Fifteen years ago, cartoonist Peter Steiner drew two dogs sitting in front of a computer, one saying to the other, "On the Internet, nobody knows you're a dog." This iconic adage, cute in its day, is now a warning.

Criminal, terrorist and nation-state cyberattacks against banks, technology companies, online merchants, individuals and government agencies cost the U.S. economy $400 billion annually, focused most often on stealing business and military secrets, and personal data.

In cyberspace, not knowing for sure what person or device is on the other end of the line has serious downsides. It erodes overall trust, limits users' ability to secure their own systems, hinders effective governmental response, and causes organizations to collect more personal data than they really need.

Lisa Porter, director of the Intelligence Advanced Research Projects Activity suggests in an interview that one way for intelligence agencies to better comb the tsunami of data they now collect is by using virtual worlds. She doesn't elaborate in her Q&A in the May issue of IEEE Spectrum magazine, but IARPA already has a project underway to collect data about virtual worlds.

IARPA is the intelligence version of DARPA, the Defense Advanced Research Projects Agency, where, incidentally, Porter once worked. In the interview, she discusses the new tripartite organization for IARPA. Its three program offices are Smart Collection, Incisive Analysis, and Safe and Secure Operations. The agency lives in the Office of Science and Technology at the Office of the Director of National Intelligence.

IARPA recently announced it will be snooping around the virtual world via a foxy little project called Reynard, a fox who is the hero of Medieval satires about social manners and classes. It's a study of emerging social dynamics in virtual worlds and large-scale online games being conducted by the Incisive Analysis program.

Porter told the magazine that she is looking for people to run projects within the agency's three programs. IARPA is designed to do high-risk, high-payoff advanced intelligence research, so she is looking for "very smart people who understand what it takes not just to technically comprehend a problem but how to bring an idea to reality programmatically," she said.

The IARPA.gov Web site soon will carry instructions and forms for applying to run projects there.

IARPA will cooperate with DARPA and work closely with In-Q-Tel, the intelligence community's venture capital fund, even though In-Q-Tel's focus is near-term, high-risk problems, Porter said.

IARPA's current location -- on the University of Maryland campus, albeit in a fenced and guarded National Security Agency compound -- is intended to signal the agency's openness to academics and others outside the intel world whose ideas and skills could help solve huge problems such as sorting through data, figuring out how to better target and winnow what intel agencies collect and how to keep that information safe in the Web-enabled world.

The new partnership between IBM and virtual-world-builder Forterra Systems Inc. won't be affected by IBM's suspension from federal contracting, according to Forterra's Vice President for Marketing, Chris Badger.

"Nothing has changed with Forterra's plan to partner with IBM around the Babel Bridge program," he said April 1 via email. "This program starts development this quarter with two releases planned for this year- one later this summer and the second one by end of year. I am sure that IBM will have cleared up the temporary debarment for federal contracts by the time our releases are available later this year."

The plan is for IBM to incorporate Forterra in its Unified Communications and Collaboration platform to help solve the problems created by interoperability among intelligence agency communications systems. The enhanced product will meld Forterra’s On-Line Interactive Virtual Environment 3-D platform with IBM’s Lotus Notes calendar Sametime.

Babel Bridge will allow agencies to instantly share information and interact in a synthetic world to plan operations and take real-time action in the real world, according to the companies.

Badger said the project has been going great guns since it was announced March 20. "We have received very strong interest outside the government market, particularly in the corporate and healthcare markets," he said. "This broader interest beyond the government markets is actually reinforcing the need to invest in near term, robust product development and marketing plans."

IBM is a leading large-industry player in virtual worlds, as well. The company was represented at last year's inaugural conference of the Federal Consortium for Virtual Worlds. It's unclear whether or how the suspension would affect and fledgling agency efforts in virtual world Second Life or elsewhere in the metaverse.

According to senior officials inside and outside the national security establishment, the Nation is at war in cyberspace.

This war, like many things in cyberspace, confounds traditional boundaries. It is occurring in part on U.S. soil, where many of the attacked public and private sector computers are located. While some attacks are coming from foreign powers, others are from terrorist groups, and still others come from organized crime. Often the identity and intent of the attackers is unclear.

As Samuel Adams said in 1768, “Even when there is a necessity of military power, within the land . . . a wise and prudent people will always have a watchful & jealous eye over it.” Indeed, it is longstanding policy in this country that the military not be used to enforce the law on U.S. soil, except in major emergencies. This division between national security and civilian law enforcement activities is maintained in electronic surveillance as well. It colors the current FISA extension debate.

Few observers believe these divisions work in cyberspace. Yet there is no clear vision of how to proceed while guarding the underlying principles. For that reason, this matter deserves a considered public conversation. While a national cyber security initiative is necessary and timely, the secrecy surrounding the Administration’s program does not serve the Nation's long term interest.

