TIA could impact privacy, or face a funding blockage. http://news.com.com/2100-1029-995229.html

. From ACM News, May 9, 2003

"Balancing Data Needs and Privacy"
Washington Post (05/08/03) P. E1; Walker, Leslie

The federal Total Information Awareness (TIA) program raises privacy and civil liberties alerts across the country, but even critics of the program see some benefits in the corresponding "privacy appliance" being devised by Teresa Lunt of the Palo Alto Research Center (PARC). The Defense Advanced Research Projects Agency (DARPA) hired Lunt to develop a system that protects citizens' personally identifiable information from agents without proper authorization, such as a court order or subpoena. Lunt's project was one of the 24 or so projects DARPA chose to fund from a pool of 180 proposals for developing TIA technology. Experts say that any system the size and scope of the TIA is certain to finger innocent civilians as terrorist suspects. ACM's policy committee (USACM) argued as much in a letter to Congress several months ago. But Lunt aims to produce an appliance that would prevent abuse of TIA by filtering out personal details and working to prevent individual identification by inference. In addition to data-cleansing, a sophisticated audit system would track all use of the TIA and protect it from tampering because it is distributed among different independent organizations. Lunt says the combined hardware and software solution would be installed in front of individual databases tapped by TIA and that the technology also has potential for the commercial sector. As information becomes more accessible to companies and government agencies, this type of technology is needed to ensure personal privacy while providing the benefits of increased service and increased security. http://www.washingtonpost.com/wp-dyn/articles/A25316-2003May7.html

. From ACM News, May 2, 2003

"Big Brother: Is He Watching You?"
Government Technology (04/03); McKay, Jim

Legislators and privacy supporters are critical of the government's efforts to clamp down on terrorism using the latest technologies to gather, analyze, and share surveillance data on Americans; they fear that such measures will create an Orwellian state that erodes personal privacy and persecutes innocent people. The chief architectural component of this system would be a Terrorist Threat Integration Center, where citizen profiles would be used to root out potential terrorists. Courting controversy are data-mining programs such as Total Information Awareness (TIA) and the Computer-Assisted Passenger Pre-Screening System II (CAPPS II), while anti-terrorism legislation proposed by the Justice Department has privacy proponents on edge because it removes oversight on presidential powers and would allow law enforcement agencies to share sensitive data on citizens without their permission. A major critic of data-mining and electronic surveillance projects is former Virginia Gov. James Gilmore, who argues that such measures break with U.S. tradition and would create an environment that "changes [Americans'] conduct and influences whether or not they are really a free people." Other critics contend that data-mining systems such as TIA would have error rates that generate many false positives, or would institutionalize racial profiling or other reprehensible cataloguing practices. Gilmore thinks the job of ensuring privacy protections should be left to strong regulation rather than to a Homeland Security Department privacy officer. The TIA has become a serious point of debate, but critics warn that focusing primarily on TIA could allow lesser-known measures like CAPPS II to slip under the radar. Former National Security Agency general counsel Stewart Baker believes the best solution is a government-driven data-mining system with built-in privacy safeguards and accountability. http://www.govtech.net/magazine/story.phtml?id=45918

. From ACM News, April 30, 2003

"DARPA Funds TIA Privacy Study"
InternetNews.com (04/29/03); Mark, Roy

The Air Force Research Laboratory (AFRL) Information Directorate has awarded a $3.5 million contract to the Palo Alto Research Center (PARC) to study the individual privacy protections of the Total Information Awareness (TIA) program. The TIA is being developed under the aegis of the Defense Advanced Research Projects Agency (DARPA), which is also funding the study. DARPA is additionally supporting a database integration project that would allow TIA to map out the "information signature" of people in order to detect and track possible terrorist activity. PARC engineers will develop privacy filters, "aliasing" techniques, and automated data purging agents to ensure that the privacy of American citizens is adequately shielded. "We will develop techniques that restrict analysts looking for potential terrorists activities from necessarily knowing the identities of the individuals who might fit patterns attributed to that activity," says AFRL's Patrick K. McCabe. The Senate recently voted to suspend TIA funding if the intelligence community fails to provide Congress with a detailed report on how the system could impact privacy and civil liberties. The vote also dictates that no agency can implement TIA without congressional permission. Nevertheless, the president can approve continued TIA funding as well as the deployment of TIA for foreign military operations. http://www.dc.internet.com/news/article.php/2198081

. Personal data mining: How MS will know ALL about you.

. From Edupage, April 11, 2003

LIBRARIANS RESPOND TO PATRIOT ACT

The USA PATRIOT Act grants federal authorities broad access to library records, and many librarians across the country are taking steps to oppose and to limit the impact of the legislation. In Monterey Park, Calif., all public computers have notices taped to their screens stating that anything read on that computer can be seen by federal agents. Other libraries have decided to destroy records of what books are checked out by which library patrons, and some libraries have halted plans to implement systems that track user preferences to notify users of new books of possible interest. The American Library Association officially opposes the legislation and is working to have it repealed, as are a number of state library associations. Still, some librarians support the law, while others report that it has not affected how their libraries conduct their affairs. Peter Persic, a spokesman for the Los Angeles Public Library, said, "It's business as usual here. We have not had complaints about it." Washington Post, 10 April 2003 http://www.washingtonpost.com/wp-dyn/articles/A1481-2003Apr9.html

. From ACM News, April 11, 2003

"Patriot Act Extension Considered"
Medill News Service (04/10/03); Wenzel, Elsa

Sen. Orrin Hatch (R-Utah) reportedly wants to permanently extend the Patriot Act beyond its 2005 sunset provision, a development that is opposed by civil liberty proponents and others. Privacy Rights Clearinghouse director Beth Givens says a permanent extension would negatively impact civil liberties. "There must be a sunset so that the impacts of the provisions are evaluated in terms of our constitutional rights," she insists. ACLU legislative counsel Timothy Edgar states in a press release that the sunset provision should stand so that "cooler heads" can reevaluate and revise the statute so that it supports the safety and freedom of Americans. Both privacy groups and certain legislators have been criticizing the Patriot Act itself, which expands law enforcement surveillance coverage of email, telephones, and Web site visits. Mark Corallo of the Justice Department counters that the Patriot Act has embedded safeguards that actually strengthen civil liberties. He disputes the assumption that the law allows the interception and disclosure of emails by law enforcement, claiming that the methods authorities use to track suspected terrorists' email do not reveal the messages' content, only that the messages were sent. Corallo advises that people should not believe "the inference...that there's this big eye in the sky looking at you and me and everyone else." Primary Activism executive director Deborah Pierce is concerned that Justice Department officials could disregard email headers as content, even though they may contain personal information. http://www.pcworld.com/news/article/0,aid,110239,00.asp

"Databases Ripe for Attacks"
eWeek (04/07/03); Vaas, Lisa

Reported online security incidents and confirmed attacks climbed 37 percent from the fourth quarter of 2002 to the first quarter of 2003, according to a report from Internet Security Systems (ISS). ISS' Pete Allor says the Slammer worm outbreak in late January played a substantial role in the report increase: Over the past three months, his group logged 160 million security events, over 2 million of which occurred in the two-day period when Slammer contagion was at its peak. Such figures indicate that hackers appear to be more focused on databases, while database administrators (DBAs) are not devoting enough attention to the installation of patches. A patch for the Microsoft SQL vulnerability that Slammer exploited was released half a year before the attack was launched, but many DBAs held off on deploying it because they wanted to test it in a production environment first. "They're very conservative in what they do to upgrade," Allor observes. He notes that companies who need to test patches thoroughly before implementation should at least boost their database defenses, and one measure involves installing a network segment that supports the ongoing testing of patches. "What you're looking to do is put the risk where you can tolerate it," Allor explains. "Each organization has to go through its own risk assessment on that: how valuable is the information, how vulnerable is a machine on this network setup, what kind of intrusion detection is in front of it, what kind of firewall protections you have in front of it." http://www.eweek.com/article2/0,3959,1007007,00.asp

. From ACM News, April 9, 2003

"Digging Through Data for Omens"
U.S. News & World Report (04/07/03) Vol. 134, No. 11, P. 46; Hawkins, Dana

