ALARMED: The Hunting of the Snark

Set aside for a moment the important but eternally debatable issues surrounding the John Poindexter-led effort to sic information technology on terrorists, known as Total Information Awareness, or TIA. Ignore the Orwell factor for the present. Leave the ethics of behaviour surveillance out of it for now. Just forget all that and then look at TIA, the project, again. What do you have?

Nonsense. A program that wastes money and puts little if any logic into the important cause of defending a nation against terrorism. In fact, TIA aggressively defies common sense, the way a Lewis Carroll poem does.

To wit, it's a security program that ignores the basics of risk analysis. Instead of intelligently decreasing the size of the haystack to make spotting needles easier, it actually creates one giant haystack and then tags anything that looks like maybe it could be a needle. But in a haystack that big, a lot of innocent straws of hay will look like needles to the dumb automatonic eye of a database. When you analyse a billion credit card transactions, patterns happen. There would be a colossal amount of false positives.

TIA is also an IT project that embraces the very things that historically make IT projects fail, like massiveness, Byzantine integration, and centralisation. All of the software project management wisdom notes a direct correlation between project size and project success. Small projects do better. It can be said with confidence that big software projects fail much more than half of the time while costing more money than budgeted and delivering fewer features than promised. This doesn't even take into account that this particular project is trying to do new and complex tasks with software, some of which have never been tried or have barely been invented.

Which leads to TIA's third pillar of illogic: It seems intent on developing cool technologies and then finding a problem for them to solve, rather than developing technology to solve a problem. For example, TIA sinks resources into developing a biometric system, according to a recent AP story, that can identify potential baddies by the uniqueness of their walk, even though — and this doesn't take an entire intelligence community to figure out — we seem to have had much more of a problem with driving, flying and floating terrorists than walking ones.

Jabberwocky! Why is an administration that's hell-bent on letting market forces determine the security of our critical infrastructure also hell-bent on controlling TIA at the federal level like it were a New Deal program? This makes less sense than The Lobster Quadrille.

Regardless of how one feels about the (grave or overrated, depending on one's view) cultural issues, TIA looks like a dog. You have to think it's just not going to work.

Or, as Lewis Carroll wrote, They hunted till darkness came on, but they found Not a button, or feather, or mark, By which they could tell that they stood on the ground Where the Baker had met with the Snark.

Post-script: Even as this is being written, the Total Information Awareness braintrust has started to de-creep its marketing by changing the program's name to Terrorism Information Awareness. The acronym stays the same, but sponsor DARPA can pooh-pooh all the civil liberties fuss as just a nomenclature gaffe.

The same report to Congress that announced the name change and the walk-recognition technology funding, according to a Federal Computer Week story, also stated that contrary to the commonly floated notion that TIA would scour commercial databases, TIA would use "only foreign intelligence and counterintelligence information legally obtained and usable by the government under law."

As Carroll might have said, that sounds loopholey enough.

"Alarmed" is a biweekly column about security and privacy. Look for a new version every other Thursday.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Scott Berinato

Latest Videos

More videos

Blog Posts