Friday, 6 February 2004
E-mail hints at use of jetBlue Airways reservations for Total Information Awareness
A newly-released e-mail message to John Poindexter, director of the USA military's "Total Information Awareness" (TIA) program, heightens my suspicion that the use of jetBlue Airways passenger reservation archives by a military contractor in 2002 was related to -- perhaps even central to -- the TIA program.
The 26 May 2002 e-mail message from "rpopp" (presumably Poindexter's Deputy Director at the Information Awareness Office, Dr. Robert L. Popp ) in reply to Lt. Col. Doug Dyer of the IAO, was provided to the Electronic Privacy Information Center (EPIC) last month in response to a Freedom of Information Act request.
A few days earlier, Lt. Col Dyer had submitted a set of recommendations (copied in the reply message that was released) for how the TIA program could make use of the data aggregation and data mining company Acxiom Corp. Dr. Popp replied, "Doug, did you broach w/ Acxiom the costs of performing #1 and #2??"
The items on Dyer's list that Popp referred to were:
- "Engage Acxiom .. to identify all the relevant [commercial] databases."
- "Have Acxiom provide us with a statistical data set ... for use in the TIA critical experiment (I don't know if we have a name for this one yet, but it's the one which involves discovering the red-team signature, discerning bad behavior form odd or normal behavior. We can use this real, large, but private data set to accelerate our critical experiment."
Both Dyer's message and Robb's reply were copied to only one other person, Poindexter himself.
There's no mention of jetBlue Airways in the recently-released e-mail message. But the next month, April 2002, DARPA selected SRS Technologies as "the single prime contractor to support DARPA's Information Awareness Office."
The month after that, May 2002, SRS Technologies awarded Torch Concepts, Inc. a "subcontract to apply its ACUMEN technology for intelligent pattern recognition in identifying latent relationships and behaviors that may help point to potential terrorist threats. Torch will perform a Security Enhancement Study that the Government plans to use in identifying abnormal events or activities that may indicate rebel actions before damaging events occur."
That sounds very similar to the "TIA critical experiment" as Dyer had explained it to Poindexter and Robb.
Even before the contract was awarded, according to a Torch presentation that I found on the Web in September 2003, Torch had been working on getting access to "the necessary data base being used by CAPPS II contractors". In the end, Torch didn't get exactly the same data that was being used in the summer of 2002 by the 4 competing teams of contractors testing CAPPS-II prototypes. (That data included several million of real reservation records from major USA-based airlines.) Instead, Torch was given the entire reservation archives (about 5 million reservations) of a single, smaller airline, jetBlue Airways.
Torch sent the jetBlue reservations to Acxiom, which matched as many of them as it could with Acxiom files. Torch then purchased these Acxiom records, merged the reservation and Acxiom records, and experimented with trying to identify "normal" demographic patterns and "anomalous" data in the composite passenger data.
This, too, sounds like exactly the sort of use for Acxiom data and "commercial databases" that the TIA office now turns out to have been considering.
Ever since I called attention to Torch's use of jetBlue reservations in its work, Torch has been extremely anxious to avoid having its project associated with SRS Technologies. The day after I first publicized the Torch-SRS connection, and the possibility that it indicated that the Torch research using jetBlue and Acxiom data had been subcontracted under the TIA program, the reference to SRS Technologies as the source of the Torch contract was removed from the press release on the Torch Web site. Later, the entire press release was removed from the press relase archive on the Torch Web site.
SRS Technologoes is the most prominent link in the chain of suspicion between Torch's use of jetBlue and Acxiom data, and the TIA program. The most plausible explanation for the attmept to hide the Torch-SRS Technologies relationship from public notice would be that the Torch project was actually part of the TIA program, subcontracted to Torch by SRS Technologies under its TIA prime contract -- and that someone doesn't want the jetBlue scandal publicly linked with the Poindexter and TIA.
The recently-released e-mail heightens those suspicions, and goes further in suggesting that the Torch work with jetBlue and Acxiom data may in fcat have been part of "the TIA critical experiment" in profiling and categorizing people and the identification of relevant databases for doing so.
While the TIA office has been disbanded, many of its projects continue under the auspices of other departments and agencies. The March 2002 e-mail to Poindexter quoted a "key suggestion" of Acxiom's chief privacy officer, Jennifer Barrett:
People will object to Big Brother, wide coverage databases, but they don't object to use of relevant data for specific purposes that we can all agree on. Rather than getting all the data for any purpose, we should start with the goal, tracking terrorists to avoid attacks, and then identify the data needed (although we can't define all of this, we can say that our templates and models of terroroists are good places to start). Already, this guidance has shaped my thinking.
Is CAPPS-II in part a stalking horse for continuation of the "TIA critical experiment" by the Transportation Security Administration's shadowy Office of National Risk Assessment (ONRA)? We don't yet know, but my travel industry sources all say that the point when the CAPPS-II project became an entirely "black" program, cut off even from the aviation security community, was when it was transferred to the newly-created ONRA. And the ONRA has reportedly been at the center of government stonewalling on requests for information about the jetBlue scandal.
We still aren't likely to get to the bottom of the jetBlue Airways and Northwest Airlines data "sharing" scandals without a full Congressional investigation, including public hearings. But the latest disclosures make it seem more and more likely that the experiments with jetBlue reservations were central to the TIA program, and that airline reservation records, to be obtained by the government through CAPPS-II, were expected to be one of the key data inputs to the TIA program.Link | Posted by Edward on Friday, 6 February 2004, 07:51 ( 7:51 AM)