Technology and Privacy Advisory Committee - June 19, 2003, Meeting Minutes

4 August 2003
Source: http://www.sainc.com/tapac/library/Official Minutes 6-19.pdf

TAPAC public documents: http://www.sainc.com/tapac/library.htm

Two versions of Terrorism Information Awareness overview:

http://www.sainc.com/tapac/library/TerrorismInformationOverview.pdf (June 2003)
http://www.sainc.com/tapac/bios/TIA Overview - TAPAC Final for website.ppt (July 2003)

Minutes of a meeting on July 21-22, 2003 are not available. See agenda: http://www.sainc.com/tapac/library/TAPAC Agenda July 21-22.doc

Technology and Privacy Advisory Committee

June 19, 2003, Meeting Minutes

The Technology and Privacy Advisory Committee (TAPAC) convened at the Hyatt Rosslyn conference facility on June 19, 2003 for its first public meeting. Mr. Newton Minow chaired the meeting. The agenda and attendance list are attached.

Mrs. Lisa Davis introduced herself as the Executive Director and Designated Federal Official of the TAPAC and made introductory remarks. Mrs. Davis introduced Mr. Newton Minow, Chairman of the TAPAC.

Mr. Minow introduced and welcomed the committee members. He then introduced the Honorable Michael Wynne, Acting Undersecretary of Defense for Acquisition, Technology and Logistics.

Mr. Wynne welcomed the Committee and thanked them for their service on behalf of the Secretary of Defense. Prevention of terrorism is a huge national issue to which the Department of Defense (DoD) is striving to contribute. In part, connecting the existing stovepipes of information will aid in preventing terrorists before they act and the Terrorism Information Awareness (TIA) Program at the Defense Advanced Research Projects Agency (DARPA) is an attempt to do this. However, the DoD also recognizes the significance of the privacy concerns surrounding the TIA program. The privacy issues deserve thoughtful consideration by experts and this is the reason that this Committee was chartered – to provide the Secretary of Defense with independent advice, to assist the DoD in weighing issues and to assist in deciding how to act in the new security environment the nation now faces. Mr. Wynne also described the TIA Internal Oversight Board, which he chairs. The Internal Oversight Board ensures that DARPA complies with existing privacy protection mandates and that the transition of these technologies is appropriate and timely.

During the question and answer session following his remarks, Mr. Wynne described that the developers at DARPA seem to be becoming more realistic with what TIA can and should achieve, but he emphasized that their role is one of technology development only. Then, Mr. Wynne repeated that the collaboration tools for experts to use are important to the fight against terrorism.

After the conclusion of Mr. Wynne’s remarks, Mr. Michael Vatis introduced the panelists from the Markle Foundation Task Force who testified to the Committee about the Report of the Markle Foundation Task Force “Protecting America’s Freedom in the Information Age.” The first speaker was Mr. Jeff Smith, who summarized the substance of the task force findings. To have the ability to confront the challenges of maintaining privacy in the current era of technological change, the nation should, according to Mr. Smith, understand some basic principles which are the findings of the task force. First, information will be key to the nation’s security. The second finding is that information about domestic security is by nature located at the local level. Therefore, distributed national networks are a better way to develop security. In addition, the national information network will need to be robust and active and must be able to recognize and take into account implied social contracts of the United States at all levels. Mr. Smith remarked that new information systems must be developed to balance privacy with technology, not privacy versus technology.

Mr. William Crowell provided the second presentation from the Markle Panel. Mr. Crowell focused his testimony on describing important considerations to be made when modeling an information architecture designed to network federal, state, and local entities. A developmental architecture needs to be created and run to see how information flows among the many different participants. Mr. Crowell noted that this effort should be about people, processes and technologies that are organized to achieve an authorized purpose in the context of privacy interests. The model must consider: what the policy and technology issues are that must be addressed in a decentralized way; what the authorities are and how they should be enforced; where the seams in the network are; the laws that regulate the technology; and information security.

The third presenter from the Markle Task Force was Mr. Jim Steinberg who spoke about networking between government and the private sector. Mr. Steinberg stated that one of the most distinctive features of counterterrorism efforts is the role that all domestic actors must play – from federal, state and local governments to the private sector and individuals. Because of the need for information sharing, there are concerns about the acquisition, retention and use of information that current laws are not able to handle. According to Mr. Steinberg and the Markle Task Force, the legal code needs to be reviewed in the context of today’s technology. All of the issues associated with information – such as quality and use of data – need to be addressed in a comprehensive strategy for local, federal, state and private interaction. Mr. Steinberg presented this question for the consideration of the Committee: how can we build in the technology strategies to protect civil liberties?

Mr. Jerry Berman continued the Markle Foundation Task Force presentations by offering some advice to the TAPAC members. Mr. Berman suggested that the committee members look at the details of both the technologies and the legal issues, instead of remaining focused on the high level issues. The detail-oriented perspective will be needed to make an assessment of whether or not the DoD is taking a balanced approach to technology and privacy. In order to get a better understanding of what the TIA program technologies do, the Markle Foundation Task Force is going through the process of learning how similar technologies work in the private sector.