Although the Transportation Security Administration (TSA) has begun using data mining technology to verify the identity of travelers, privacy fears hinder the government from extensively mining personal information in order to nab terrorists. The screening program of the TSA and other agencies are considered to be smaller operations, but the Department of Defense has plans to use far more powerful technology for its Total Information Awareness (TIA) program. Such technologies would mine databases for purchase records, email, phone logs, travel arrangements, and more. TIA critics view the effort as an attempt to create a single centralized database that would hold every scrap of information about citizens. Congress has already voted that the Pentagon must justify the need for TIA and seek its approval to monitor citizens. Some data-mining experts maintain that there are bound to be errors when applying mathematical pattern-finding tools to databases, considering 10% of credit reports contain errors in names or in other identifying information. Meanwhile, ACM's Barbara Simons wonders, "Is it even possible to put together a database with sensitive financial, medical, educational, communication, and travel records--without providing a new target for exploitation and attack by hackers and terrorists?" Moreover, Robert Grossman of the National Center for Data Mining at the University of Illinois-Chicago warns that due to the enormous amount of data that would be collected and analyzed, and the ability of terrorists to adjust their tactics to avoid detection, innocent people likely would get falsely identified by a data-mining system while potential terrorists would get missed. http://www.usnews.com/usnews/issue/030407/tech/7data.htm

. From ACM News, April 7, 2003

"FBI Computers Enter the 21st Century"
Medill News Service (04/03/03); Wenzel, Elsa M.

The FBI is attempting to modernize its computer systems with the $600 million Trilogy network, while civil liberties proponents are keeping a close eye on the project to see if it strikes a balance between privacy and security-related information gathering. The network will feature a new database designed to infer relationships between 26 million agency records; the database can store 100 TB of data culled from federal, state, and local law enforcement as well as news media. Audio, video, and 3D mapping files will also be stored within the database, while the FBI's Virtual Case File, used to track terrorists and other offenders, will be made available to all authorized employees by December. Although FBI executive assistant director Wilson Lowery says the system will only include legally obtained information, privacy advocates are concerned that the massive amount of data in the system will be rife with inaccuracies. Furthermore, some of the data may come from the National Crime Information Center, which was recently exempted from the Privacy Act of 1974. Trilogy features a search engine that can carry out natural-language queries and chart or map out relationships between suspected criminals, while its scope covers almost 600 Web sites. Trilogy was conceived as early as 1999, and was revised in 2001 to incorporate more security safeguards. The FBI's Paul Bresson says the next phase of the Trilogy project will be to make the system's information accessible to other federal, state, and local law enforcement agencies. http://www.pcworld.com/news/article/0,aid,110137,00.asp

"Why We May Never Regain the Liberties That We've Lost"
SiliconValley.com (04/06/03); Gillmor, Dan

Although the government has routinely rolled back civil liberties in times of crisis, they have usually been restored once the crisis passes; that may not be the case for the liberties rescinded as a result of the war against terrorism, writes Dan Gillmor. There are two factors that could inhibit the restoration of privacy rights that the Bush administration, with the endorsement of Congress, is scaling back: The impossibility of winning the war on terrorism, given that there will always be malicious individuals or organizations dedicated to injuring America, no matter what the court of world opinion may think; and the increasing proliferation of technology that supports a surveillance society, which is being deployed by what Gillmor describes as "an unholy, if loose, alliance of government, private industry and just plain nosy regular folks." For every government initiative to monitor Americans that is put on hold, such as the Total Information Awareness project, another is proposed, an example being the Transportation Department's CAPPS II air traveler profiling system. In the meantime, the war against Iraq has been the perfect cover to allow the White House to slip an exemption to the 1974 Privacy Act under the media's radar. The exemption would allow the FBI to forego ensuring the accuracy of the National Crime Information Center database. Such a move could allow the government to arrest or harass innocent citizens because of erroneous or outdated records. Gillmor speculates that these federal mandates could do "incalculable" damage to America's entrepreneurism, as well as other countries' vision of the U.S. as a model government to aspire to. Click Here to View Full Article

. From ACM News, March 31, 2003

"Email Traffic Patterns Can Reveal Ringleaders"
New Scientist (03/27/03); Muir, Hazel

Hewlett-Packard researchers have devised a new method of analyzing the flow of email traffic for patterns that could reveal online communities and their leaders, and HP's Joshua Tyler says law enforcement officials could employ the technique to sniff out terrorists and other online criminals. The scientists used HP's research lab as a testbed, and were able to scope out various communities by mapping out connections between staff who had exchanged at least 30 emails with each other, while a computer algorithm searched for crucial links between separate groups. By comparing the members of each community with the company organization charts, the researchers discovered that 49 of the 66 outlined groups had members who all worked in the same department, while most of the remaining groups were organized around collaborative projects. In another test, the scientists plotted out the emails with an algorithm that attempts to frame the network with as few entanglements as possible. Tyler says the plot placed persons with the widest range of organizational contacts, usually the managers, in the center. "If the CIA or another intelligence agency has a lot of intercepted email from people suspected of being part of a criminal network, they could use the technique to figure out who the leaders of the network might be," he explains. Tyler acknowledges that privacy could become an issue, given how information is gathered and used. http://www.newscientist.com/news/news.jsp?id=ns99993550

. From Knowledge @ Emory, March 26, 2003

The Trans-Atlantic Data Privacy Dispute

Few issues have fueled more transatlantic distrust than the ongoing dispute between the European Union and the United States about data privacy. Wharton management professor Stephen J. Kobrin probes the often overlooked roots of the controversy in his report, “The Trans-Atlantic Data Privacy Dispute, Territorial Jurisdiction and Global Governance.” Resolving the issue will be especially challenging, he notes at one point, because the two sides are divided, not by tactical or strategic considerations, but by fundamental differences over the role of government and the meaning of privacy. http://knowledge.emory.edu/articles.cfm?catid=9&articleid=654
. From ACM News, March 28, 2003

"Putting the Blinders Back on Big Brother"
Business Week (03/27/03); Black, Jane

As is often the case in wartime, civil liberties are scaled back in favor of government surveillance in order to promote security, and this has been happening in the United States as a result of the wars against terrorism and, more recently, Iraq. Since Sept. 11, the U.S. government has broadened the surveillance powers of law enforcement with the passage of the Patriot Act, and is planning to extend them even further via the proposed Patriot Act II. However, privacy proponents such as the Electronic Privacy Information Center's (EPIC) Marc Rotenberg are worried that such legislation and the surveillance technologies it sanctions could be knitted too deeply into the law enforcement infrastructure, to the point that they cannot be rescinded once terrorism and war are no longer national priorities. Concerns such as these have prompted Congress to suspend or halt initiatives such as the Defense Department's Total Information Awareness (TIA) program and Attorney General John Ashcroft's TIPS project, but other programs such as an upgraded version of the Transportation Safety Administration's (TSA) Computer Assisted Passenger Prescreening System (CAPPS II) are proceeding apace with little, if any, oversight. CAPPS II would build a database of air traveler profiles to see if any of them match terrorist profiles, but privacy advocates say the system is inherently flawed. A terrorist, for example, could steal someone else's ID to be declared safe, while the commercial databases CAPPS II builds its profiles from are riddled with inaccurate, outdated information that could generate false positives. Business Week writer Jane Black insists that the federal approval of such programs must be contingent on clear evidence, derived from painstaking research, that such measures will balance both privacy and security issues. Click Here to View Full Article

. From ACM News, March 26, 2003

"Privacy Groups Fight Government Data Mining"
IDG News Service (03/25/03); Gross, Grant

An alliance of privacy groups including the Electronic Frontier Foundation, the Center for Democracy and Technology, and the Electronic Privacy Information Center fired off a letter to Reps. Henry Waxman (D-Calif.) and Tom Davis (R-Va.), advising Congress to halt the second version of the Computer Assisted Passenger Prescreening System (CAPPS II) program until its effectiveness and privacy implications are thoroughly researched. The proposed federal database of airline-passenger profiles, along with the Total Information Access project, employ data mining so that government officials can monitor persons' movements for suspicious activities--and both are examples of "mass dataveillance" George Washington University law professor Jeffrey Rosen described as unconstitutional at a Tuesday hearing of the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census. Rosen told attendees that data-mining technologies can be designed to balance liberty and security, and urged Congress to take the matter under consideration. However, House Committee on Government Reform Chairman Davis cautioned against federal over-regulation of data mining, to which Rosen suggested that the congressman think about whether data sharing between national agencies would carry the same benefits as it does for private industry. Meanwhile, witnesses at the hearing noted the positive value of certain data-mining programs. Sen. Paula Dockery (R-Fla.) cited her state's initiative to use data analysis to build profiles of suspected criminals, and Gregory Kutz of the U.S. General Accounting Office said data mining has helped his agency identify federal employees using office credit cards to make personal purchases. http://www.pcworld.com/news/article/0,aid,109985,00.asp

