I am curious what the major issue of concern is here. Is it that the CIA is involved clandestinely? While I agree that is somehat troublesome, the NSF has many portfolios in which the security community might (and probably does) take an active interest. Are we surprised that there is some sort of "reverse technology transfer"? Should we be upset by this? Alternatively, we could be upset at the monitoring of chat rooms. I have little experience in this sort of research, but Camtempe, Krishnamoorthy and Yener[1] describe an interesting system that finds clusters of social activity. But this occurs on an *open* system. There are countless ways to use Privacy Enhancing Technologies for group communication. IRC is not only unencrypted, but the protocol was designed to enable lurking. It's not even covert lurking though: the authors make no attempt to modify their IRC bot so that channel users are cannot see the surveilling bot. What is the privacy zone we should expect in open communication forums? If there is information to be gained by monitoring this sort of thing, why should any interested actor not exploit it? Companies like Intelliseek are already moving to capture and quantify consumer buzz. Whether they can successfully turn data into useful information is an interesting research and business strategy problem, but I am not sure that it is cause for concern. Using info gleaned from chat rooms for warrants, or intentionally mapping from an online identity to a legal identity--these seem like Bad Ideas. But is there a strong case for protecting an open system from passive surveillance? /\llan Allan Friedman Doctoral Student, Public Policy Kennedy School of Government [1] http://www.cs.rpi.edu/~yener/PAPERS/35.pdf