advertisement
advertisement

Senator Wyden reflects on 9/11’s Orwellian legacy: unprecedented mass surveillance

Twenty years ago, the privacy hawk helped kill an infamous post-9/11 program called Total Information Awareness. He’s still trying to rein it in.

Senator Wyden reflects on 9/11’s Orwellian legacy: unprecedented mass surveillance
[Photo: Leigh Vogel-Pool/Getty Images]
advertisement
advertisement
advertisement

In the immediate aftermath of the 9/11 attacks, one big concern was connecting the dots. Failing to do so was why we missed the warning signs of the attacks and how we would prevent the next ones, the thinking went. One solution, according to the Pentagon, was a project to gather an unprecedented amount of personal data, without a warrant, to search for connections and signs of future bad behavior. The program was called Total Information Awareness.

advertisement
advertisement

Logos for TIA and the Information Awareness Office that managed it, [DARPA]
If the name evoked George Orwell, and the concept echoed Philip K. Dick, the logo was something out of Ryder Ripps: an all-seeing eye atop a pyramid, Illuminati-style, capturing the entire earth in its gaze. “Knowledge is power,” said the motto in Latin.

By late 2002, journalists had revealed that TIA was the brainchild of John Poindexter, who a previous generation would remember as the head of President Ronald Reagan’s National Security Council, and who was convicted in 1990 on five felony counts for his role in the Iran-Contra scandal. As he later explained, “I made a very deliberate decision not to tell the president, so that I could insulate him from the decision and provide some future deniability for the president if it ever leaked out.” The convictions were later overturned because he had been given immunity for his testimony during a congressional investigation.

One component of TIA was a program called Wargaming the Asymmetric Environment, as seen in a July 2002 presentation by John Poindexter. [DARPA]
Months after 9/11, Poindexter returned to the government to run TIA—what he’d pitched as a “Manhattan Project for counterterrorism”—under the auspices of the Defense Advanced Research Projects Agency, better known as DARPA. The idea was to integrate components from previous and existing government surveillance projects with hordes of both classified and commercially available information. But after enough media reporting on the program and its implications for Americans’ privacy were exposed, Congress raced to shut it down, and the program appeared to disappear.

advertisement

In reality, all that disappeared were the name and the logo. Under the authority of secret executive orders and the PATRIOT Act, TIA’s systems would be redistributed and replicated across the intelligence community. Its core architecture was developed in a classified project codenamed “Basketball.” One major descendant at the National Security Agency (NSA), PRISM, was designed to gather the world’s internet communications, in partnership with U.S. telephone and internet providers. Like its private sector analog, Palantir, this time the name evokes some kind of magical crystal. To store an unprecedented amount of the world’s communications, the NSA built a massive data center in the Utah desert; data mining gave way to machine learning. The motto also evolved: “Knowledge is power” became, as one NSA slide famously put it, “Collect it all.”

An overview of TIA from a July 2002 presentation by John Poindexter. [DARPA]
Since the 1970s, Congress has been charged with preventing further abuse of the government’s surveillance powers, particularly when it comes to spying on Americans. And few in Congress have questioned these powers as vigorously as Sen. Ron Wyden. The Oregon lawmaker led the effort to kill TIA in 2003, and in subsequent years tried to limit the reach of surveillance under the PATRIOT Act.

In 2013, after it became clear to him that TIA had not only survived but was thriving in secret ways, Wyden used his time during a rare public hearing to pose a question to then-director of National Intelligence James Clapper.

advertisement

“Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”

A chart from a 2009 NSA inspector general report shows the emails and phone numbers targeted under a content-collecting part of the President’s Surveillance Program.

“No, sir,” Clapper responded. “Not wittingly.” Wyden knew this was false, but secrecy rules kept him from saying so. (The intelligence chief would later explain that he thought Wyden was referring to something other than the NSA’s phone metadata program.) A few months later, NSA contractor Edward Snowden disclosed the truth to journalists: a TIA-style surveillance system that many had long suspected existed but could have never quite imagined. Wyden and others in Congress pushed for new restraints, some of which were part of the 2015 USA Freedom Act. Snowden said that Clapper’s response was one of the reasons he decided to go through with it.

Amid ongoing reform efforts, the secrecy surrounding government spying programs continues to make them difficult to debate and nearly impossible to challenge in court. And as a tool for preventing terrorist attacks, it remains unclear how effective mass surveillance has been compared with more targeted approaches. Before the USA Freedom Act put limits on the NSA’s bulk collection of phone metadata, reports by two independent groups, the extensive Privacy and Civil Liberties Oversight Board and the President’s Review Group on Surveillance, found little evidence to support claims that the program was essential to national security. Eventually the NSA itself said the program’s logistical and legal burdens outweighed its intelligence benefits.

advertisement

The very post-9/11 notion that fueled TIA was suspect: We already had many of the dots, and even had many of them connected. “The System was Blinking Red” is the title of one of the chapters of the 9/11 Commission Report. The failures weren’t about data or “information awareness” but about policy, ideology, bureaucracy, and imagination.