"Data Expert Is Cautious About Misuse of Information"
New York Times (03/25/03) P. C6; Lohr, Steve

In-Q-Tel CEO Gilman Louie told PC Forum attendees on Monday that a proposal favored by some technology executives--one calling for a large database on citizens' activities that government officials would have unrestricted access to--is "very dangerous." Such an approach, known as data mining, would collate data on Americans and sort it by name, purchasing history, or travel itinerary in order to find suspicious patterns; anyone who is profiled as a suspect would be placed on a watch list. Although Louie acknowledged that data mining can be useful under certain circumstances, he believes that making it the chief information-based weapon in the war against terrorism is a mistake, one that would destabilize civil liberties. A much more acceptable strategy, in his opinion, is data analysis, in which software tools are employed to search for connections between investigative leads and known terrorists by studying places of residence, recent travel, and other behavior. One form of data analysis software is Non-Obvious Relationship Awareness (NORA), which Las Vegas casinos use to trace links between customers or even employees with known criminals. Louie said the failure to prevent the Sept. 11 attacks was not a lack of information, but the inability of various government agencies to pool their information resources. In-Q-Tel is a venture fund founded by the CIA as a springboard for new concepts, but Louie believes its importance has grown in the aftermath of Sept. 11. "Now, this isn't an experiment," he stated. "This is a necessity." http://www.nytimes.com/2003/03/25/technology/25DATA.html

. From ACM News, January 15, 2003

"Hearings Sought on Data Agency"
Washington Post (01/14/03) P. E5; O'Harrow Jr., Robert

Congressional members are requesting more information about the massive data mining project planned by the Defense Department. Sen. Russell Feingold (D-Wis.) plans to introduce a bill that would halt work until Congress has finished a review of the project. Other Senate members have expressed concerns about the lack of consultation with Congress, and Sen. Patrick Leahy (D-Vt.) recently probed the Justice Department about its possible involvement. Growing controversy over John M. Poindexter's Information Awareness Office comes from different quarters, and both liberal and conservative civil liberties groups have banded together to work toward eliminating funding for the project. The Information Awareness Office aims to build technology that would allow the government to detect and preempt terrorist activity, based on the analysis of suspicious commercial and private activity. Until recently, the office's Web site displayed a logo similar to the great seal of the United States, with an eye atop a pyramid overlooking the globe, and the Latin words "scienta est potentia," or "knowledge is power." Poindexter said recently he recognized such a system should include safeguards for personal privacy, but that his obligation was to allow the government to make full use of technology within the limits set by policymakers. Besides his office's own proposed system, Poindexter has already begun assisting other government agencies in their own data collection and analysis. http://www.washingtonpost.com/wp-dyn/articles/A51844-2003Jan13.html

. From ACM News, January 10, 2003

"Palo Alto Scientist May Fend Off Big Brother"
Oakland Tribune Online (01/06/03); Hoffman, Ian

Along with its controversial Total Information Awareness project, the U.S. government is also spending money to develop sophisticated privacy safeguards. The Defense Advanced Research Projects Agency (DARPA) has awarded established intrusion detection specialist Teresa Lunt a three-year, $3 million contract to safeguard citizens' privacy while the Total Information Awareness project ferrets out terrorists. She worked for 20 years securing sensitive government information and is commended by her peers in academia and elsewhere for technical skill and integrity. Privacy advocates and technologists are especially worried about the Genisys component of the Total Information Awareness project, because it would pull data from government, commercial, and other databases together in an unprecedented manner. Lunt is charged specifically with creating technology that will allow federal agents to track potential terrorists on the system while not being able to identify any individuals. Her team is currently working with simulated data to find out if there are ways insiders could abuse the system. Besides blanking out obvious identifiers, such as credit card numbers and names, Lunt says she intends to make it difficult for human agents to logically piece together people's identity using scraps of evidence. Steven Aftergood, director for the Project on Government Secrecy at the Federation of American Scientists, says the effort is laudable, and is especially impressed that DARPA plans to deploy "red teams" who will try to subvert Lunt's privacy measures as a test. Click Here to View Full Article

"Cybersecurity Plan May Pose Privacy Problems"
IDG News Service (01/08/03); Gross, Grant

A White House internal draft of the National Plan to Secure Cyberspace obtained by the Associated Press on Tuesday reportedly cuts most private-sector recommendations, reduces the number of proposals from 86 to 49, and makes the Homeland Security Department chiefly responsible for ensuring a secure Internet. Critics who took an earlier draft of the plan to task are concerned about what the revised draft omits. Wayne Madsen of the Electronic Privacy Information Center says he is worried that the White House is trying to skirt controversy by keeping the plan ambiguous, which would give the Homeland Security Department license to authorize government monitoring of citizens. He comments, "The danger is not what's said, but what's not said." Madsen adds that one proposal not included in the original draft was a recommendation to "deputize" both public- and private-sector computer security personnel, a situation that could create tension between their desire to protect the privacy of co-workers and their loyalty to the government. Deputy chief of staff for the President's Critical Infrastructure Protection Board Tiffany Olson reports she has no knowledge of the licensing proposal, and adds that the current draft contains no regulations for private industry. She also refutes published reports' assertions that, under the new draft, the government will not consult with civil liberties organizations over privacy issues. Olson insists that the working draft outlines the appointment of a privacy officer in the Homeland Security Department, and makes privacy a "common thread" throughout the plan. http://www.pcworld.com/news/article/0,aid,108560,00.asp
. From ACM News, March 21, 2003

"Will War Swap Privacy for Security?"
IDG News Service (03/20/03); Gross, Grant

A pair of Washington, D.C., conferences on technology and homeland security held on Thursday focused on how to strike a balance between security and privacy, an issue being reinforced by the U.S.-led war against Iraq. Paul Rosenzweig of the Heritage Foundation think tank told attendees at a Congressional Internet Caucus luncheon that banning technologies such as the Defense Department's Total Information Awareness program is a mistake, asserting that misuse of power can be held in check by oversight and the leverage of congressional and court "mechanisms." George Washington University computer science professor Lance Hoffman doubted that new legislation can keep up with technological development, using the failure of proposed laws to curb online file-trading as an example. At the second conference, a panel discussion hosted by WebMethods, five national experts voiced their views on technology's ability to ensure safety and the way it could impact civil liberties. Former Virginia governor and National Advisory Commission on Terrorism Chairman James Gilmore advised tech executives that anti-terrorism systems should be designed with privacy and other civil liberties in mind. The highest level of technology-based security would force citizens to "give up everything by way of individuality, privacy, anonymity...and even then you would not have total security," he warned. Former CIA director James Woolsey argued that current proposed security measures are far less intrusive compared to those employed by previous administrations, such as the internment of Japanese Americans during the Second World War. He added that as the war with Iraq continues, compromises between security and civil liberties are probable, but insisted that legislators and citizens must consider civil liberties when deciding to deploy new technology for security purposes. http://www.pcworld.com/news/article/0,aid,109934,00.asp

. From New York Times, March 25, 2003

Data Expert Is Cautious About Misuse of Information
By STEVE LOHR

Gilman Louie, who runs a venture capital firm founded by the Central Intelligence Agency, warned of the danger of amassing a large, unified database that would be available to government investigators. Read article.