Former Defense Secretary Robert McNamara said, speaking of Vietnam, "We failed to draw Congress and the American people into a full and frank discussion and debate of the pros and cons of a large-scale military involvement . . . before we initiated the action." We still have the opportunity to avoid that mistake in cyberspace.

Concerns that the Total Information Awareness system (a network to sift through Americans' personal data) never truly was killed, was resurrected (again) by the Wall Street Journal in an article published March 10. "According to current and former intelligence officials, the spy agency [National Security Agency] now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions, travel and telephone records," according to the article. The Journal cites a Federal Bureau of Investigation program to track telecommunications data called the Digital Collection System, which has attracted the attention of Congress.

One of those speculating that this has been going on for some time has been National Journal's Shane Harris.

Anne Laurent, former executive editor at Government Executive magazine, writes in her blog, The Agile Mind, about the recent unclassified report released by the Office of the Director of National Intelligence on report unveiling the Reynard project, conducted by the ODNI's Intelligence Advanced Research Projects Activity to spy on players in virtual worlds to see if they can, as Laurent quotes, "identify the emerging social, behavioral and cultural norms in virtual worlds and gaming environments" and then "apply the lessons learned to determine the feasibility of automatically detecting suspicious behavior and actions in the virtual world." Her post highlights just how quickly technology is moving as compared with Congress' ability to understand it. Her point:

DNI archly informs lawmakers that they won't be getting much real information about intelligence community data mining because they asked for the wrong thing. The law [the 2007 Data Mining Reporting Act] defines data mining as "a program involving pattern-based queries, searches or other analyses of 1 or more electronic databases" to "discover or locate a predictive pattern or anomoly indicative of terrorist activities." But that's not the kind of data mining DNI uses most, the report says.

"Analysis performed within the ODNI and its constituent elements for counterterrorism and similar purposes is often performed using various types of link analysis tools [which] start with a known or suspected terrorist or other subject of foreign intelligence interest and use various methods to uncover links between that known subject and potential associates or other persons with whom that subject is or has been in contact," the report says. But "the Data Mining Reporting Act does not include such analyses within its definition of 'data mining' because such analyses are not 'pattern-based." Note to Congress: Catch up. Fix your definitions.

Recently I had the privilege of talking about computer security at a hearing before two subcommittees of the House Committee on Oversight and Government Reform.

My principal focus was the Bush administration’s new "Cyber Initiative."

On Jan. 8, President Bush issued a new National Security/Homeland Security Directive. This order establishes a comprehensive, national cybersecurity initiative. Little is known publicly about the details of this national security order, because it is still classified. But it shows that information security is receiving serious attention at the highest levels of the executive branch. I believe this is good news.

The order creates an expanded role for the National Security Agency in protecting civilian agency systems. This raises some significant policy questions, such as, "How best can the government maintain and build trust with the private sector to promote computer security?"

For more on this topic, you can read my earlier post.

My former colleague at CIO Magazine Ben Worthen, now at the Wall Street Journal, posted this bit on the WSJ Business Technology Blog on "an all-government dose of paranoia-inducing tech security stories." Seems like agents, both in the FBI and intelligence community, have taken a liking to the latest biometric technology and Internet apps, calling into question just whom the federal government is watching.

The Federal Bureau of Investigations is teaming up with West Virginia University in national security efforts using biometric technology. According to a press announcement released yesterday, WVU will serve as the academic arm of the FBI's Biometric Center of Excellence, providing biometrics research support to the FBI and its law enforcement and national security partners.

The center will coordinate biometric and identity management activities within the FBI and partner with other U.S. government agencies to develop and train users on biometric technologies and systems. The goal is to leverage biometric technology in the fight against terrorism and intelligence efforts.

Thomas Bush, assistant director of the FBI's Criminal Justice Information Services Division, credited WVU as having "comprehensive, integrative research and education programs in biometrics," and being known around the world for identification technology research. Perhaps. But there's much to say about the value of proximity -- Clarksburg is home to the Criminal Justice Information Services Division, and Fairmont hosts the Internet Crime Complaint Center.

One has to also wonder how much of a role Sen. Byrd, D-WV, played in the decision, too. The FBI has Byrd to thank for driving the construction of a new Biometrics Fusion Center building at the Harrison County campus, with the addition of $7 million to the fiscal year 2006 Defense Appropriations bill signed into law. He also secured more than $141 million to launch and expand Defense's own biometrics initiatives, which of course contribute to FBI's efforts.

Of course, what came first? The chicken or the egg. Did Byrd's support of FBI efforts come because of its presence in West Virginia, or did the FBI's presence in West Virginia grow with support from Byrd. No doubt state government doesn't much care. This is not to discredit WVU contributions in the area of biometrics. It's National Science Foundation Center for Identification Technology Research teams up with other universities to drive research, which had earned praise in and outside federal government.

