IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Terrorism Information Awareness Program
(formerly "Total Information Awareness Program")

Guide to the Report to Congress


[Key to page numbers: ES = Executive Summery; DI = Detailed Information; A = Appendix A]


Why did you change the name?
Is TIA being used now, and on what data?
Is TIA collecting data on US citizens?
How is DoD ensuring that TIA does not violate privacy and civil liberties?
What about in the future, when TIA technologies are deployed? How will you ensure protection of privacy and civil liberties?
Provide some examples of how TIA has been used by operational agencies to date.
Which organizations are participating in or interested in participating in the TIA experimental network?
What is TIA's possible or expected impact on privacy and civil liberties if some of the component programs of TIA are implemented?
Which parts of TIA raise the primary concerns regarding privacy protection?
Are there any privacy issues that are not raised by the TIA program?
What are the primary privacy issues that are raised by TIA?
How will you measure TIA's progress and effectiveness?
What factors can be used to evaluate TIA's suitability for deployment?
Please list the laws and regulations that govern the information to be collected by government agencies that may, in the future, use the tools developed by the TIA Program.


Q: Why did you change the name?
A: The name "Total Information Awareness" program created in some minds the impression that TIA was a system to be used for developing dossiers on US citizens. That is not DoD's intent in pursuing this program. Rather, DoD's purpose in pursuing these efforts is to protect citizens by detecting and defeating foreign terrorist threats before an attack. To make this objective absolutely clear, DARPA has changed the program name to Terrorism Information Awareness. (p. ES-1)

Top of Page

Q: Is TIA being used now, and on what data?
A: DARPA is providing operational agencies and commands with system/network infrastructure and concepts; software analytical tools; installing this software; providing training on its use; observing experiments; evaluating the performance of the software; and collecting user comments on needed changes, modifications, and additions to the software. The operational agencies and commands are providing facilities and personnel to conduct these experiments and they are using data available to them in accordance with existing laws, regulations and policies applicable to each of them. DARPA is not providing any real data or providing any means to collect real data. (p. A-2)

Top of Page

Q: Is TIA collecting data on US citizens?
A: The TIA program is a research and development project. The program is integrating and testing information technology tools. DARPA affirms that TIA's research and testing activities are only using data and information that is either (a) foreign intelligence and counter intelligence information legally obtained and usable by the Federal Government under existing law, or (b) wholly synthetic (artificial) data that has been generated, for research purposes only, to resemble and model real-world patterns of behavior. (p. ES-3)

Further, the TIA Program is not attempting to create or access a centralized database that will store information gathered from various publicly or privately held databases. (p. DI-27)

Top of Page

Q: How is DoD ensuring that TIA does not violate privacy and civil liberties?
A: The Department of Defense, which is responsible for DARPA, has expressed its full commitment to planning, executing, and overseeing the TIA program in a manner that protects privacy and civil liberties. Safeguarding the privacy and the civil liberties of Americans is a bedrock principle. DoD intends to make it a central element in the Department of Defense's management and oversight of the TIA program. (p. ES-3)

The Department of Defense's TIA research and development efforts address both privacy and civil liberties in the following ways:

  • The Department of Defense must fully comply with the laws and regulations governing intelligence activities and all other laws that protect the privacy and constitutional rights of U.S. persons.
  • As an integral part of its research, the TIA program itself is seeking to develop new technologies that will safeguard the privacy of U.S. persons.
  • TIA's research and testing activities are conducted using either real intelligence information that the federal government has already legally obtained, or artificial synthetic information that, ipso facto, does not implicate the privacy interests of U.S. persons. (p. ES-3 - ES-4)

The Secretary of Defense will, as an integral part of oversight of TIA research and development, continue to assess emerging potential privacy and civil liberties impacts through an oversight board composed of senior representatives from DoD and the Intelligence Community, and chaired by the Under Secretary of Defense (Acquisition, Technology and Logistics). The Secretary of Defense will also receive advice on legal and policy issues, including privacy, posed by TIA research and development from a Federal Advisory Committee composed of outside experts. (p. ES-5)

The Department of Defense has expressed its intention to address privacy and civil liberties issues squarely as they arise, in specific factual and operational contexts and in full partnership with other Executive Branch agencies and the Congress. The protection of privacy and civil liberties is an integral and paramount goal in the development of counterterrorism technologies and in their implementation (p. ES-5)