. From Edupage, March 17, 2003
REPUBLICAN CRITICIZES ADMINISTRATION'S HANDLING OF PRIVACY Former Congressman Dick Armey accused George W. Bush and other Congressional Republicans of disregarding citizens' right to privacy in their efforts to increase national security. He said, "[P]eople in the government, very much so in the Justice Department, have been playing out a lust for our information that is not consistent with who we have been as a nation and what our constitutional freedoms are." Armey criticized the government's proposed data-mining programs and other efforts to identify potential criminals and prevent crimes by collecting and sharing information from various sources. He said the notion that the collection of such data should not bother the innocent is ridiculous. A spokesman from the Justice Department defended that agency's use of expanded powers of surveillance, saying the agency stays within the bounds of the law and that Congress still has oversight for what is done. IDG, 14 March 2003 (http://www.idg.net/ic_1220478_9677_1-5041.html)

. Data collection and data mining require us to consider the issue of data privacy. Not all countries have the same thoughts on data privacy. Read about the Trans-Atlantic Data Privacy Dispute.

. From ACM News, March 12, 2003

"How Politics Will Reshape IT"
ZDNet (03/10/03); Caldwell, French

The maturation of the IT industry and the growing effect it has on other areas of society and economy mean the government will play a more active role in the future. Legislation and political discussion between countries will focus on five fronts: Industry regulation in terms of quality, security and critical infrastructure protection, privacy, jurisdiction and taxation, and the movement of knowledge workers internationally. Just like in mature oil and auto industries, the government will soon step in to improve the quality of IT vendors' offerings, either by leveraging its buying clout to demand better quality or through regulation. Most IT contracts and licenses now prevent customers from openly discussing problems with the purchased product, which hampers competitiveness based on quality factors. The government, insurers, and investors are also likely to mandate tighter security in the face of terror threats to infrastructure, which is increasingly reliant on IT. Government also needs to address privacy issues as IT continues to remove the "practical obscurity" that previously protected personal information--driver's licenses and other such documents are more accessible on the Internet, for example. As the use of the Internet continues to grow, it is becoming an increasingly difficult political issue, especially as it transcends normal jurisdictional boundaries. Finally, the movement of knowledge workers and industry to more inviting environments will inevitably mean a radical redistribution that will have to be addressed by government. Politics will demand tighter restrictions on the flow of knowledge jobs either in or out of the country. Click Here to View Full Article

. From ACM News, March 10, 2003

"Data Mining Software Digs Up Buzzwords"
Associated Press (03/06/03)

Predicting trends by studying the frequency of words or phrases that appear online could become easier thanks to the work of innovators such as Cornell University associate professor Jon Kleinberg, who has devised software that can search documents to find "word bursts" that may indicate significant topics and when they emerge. Thus far, his software has been used to find trends of the past, such as scanning State of the Union addresses dating as far back as the late 18th century to uncover verbal signals that reflected important events--"depression" and "recovery" for the 1930s, and "atomic" for the late 1940s and 1950s, for instance. Verity CTO Prabhakar Raghavan has used Kleinberg's software to sift through Weblogs for bursts of references and Web site links that outline emerging trends; such an ability would allow advertisers to target specific groups more accurately. "E-tymologist" Paul McFedries also searches Internet databases to find new language usage, and has uncovered both tech-related terms such as "ham" (legitimate email mistakenly identified as spam by filters because of similar wording) and free-floating buzzwords such as "induhvidual," a synonym for a foolish person. However, friction can occur if people reference buzzwords that happen to be trademarked in a context other than its brand, as McFedries found out when the Google search engine warned him not to use "google" as a verb. http://www.siliconvalley.com/mld/siliconvalley/5331559.htm

. From ACM News, February 28, 2003

"Are the Feds Reading Your E-Mail?"
Medill News Service (02/25/03); Stock, Kyle

Senate Judiciary Committee members Sens. Patrick Leahy (D-Vt.), Charles Grassley (R-Iowa) and Arlen Specter (R-Penn.) are sponsoring the Domestic Surveillance Oversight Act, which requires that the FBI and the Department of Justice disclose how often they spy on U.S. citizens, with a special emphasis on Internet surveillance. The introduction of the bill on Tuesday comes at a time when the DOJ and the FBI's electronic surveillance powers have been significantly expanded by the 1978 Foreign Intelligence Surveillance Act (FISA) and the 2001 Patriot Act, while investigators are apparently trying to broaden those powers even further. The Domestic Surveillance Oversight Act would require the attorney general to release a yearly report detailing how often FISA orders were issued for Americans, how FISA provisions are leveraged in criminal court cases, how search applications are interpreted by FISA courts, and how often agents scan library computers. Accompanying the bill is a large document sharply criticizing the FBI and DOJ's excessive secrecy and insufficient training in regard to FISA standards. Specter also alleges that the agencies are riddled with incompetence that reaches into the highest levels. In response to the bill, the DOJ claims that it and related agencies have furnished Congress with regular reports on their surveillance activities since the Sept. 11, 2001 attacks. Leahy says that U.S. cities have sent "clear signals" to the federal government by discussing or approving mandates advising Congress to ensure that government surveillance powers are balanced with civil liberties. In a related matter, the DOJ was ordered by a federal court this past autumn to answer a Freedom of Information request by the ACLU and the Electronic Privacy Information Center calling for details on how often federal agents monitor Internet users, and the training involved. http://www.pcworld.com/news/article/0,aid,109535,00.asp

. From ACM News, February 12, 2003

"Congress Agrees to Bar Pentagon From Terror Watch of Americans"
New York Times (02/12/03) P. A1; Clymer, Adam

Negotiators from the Senate and the House of Representatives have agreed to prohibit the Pentagon from using the Total Information Awareness (TIA) project to spy on innocent American citizens. Last Friday's announcement that the Pentagon would set up several advisory committees to manage the TIA project as an alternative to such restrictions was apparently ineffective. The negotiators also agreed to halt all TIA research unless the Defense Department furnishes a detailed report on the feasibility of the project and its impact on privacy and civil liberties within 90 days instead of 60 days, as originally proposed. "It looks like Congress is getting the message from the American people loud and clear and that is: Stop the trifling of the civil liberties of law-abiding Americans," declared Sen. Ron Wyden (D-Ore.), who proposed the TIA restrictions as part of an omnibus spending bill the Senate passed in January. The TIA system could still be used for lawful foreign intelligence and military operations, as long as their targets are non-American. The Pentagon's Lt. Cmdr. Donald Sewell insisted that TIA would not be used for domestic spying, and said the Defense Department considers it an important anti-terrorism tool. Still, the passage of the TIA amendment could be prevented if negotiators fail to agree on the spending bill it is a part of, or if President Bush successfully vetoes it. http://www.nytimes.com/2003/02/12/politics/12PRIV.html

. From ACM News, February 26, 2003

"Is Total Information Awareness a Homeland Security Answer or Big Brother?"
Roll Call--Telecommunications & Technology (02/24/03) Vol. 48, No. 61, P. 8; Wyden, Ron; Wynne, Michael

Michael Wynne, principal deputy under secretary of Defense for acquisition, technology, and logistics, and Sen. Ron Wyden (D-Ore.) hold differing views on the Pentagon's Total Information Awareness (TIA) system, which would integrate databases about citizens' daily activities into a single repository that could be mined for evidence of suspected terrorist activity. Wynne claims that "in the 21st century, the key to fighting terrorism is information," and asserts TIA will be a critical tool for rooting out terrorists before they can launch attacks. He insists that TIA would not be used to monitor innocent citizens, adding that the Defense Department has incorporated protective measures to shield individual privacy. Furthermore, Wynne promises that a great deal of TIA research and development will focus on privacy-protection technologies, while both an internal and external board will act as privacy watchdogs. He explains that such a system is necessary, making the case that the Sept. 11 attacks could have been avoided if scraps of seemingly disparate information that indicated what the terrorists were planning could have been connected. Sen. Wyden, fearing that TIA could be used to spy on citizens and erode civil liberties, pushed legislation passed by Congress requiring that the Defense Department furnish a detailed report on the purpose and potential consequences of TIA within 90 days, or lose R&D funding. The provision also outlined congressional oversight of the project by making congressional approval essential to the implementation of TIA technology for the purpose of domestic surveillance. Wyden applauds the recent formation of the TIA oversight boards, but notes that congressional oversight should take precedence. He warns that the TIA office "will take current policies that already threaten the privacy of the American people and combine them in one big effort that could undermine privacy protections once and for all."

