Privacy Appliance Seeks To Rein In Government SnoopingPrivacy Appliance Seeks To Rein In Government Snooping

PALO ALTO, Calif. (AP) -- The Pentagon's plan to sniff out terrorists from a sea of personal data collected by the government, banks, airlines, credit card companies and other sources has been criticized as the most sweeping invasion of privacy in history.

But Teresa Lunt believes that the much-maligned Terrorism Information Awareness system can work without stomping on individual rights. The researcher has proposed--and the government is funding--the creation of a device that could watch and rein in the watchers.

Civil libertarians aren't so sure about Lunt's so-called privacy appliance, which is being developed at the famed Palo Alto Research Center, now a subsidiary of Xerox Corp., under a $3.5 million, 3-1/2-year contract awarded in April. Critics question whether it will work, and if it does, whether clever snoops can bypass it.

"One of my civil liberties nightmares is that you have a system that sounds very good with a privacy appliance, but it's got some sort of a breaker switch that in an emergency is shut off," said Lee Tien, senior staff attorney at the Electronic Frontier Foundation.

Lunt's appliance is being developed under Project Genisys, one branch of the Defense Advanced Research Projects Agency's wide-ranging TIA program.

The appliance would be controlled by whomever owns the data, Lunt says. With the owner's permission, government analysts would submit queries to the appliances, which would filter out identifying data such as names or credit-card numbers.

Returned results might show, for instance, how many people fit a certain profile or whether there's a trend among a group of still-unidentified people.

A number of protections would be built into each device, including an unalterable log of what information is returned and to whom. Its software would be smart enough to adjust results based on what has previously been released and whether individuals can be identified through inference.

Once questionable behavior is detected and narrowed to a small enough number of people, analysts could seek court orders that would allow for the identification of suspects.

The whole scheme worries privacy advocates.

"What is the standard the judge is going to be judging this on?" asked David Sobel, general counsel for the Electronic Privacy Information Center. "We're talking about someone who might have a proclivity to commit a crime that has not yet been committed. This is just something that is completely alien to our judicial system."

Lunt, a pioneer in the field of data security, privacy and intrusion detection, is critical of the debate over TIA. After all, marketing companies constantly mine personal data to drum up sales.

Still, she admits that she is not fully aware of all TIA's details and the government's plans. But as she understands it, government analysts won't be fishing through data swept into a central database. Rather, they will first create models of suspicious activities, then query privately controlled databases protected by privacy appliances to find out numbers--but not identities--of people matching certain traits.

"The idea was that the data sources should stay in private hands, not be sucked down into some government database," she said. "There seems to be some idea out there that that's what's happening."

Privacy appliances are based on relatively new ideas about gathering useful information out of data that have been neutered of identifying details. It's not an easy task--given that as little information as a birth date, ZIP code and gender can identify 87 percent of all Americans.

Latanya Sweeney, a computer scientist at Carnegie Mellon University, has developed an appliance that anonymizes medical data before the information is submitted to investigators looking for bioterrorism outbreaks.

The device, which is expected to be tested in Virginia this year, focuses on events in specific ZIP codes, such as unusual patterns in hospital admissions, but removes specific birth dates. That trade-off keeps individuals from being identified, yet is useful to researchers looking for anomalies.

Counterterrorism research is a different story, Sweeney said.

"In bioterrorism surveillance, we have the luxury that we're looking for an increasing number of unusual cases," she said. "In counterterrorism surveillance, you're looking for that unusual, single, small-scale event. There are lots of small unusual things that happen all the time, and figuring out which one is an important one is a tricky matter."

TIA has been widely criticized since it was first proposed after the Sept. 11, 2001, terrorist attacks. TIA's supporters maintain that the terrorist plot could have been detected if only the government had access to enough information and synthesized it properly.

But the project has been a comedy of errors, with liberals and conservatives alike uniting against it. Led by Iran-Contra scandal figure John Poindexter, TIA has undergone several transformations in recent months.

After Congress demanded details, TIA changed its name from Total Information Awareness to Terrorism Information Awareness. Most information in the media is pulled from its Web site, which at one point included a graphic that listed veterinary records as a data source.

The site also sported an ominous logo complete with the Masonic symbol of an eyeball at the top of a pyramid. Meanwhile, documents describing the project and its funding have vanished from the site.

Jan Walker, a spokeswoman for the Defense Advanced Research Program Agency, said agency officials are no longer granting interviews on the program.

Even if Lunt's project is successful, some critics question whether the government should be involved in such an activity at all.

"It's nice that they'll take some steps to try to minimize the damage, but I think there's tremendous damage being done to our privacy by the mere fact that they're putting this TIA program together," said former Rep. Bob Barr, a Georgia Republican. "It does serious damage to the whole structure and notion of our government, in which the government is not supposed to collect and compile dossiers on law-abiding citizens for no reason."