By Jane Black The 2002 elections proved one thing: The promise of security wins votes. The GOP campaigned on a pledge to make the country safer, and it brought home one of the biggest midterm victories in decades. That huge win may have emboldened the Bush Administration to ignore widespread criticism of the Defense Dept.'s $240 million effort to develop a Total Information Awareness system (TIA).
The outrage over TIA doesn't seem to have reached the President's ear, but it should. It's not too late for him to realize the folly of such a plan. Funded by the Defense Advanced Research Projects Agency (DARPA), the project would combine every American's bank records, tax filings, driver's license information, credit-card purchases, medical data, and phone and e-mail records into one giant centralized database. This would then be combed through for evidence of suspicious activity.
TAINTED LEADER. If that's not scary enough, consider who's overseeing the project: Former Reagan National Security Adviser and Bush loyalist John Poindexter, a man who was convicted (though later acquitted on appeal) of five felonies, including lying to Congress, after the Iran-Contra scandal of the 1980s.
The DARPA plan shocked the media and individual citizens across the country. The program wouldn't catch terrorists, but it would terrorize ordinary citizens by logging their every movement in a federal government database. Why, many asked, would the Bush Administration stand behind such an intrusive plan? My question: Why ask why?
The furor over TIA is déjà vu all over again. DARPA's project is just one of a series of salvos in the Bushies' war on terrorism that promise security but lay waste to personal privacy. Some antiprivacy proposals have sailed through. The U.S. Patriot Act, which significantly expanded law-enforcement agencies' surveillance and investigative powers, and did so with few checks and balances, passed the Senate 99-1. (Only Russell Feingold (D-Wis.) courageously stood against the Administration.)
BAD POLICIES. Fortunately, vigilant lawmakers stopped other proposals in their tracks, such as the Justice Dept.'s TIPS program, which proposed a national database to which postal workers, cable repairpeople, and others could report suspicious activity. The politicians understood that the certain loss of privacy outweighed any potential security gain (see BW Online 7/25/02, "Some TIPS for John Ashcroft").
What these plans, including TIA, have in common is the goal of collecting in a central repository what innocent citizens do, where, and with whom. The war on terrorism is a serious matter. But spying on everybody in an effort to catch a few bad guys is lousy policy -- whether it's a giant new federal agency like the Homeland Security Dept., TIPS, or the TIA database, which in addition to collecting personal data also proposes to use special software attached to high-tech security cameras for monitoring and categorizing the way you walk.
Centralizing data won't stop terrorists. As everyone knows from the September 11 terrorist attacks, al Qaeda cells "sleep" in the U.S. for years while they plot their attacks. Even if America had a system that could monitor border movements and cross-reference them with money transfers and one-way airline tickets, does anyone really think terrorists will act in ways that would alert TIA's attention? "TIA is not likely to be an effective way to prohibit future terrorist acts, but it will have an enormous impact on the government's ability to monitor things not related to terrorism," says Marc Rotenberg, executive director of Washington (D.C.)-based privacy rights group Electronic Privacy Information Center.
DECENTRALIZED INTELLIGENCE. It's time to switch gears. America doesn't need huge centralized databases that track each and every citizen. What it needs is decentralized intelligence. And that means extensive training for law-enforcement and government personnel on the ground, across the country. The country needs Customs personnel who know what to look for at the borders, like the officer in Port Angeles, Wash., who noticed a suspicious driver trying to enter the U.S., investigated further, and found a load of bomb components intended for attacks on Millennium celebrations.
America needs flight-training instructors like the one in Minnesota who alerted the FBI to Zacarias Moussaoui's alleged desire to learn to fly a plane but not to land one. The country needs alert passengers on airplanes, like those who noticed and took down shoe-bomber Robert Reid on American Airlines Flight 63 from Paris.
Who knows what will work better? Where centralized solutions à la TIA are still untested, decentralized security has a proven record. According to Marc Hedlund, vice-president for engineering at computer-security-software firm Sana Security and an intelligent voice in the privacy debate, distributed defenses work better because a hacker (or terrorist) never knows where he or she might be caught. Sana's technology is modeled on the human immune system, seeking out threats throughout the network and responding to them. Hedlund says if security is centralized -- in cyberspace or the real world -- attackers have a better chance of success because they need to find only one loophole in the core intelligence machine.
TIME TO RETHINK. Certainly, more coordination is necessary. September 11 proved that, too often, the federal government's right hand doesn't always know what its left hand is doing. In July, 2001, FBI agent Kenneth Williams warned colleagues in a memo that supporters of Osama bin Laden were attending civil-aviation colleges in Arizona. That important information never made it into the right hands. Six months after two hijacked jetliners brought down the World Trade Center, the Immigration & Naturalization Service sent a letter to the flight school that suspected ringleader Mohammed Atta had attended in Florida, saying his student-visa application had been approved.
Solving those problems doesn't require a huge electronic infrastructure to snoop on innocent citizens. Before moving forward, the Bush Administration should step back and rethink its priorities. The Bushies say they oppose Big Government. Yet key security initiatives, including the U.S. Patriot Act, the Homeland Security Dept., and the TIPS program, centralize reams of information on individual citizens and give the feds free rein to slice it and dice it any way they see fit.
President Bush campaigned as a privacy-rights candidate. Yet none of his Administration's proposals have explicit privacy safeguards. In the case of TIA, Americans are asked to take the word of admitted liar Poindexter that their information will be in good hands.
The Bush Administration is nothing if not persistent. Its motto here -- and everywhere -- seems to be: If at first you don't succeed, try again. But in this case, it should remember what the GOP's very own Poindexter said to Congress during the Iran-Contra hearings: "The buck stops here." The White House should draw a line in the sand and refuse to let government invasion of privacy go any further. That's the only way to win the war on terrorism. Black covers privacy issues for BusinessWeek Online in her twice-monthly Privacy Matters column