. From Edupage, February 10, 2003
ADVISORY GROUPS TO OVERSEE TIA PROGRAM: The Pentagon formed an internal and an external committee to address privacy concerns arising from the Total Information Awareness (TIA) program in a move to prevent Congress from monitoring the program too closely. Headed by John Poindexter, TIA aims to identify terrorists by monitoring Internet usage and commercial and financial databases in the U.S. and abroad. A Senate amendment last month banned deployment of the program and curbed research for it. The Pentagon formed the advisory panels to minimize the scope of the provision, now before a House-Senate conference committee, by convincing Congress that the committees will adequately address balancing security and privacy concerns. Senator Ron Wyden, who sponsored the provision, noted that the panels “did not get an election certificate” and that “Congress on a bipartisan basis is going to continue to demand accountability, oversight, and legally established safeguards.” New York Times, 8 February 2003 (registration req'd) http://www.nytimes.com/2003/02/08/national/08PRIV.html

. From ACM News, February 7, 2003

"Bush Data-Mining Plan in Hot Seat"
Wired News (02/06/03); Scheeres, Julia

The Total Information Awareness (TIA) project, which would use data-mining technology to search public and private databases as well as the Internet for signs of terrorist activities, has spurred grass-roots organizations to mobilize and call for more oversight of the initiative. Representatives of these organizations, which range from the left-wing ACLU to the right-wing Eagle Forum, held a press conference on Feb. 5 to promote legislation for a moratorium on TIA funding until the program's potential for abuse has been thoroughly investigated. Critics have charged the TIA as being little more than a surveillance tool designed to spy on innocent U.S. citizens through their financial, medical, travel, and educational transactions. The Senate unanimously passed an amendment from Sen. Ron Wyden (D-Ore.) last month to halt TIA funding until the Bush administration furnishes a detailed study addressing how the project could affect civil liberties. The Feb. 5 press conference also took the opportunity to criticize a proposed central database that would encompass Americans' personal information and transactions. "The mere gathering of this information is a risk," declared the Association for Computing Machinery's Barbara Simons, who added that such a database would be an invitation to hackers as well as terrorists hoping to commit identity theft. The ACM submitted a letter to Congress last month that raised doubts about the TIA's effectiveness at preventing terrorist acts. http://www.wired.com/news/politics/0,1283,57568,00.html

"Bush Database Plan Raises Privacy Concerns"
IDG News Service (02/06/03); Gross, Grant

President Bush's proposal for a Terrorist Threat Integration Center designed to mine federal databases for terrorists and terrorist activity is already drawing criticism from privacy advocates and could also run into trouble with Congress. The plan, which Bush announced in his state of the union address last week, calls for the center to be run by the CIA, which will share its data with that of the FBI, the Homeland Security Department, and other federal divisions. The plan appears to involve data mining through government databases only, as opposed to the Defense Department's Total Information Awareness (TIA) project, which would also carry out searches for suspicious activity through private databases; however, Electronic Privacy Information Center President Marc Rotenberg says the center could still be used to carry out domestic intelligence gathering, and should therefore be carefully examined by Congress and the public. "Are we seeing here a commitment by the administration to the kinds of data-mining fishing expeditions that we associate right now with Total Information Awareness, but packaging it somewhat differently?" asks Electronic Frontier Foundation staff attorney Lee Tien. "TIA is sort of an easy target, because its announced and declared purpose is so all-encompassing...and then you hit people with something much more limited, and they say, 'Compared to TIA, that's not so bad.'" A spending bill amendment recently passed for the Senate would restrict TIA and other government data-mining projects to overseas operations, while Sen. Ron Wyden (D-Ore.) has vowed to support the Bush center if it provides a database of known or suspected terrorists, or oppose it if it is used to carry out domestic spying. Tien says the chief concern with the plan revolves around how the collected data is used, how suspects are identified, and how those results can be questioned in the event of false positives. http://www.pcworld.com/news/article/0,aid,109253,tk,dn020603X,00.asp

. From ACM News, January 31, 2003

"Bush Proposes Antiterror Database Plan"
CNet (01/29/03); McCullagh, Declan

In the latest move by the White House to boost data-sharing between U.S. police and spy agencies, President Bush used Tuesday's State of the Union Address to announce the Terrorist Threat Integration Center (TTIC), a government database that would compile information about suspected terrorists from federal and private sources. "The TTIC will ensure that terrorist threat-related information is integrated and analyzed comprehensively across agency lines and then provided to the federal, state and local officials who need it most," declared Attorney General Ashcroft after the president's speech. "We will be able to optimize our ability to analyze information, form the most comprehensive possible threat picture and develop the plans we need to prevent terrorist attacks." However, the plan has drawn fire from critics who see parallels between it and the Total Information Awareness (TIA) project; some have posited that the announcement is an attempt to avoid the controversy engendered by the TIA. The TTIC with team up with the FBI and the Homeland Security Department, and have access to "all information" available to the government, including data compiled by the Defense Intelligence Agency and the National Security Agency (NSA). Electronic Privacy Information Center general counsel David Sobel noted that there is as yet no indication about any constraints the TTIC's data collection activities would be subject to. Center for Democracy and Technology executive director Jim Dempsey said that, essentially, the FBI, the CIA, or NSA would gather information on people under the orders of the TTIC. Meanwhile, the center could be affected by a bill to regulate "data-mining technology" proposed by Sen. Russ Feingold (D-Wis.). http://news.com.com/2100-1001-982640.html

"In Net Attacks, Defining the Right to Know"
New York Times (01/30/03) P. E1; Hafner, Katie; Biggs, John

Last weekend's Slammer worm attack and the network slowdowns its caused rekindled a number of controversial issues among security experts, most notably the responsibility of companies to publicly disclose hacker intrusions to consumers. Few security breaches are reported, while the ones that are usually involve a widespread attack that affects thousands of systems. Roman Danyliw of the Computer Emergency Response Team (CERT) Coordination Center notes that many companies are reluctant to admit their security has been compromised--both to their customers and to law enforcement officials--out of fear that it could hurt their reputations or give their rivals a strategic advantage. Another factor hindering full disclosure is that successful breaches are often the result of organizations' failure to deploy basic safeguards or patches for well-known flaws, which is what allowed the Slammer worm to cause so much mischief. Harvard researchers Michael Smith and Stuart Schechter argue in a paper they presented at a recent cryptography conference that organizations or individuals can reduce the likelihood of hacker attacks if they share information about intrusions. However, Alfred Huger of Symantec Security Response has doubts about such a theory, and points out that many attacks, even those focused on specific targets, are launched by hackers who are "trophy hunting." He cites his own company as an example, noting that Symantec is the target of between 3,000 to 4,000 hack attacks every day. Meanwhile, some security experts are pushing for federal legislation that would require institutions to report intrusions: In its draft of the National Strategy to Secure Cyberspace, the President's Critical Infrastructure Protection Board recommends that a centralized, national online system be set up where private companies and federal agencies can share information about break-ins. http://www.nytimes.com/2003/01/30/technology/circuits/30secu.html

"Total Information Awareness: Down, But Not Out"
Salon.com (01/28/03); Manjoo, Farhad

The development of the Total Information Awareness (TIA) system may have hit a snag with the Senate's unanimous decision that the Defense Department conduct a cost-benefit analysis in order to study the project's potential impact on Americans' privacy and civil liberties, but this has not halted its progress. TIA, which aims to track down terrorists by combing databases for personal data, has drawn the ire of civil libertarians, politicians, and scientists, and adding fuel to their criticism is a recently disclosed report from the Defense Advanced Projects Research Agency's (DARPA) Information Systems Advanced Technology (ISAT) panel that discussed methods to protect private data in information systems. This study--and nothing else--was what the Defense Department furnished in response to a request from the Electronic Privacy Information Center (EPIC) for all information pertaining to TIA's privacy ramifications; ISAT study participants, including Barbara Simons, co-chair of the U.S. Public Policy Committee of the Association for Computing Machinery, are bewildered that this is all that DARPA provided, even though the report states that it is "not a review for Total Information Awareness." Simons says, "I'm just not convinced that the TIA will give us tools for catching terrorists that we don't already have or that could be developed with far less expensive and less intrusive systems." Among the security techniques and technologies the ISAT panel suggests is "selective revelation," in which computers withhold personal information from analysts unless they obtain legal authorization, and the construction of databases that leave an audit trail of any user abuses. Next month, DARPA is expected to allocate a three-year, $1 million grant to Palo Alto Research Center researcher Teresa Lunt to develop a "privacy appliance" to be incorporated into TIA's Genisys component. Former Rep. Bob Barr (R-Ga.) backed a 2002 bill calling for a "privacy impact statement" from the federal government every time it starts programs that could negatively affect civil liberties. However, Barr sees the recent Senate curbs on TIA as temporary, and says "chances are overwhelming" that the executive branch will revive the project.