DoD has expressed its commitment to the rule of law in this endeavor and views the protection of privacy and civil liberties as an integral and paramount goal in the development of counterterrorism technologies. (p. DI-35)

Top of Page

Q: What about in the future, when TIA technologies are deployed? How will you ensure protection of privacy and civil liberties?
A: Any agency contemplating deploying TIA tools for use in particular contexts will be required first to conduct a pre-deployment legal review. In this regard, the DoD General Counsel has directed each operational component within DoD that hosts TIA technologies to prepare a substantive legal review that examines the relationship between that component and TIA, and analyzes the legal issues raised by the underlying program to which the TIA tools will be applied. The General Counsel has advised that all such relationships should be documented in a memorandum of agreement to ensure the relationship is clearly understood by all parties. The Director of Central Intelligence's General Counsel is taking comparable steps with respect to elements of the Intelligence Community, and the Department of Justice would do so if it ever decides to deploy any TIA technology. (p. ES-4 - ES-5)

The DoD has expressed its full commitment to planning, executing, and overseeing the TIA Program in a manner that is protective of privacy and civil liberties values. Safeguarding the privacy and the civil liberties of Americans is a bedrock principle. DoD intends to make it a pervasive element in the DoD management and oversight of the TIA Program. (p. DI-27)

The DoD's TIA work addresses both privacy and civil liberties in three principal ways:

  • In its TIA work, as in all of its missions, the DoD must fully comply with the laws and regulations governing intelligence collection, retention, and dissemination, and all other laws, procedures, and controls protecting the privacy and constitutional rights of U.S. persons.
  • TIA is seeking to develop new technologies, including Genisys Privacy Protection, that will safeguard the privacy of U.S. persons by requiring, documenting, and auditing compliance with the applicable legal requirements and procedures.
  • TIA's research and testing activities are conducted using either real information that the Federal Government has already legally obtained under existing legal regimes, or synthetic, wholly artificial information generated in the laboratory about imaginary persons engaged in imaginary transactions-data that by definition does not implicate the privacy interests of U.S. persons. (p. DI-27 - DI-28)

In addition to these measures, the DoD intends, as an integral part of oversight of TIA, to continuously monitor and assess emerging potential privacy and civil liberties issues. (p. DI-28)

Top of Page

Q: Provide some examples of how TIA has been used by operational agencies to date.
A:

  • Analyzing data from detainees from Afghanistan and finding relationships among entities in that data and with additional relationships from all-source foreign intelligence information.
  • Assessing various intelligence aspects including weapons of mass destruction in the Iraqi situation.
  • Aggregating very large quantities of information based on patterns into a visual representation of very complex relationships, which enabled rapid discovery of previously unknown relationships of operational significance. (p. DI-16)

Q: Which organizations are participating in or interested in participating in the TIA experimental network?

A: U.S. Army Intelligence and Security Command; National Security Agency; Defense Intelligence Agency (DIA JITF-CT); Central Intelligence Agency; DoD's Counterintelligence Field Activity; U.S. Strategic Command; Special Operations Command; Joint Forces Command; Joint Warfare Analysis Center. (p. DI-17)

Top of Page

Q: What is TIA's possible or expected impact on privacy and civil liberties if some of the component programs of TIA are implemented?

A: In seeking to develop innovative information technology that will improve the nation's capabilities to detect, deter, preempt, and counter terrorist threats, TIA's research and testing activities have depended entirely on (1) information legally obtainable and usable by the Federal Government under existing law, or (2) wholly synthetic, artificial data that has been generated to resemble and model real-world patterns of behavior. Further, the TIA Program is not attempting to create or access a centralized database that will store information gathered from various publicly or privately held databases. (p. DI-27)

Nevertheless, ultimate implementation of some of the component programs of TIA may raise significant and novel privacy and civil liberties policy issues. Largely because of the greater power and resolution of TIA's search and data analysis tools, questions will arise concerning whether the safeguards against unauthorized access and use are sufficiently rigorous, and whether the tools can or should be applied at all with respect to certain types of particularly sensitive information. In addition, privacy and civil liberties issues may arise because some would argue that the performance and promise of the tools might lead some U.S. Government agencies to consider increasing the extent of the collection and use of information already obtained under existing authorities. (p. DI-27)

Top of Page

Q: Which parts of TIA raise the primary concerns regarding privacy protection?

