http://www.nytimes.com/2002/04/14/magazine/14TECHNO.html?homepageinsidebox=&pagewanted=print&position=top
April 14, 2002
Silicon Valley's Spy Game
By JEFFREY ROSEN
G ilman Louie is one of the most successful computer-game developers of
all time. ''I'm your classic entrepreneur,'' he told me recently. ''I
started my first business with my fraternity brothers at San Francisco
State.'' Louie, an amateur fighter pilot, had his first big success in
1987 with a game called Falcon, which allowed players to simulate the
flight of an F-16. Falcon sold millions of copies, not only to teenage
boys but also to pilots in the United States Air Force, who found it so
realistic that it helped them learn to fly real fighter jets. Louie's
biggest success came in 1988, when he imported from the Soviet Union an
unexpectedly addictive game called Tetris, which became the best-selling
computer game ever. ''Between Nintendo sales and PC sales, 70 or 80
million copies of that game sold,'' Louie says. ''We even found out that
Hillary Clinton loved playing Tetris on the Game Boy.''
Lots of companies were impressed by Louie's success, including Hasbro,
which put him in charge of creating its games Web site. And then in 1998,
Louie was recruited by an even more powerful employer: the Central
Intelligence Agency. ''The C.I.A. actually thought that my computer-game
background was a valuable asset,'' Louie recalls. ''I look at the world as
one big system -- one big game.''
The C.I.A. had just founded an unusual venture-capital firm called
In-Q-Tel, and the agency wanted Louie to be the C.E.O. ''The 'Q' stands
for the 'Q' factor -- it's named after the character in James Bond,'' says
Louie. In-Q-Tel was the brainchild of George Tenet, the C.I.A. director,
who believed that by investing $30 million a year in Internet startups in
Silicon Valley, the C.I.A. could encourage the development of cutting-edge
technologies that might be useful for national intelligence. Louie's
marching orders were to provide venture capital for data-mining
technologies that would allow the C.I.A. to monitor and profile potential
terrorists as closely and carefully as Amazon monitors and profiles
potential customers.
The valley has long indulged its own antiestablishment mythology --
rebellious, libertarian hackers in their parents' garages, bucking the
system by inventing world-changing, personally empowering technologies --
and Louie was worried that persuading programmers to collaborate with the
C.I.A. would be ''borderline ludicrous.'' Despite his doubts, Louie agreed
to open one In-Q-Tel office in Menlo Park, Calif., and another near
Washington. He quickly discovered that far from recoiling at the idea of
working with the C.I.A., Internet entrepreneurs flocked to his door. The
chance to play with the government's cool toys trumped their fears of Big
Brother.
After the dot-com crash, Silicon Valley, desperate for venture capital,
began to depend more and more on the federal government. Then came Sept.
11, and the establishment of the Office of Homeland Security. In-Q-Tel now
finds itself just one of several deep-pocketed federally financed
investors that are eager to back technological solutions to our new
security challenges. The Bush administration is asking Congress for $38
billion for homeland security, and much of this money will be parceled out
among competing federal agencies -- including the Defense Department and
the F.B.I. -- which can then use the money either to invest directly in
security technologies or to follow In-Q-Tel's model of providing venture
capital to young companies in the private sector. Like the C.I.A., the
Office of Homeland Security has concluded that the same technologies that
were useful before Sept. 11 for tracking, profiling and targeting
potential customers can be turned today on potential terrorists. In the
wake of the bursting of the tech bubble and in the thick of the war on
terrorism, Silicon Valley is reinventing itself as the new headquarters
for the military-technological complex.
As always, the entrepreneurs are following the money. In January, this
led them to Las Vegas for the Consumer Electronics Show, the largest trade
show of futuristic gadgets in North America. After Sept.11, the conference
organizers decided to sponsor a special exhibition hall at the Riviera
Hotel for technologies that are especially well suited to homeland
defense. That old familiar gold-rush feeling was in the air at the
Riviera: one speaker estimated that federal spending on security
technologies would grow by 30 percent a year, rising to $62 billion by
2006. (''God bless America'' read the PowerPoint slide, over an image of
firefighters raising the flag.) In the buzzing exhibition hall,
participants admired a hologram of the Statue of Liberty, as well as a man
in a gigantic thumbprint costume, who had been hired by a company called
DigitalPersona to advertise its fingerprint-recognition device.