"No Hiding Place"
Economist (01/25/03) Vol. 366, No. 8308, P. 5

A surveillance-based society is emerging, thanks to people's increasing access to the Internet and the proliferation and advancement of technologies that can be monitored or are used for monitoring, including digital cameras, face-recognition software, and mobile phones. Opinion polls show that people are generally against near-constant surveillance, but the public is split between those who do not believe that it will become a reality, and those who feel powerless to prevent it from happening. Complicating the issue is the fact that privacy is subjective and difficult to define, while information-gathering by governments and corporations have their own individual quirks; most people are worried about the former group abusing such powers, although the latter group's hunger for data may make it the bigger threat to privacy in a networked society. Government legislation cannot sustain privacy alone because many national privacy laws could be rendered ineffective in a wired world, while the evolution of law is always several steps behind the evolution of technology. Technological solutions can be a problem as well, because individuals can only use such products and services by giving up information about themselves. Meanwhile, trusting companies that collect information to regulate themselves does not sit well with consumers, since many firms have more to gain by exploiting their customers' private data; market solutions by themselves are also likely to fail because they cannot keep up with increased public surveillance and expanding government databases. Other possible solutions include one proposed by physicist and sci-fi writer David Brin, who suggests that everyone be given database access, while another calls for the deployment of a biometric ID system that can tell exactly what kind of people are accessing databases. Unfortunately, neither solution seems very popular. Click Here to View Full Article


. From Edupage, January 29, 2003
LAWMAKERS TRY TO LIMIT SOCIAL SECURITY NUMBERS AS ID: Responding to the growing incidence and risk of identity theft, California Assemblyman Joseph Simitian has introduced a bill in the state legislature that would limit use of Social Security numbers as identification. The bill would prohibit employers from using Social Security numbers "for any purpose other than taxes" and would prohibit universities from putting the numbers on student IDs. Another bill in California would put strict limits on how and where government agencies could use and post Social Security numbers. Chris Hoofnagle of the Electronic Privacy Information Center said a number of incidents of identity theft have prompted several colleges, universities, and other state governments to question having Social Security numbers available in relatively prominent places where they can easily be obtained. Wired News, 29 January 2003 http://www.wired.com/news/privacy/0,1848,57395,00.html


. From Edupage, January 24, 2003
SENATE INTRODUCES MORATORIUM ON DATA-MINING PROJECT: The U.S. Senate voted 69 to 29 to add to an appropriations bill a moratorium on the government's Total Information Awareness (TIA) program. TIA is the federal government's planned data-mining tool, which would comb disparate data sources looking for indications of terrorist activity. Privacy advocates have fought against TIA since it was announced, saying that it would give the government a free hand in snooping on its citizens and could pose a significant threat to civil liberties. The Senate-introduced moratorium would ban use of TIA unless specific authorization is given by Congress or the president can show that not using TIA would "endanger the national security of the United States." Because a House of Representatives version of the appropriations bill does not include the moratorium, its fate will be decided by a conference committee. CNET, 24 January 2003 http://news.com.com/2100-1023-981945.html

SEVIS DATA STOLEN FROM UNIVERSITY OF KANSAS: Officials from the University of Kansas reported that someone broke into the campus's computer network and stole personal information on more than 1,400 foreign students. The information had been collected as part of the university's compliance with the Immigration and Naturalization Service's new Student and Exchange Visitor Information System (SEVIS), which is designed to track foreign students studying at U.S. institutions of higher education. University officials said the hacker broke in five times and used campus resources for other activity, leading them to believe the theft of SEVIS data was not the hacker's goal. An agent from the FBI, which is investigating the incident, agreed that so far there is no evidence to suggest the actions are related to terrorism. Chronicle of Higher Education, 24 January 2003 http://chronicle.com/free/2003/01/2003012403n.htm


. From ACM News, January 17, 2003

"Senators Vow to Halt 'Data Mining' Project"
SiliconValley.com (01/17/03); Puzzanghera, Jim

The Pentagon's Total Information Awareness project aims to build a database of electronic information on Americans and root out suspected terrorists via data mining, but this has raised the ire of civil libertarians as well as members of Congress. In response, Sens. Dianne Feinstein (D-Calif.), Ron Wyden (D-Ore.) and Daniel Inouye (D-Hawaii) outlined a revision to the proposed $390 billion federal budget Thursday night that would halt the project pending a serious assessment of the technology involved and how it could affect civil liberties. Furthermore, the amendment would include a ban preventing the Pentagon or any other agency from scrutinizing Americans with the system, thus restricting its use to foreign intelligence analysis or overseas military operations. Feinstein press officer Scott Gerber says that Senate Appropriations Committee Chairman Ted Stevens (R-Alaska) will add the revision to the spending bill. "Our country must fight terrorists, but America should not unleash virtual bloodhounds to sniff into the financial, educational, travel and medical records of millions of Americans," Wyden declared. Meanwhile, Sen. Russ Feingold (D-Wis.) announced a bill Thursday calling for the suspension of all data mining projects in the Pentagon and the Homeland Security Department. Supporting his proposal was Wyden, Sen. John Corzine (D-N.J.), ACLU officials, electronic-privacy proponents, Americans for Tax Reform, and the Free Congress Foundation. It is estimated that data-mining projects in the Pentagon will cost $137 million in fiscal 2003, while the Congressional Research Service reckons that they could total up to $575 million between 2004 and 2007. http://www.siliconvalley.com/mld/siliconvalley/news/local/4969039.htm


. Help Wanted: Steal This Database: Article provides perspectives on the issues of security associated with data that might be used for business mining.


. Wired News Privacy Matters: A BLOG maintained by Wired Magazine on Data Mining and Security. They say their goal is to "keep track of attempts to invade your privacy and the efforts to protect it right here."


. From Edupage, January 17, 2003

SECURITY GROUP LOBBIES FOR QUICK LEGISLATION

A recently formed group called the Homeland Security Industries Association (HSIA) met this week with members of Congress to push for quicker government spending to strengthen homeland security. The HSIA currently has about 100 members and considers itself a broad, umbrella group for any company with a stake in U.S. homeland security. Bruce Aitken, president of the HSIA, said the $2.9 billion reportedly spent by the U.S. government in 2002 for IT projects related to security was "diminutive compared to what it can be and what it should be." Celia Wexler of watchdog group Common Cause said the HSIA is one of several new lobbying organizations intent on getting "a piece of the multibillion dollar homeland security pie." Wexler said that although some groups like the HSIA do have positive impacts on certain issues, voters and lawmakers should be cautious about the efforts of such groups, some of which are simply "diving in for big bucks." IDG, 16 January 2003 http://www.idg.net/ic_1020867_9677_1-5046.html


. From ACM TechNews, January 17, 2003

"Increase in Electronic Attacks Leads to Warning on Iraqi Hackers and U.S. Safety"
New York Times (01/17/03) P. A10; Lichtblau, Eric

An evaluation prepared last week by the FBI's National Infrastructure Protection Center warns that a national security crisis could be looming, as evidenced by a recent increase in electronic attacks on military and government networks. These disruptions took the form of low-level Web page defacements, denial of service attacks, and "probes" and "scans" designed to gauge how vulnerable networks are. The FBI report indicated that pro-Iraqi hackers could be behind the attacks, and advised intelligence officials to prepare for broader, "more dangerous" intrusions stemming from growing tension over a possible military conflict with Iraq. "A cyberattack really fits Saddam Hussein's paradigm for attacking us," commented Rep. Robert E. Andrews (D-N.J.), a member of the House Armed Service Committee. However, Gordon Johndroe of the Homeland Security Department said that no connection has as yet been established between hacks into government networks and Hussein's regime, adding that Iraq is more focused on building a stockpile of physical weapons. Dartmouth College's Michael Vatis, former director of the FBI cybercrime unit, noted that Iraq may have a cyberwarfare program under development, but it is probably nowhere near as sophisticated as Chinese and Russian initiatives. Still, he cautioned, "Even a middling capability can cause serious harm." Tim Madden, a spokesman for Maj. Gen. J. David Bryan of Joint Task Force-Computer Network Operations, reported that assaults on the U.S. military's computer networks are launched and dealt with "on a daily basis," while their success rate is below 2 percent. http://www.nytimes.com/2003/01/17/technology/17HACK.html (Access to this site is free; however, first-time visitors must register.)

