Published December 03, 2011
Cherie Anderson runs a travel company in southern California, and she’s convinced the federal government is reading her emails. But she’s all right with that.
“I assume it's part of the Patriot Act and I really don't mind,” she says. “I figure I'm probably boring them to death.”
It's likely Anderson is not alone in her concerns that the government may be monitoring what Americans say, write, and read. And now there may be even more to worry about: a newly revealed security research project called PRODIGAL -- the Proactive Discovery of Insider Threats Using Graph Analysis and Learning -- which has been built to scan IMs, texts and emails . . . and can read approximately a quarter billion of them a day.
“Every time someone logs on or off, sends an email or text, touches a file or plugs in a USB key, these records are collected within the organization,” David Bader, a professor at the Georgia Tech School of Computational Science and Engineering and a principal investigator on the project, told FoxNews.com.
PRODIGAL scans those records for behavior -- emails to unusual recipients, certain words cropping up, files transferred from unexpected servers -- that changes over time as an employee "goes rogue." The system was developed at Georgia Tech in conjunction with the Defense Advanced Research Projects Agency (DARPA), the Army's secretive research arm that works on everything from flying cars to robotic exoskeletons.
Initially, PRODIGAL will scan only the communications of military volunteers and people who work in federal agencies. But the very existence of such a project is sure to unnerve citizens like Anderson. Is the government reading my emails? Are they already monitoring me?
"Some people say it's one step further toward a police state," said Anthony Howard, a book author and security expert who has consulted for the Department of Homeland Security.
But Bader and other experts are quick to dismiss the idea that PRODIGAL could be used to monitor everyone in America. The scans work only on internal systems, they say -- not across the entire Internet. And the experts say such a project is long overdue: by monitoring for "anomalies" and predicting extreme behavior, catastrophes can be prevented, such as a soldier in good mental health becoming homicidal or a government employee sharing key classified information.
“Today, an analyst may receive tens of thousands of 'anomalies' per day, where an anomaly is an unexplained event,” Bader said.
The new system is designed to aid analysts in processing those anomalies. And it's not alone.
Bader equated the PRODIGAL system to Raytheon SureView, an internal scanning system that looks for suspicious activity and alerts federal agencies about possible threats. Another system is the Einstein project, which was developed after 9/11 and scans government employees for key words and links suspicious activity to National Security Agency databases.
But PRODIGAL scans vastly more data than those systems: as much as a terabyte or more per day, what Georgia Tech described as "massive data sets."
PRODIGAL is part of an existing DARPA security project called Anomaly Detection at Multiple Scales (ADAMS), which was announced earlier this year. Details about how ADAMS works are not widely known; Georgia Tech's recent announcement is one of the first reports to explain how these detection engines work.
According to Bader, PRODIGAL uses complex "graph-processing" algorithms to analyze threats and piece together a jigsaw puzzle of communications. The system then ranks the unusual activity before feeding the most suspicious threats to agents.
Cyber-security expert Joseph Steinberg, CEO of Green Armor Solutions, said ADAMS is unique in that it scans through a massive stream of data. He says the new project, which will take about two years to develop and will cost $9 million, will be more effective at analyzing threats and determining if they are valid.
But the issue is not the scanning technology itself; it’s how the information is interpreted -- and whether it ultimately helps at all, Howard told FoxNews.com.
"Since there is no real data publicly available to substantiate that any of this technology is preventing terrorist attacks or strengthening our borders from within, [we can't] really say definitively that this technology is doing any good," he said.
The challenge, he said, is that criminals and terrorists often use multiple channels of communication, some encrypted -- and know how to avoid existing detection systems.
Nevertheless, PRODIGAL’s ability to scan reams of data is clearly the next step in tracking unusual activity, and it’s guaranteed to raise a red flag for Anderson and others.
"Since people tend to be imperfect, the data captured can easily be mishandled. Where does it end?" Howard said.