After displaying their wares, the technologists flocked to an In-Q-Tel
reception near the exhibition hall, trolling for federal investors from
the C.I.A., F.B.I. and Defense Department. ''All we served was
pot-stickers and 7-Up,'' Louie recalls, ''but people didn't want to
leave.''
In Las Vegas, several companies predicted that profiling techniques that
are now used to detect credit-card fraud could soon be used to detect
potential terrorists. A few weeks later, this prediction turned out to be
a reality, when The Washington Post reported that the federal aviation
authorities and two technology companies called Accenture and HNC Software
are planning to test at airports a profiling system designed to analyze
each passenger's living arrangements, travel and real-estate history,
along with a great deal of demographic, financial and other personal
information. Using data-mining and predictive software, the government
then plans to assign each passenger a ''threat index'' based on his or her
resemblance to a terrorist profile. Passengers with high threat indexes
will be flagged as medium or high risks and will be taken aside for
special searches and questioning.
Our system ''will check your associates,'' Brett Ogilvie of Accenture told
Business Week. ''It will ask if you have made international phone calls to
Afghanistan, taken flying lessons or purchased 1,000 pounds of
fertilizer.'' The only problem: in order for the system to obtain answers
to those questions, the nation's privacy laws will need to be relaxed.
Federal laws currently restrict the personally identifiable information
that the government can demand from credit-card and phone companies except
as part of a specific investigation.
When I called Brett Ogilvie to ask what data Accenture proposes to
analyze, his spokeswoman, Stacey Jones, said that she couldn't reveal that
information: it's a trade secret. ''Anyone who is interested in beating
the system can, once we start divulging what the systems are,'' she
explained. I said that I wasn't interested in the specific profiling
factors; I only wanted to know whether Accenture proposed to include
information in its database that the government isn't now permitted to
examine. But Jones stuck to her script: ''National security and client
confidentiality prohibits us from divulging what the factors are.''
Accenture's profiling scheme is open to question not only because it
would almost certainly violate the privacy rights of airline passengers,
but also because it seems unlikely to work. Investigators will tell you
that people who commit credit-card fraud often fit a consistent profile --
using the stolen card to buy gas at self-service stations, for example,
and then using it to buy clothes. By contrast, terrorists don't fit a
consistent profile: you're looking for a needle in a haystack, but the
color and the shape of the needle keep changing. Mohamed Atta might have
been kept out of the country if immigration officials had been aware that
there was a warrant for his arrest in Broward County, Florida. But
Accenture's profiling system is not designed to check passengers against a
watch list of suspected criminals or terrorists. Instead it is designed to
compare the purchasing activities and personal behavior of millions of
passengers with those exhibited in the past by a tiny group of terrorists
-- to create a predictive profile of likely hijackers.
Lawrence Lessig, who teaches law at Stanford and is the nation's leading
authority on the law and architecture of cyberspace, argues that the
Accenture system is unworkable. ''I can understand these massive data
systems to deal with things like stealing from the government or not
paying your taxes -- systematic repetitive large-scale deviations from the
law,'' he says. ''The problem I really have with the terrorism stuff is,
do we have any good reason to believe we could ever predict this type of
behavior?'' Because the sample of known terrorists is so small, Lessig
says, the profiles are bound to be inaccurate.
The entrepreneurs of Silicon Valley are undaunted by questions about
whether it makes sense to profile terrorists the way they profile
e-business consumers; they haven't been so enthusiastic about a race to
innovate since the height of the dot-com bubble. In the glory days of the
late 90's, Silicon Valley was consumed by the search for the ''killer
app,'' the software application that was just so cool and effective that
everyone had to buy it. After Sept. 11, the consensus in the valley is
that the national-security ''killer app'' will allow government agencies
to access and share information about Americans that is currently stored
in different databases -- from your chat-room gossip to your shopping
history to your parking tickets, and perhaps even the payment history for
your child-support checks.