As the last presenter from the Markle Foundation Task Force, Ms. Judith Miller commented that the members of TAPAC should recognize the Posse Comitatus Act as they consider the DoD perspective of these issues. The Posse Comitatus Act has maintained the credibility of the military in the eyes of the U.S. public. The possible export of TIA to a domestic law enforcement entity may have policy implications and negatively change the U.S. public view of the military. Ms. Miller also mentioned that technology development by DARPA to automate privacy information accounting could benefit from oversight and support of TAPAC members.

A question and answer session followed the presentations by the Markle Foundation panel members. Major topics of discussion during this session included: balancing government secrecy with accountability in today’s threat environment; the Fourth Amendment protection against searches and seizures and how this technology could affect it; the role and authority of magistrates and other officials in overseeing the evolving technology; information sharing issues, problems, technology solutions, and related policy considerations; and potential role of the Department of Homeland Security in the development of this type of technology.

Hon. Jack O. Marsh Jr., member of TAPAC, described the findings of his trip to the U.S. Army Intelligence and Security Command (INSCOM) to other Committee members. INSCOM is the test bed for the TIA program and reports up the chain to the Chief of Staff of the Army. INSCOM conducts the testing in such a way that TIA only uses data that INSCOM already has legal access to and does not use any information that refers to U.S. persons. Eight of the more than one dozen programs under the umbrella of TIA are being tested at INSCOM.

Source

Source

The Privacy Rights and DARPA’s TIA Program Panel consisted of panelists with a variety of views. Each panel member provided the Committee with a five minute presentation; the presentations were followed by a period of questions and answers.

Mr. Stewart Baker, of Steptoe & Johnson and the first speaker from the panel, said that the tragic events of September 11, 2001 occurred because the government had neither the information technology tools to find the terrorists nor the law enforcement capability to handle them. Mr. Baker views TIA as a research and development effort to be able to aid in providing information technology tools to find the terrorists before they act. Making the comparison to DARPA’s role in developing the Internet, Mr. Baker acknowledged that it is difficult to know at the outset all of the applications for which the technology will be used once it is developed and operational.

Mr. Paul Rosenzweig, of the Heritage Foundation, said that the legal foundation for the TIA technology needs to be built in concert with the technology instead of post-technology development, which currently seems to be the case. Mr. Rosenzweig warned against “mission creep” – or taking TIA and applying the technology to things other than terrorism – because of general skepticism of government intrusion into privacy. Mr. Rosenzweig perceives a fundamental disconnect of the law from technology. In conclusion, he suggested that data correction be part of the strategic thinking about this technology and that questions about embedding anonymity into these technologies be addressed.

Mr. David Sobel, of EPIC, presented several issues that he believes need to be resolved before decisions about whether or not to pursue TIA can be made. Traditionally, investigations happened after a crime and did not involve data mining, but the purpose of TIA is prediction and thereby action before the crime occurs. The burden of proving that TIA is a worthwhile endeavor is one of the proponents of this issue and the methodology must be shown to be effective. Mr. Sobel stated that at this point the objective is still theoretical, and TIA may never be effective. Even so, there is a real need for more transparency in the TIA program and a good public debate needs to occur. In addition, Mr. Sobel recommends that there need to be effective safeguards to protect privacy built into TIA, that there should be no false positives in the operation of the technology, that due process must be protected, and that TIA should operate in an unclassified manner.

Mr. Jay Stanley of the American Civil Liberties Union (ACLU) spoke in favor of shutting down the TIA program. This opinion stems from his concerns over instantaneous data sharing, which is new and not yet governed by laws, and the belief that TIA, as well as other data surveillance systems, are intrusive and should not be pursued. Mr. Stanley asserted that no distinction can be made between distributed and unified databases because of today’s technology that can join the different databases; therefore, the argument that TIA will not have a single unified database and, therefore, will not be an excessive threat to privacy is invalid. DARPA has a heavy burden to demonstrate that TIA is providing a substantial enough benefit to counterbalance the civil liberties that could be given up. To do this, TIA would have to be extremely effective and would have to provide a plausible explanation of how the predictable and inevitable expansion of TIA will not happen.

Mr. Lee Zeichner, of Zeichner Risk Analysis, encouraged the Committee to develop distinct legal strategies to integrate defense programs and privacy. Currently, there is no lexicon or methodology and a new, robust, and far more effective legal strategy to deal with the war on terrorism is needed. The power and speed of technology can erode privacy and a way must be found to address privacy protection concerns. Mr. Zeichner called for the creation of oversight, auditing, and verification mechanisms so that technology that is important to fighting terrorism can be used while addressing privacy concerns.

