COTTSDALE, Ariz., March 24 — As the government gears
up its domestic security program, the chief executive of a
venture capital firm founded by the Central Intelligence
Agency warned today of the danger of amassing a large, unified
database that would be available to government investigators —
as some technology executives have advocated.
"I think it's very dangerous to give the government total
access," said Gilman Louie, chief executive of In-Q-Tel, a
venture fund established by the C.I.A. in 1999.
Besides, the real lesson learned from the Sept. 11
terrorist attacks, Mr. Louie said, was that the intelligence
failure was not so much that the government had too little
information but that the information held by different
government agencies was not linked, shared and analyzed.
It is already clear that a part of the vast amounts of
personal and commercial data housed in government and
corporation will increasingly be used in terrorist-related
government investigations. But there is a vigorous debate over
what data should be collected and how it should be used to
balance the interests of national security with personal
privacy and individual freedom.
Speaking at the PC Forum, an annual gathering of corporate
technology executives, entrepreneurs and venture capitalists,
Mr. Louie said there were two different paths being pursued
toward data surveillance by the government.
First, there is what he termed the "data mining or
profiling" approach. This involves collecting large amounts of
data — like credit card and air travel information — and then
sorting the data by names, buying habits or travel plans
looking for patterns.
The data mining approach, Mr. Louie said, results in the
"watch lists" used by law enforcement authorities. If used as
the main tool of surveillance, the data mining approach is too
blunt an instrument, in Mr. Louie's view, and one likely to
needlessly undermine individual freedom. "The policy has not
been defined for how you get on or off these watch lists," he
said.
Mr. Louie said that he had friends who after the terrorists
attacks have been interrogated at length and sometimes missed
flights because they matched certain characteristics that put
them on a watch list. "They have Arabic names," he said, "they
are naturalized citizens and because they are investment
bankers they buy one-way tickets."
The second way to use database technology to detect threats
is what he called the data analysis approach. The alternative,
which Mr. Louie supports, starts with some kind of
investigative lead and then uses software tools to scan for
links between a person under investigation and known
terrorists, in terms of where they live, recent travel and
other behavior.
Las Vegas casinos, for example, use data analysis software
called NORA, for Non-Obvious Relationship Awareness, for
tracking threats to their business — links between some
patrons and sometimes employees with money launderers, known
card counters and individuals with criminal records. The
company that developed the NORA software, Systems Research and
Development, is one of the companies in which In-Q-Tel has
invested.
Data mining, Mr. Louie said, can play a useful role. But he
argues that relying on data mining as the principal way to use
database technology in fighting terrorism would be a mistake.
"This is an ongoing argument," Mr. Louie said, "a big debate
right now in government."
In-Q-Tel was established by the C.I.A., in an effort to
inject new thinking and technology into the agency. The
agency's handling of information had been shaped by the cold
war concerns of big power confrontations where the weapons
were tanks and missiles, and the security risks tended to be
spies and moles.
Information, noted Mr. Louie, a former computer game
designer and software executive, was kept in separate database
silos so it would not leak or any leak could be quickly
contained. Speed of information flow across databases was not
a priority.
Yet in a world of quickly shifting terrorist threats, Mr.
Louie said, "the agency realized that this stove-piping of
information was a security model that was really
vulnerable."
Today, In-Q-Tel has invested in 25 companies. At the same
time, the Defense Department's advanced research projects
agency, or Darpa, and the government's National Imagery and
Mapping Agency, or Nima, have also supplied financing to
In-Q-Tel for specific programs.
Before Sept. 11, Mr. Louie said, In-Q-Tel was seen within
government as an intriguing experiment. "Now, this isn't an
experiment," he said. "This is a necessity."