''Today, every federal intelligence and law-enforcement agency and all
manner of state and local bodies maintain their own separate databases on
suspected criminals,'' Larry Ellison, the founder and C.E.O. of Oracle
Corporation , wrote in The Wall Street Journal last October. ''Do we need
more databases? No, just the opposite. The biggest problem today is that
we have too many. The single thing we could do to make life tougher for
terrorists would be to ensure that all the information in myriad
government databases was integrated into a single national file.'' Oracle,
in fact, is the world's largest database manufacturer, and Ellison offered
to donate the software for a single national database free of charge to
the United States government. (The company, Ellison added, would charge
for upgrades and maintenance.)
Oracle's office in Reston, Va., is near the headquarters of the C.I.A.,
which is appropriate enough: when Larry Ellison founded the company 25
years ago, his first client was the C.I.A., to whom he sold a program
called Oracle, the world's first ''relational'' database. At that time,
information in computer databases was stored in unrelated files: a company
like Ford, for example, could keep one file of its employees and another
file of its departments, but it had no easy way of relating the two files.
Ellison saw the commercial potential of the relational database and began
marketing it in 1979. By the height of the dot-com boom in 2000, Ellison's
net worth had soared to $80 billion, making him (briefly) the richest
person in the world.
When I visited Oracle in January, the security guard in the lobby gave me
a high-tech ID badge that could track where I was in the building at all
times. I was ushered upstairs to a bright conference room where seven
people were sitting around a huge oval table. One of them, David Carey,
turned out to be the former No. 3 man at the C.I.A.; he had just retired
as executive director after 32 years with the agency. Carey joined Oracle
to head its new Information Assurance Center, which was founded in
November to design homeland-security and disaster-recovery solutions and
market them to the federal government.
Like his colleagues, Carey was in an expansive mood. He said that the
United States government accounted for 23 percent of Oracle's
multibillion-dollar licensing revenue last year and that he expected the
federal side of the business to improve after Sept. 11. ''How do you say
this without sounding callous?'' he asked. ''In some ways, Sept. 11 made
business a bit easier. Previous to Sept. 11, you pretty much had to hype
the threat and the problem.'' Carey said that last summer, leaders in the
public and private sector wouldn't sit still for a briefing. Then his face
brightened. ''Now they clamor for it!'' After Sept. 11, Carey and Ellison
held a series of top-level meetings in Washington about the use of Oracle
technology for homeland security. ''In November, Larry had a serious
discussion with Vice President Cheney, and I met with Ridge, Ashcroft and
Mueller,'' Carey says, referring to the director of the Office of Homeland
Security, the attorney general and the director of the F.B.I.
I asked to see an example of Oracle's new homeland-security technology,
and I was ushered into a demonstration hall outside the conference room
that looked like something out of the last ''Star Wars'' movie. ''I'll
give you an overview of 'Leaders,''' said Brian Jones, then the head of
Oracle's health-care consulting unit. ''It stands for Lightweight
Epidemiology Advanced Detection and Emergency Response System.'' By
collecting health-care information from hospital emergency rooms across
the country, Leaders is designed to monitor outbreaks of suspicious
diseases and provide early warnings for biological attacks.
At 9:20 a.m. on Sept. 11, Jones had received a phone call from the
Centers for Disease Control in Atlanta, which feared that the attack on
the twin towers might be followed by a bioterrorism attack. Working for 10
straight hours, Jones put into his computer the address of every hospital
in New York State, to detect unusual disease outbreaks, like smallpox.
''Every hospital was capable of submitting data to a repository,'' he
explained. ''The Centers for Disease Control's experts could sit back in
Atlanta and pull up a map just like I'm showing you here.'' Jones punched
a key and a digital map of New York City appeared on the screen. Using a
combination of 7,500 digital photographs and architectural plans of more
than 6,000 miles of underground pipes, Oracle has created a detailed map
of every building, sewer and water line and curb in the city. By the
evening of Sept. 11, Jones was ready to monitor every emergency-room bed
in the state.
Oracle is now working with the federal government to apply the same
surveillance system to hospitals throughout the country. The system would
allow hospitals to report incidents of suspicious diseases like anthrax,
smallpox and Ebola to a central database. The program can then send out
e-mail or voice-mail alerts to law-enforcement officials if it detects
suspicious patterns of diseases anywhere in the country. Steve Cooperman,
Oracle's new director of homeland security, said, ''We're going to build a
bioterrorism shield, so eventually everyone is going to have to
participate -- every hospital, every clinic, every lab.''