A: The primary privacy concerns raised about TIA focus on the data search and analysis tools: Genisys, Evidence Extraction and Link Discovery (EELD), Scalable Social Network Analysis (SSNA), and MisInformation Detection (MInDet). The privacy concerns raised by TIA's search tools, of course, will depend significantly upon the types of information contained in the databases for which use of these tools is authorized, and upon the authorities, procedures, and safeguards that are established. At the present time, the only tools from this category that are being used in TIA network tests come from the EELD Program and they are being applied only with respect to foreign intelligence data. (p. DI-31)

Top of Page

Q: Are there any privacy issues that are not raised by the TIA program?
A: In analyzing the privacy issues that are raised by these particular TIA programs, it is important to recognize what they do not do.

  • Nothing in the TIA Program changes anything about the types of underlying information to which the government either does or does not have lawful access, nor does it change anything about the standards that must be satisfied for accessing particular types of data.
  • As conceived, TIA's search tools, if and when used by operational agencies, would leave the underlying data where it is, extracting only what is responsive to a specific and defined query, and not engaging in random searches.
  • Just as TIA would leave the underlying data where it is, it would, in terms of the substance of such information, take the data as it finds it. That is, nothing in the implementation of TIA envisions that parties whose databases would be queried should begin collecting data that they do not already collect.
  • It follows as a corollary to the previous points that TIA does not, in and of itself, raise any particular concerns about the accuracy of individually identifiable information. On the contrary, TIA is conceived of as simply a tool for more efficiently inquiring about data in the hands of others, and in theory these inquiries currently could be made by more labor-intensive human efforts.

These issues are discussed in detail in the report, pp. DI-32 - DI-33.

Top of Page

Q: What are the primary privacy issues that are raised by TIA?
A: The primary privacy issues raised by TIA are threefold:

  • Aggregation of data
  • Unauthorized access to TIA
  • Unauthorized use of TIA (p. DI-33)

Top of Page

Q: How will you measure TIA's progress and effectiveness?
A: The program will measure its value using the following categories:

  • Technical. Processing-related system goals; e.g., numbers of documents ingested, patterns discovered, associations identified, and data sources investigated.
  • Operational. How the technologies enhance the ways analysts approach their missions.
  • Cognitive. How a technology can effectively increase an analyst's time for thinking as well as the true effect of a technology in this environment by normalizing and validating anecdotal evidence that demonstrates how the computer tools assist the analysts in accomplishing their missions more effectively.
  • Network Interactions. Different ways analysis teams use the network to work together. (p. DI-15 - DI-16)

Top of Page

Q: What factors can be used to evaluate TIA's suitability for deployment?
A:

  • The efficacy and accuracy of TIA's search tools must be stress-tested and demonstrated.  The tools must be shown to be sufficiently precise and accurate - i.e., a search query results in only that information that is responsive to the query.
  • It is critical that there be built-in operational safeguards to reduce the opportunities for abuse.
  • It will also be essential to ensure that substantial security measures are in place to protect these tools from unauthorized access by hackers or other intruders.
  • Any agency contemplating deploying TIA tools for use in particular contexts will be required first to conduct a pre-deployment legal review.
  • There will be a need for any user agency to adopt policies establishing effective oversight of the actual use and operation of the system before it is deployed in particular contexts. (p. ES-4 - ES-5)

These issues are discussed in detail in pp. DI-33 - DI-35.

Top of Page

Q: Please list the laws and regulations that govern the information to be collected by government agencies that may, in the future, use the tools developed by the TIA Program.

A: (p. DI-18 - DI-27) The report enumerates the statutes and regulations that would constrain any future data collection by federal agencies if and when they began to deploy the information technology the TIA program had developed. To the extent that this list goes beyond the requirements of Public Law 108-7, we have erred on the side of being over-inclusive. This task has been accomplished substantively by the Congressional Research Service (CRS) of the Library of Congress, in its Report for Congress: Privacy: Total Information Awareness Programs and Related Information Access, Collection, and Protection Laws (updated version March 21, 2003). (p. DI-18)

We do not in any way suggest that TIA's search tools should be authorized to analyze all these forms of data; quite the opposite is true. Our point-and what we understand Congress to have intended for us to do-is to enumerate the laws that protect various kinds of information and that might either constrain or (as a logistical matter) completely block deployment of TIA search tools with respect to such data. (p. DI-18)

The report in pp. DI-18 - DI-26 discusses a large number of statutes, regulations, and other materials.

Top of Page