“Understanding intent”: A slide from a July 2002 presentation on Total Information Awareness by DARPA contractors Hicks and Associates and Booz Allen Hamilton. [DARPA]
Meanwhile, TIA and its concepts continue to spread across intelligence agencies, law enforcement, private companies and mercenaries. Governments around the world, many with far fewer protections for civil rights, have eagerly adopted its approach, along with its justification, as part of a putative global war on terror. And collecting this personal data has never been easier. The U.S. government needn’t issue secret demands or tap cables to obtain individuals’ data: they can simply buy it on the open market from data brokers and facial recognition companies. This warrant-less practice dates back to before 9/11, and it continues today at the Department of Defense, Immigration and Customs Enforcement, and elsewhere. In April, Wyden released a bill to address this, the “Fourth Amendment Is Not For Sale Act,” along with a proposal to ban the sale of Americans’ data to “unfriendly” foreign companies and governments.

“Gathering Data”: A slide from a July 2002 presentation on Total Information Awareness by DARPA contractors Hicks and Associates and Booz Allen Hamilton. [DARPA]
Nearly two decades after it began, Sen. Wyden recently spoke with me about the early days of TIA and how he’s still grappling with its collateral damage. (Our conversation has been edited and condensed for clarity.)

advertisement

Fast Company: In 2003, you called the Total Information Awareness program the biggest surveillance program in U.S. history, and led the effort to kill it. How would you describe its legacy?

Sen. Wyden: Total Information Awareness was an ominous sounding idea to put together as much data on Americans as possible, and when used with what was then so-called predictive technology, identify who to watch as a way to stop terrorism. In the fight in Congress, here’s the lesson that goes to the concerns we had 20 years ago: Total Information Awareness made it clear that the threat is not just surveillance through the aggressive collection, amalgamating, and mining of information through existing authorities. The bigger problem now is the amount of data on Americans that’s available commercially or on social media.

So the government doesn’t use Orwell-type phrases like “Total Information Awareness.” But for those of us who believe that it’s possible to protect liberty as we promote our security—the two are not mutually exclusive—our job is even harder. Because the government doesn’t use Orwellian phrases, but the threat to people’s privacy is just as great. And the job of getting people’s attention is still very, very challenging.

advertisement

Total Information Awareness got a lot of people’s attention back in 2002. How do you look back at the fight you waged against it back then?

The fact was that we won an important fight because [TIA] was so encompassing, so sweeping, that it would have been enormously bad defeat for this whole question about whether liberty and security were mutually exclusive. But you can have both.

People were angry.

advertisement

People were furious! Even the most conservative senators came up to me and said, ‘You’re right. This program is way off the rails.’

Now we’re faced with how the government uses commercial data. So I introduced the Fourth Amendment Is Not For Sale Act to prevent the government from going around the courts and violating people’s constitutional rights. [These rights] can be diminished just because the government can find a data broker who wants to sell private records without having to go through a court judicial process and get a court order.

What was your concern about personal privacy when Total Information Awareness came along just after 9/11?

advertisement

The technology showed that it was capable of practically anything. In other words, there was no protection for people’s privacy. For instance, Alex [used to] know that there was some protection for his privacy, simply because there were things that the technology simply wasn’t capable of getting. But as we raise that bar, the technology can accumulate more and more data, surveillance programs are getting more of your private information, and it becomes more important. Virtually every few months [we had] to make sure that this balance of power between the state and the citizenry wasn’t constantly altered because the technology was more capable of expanding the surveillance power of government over the American people.

And it was happening mostly in secret.

James Clapper lied to me in an open public hearing in the Senate about government surveillance authority. I actually sent him the question in advance, because we had tried and tried to get it in an open public forum. So the government was increasingly brazen during those times.

advertisement

And I opposed the PATRIOT Act when it came up for reauthorization because of all the things we’d learned—that the PATRIOT Act had been secretly interpreted to permit mass surveillance, and that there was a big gap between what the public thought the law said about domestic surveillance and what the government decided the law said. We [on the intelligence committee] debated how to handle it, particularly given the Senate rules that prohibit individual senators from publicly discussing classified information. But we worked for months and months to be able to ask James Clapper that question in an open session.

Looking back two decades, did you expect then that the program you helped kill in 2003 would secretly continue?