The prospect of every hospital in America reporting your medical condition
to a central Oracle database might cause some patients alarm. (Oracle
insists that the information can be stored in ways that can't be linked to
individual patients.) The same potential for invasions of privacy is
raised by Larry Ellison's proposal to centralize all of the separate
criminal databases run by federal and state authorities into a single
national database. After we filed back into the conference room, David
Carey explained that Oracle is already discussing with various federal
agencies methods of sharing information that are currently restricted by
law.
''We think of it as a triangle,'' said Tim Hoechst, a senior vice
president for technology at Oracle, holding up a Dorito. ''At one corner
is privacy, at one corner is assurance of security -- how safe is the data
-- and at another corner is usability. It's all a matter of trade-offs.
What we focus on is making the Dorito here, and putting you in any corner
that you feel comfortable with. On Sept. 12, most Americans would say,
Privacy out the window; go catch the folks. So we would have moved it all
the way to usability. But maybe day to day, we move it a little bit more
toward security.''
As the databases are consolidated, I asked, who should decide the proper
balance between privacy and access? How do you avoid a situation in which
someone could be kept off a plane because he had skipped jury duty or had
an overdue parking ticket? A hush fell over the room, and people looked
awkwardly at their sandwiches.
Finally Hoechst spoke up. ''You'll notice that we all became suspiciously
quiet when we started talking about policy questions,'' he said. ''At
Oracle, we leave that to our customers to decide. We become a little
stymied when we start talking about the 'should wes' and the 'whys' and
the 'hows,' because it's not our expertise.''
The Tom Lehrer song about the Nazi rocket scientist who defected to
America popped into my head: ''Once ze rockets are up, who cares where
they come down?/That's not my department,' says Wernher von Braun.''
''I expect that if you ask Larry Ellison the question he'd give you a much
better answer,'' one of Hoechst's associates chimed in. Hoechst agreed.
''My experience with him is that he knows an extraordinary amount about a
lot of things. Every time I think I know something, he knows much more.
He's read more books on it.''
So I set off for Silicon Valley to meet Larry Ellison. The Oracle campus
near the San Francisco airport is known as the Emerald City, for its
artificial lakes and silo-shaped towers of glass and silver. Ellison's
private palace, however, is a $30 million mansion in nearby Atherton,
modeled on the Katsura Imperial Villa in Kyoto. I was checked in there by
two bodyguards with dark shirts and dark tans and escorted into the house
to wait. The living room was large and airy, with lots of blond wood and
shoji screens. It overlooked a beautiful Japanese garden, where ducks swam
and waterfalls shimmered.
Ellison appeared a few minutes later from behind one of the screens,
wearing a pressed charcoal suit over a black turtleneck. He appeared fit
and tanned, with piercing hazel eyes and a trimmed beard slightly flecked
with gray. He suggested that we talk in the garden, but the loud whine of
a neighbor's mulcher made this impossible. (In Silicon Valley, even $30
million doesn't buy you quiet.) Defeated by the noise, we retreated to the
dining room, with its high-backed black lacquer chairs and black lacquer
table.
Ellison is not a shy or enigmatic billionaire. He is entertainingly
indiscreet -- he answered every question with a torrent of confident
opinions. ''The Oracle database is used to keep track of basically
everything,'' he said. ''The information about your banks, your checking
balance, your savings balance is stored in an Oracle database. Your
airline reservation is stored in an Oracle database. What books you bought
on Amazon is stored in an Oracle database. Your profile on Yahoo is stored
in an Oracle database.'' Much of the information in these separate
commercial databases is also centralized in large databases maintained by
credit-card companies like TRW to detect fraud and to decide whether
customers should get credit at the mall.
When it comes to government data, by contrast, there are hundreds of
separate, disconnected databases. ''The huge problem is the fragmented
data,'' he said. ''We knew Mohamed Atta was wanted. It's just that we
didn't check the right database when he came into the country.'' Ellison
wants to consolidate the hundreds of separate state and federal databases
into a single Oracle database, using the centralized credit-card databases
as a model. ''We already have this large centralized database to keep
track of where you work, how much you earn, where your kids go to school,
were you late on your last mortgage payment, when's the last time you got
a raise,'' he said. ''Well, my God, there are hundreds of places we have
to look to see if you're a security risk.'' He dismissed the risks of
privacy violations: ''I really don't understand. Central databases already
exist. Privacy is already gone.''