 

"Senators Vow to Halt 'Data Mining' Project"
SiliconValley.com (01/17/03); Puzzanghera, Jim

The Pentagon's Total Information Awareness project aims to build a database of electronic information on Americans and root out suspected terrorists via data mining, but this has raised the ire of civil libertarians as well as members of Congress. In response, Sens. Dianne Feinstein (D-Calif.), Ron Wyden (D-Ore.) and Daniel Inouye (D-Hawaii) outlined a revision to the proposed $390 billion federal budget Thursday night that would halt the project pending a serious assessment of the technology involved and how it could affect civil liberties. Furthermore, the amendment would include a ban preventing the Pentagon or any other agency from scrutinizing Americans with the system, thus restricting its use to foreign intelligence analysis or overseas military operations. Feinstein press officer Scott Gerber says that Senate Appropriations Committee Chairman Ted Stevens (R-Alaska) will add the revision to the spending bill. "Our country must fight terrorists, but America should not unleash virtual bloodhounds to sniff into the financial, educational, travel and medical records of millions of Americans," Wyden declared. Meanwhile, Sen. Russ Feingold (D-Wis.) announced a bill Thursday calling for the suspension of all data mining projects in the Pentagon and the Homeland Security Department. Supporting his proposal was Wyden, Sen. John Corzine (D-N.J.), ACLU officials, electronic-privacy proponents, Americans for Tax Reform, and the Free Congress Foundation. It is estimated that data-mining projects in the Pentagon will cost $137 million in fiscal 2003, while the Congressional Research Service reckons that they could total up to $575 million between 2004 and 2007. http://www.siliconvalley.com/mld/siliconvalley/news/local/4969039.htm


. From ACM TechNews, January 15, 2003

"Hearings Sought on Data Agency"
Washington Post (01/14/03) P. E5; O'Harrow Jr., Robert

Congressional members are requesting more information about the massive data mining project planned by the Defense Department. Sen. Russell Feingold (D-Wis.) plans to introduce a bill that would halt work until Congress has finished a review of the project. Other Senate members have expressed concerns about the lack of consultation with Congress, and Sen. Patrick Leahy (D-Vt.) recently probed the Justice Department about its possible involvement. Growing controversy over John M. Poindexter's Information Awareness Office comes from different quarters, and both liberal and conservative civil liberties groups have banded together to work toward eliminating funding for the project. The Information Awareness Office aims to build technology that would allow the government to detect and preempt terrorist activity, based on the analysis of suspicious commercial and private activity. Until recently, the office's Web site displayed a logo similar to the great seal of the United States, with an eye atop a pyramid overlooking the globe, and the Latin words "scienta est potentia," or "knowledge is power." Poindexter said recently he recognized such a system should include safeguards for personal privacy, but that his obligation was to allow the government to make full use of technology within the limits set by policymakers. Besides his office's own proposed system, Poindexter has already begun assisting other government agencies in their own data collection and analysis. http://www.washingtonpost.com/wp-dyn/articles/A51844-2003Jan13.html


. From ACM TechNews, January 3, 2003

"Dollars, Sense and the Cyber Security Act"
EarthWeb (01/09/03); Desmond, Paul

The Cyber Security Research and Development Act (CSRDA) approved by both Congress and President Bush last year earmarks almost $1 billion for research and education, but Eugene Spafford of Purdue University's Center for Education and Research in Information and Assurance and Security (CERIAS) is doubtful that the CSRDA will hold to that amount of money, given rival Capitol Hill interests and current budget considerations. Under the new law, the National Science Foundation and the National Institute of Standards and Technology will allocate $275 million over five years for security-related post-doctoral and senior research fellowships to qualifying applicants, as well as $233 million for research grants in nine security fields. For the latter, the usual protocol is for applicants to submit proposals that include a general outline of their functions and effects, while Spafford notes that the institutional resources behind the plans, submitting individuals' experience, and past handling of grants are key factors; he adds that CERIAS may be one such applicant, in order to fund research in sophisticated architectures and intelligent security systems. Spafford reckons that there are perhaps 24 universities with graduate-level security initiatives, but increasing that number requires producing more security experts, which is in keeping with the idea that better educated security professionals will lead to increases in both the academic and corporate sectors. However, Spafford notes that "No amount of money is going to make an immediate difference, and that's a hard sell when you've got people worried right now about bioweapons, poverty, unemployment, pollution, Social Security and other things that are contending for funds." http://itmanagement.earthweb.com/columns/secugud/article.php/1567191

Eugene Spafford is co-chair of ACM's U.S. Public Policy Committee; http://www.acm.org/usacm.

 

"White House Tech Officials Race to Build Security System"
National Journal's Technology Daily (01/09/03); Vaida, Bara

Technology planners in the Bush administration are working fast to integrate systems for the new Department of Homeland Security. White House Office of Homeland Security director of information infrastructure Lee Holcomb said IT administrators had to navigate legal restrictions on information-sharing while implementing an effective system for protecting national security. Data stores with sensitive information include those for biomedical data, immigration, and law enforcement. Holcomb said the administration has already ruled out building a single data warehouse, as well as other IT proposals that would unduly threaten citizens' privacy. Rather, he said work was being done to make sure data is gathered and re-used efficiently throughout the huge new department, a combination of 22 existing federal groups. With the physical location of the new department still undecided, Holcomb said the administration was doing what it could, including "buying lines" and working out a single department-wide email system. While the Department of Homeland Security will likely not have a completed enterprise system by the Jan. 24 deadline, Holcomb said he hoped the email system would at least be in place by then. http://www.govexec.com/dailyfed/0103/010903td1.htm


. From Edupage, January 18, 2003

BUSH ADMINISTRATION REVISES SECURITY PLAN

The most recent draft of the National Strategy to Secure Cyberspace, acquired by the Associated Press, shifts responsibility to defend the Internet to the Department of Homeland Security and away from the private sector, while reducing the number of security proposals from 86 to 49. A recommendation for the government to regularly consult with privacy advocates about how proposed security measures would affect civil liberties has been eliminated, prompting James X. Dempsey of the Washington-based Center for Democracy and Technology to question the Bush administration's “willfully raising privacy concerns,” even after having been heavily criticized by privacy advocates in the past. The draft also clearly states that the Defense Department can wage cyberwarfare if the nation is attacked and increases the role of the CIA and FBI. Critics pointed out the lack of new regulations in the plan, saying that regulations would provide the easiest method for improving security. They implied that the White House's decision to eschew new regulations was a response to concerns that U.S. corporations would face financial burdens in compliance. President Bush is expected to sign the plan in the coming weeks. Wired News, 7 January 2003: http://www.wired.com/news/conflict/0,2100,57109,00.html


. From ACM TechNews, January 8, 2003

"Data Stored in Multiplying Bacteria"
New Scientist Online (01/08/03); McDowell, Natasha

American researchers at the Pacific Northwest National Laboratory have successfully stored information within bacteria as artificial DNA in an effort to create a new type of memory that could survive a nuclear catastrophe or other disaster. The researchers encoded the lyrics to the song "It's a Small World" into synthetic DNA strands, which were then embedded into bacteria such as Deinococcus radiourans and E.coli. The former has a strong tolerance to high temperatures, ultraviolet light, desiccation, and ionizing radiation doses 1,000 times higher than would be fatal to people. The scientists created special DNA "sentinels" attached to the beginning and end of each message that prevent the bacteria from mistaking the message for a virus. The sentinel is so reliable that the exact message is preserved even after 100 bacterial generations, notes information technologist Pak Chung Wong. Imperial College bacteriologist Huw Williams says that mutations could give rise to better-adapted bacteria over time. Wong says, "Bacteria may be an inexpensive and stable long-term means of data storage." http://www.newscientist.com/news/news.jsp?id=ns99993243


