Entrepreneur Offers a Solution for Security-Privacy Clash by Don Clark, The Wall Street Journal, March 11, 2004, Pg B1
Jeff Jonas is a junior-college dropout who once lived in his car for three months after a company he started went bankrupt. Now, the Las Vegas software developer is attracting surprising attention for a brainstorm about a national-security dilemma.
The problem: Government agencies don't like sharing lists of suspected terrorists or criminals. And companies, including airlines and hotels, don't like letting agencies sift through lists of their customers in a hunt for possible terrorists.
After years of helping casinos spot crooks, Mr. Jonas conceived of a way to break that impasse. He has devised software that helps anonymously hunt for names in databases. The technology is still being tested, but is nevertheless generating buzz among both civil libertarians and security zealots.
Mr. Jonas' system makes information anonymous. It's based on a mathematical technique known as "one-way hashing," which can turn names, addresses and other data into strings of digits that are almost impossible to convert back to their original form.
Companies or government agencies could exchange such strings of digits rather than words that humans can read. If an encoded file for a suspect matches an encoded file for a passenger, the government could seek a court order to receive the original record for that passenger's file.
Mr. Jonas' concept "is a potential breakthrough", says Jim Dempsey, executive director of the Center for Democracy and Technology, a liberal policy group in Washington. At the conservative Heritage Foundation, also in Washington, legal research fellow Paul Rosenzweig agrees that the approach "offers the possibility of a sort of silver bullet" for delicate problems such as screening lists of airline passengers.
In-Q-Tel, the venture-capital firm funded by the Central Intelligence Agency, has invested in Mr. Jonas' closely held company, Systems Research & Development, or SRD. Another fan is Zoe Baird, the onetime Clinton administration nominee for attorney general and president of the Markle Foundation. The nonprofit organization, with input from Mr. Jonas and others, has issued high profile reports about using technology to improve both national security and personal privacy. SRD's technology "helps with both sides of that equation," Ms. Baird says.
Mr. Jonas, 39 years old, created his first program at 16 and his first company at 18. He founded SRD in 1983, after rebounding from mistakes that sunk the initial venture.
These days, SRD software is used by casinos to trigger alerts when someone on Nevada's list of banned felons and mobsters makes a hotel reservation. The idea is to establish "who is who," correcting for different name spellings and other ambiguities - in some cases, revealing multiple identity records to be a single, suspicious individual. Another product focuses on "who knows who," comparing people's records for links such as past employment and residences. It's designed to send alarms, for example, if a casino manager handed a contest prize to a former roommate.
In the late 1990s, Mr. Jonas was invited to give a talk at a government technology conference. he says some SRD products were later adopted by agencies he can't identify for purposes he wasn't told about - though sometimes officials call after a successful operation, without providing details that could be used as an endorsement.
"They'll say something like, 'You should be a proud American today,'" says Jonas. "It's a marketing person's hell."
The Sept. 11 attacks spurred many new security ideas, beyond existing measures such as watch lists distributed to airlines. In general, however, government agencies don't like sharing names with companies out of fear of tipping off suspects.
Privacy fears are another issue. Congress, for example, last year cut the funding for a Pentagon office, headed by retired Adm. John Poindexter, that hoped to mine records about car rentals, ticket purchases and other transactions for indications of terrorist activity. A more powerful system for passenger screening devised by the Transportation Security Administration has been hampered by airlines' reluctance to share passenger data. In Europe, officials have resisted plans to share similar information with the U.S.
With data-hashing, "you can hand your data to your worst enemy and they can't see anything," says Kim Taipale, executive director of the Center for Advanced Studies in Science and Technology Policy, a policy research group in New York.
Stewart Baker, a former general counsel of the National Security Agency, has co-written a paper arguing that such techniques could allow European countries to share travel records without violating their strict privacy laws. The SRD technology "is new in the policy debate," says Mr. Baker, now a partner at the Washington law firm Steptoe & Johnson.
Hashing itself isn't new, nor is the concept of anonymization. But encoding names and other data that have many potential variations - and comparing coded data on hundreds of millions of records - seemed impractical. "This is a humongous mathematical problem," says John Seely Brown, Xerox Corp.'s former chief scientist and a trustee of SRD investor In-Q-Tel.
Mr. Jonas says a group of government computing experts summoned him last year to disprove the idea. Though the meeting was scheduled for two hours, he says he answered their objections in 15 minutes. One reason is that SRD's software routinely simplifies data before processing it. More than 100 spellings of Mohammed, for example, would be linked to a single "root" identity before any data-matching process, he says
There are still plenty of hurdles. In some cases, Mr. Jonas says, companies and agencies may be reluctant to exchange even anonymized data, since there is a theoretical possibility that information could be gleaned through statistical analyses about how frequently certain coded files occur in databases. In that event, he predicts that third-party organizations will be used to carry out searches using the hashed information.
Penrose Albright, assistant secretary in the Department of Homeland Security, says he isn't familiar with SRD's technology, but adds that anonymization of data is "an area we have a great deal of interest in." He says, though, that SRD must prove that anonymous database searches can be as fast as ordinary ones.
Mr. Jonas says three tests involving government agencies and companies will soon begin, and that a number of applications are being studied, including ones beyond the realm of security. Two banks negotiating to merge, for example, might compare lists of coded records to see how many common customers they have before exchanging identifiable names, he says.
Some people with intelligence experience, meanwhile, are enthusiastic about the possibility of giving analysts information in a form that makes it all but impossible for them to violate individual privacy. "Any time the government takes possession of information it's possible for them to lose track of what it was originally acquired for," says William Crowell, a former NSA deputy director who is now a private consultant. "That's when policies go awry."