As Ellison spoke, it occurred to me that he was proposing to reconstruct
America's national security strategy along the lines of Oracle's business
model. When Oracle moved its business to the Internet in 1995, Ellison
complained that its customer information was scattered across hundreds of
separate databases, which meant that the German office couldn't share
information about customers with the French office. By consolidating 130
separate databases into a single database on the Internet, Ellison said,
Oracle saved a billion dollars a year and found it easier to track,
monitor and discriminate among its customers. This was what Ellison now
wanted to do for America.
I asked if there would be any controls on access to the database. For
example, would Ellison want people to be kept off a plane because they
were late on their alimony payments?
''Oh, no, I don't think we would keep anyone off on alimony payments,''
Ellison said. ''But if the system designed to catch terrorists also
catches mere bank robbers and deadbeat dads, that's O.K. I think that's a
good thing. I don't think it's a bad thing.''
There are, at the moment, legal restrictions prohibiting the sharing of
data by government agencies. The most important restriction was passed in
1974, to prevent President Nixon from ordering dragnet surveillance of
Vietnam protesters and searching for their youthful marijuana arrests. I
asked Ellison whether these legal restrictions should be relaxed. ''Oh,
absolutely,'' he said. ''I mean absolutely. The prohibitions are absurd.
It's this fear of an all-too-powerful government rising up and snatching
away our liberties.'' Since Sept. 11, Ellison argued, those qualms no
longer make any sense: ''It's our lives that are at risk, not our
liberties,'' he said.
Ellison proposes to link the central government database to a system of
digital identification cards that would be optional for citizens but
mandatory for aliens. He wants each card holder to provide a thumbprint or
iris scan that would be stored in the central database. I recalled that
Lawrence Lessig of Stanford Law School had explained to me that a national
fingerprint database was probably the most invasive of all possible
designs for an identification system, because it would allow the
government to dust for fingerprints in a nightclub or a protest scene and
identify everyone who was there. I asked Ellison why the government
couldn't minimize these privacy concerns by storing the fingerprint on the
ID card.
Ellison dismissed the suggestion. ''Everyone's got this amorphous idea
that the government will somehow misuse this,'' he said, ''but no one has
given me a substantive example of what will happen that's bad.''
I tried again. What about the centralized storage of health information,
as Oracle was proposing to do with the Leaders system. Would Ellison want
government officials to have access to personally identifiable genetic
information?
''I feel like Alice has fallen through the looking glass,'' Ellison said.
His voice rose; he was starting to get a little testy. ''Does this other
database bother you here? We can't touch that database because I won't be
able to use my credit card. Like, I won't be able to go to the mall!'' He
took on the voice of Sean Penn's stoner from ''Fast Times at Ridgemont
High.'' ''Like, that's really disturbing. Like, don't mess with my mall
experience. O.K., so people have to die over here without this, but that's
not going to affect my experience going to the mall.'' He exhaled, and in
his regular billionaire voice asked, ''I mean, what the hell is going
on?''
Ellison said he was late for an appointment at Intel and started to make
motions to leave. I tried one more question. Were there no differences
between Oracle and the United States government, I asked, that should make
us hesitate before centralizing all of our national databases using Oracle
as a model?
''From the information-science standpoint, there's no difference at all,''
he replied. ''These central databases are cheaper and better and they
solve all these problems. We can manage credit risks that way. We should
be managing security risks in exactly the same way.''
It's not surprising, of course, that Larry Ellison sincerely believes that
what's good for Oracle is good for America. But there are, in fact,
differences between an e-business and the American government, differences
that perhaps should make us hesitate before reconstructing America along
the business model of the Oracle Corporation.