Mr. Jim Dempsey, from CDT, perceives terrorism to be a serious threat to the national security of the United States. To address this threat, the nation needs to make better use of information technologies because they are a potential edge for the United States in fighting the war on terrorism. Mr. Dempsey has looked at the private sector and explained that there is a patchwork of laws on how the private sector can use information. These commercial sector rules need to be translated to the government for guidance; in addition, controls should be placed on access, protection, and accuracy of data. A question and answer session followed the presentations by the Privacy Rights and DARPA’s TIA Program panel members. Major topics of discussion during this session included: public perceptions of the purpose of TIA; feasibility of TIA becoming operational; concerns over specific consequences of an individual getting “flagged” by TIA; concerns over “mission creep” of TIA into other areas of government; difference in finding a suspect through TIA by starting with a reasonable suspicion versus no suspicion; and safeguards for civil liberties.

Following the Panel presentations and discussions, the Committee moved into closed session to discuss administrative and organizational matters. The meeting adjourned at 3:30 p.m. The next TAPAC meeting will be held on July 21 and 22, 2003.

_____

Technology and Privacy Advisory Committee

Meeting Agenda

Thursday, 19 June 2003

Hyatt Arlington

1325 Wilson Blvd., Arlington, VA

9:00 a.m. to 5:00 p.m.

9:00-9:05 Introduction of Chairman: Lisa Davis, Executive Director

9:05-9:15 Introductory Remarks: Hon. Newton Minow, Chairman

Introduction of Members
Objectives of Committee

9:15-9:30 Welcoming of Committee: Hon. Michael W. Wynne, Acting USD(AT&L)

9:30-11:00 Report of the Markle Foundation Task Force -- “Protecting America’s Freedom in the Information Age,” followed by Questions from the Committee

Jerry Berman; William Crowell; Judith Miller; Jeff Smith; Jim Steinberg; Michael Vatis

11:00-11:15 Member Report: INSCOM: Hon. John O. Marsh, Jr.

11:15-12:30 Break for Lunch

12:30-2:00 Privacy Rights and DARPA’s Terrorism Information Awareness (TIA) Program, followed by Questions from the Committee

Stewart Baker, Steptoe & Johnson; Jim Dempsey, CDT; Paul Rosenzweig, Heritage Foundation; David Sobel, EPIC; Jay Stanley, ACLU; Lee Zeichner, Zeichner Risk Analytics

2:00-2:15 Break

2:15-3:30 Committee Deliberations: Chairman Minow, lead

3:30-3:45 Break

3:45-5:00 Executive Session (Closed): Chairman Minow

5:00 Adjourn: Lisa Davis, Executive Director Technology and Privacy Advisory Committee (TAPAC)

_____

June 19, 2003

Attendance List

Chairman:

Newton N. Minow Sidley Austin Brown & Wood

Members:

Floyd Abrams Cahill Gordon & Reindel
Zoe E. Baird Markle Foundation
Griffin Bell King and Spalding
William T. Coleman, Jr. O’Melveny & Meyers
Lloyd N. Cutler Wilmer, Cutler & Pickering
John O. Marsh, Jr. George Mason University

Executive Director & Staff

Lisa Davis Executive Director
Fred Cate Indiana University
Devon Malene Strategic Analysis, Inc
Stacie Smith Strategic Analysis, Inc

Presenters:

Stewart Baker Steptoe & Johnson
Jerry Berman CDT
William Crowell CDT
Jim Dempsey CDT
Judith Miller CDT
Paul Rosenzweig Heritage Foundation
Jeff Smith CDT
David Sobel EPIC
Jay Stanley ACLU
Jim Steinberg CDT
Michael Vatis Markle Foundation
Michael Wynne [DoD] Acting USD (AT&L)
Lee Zeichner Zeichner Risk Analytics

Observers:

Shira Aiblentz Cahill Gordon
Stewart Aly Office of the General Counsel [DoD]
Farrin Anello Lawyers Committee for Human Rights
Patti Aronsson Office of General Counsel, DoD
Doug Barnes EPIC
Brigham Bowen Arnold & Porter
Dan Cateronichia FLW
Diane Davis Representing Self
Lisa Dean Electronic Frontier Foundation
Terry Eddy NDSA
Lauren Garsten CDT
Melissa Glidden ACLU
Anne Hurst Zeichner Risk Analytics
Shin Inoaye ACLU
Mihir Kshirsager EPIC
Manju Lae ABA - American Bar Association
Robert Lane NDSA
Natalia Luciw NAVICP - P
Catherine Macrae Inside Washington Publishers
Tanvi Madan Brookings Institution
William Matthews Defense News
Mary McKinley Markle Foundation
Richard McPherson SP & M International
Jo Minow CF Relations
Vahan Moushegian DoD WHS
William New National Journals Technology Daily
Heather Newton EPIC
Kristen Numrych DARPA
Tim Pappa Washington Business Journal
Noah Rosenberg BNA
Anna Slomoic EPIC
Michael Sniffer Associated Press
Jenny Spaeth DoD-OSD
Suzanne Spalding American Bar Association
W. Stephen Thayer III ACU - The American Conservative Union
Lina Tilman DoD
Alicia Warning Arnold & Porter
Brian Wingfield New York Times