Privacy and security has always been a tug-of-war issue: The argument is you have to give up some privacy to get some security. Mike McConnell, the director of national intelligence, is working on a cybersecurity plan that would ask Americans to give up a lot of privacy to get their security, according to a New Yorker article. (Subscription required.)

The proposal that is getting the most attention is giving the government the ability to search "the content of any email, file transfer or web search," according to an article on vnunet.com.

According to that article, the New Yorker author, Lawrence Wright:

suggested that this kind of monitoring is already going on. He spoke to an AT& T employee, Mark Klein, who claimed that he installed data switching systems in the company's exchange that copied all internet traffic to the National Security Agency.

"I know that whatever went across those cables was copied and the entire data stream was copied," said Klein. "We are talking about domestic as well as international traffic."

He added that previous claims by the Bush administration that only international communications were being intercepted are not accurate.

Our pals over at the innovation department in the Defense Intelligence Agency asked us to let the world know they are looking for some good ideas and technologies to power the next generation of the Defense Intelligence Information System.

Vendors can submit their ideas to DIA on Web and when products or technologies meet requirements, vendors are invited to present them in a one-hour pitch at a DIA facility in beautiful New Carrollton, Md.

DIA said it’s looking for IT innovation in a number of areas to help intelligence collectors and analysts in such areas as document and content management, knowledge and records management as well as new software, gadgets or gizmos that can improve systems and security management.

The members of the 9/11 Commission recommended that the intelligence agencies do a better job of sharing intelligence information. The direct quote form the 9/11 Commission Report: "We propose that information be shared horizontally, across new networks that transcend individual agencies."

Is this what the commission had in mind as a new network? Intelligence agencies say they plan to create "A-Space," a private social networking site modeled on the popular social networking sites MySpace and Facebook.

This is how The Federal Times described it in an article posted yesterday:

The move is the latest part of an ongoing effort to transform the analytical business following the failure to detect the 9/11 terrorist attacks or find weapons of mass destruction in Iraq.

Thomas Fingar, the deputy director of national intelligence for analysis, believes the common workspace – a kind of “MySpace for analysts” – will generate better analysis by breaking down firewalls across the traditionally stove-piped intelligence community. He says the technology can also help process increasing amounts of information where the number of analysts is limited.

A-Space should appeal to younger recruits whom intelligence agencies need to attract. After all, the intelligence agencies are relying on younger employees to develop new ways to fight terrorism, as The New York Times Magazine pointed out in a Dec. 3, 2006, cover article:

[T]hroughout the intelligence community, spies are beginning to wonder why their technology has fallen so far behind — and talk among themselves about how to catch up. Some of the country’s most senior intelligence thinkers have joined the discussion, and surprisingly, many of them believe the answer may lie in the interactive tools the world’s teenagers are using to pass around YouTube videos and bicker online about their favorite bands. Billions of dollars’ worth of ultrasecret data networks couldn’t help spies piece together the clues to the worst terrorist plot ever. So perhaps, they argue, it’ s time to try something radically different. Could blogs and wikis prevent the next 9/11?

We'll find out.

As we all know, moving is a painful experience eased by careful planning. The National-Geospatial Intelligence Agency (NGA) seems to be trying to lessen the pain as much as possible.

The NGA kicked off this week the process for moving 8,500 of its employees, and a whole mess of classified gadgets and gizmos, to new digs at Ft. Belvoir, Va., by 2011.

NGA said in the only procurement notice it plans to issue for the move that it needs a contractor that has the “the proven ability to plan, integrate, organize, synchronize and execute a complex sustained, classified move of equipment, materials” and all the NGA personnel and their office stuff from six locations in the Washington, D.C., area to its new 2.4 million-square-foot building.

NGA is looking for more than a bunch of Irish guys with strong backs and a fleet of trucks. The agency says it needs folks to handle the move who are cleared at the Top Secret/Special Intelligence/Talent Keyhole level.

If anyone knows what all the above means, they’re probably a quarter of the way to getting the job.

Shane Harris, who writes about intelligence for National Journal, suggests in his blog that the recent nomination of Donald Kerr as deputy Director of National Intelligence (DNI) signals a "big push" into technology. Kerr, who will report to Director Mike McConnell, served as director of the heavily technology-reliant National Reconnaissance Office since July 2005. Harris writes:

The DNI's office is launching a big push on the science and technology front. As part of the fiscal 2008 budget request, McConnell has asked Congress for money to set up the Intelligence Advanced Research Projects Activity, iARPA, modeled after the successful Pentagon R&D unit, DARPA. Kerr used to run the CIA's science and technology division, and so has some familiarity with that terrain. As a former senior CIA official reminded me this morning, a huge portion of the intelligence community is devoted to technical issues--everything from signals collection and processing to geospatial intelligence. Kerr is also double-hatted at NRO--he's assistant to the Secretary of the Airforce.