''Depending on how these technologies are designed, they can respect
traditional values of liberty or not,'' says Lawrence Lessig, ''and
whether they do depends on the values that drive the designers and the
institutions we build to check the design.'' Although Lessig's
path-breaking book ''Code and Other Laws of Cyberspace'' argues that it's
possible to design technologies that protect privacy and security at the
same time, he has become pessimistic that Silicon Valley, left to its own
devices, will get the balance right. ''The reality is that all the market
power is going to be on the side of delivering the security, and there's
no strong claim on the other side for delivering the privacy,'' he says.
''There's no court that will stand up and push the demand for heightened
review for privacy, and there's no politician. And then you have Larry
Ellison types riding in with the glow of the market. He's like a rich
version of a North Korean dictator.''
Here, then, is the Catch-22 of the integrated databases that are being
constructed in the wake of Sept. 11: the technologists want the
politicians to decide the balance between privacy and security, but
because the technology is so complicated and unfamiliar, very few
politicians seem up to the task. I visited Maria Cantwell, the newly
elected senator from the state of Washington and perhaps the most
technologically savvy member of the Senate. (She complains that
Congressional rules prohibit her from taking her BlackBerry wireless
communicator onto the Senate floor but allow her to use a spittoon.)
Cantwell learned about the importance of Internet privacy as an executive
for RealNetworks , which markets one of the most popular Internet music
players. In 1999, RealNetworks got into trouble when privacy advocates
noticed that the player could send information to RealNetworks about the
music each user downloaded. RealNetworks had the capability to match this
data with a Globally Unique Identifier, or GUID, that exposed the user's
identity. Although RealNetworks insisted that it had never, in fact,
matched the music data with the GUID, the company was eager to avoid a
public-relations disaster, and so it quickly disabled the GUID. The
experience helped turn Cantwell into a crusader for privacy, but her time
in the Senate has made her more pessimistic that her colleagues in
Congress have the understanding or inclination to regulate technology in a
meaningful way.
''What I don't think people realize is that we are just at the tip of the
iceberg,'' she told me. ''I think they're trying to be prescriptive on
some very basic things, not understanding the world that's yet to come. I
try to explain some of the new technology to my colleagues'' -- by which
she means her fellow senators. ''You're going to be able to be driving and
say, 'Hey, take me to the nearest Starbucks ,' and they all think that's
great. And then I say, but it also might be stored in a database that may
also be able to track where you were at 2 o'clock in the morning.''
Cantwell worries that her Senate colleagues are so swept up in the search
for a technological solution to our security problems that regulating
access to the databases isn't on their agenda. ''I mean, databases can
become a threat in themselves if you don't think through the right
safeguards,'' she said. ''People are getting enamored with the power of
the technology and not thinking through the privacy issues and how they
might apply.''
In the face of Congressional indifference and judicial passivity, it has
fallen to the technologists to sort out the appropriate balance between
liberty and security. But this is a challenge that the technologists are
ill equipped -- by culture and temperament -- to meet.
The gonzo entrepreneurs of Silicon Valley like to think of themselves as
antigovernment libertarians; the business nostrums of the precrash era
assumed that the Internet would lead inevitably to the end of hierarchy
and centralized authority and the flourishing of individual creativity.
When the e-business technologies of tracking, classifying, profiling and
monitoring were used to identify the preferences of American consumers and
to mirror back to each of us a market-segmented version of ourselves,
Silicon Valley could argue that it was serving the cause of freedom and
individual choice. But when the same software applications are used by the
government to track, classify, profile and monitor American citizens, they
become not technologies of liberty but technologies of state surveillance
and discrimination. They threaten the ability of Americans to define their
identity in the future free from government predictions based on their
behavior in the past. Far from leading inevitably to the end of
centralized authority, the age of the Internet turns out to include
powerful economic and political forces that are determined to centralize
as much information about individuals as possible.
The technology for integrated databases already exists, waiting to be
activated by the flip of a switch. In the wake of Sept. 11, few
politicians or judges seem willing to keep the forces of centralization in
check. And no one should count on the technologists to police themselves.
I had one last question for Larry Ellison. ''In 20 years, do you think the
global database is going to exist, and will it be run by Oracle?'' I
asked.
''I do think it will exist, and I think it is going to be an Oracle
database,'' he replied. ''And we're going to track everything.''
Jeffrey Rosen is an associate professor at George Washington University
Law School and the legal affairs editor of The New Republic. His last
article for The Times Magazine was about the growth of surveillance.