I never bought the idea that the supporters of that underlying philosophy would say, ‘It got killed, let’s call it a day, let’s move on.’ I think privacy is an even bigger problem today, especially given the amount of data on Americans that is available in so many ways, commercially, social media, and you talk about the prospect of foreign governments getting it! So, yes, I managed to kill the Total Information Awareness program, which at that time would have been far and away the biggest invasion of the privacy rights of Americans in history. But I have no illusions that these threats to America’s privacy have somehow gone away with the killing of Total Information Awareness . . . .

advertisement

After 9/11, I took the threat of terrorism seriously, still do. But also I was concerned about how the new surveillance authorities might be abused. When there was the first expiration date [of the PATRIOT Act], to ensure that Congress could come back and reconsider the authorities after the panic had passed, I opposed the reauthorization. I thought it was too broad. I just think Congress misunderstood how it would be used. And that’s why, in the years that followed, I was more and more amazed at what was really going on. And particularly about the secret interpretations that permitted the mass surveillance of millions of Americans.

The Biden administration hasn’t asked to reauthorize section 215 of the PATRIOT Act, which previously allowed the NSA and the FBI to collect vast amounts of data on people in the U.S. But section 702 of the Foreign Intelligence Surveillance Act permits this, and allows the FBI to search that data too. And then there’s executive order 12333, which also allows for the collection of U.S. data. What’s the most pressing concern for you now about how the government is using its surveillance powers?

Remember, this administration is new. It’s been on the job only a few months. But as I’ve always said, my job is to hold officials accountable no matter who’s the president, and I intend to do it. I’ve had a number of conversations with [CIA] Director Haines, talking particularly about the Fourth Amendment Is Not For Sale [Act], and how the government is collecting information.

advertisement

I’m also very troubled about private sector surveillance. This is a national security issue: The personal data of Americans that the data brokers are selling is a gold mine for foreign intelligence services who can exploit it, to target supercharged hacking, blackmail, and influence campaigns. So I’m leading an effort right now that encompasses the biggest online advertising companies, to ask if they’re sharing Americans’ web browsing and location data with foreign companies.

I’m very concerned about what’s happening there, and you don’t have to be a technology expert or a government official to understand the risks of selling sensitive data about Americans to Russia and China. It’s a colossally bad idea. In the next two months, I’ll be introducing legislation to regulate the export of Americans’ data to countries that are likely to exploit it in ways that will harm U.S. national security. I think this is a no-brainer issue, and I’m hoping to get it out on the Senate floor with broad bipartisan support.

You and other lawmakers recently asked the Dept. of Justice to prioritize investigating domestic extremist groups. Given your experience with government surveillance, how do you think about the challenge of fighting domestic terrorism?

advertisement

I was there on January 6th. I saw with my own two eyes what domestic terrorism was all about. Now we know that these Trump people and their supporters are trying to rewrite history as we speak. So I think journalists particularly now have such a strong responsibility. And I’ve introduced legislation to strengthen the protections for First Amendment rights. [In June, after news outlets revealed that the Trump administration had issued broad and secret demands for eight reporters phone and email records, Wyden proposed a federal “shield law” for journalists.] Also, I’m one of the real leaders in the Senate for supporting whistleblowers, which is another key component of getting the truth out. I just can’t emphasize that enough in terms of these debates. Because I’ll often go to an event or watch an event, and then I’ll watch people looking for an ideological advantage, to describe it in a way that is completely disconnected from the facts.

And also, so we are clear, giving federal agencies more power to spy on Americans, bigger budgets, didn’t stop the attack. Because the agencies decided that right wing violence wasn’t a real threat. So until there’s an honest reckoning of some politicians, some in law enforcement, who are willing to tolerate and stoke this, right-wing violent criminals will continue to believe they can act with impunity.

How have you seen support in Congress evolve in the past few years when it comes to addressing privacy issues?

It’s still a small group of us. Sen. Heinrich, Sen. Leahy have been particularly helpful on the Democratic side. On the Republican side, Sen. Lee, Sen. Paul, Sen. Daines. And we’ve got new members that are very interested. Sen. Ossoff talked to me about these issues, the new senator from Georgia, and I think he’s going to be a real privacy hawk. I’m looking forward to working with him. But we’re a smaller group. Sometimes I kid that we’re the Ben Franklin caucus. Anybody who gives up liberty for security, according to Franklin, doesn’t deserve either.

How has your job of overseeing government surveillance evolved?

It has gotten even more challenging as the technology continues to advance. As I say, you had some measure of security before, because there were areas technology couldn’t get to in terms of violating your rights. Now technology can accomplish so much more intrusive data-privacy-violating activities that nobody thought about back then. The challenge is even greater. There’s a handful of us, on both sides of the aisle, who’ve spent a lot of time on it. But I think there’s a lot of work to do.

About the author

Alex is a contributing editor at Fast Company, the founding editor and editor at large of Motherboard at Vice, and a freelance writer and producer with a focus on the intersections of science, technology, media, politics, and culture.

More