. From ACM TechNews, December 23, 2002

"Bush Plan to Monitor Net Raises Stir"
MSNBC (12/20/02); Sullivan, Bob

Among the goals outlined in the National Strategy to Secure Cyberspace is the formation of a Cyberspace Network Operations Center, a hub where ISPs would share information about network traffic in order to forestall cyberattacks. The September draft of the national strategy indicated that this central clearinghouse would be run by industry, but the New York Times reported on Dec. 20 that the plan has been revised to allow for federal control, a maneuver that has provoked worry among ISPs and others that the center could become a tool for online wiretapping. However, a Bush administration official who is close to the matter insists that there are no plans to take control of the center away from the private sector. He did acknowledge that government agencies that focus on cybersecurity--the FBI's National Infrastructure Protection Center and Carnegie-Mellon's Computer Emergency Response Team, for instance--might be merged together under the plan. Nevertheless, Washington lawyer Stewart Baker comments that ISPs are under "an awful lot of pressure" to be included in a central Internet monitoring center, although he has doubts about its effectiveness. Rather than focus on ordinary traffic for signs of terrorist activity, security experts will probably devote their attention to bigger traffic disruptions that could herald online assaults. Baker adds that ISPs are skeptical that the facility's potential security strengths outweigh the risks to people's privacy. An amended version of the National Strategy to Secure Cyberspace will be submitted by the White House in early 2003. http://www.msnbc.com/news/850160.asp?0si=-

"Many Tools of Big Brother Are Now Up and Running"
New York Times (12/23/02) P. C1; Markoff, John; Schwartz, John

The government already has eyes and ears observing people's everyday activities, but that data is not currently gathered or analyzed comprehensively in a way that would be useful to intelligence agencies. The Internet, as well as new Web technologies such as XML, have helped to link of thousands of information warehouses with different types of data--email, cellular phone usage data, toll booth data, e-commerce stats, and banking information. The controversial Total Information Awareness project would enable the government to tap into these various sources, compare the data, and alert authorities to possible terrorist activity. Besides drawing on conventional digital transactions, the Total Information Awareness project also uses commercially available technology, such as the Groove collaboration software created by Lotus Notes creator Ray Ozzie. Groove enables real-time remote collaboration between intelligence analysts at different agencies and hooks up various data analysis software. Critics say such a system compromises civil liberties, while others argue it is unworkable. Dorothy Denning, a Naval Postgraduate School professor in Department of Defense Analysis, doubts the government can connect the right dots fast enough to avert a terrorist strike since it does not know exactly what to look for. The idea for the project was conceived at the Defense Advanced Research Projects Agency (DARPA). A DARPA-sponsored advisory group formed of policy, technology, and intelligence experts in both the government and the private sector debated the project in three meetings after the Sept. 11 attacks. WebMethods senior vice president and former technology secretary for Virginia, Don Upson, says the debate over the project is healthy, since it will produce the data analysis policies needed in the future. http://www.nytimes.com/2002/12/23/technology/23PEEK.html


. From Edupage, December 23, 2002

ADMINISTRATION TRIES TO ANSWER FEARS ABOUT INFORMATION SYSTEM In response to fairly vocal criticism of plans to create a system to monitor much Internet traffic in an effort to identify and prevent potential terrorist activity, the Bush Administration tried Friday to address fears that the system would compromise privacy and personal information. Richard Clarke, President Bush's advisor on cyberspace, said that the proposed system would not be used to scan and read individuals' e-mails. The plan, he said, "articulates a strong policy of protecting citizens' privacy in cyberspace." Some of the concern over the proposed system comes from a change from earlier drafts of the proposal, which specified that a monitoring center would be run by private board rather than by the government. The newest draft indicates that a monitoring center "could be operated by the private sector but could share information with the federal government through the Department of Homeland Security." Wall Street Journal, 20 December 2002 (sub. req'd) http://online.wsj.com/article/0,,SB104042986788918113,00.html

JUSTICE DEPARTMENT CRITICIZES FBI IT MANAGEMENT A report from the U.S. Department of Justice says that despite the increased need for effective management of IT resources following September 11, the Federal Bureau of Investigation (FBI) has shown "major weaknesses" in that regard. The report is based in part on interviews conducted by the General Accounting Office (GAO) and by the Justice Department's Office of the Inspector General with officials at the FBI, the Justice Department, the GAO, and the Office of Management and Budget. According to the report, "the FBI continues to spend hundreds of millions of dollars on IT projects without adequate assurance that these projects will meet their intended goals." The Justice Department said this problem results from continued insufficient management attention to IT investments. ComputerWorld, 20 December 2002 http://www.idg.net/ic_993491_1794_9-10000.html

MOST GOVERNMENT SURVEILLANCE WOULD USE EXISTING TOOLS In light of the federal government's various plans to increase national security through electronic monitoring, some technology experts point out that many of the tools for such a program are already in place. Creating a dragnet to prevent terrorism, they say, would largely involve piecing together information that is currently collected and stored in disparate areas. From data concerning cellular phone calls to traffic records taken from passing through toll booths, the government has a potentially large pool of information to use from existing systems. Civil libertarians worry over possible abuses of the proposed data collection. Supporters suggest that an information system might coordinate data about foreign visitors taking flying lessons at different flying schools, for example, with airline reservation systems showing those same visitors with plane tickets for the same day. New York Times, 23 December 2002 (registration req'd) http://www.nytimes.com/2002/12/23/technology/23PEEK.html

. From ACM TechNews, December 20, 2002"

"Bush Administration to Propose System for Wide Monitoring of Internet"
New York Times (12/20/02) P. A16; Markoff, John; Schwartz, John

The final version of the National Strategy to Secure Cyberspace is expected to include a proposal requiring ISPs to construct a centralized system for Internet monitoring, supposedly as an "early-warning center" designed to offer antivirus safeguards and detect cyberattacks long before they become threatening, according to the President's Critical Infrastructure Protection Board. The technical challenge would be formidable, since independent ISPs number in the thousands, but service providers are concerned that such a system could blur the line between cybersecurity and surveillance of people's online activities. One official from a major data services firm says the system would be "10 times worse" than the FBI's Carnivore Internet wiretap system. ISPs are also worried about their liability, should they supply access to live feeds of network activity, notes Washington lawyer Stewart Baker. People who were briefed on the proposal say that it does not specify where the centralized system would be located, how much it would cost, or its operational requirements. Board deputy chief of staff Tiffany Olson explained yesterday that the proposal is still under development, but insisted that there is a great need for such a facility, because without one ISPs can only watch a small portion of the Internet. "We don't have anybody that is able to look at the entire picture," she maintained. The original National Strategy to Secure Cyberspace draft issued in September suggested that industry oversee the monitoring center, but the latest version hands that responsibility over to the government. http://www.nytimes.com/2002/12/20/technology/20MONI.html

 

"Study Seeks Technology Safeguards For Privacy"
New York Times (12/19/02) P. A15; Markoff, John

In response to a request from the Electronic Privacy Information Center, the Pentagon yesterday disclosed a report from the Information Sciences and Technologies Study Group (ISAT) listing specific technologies that the government should invest in to prevent misuse of data-mining tools that could be employed in the Total Information Awareness system. The technologies mentioned include automated tracing of access to database records, database segregation, and blockage of access to unauthorized people--all of which can be adapted to enable the government to monitor citizens' electronic activities while keeping exposure of individual information to a minimum, according to the study. However, a representative of the Electronic Privacy Information Center declared that the report did not fully comply with its request for the military to publicly issue documents relating to any assessment of how the Total Information Awareness system would affect privacy. ISAT member Barbara Simons said that Total Information Awareness and policy issues were not the subject of the study. Other study participants noted that there was doubt within ISAT that technological solutions would effectively guard privacy, while the report called for "Strong Audit measures" to guard against the misuse of information systems. The study was sponsored by the Information Awareness Office, and several participants said that former national security advisor John M. Poindexter, who is leading the Total Information Awareness initiative, joined in during one meeting. The report was commissioned late last year, before the Total Information Awareness system was proposed. http://www.nytimes.com/2002/12/19/national/19COMP.html



Page Owner: Professor Sauter (Vicki.Sauter@umsl.edu)
© 2003 Vicki L. Sauter. All rights Reserved.