Lesson Overview Lesson Overview Seed Plants Lesson Overview 22.3 Seed Plants.
Overview
-
Upload
rhea-tyson -
Category
Documents
-
view
33 -
download
1
description
Transcript of Overview
OverviewOverview
My background & support from Glenn InstituteMy background & support from Glenn Institute The lack of information sharing as a cause of The lack of information sharing as a cause of
9/11 attacks9/11 attacks The Bush Doctrine of information sharing The Bush Doctrine of information sharing A due diligence checklist for when proposed A due diligence checklist for when proposed
information sharing makes senseinformation sharing makes sense A few comments on NSA wiretapsA few comments on NSA wiretaps
Chief Counselor for PrivacyChief Counselor for Privacy U.S. Office of Management & Budget, 1999-early 2001U.S. Office of Management & Budget, 1999-early 2001 Trying to “build privacy in” for policies/lawsTrying to “build privacy in” for policies/laws
HIPAA: medical privacyHIPAA: medical privacy Gramm-Leach: financial privacyGramm-Leach: financial privacy FTC enforcement of privacy promisesFTC enforcement of privacy promises
• Especially for the InternetEspecially for the Internet Federal agency web policies & privacy impact Federal agency web policies & privacy impact
assessmentsassessments Chaired WH Working Group on how to update Chaired WH Working Group on how to update
surveillance law for the Internet agesurveillance law for the Internet age
Since 2001Since 2001
As OSU professor, have written on privacy & As OSU professor, have written on privacy & information securityinformation security
Glenn grant on “What Should Still be Secret: Glenn grant on “What Should Still be Secret: Lessons on Anti-Terrorism, Cyber-Security, and Lessons on Anti-Terrorism, Cyber-Security, and Privacy”Privacy” 2 papers on computer security & when disclosure 2 papers on computer security & when disclosure
helps or hurts securityhelps or hurts security ““The System of Foreign Intelligence Surveillance Law”The System of Foreign Intelligence Surveillance Law” ““Legal FAQs on NSA Wiretaps”Legal FAQs on NSA Wiretaps” Should the data flow or not?Should the data flow or not?
Information SharingInformation Sharing
The failure of intelligence to prevent the 9/11 The failure of intelligence to prevent the 9/11 attacksattacks
Belief that did not have enough information Belief that did not have enough information sharingsharing Between FBI and CIABetween FBI and CIA Between federal and first respondersBetween federal and first responders Among all the “good guys” to get the “bad Among all the “good guys” to get the “bad
guys”guys” Today, focus on sharing, not collectionToday, focus on sharing, not collection
Encouraging Information SharingEncouraging Information Sharing
Several Executive Orders to encourage itSeveral Executive Orders to encourage it Intelligence Reform Act of 2004 & National Intelligence Reform Act of 2004 & National
Director of IntelligenceDirector of Intelligence Markle Task Force on National Security in the Markle Task Force on National Security in the
Information AgeInformation Age Intellectual rationale for information sharingIntellectual rationale for information sharing Says privacy, data security, and civil liberties Says privacy, data security, and civil liberties
should be built in as wellshould be built in as well
The Bush Doctrine ofThe Bush Doctrine of Information Sharing Information Sharing
Disclaimer – I often critique the Bush Disclaimer – I often critique the Bush Administration on privacy & information sharingAdministration on privacy & information sharing First explain the logic of the positionFirst explain the logic of the position
Axiom 1: The threat has changedAxiom 1: The threat has changed Was threat of Soviet tank or missile attackWas threat of Soviet tank or missile attack Now is asymmetric threat – a few individuals Now is asymmetric threat – a few individuals
with boxcutters or home-made explosives with boxcutters or home-made explosives
Bush DoctrineBush Doctrine
Axiom 2: The threat is significantAxiom 2: The threat is significant The intellectual importance of WMDsThe intellectual importance of WMDs ““One nuke can ruin your whole day”One nuke can ruin your whole day” Measures that are not justified by small Measures that are not justified by small
attacks may be justified for asymmetric, large attacks may be justified for asymmetric, large attacksattacks
Bush DoctrineBush Doctrine
Axiom 3: Progress in IT dwarfs progress in Axiom 3: Progress in IT dwarfs progress in defensive physical securitydefensive physical security Price of sensors, storage, and sharing down Price of sensors, storage, and sharing down
sharplysharply Useful knowledge & patterns extracted from Useful knowledge & patterns extracted from
datadata The efficient mix of security measures has a The efficient mix of security measures has a
large & ongoing shift to information-intensive large & ongoing shift to information-intensive strategiesstrategies
Bush DoctrineBush Doctrine
(1) The threat has changed(1) The threat has changed (2) The threat is significant (2) The threat is significant (3) Progress in IT shifts the best response(3) Progress in IT shifts the best response For critics, which of these assertions For critics, which of these assertions
seems incorrect?seems incorrect? There is a powerful logic to this approachThere is a powerful logic to this approach Now we turn to possible responsesNow we turn to possible responses
Has the Threat Changed?Has the Threat Changed?
Yes.Yes. Conventional threat, typified by satellite Conventional threat, typified by satellite
reconnaisance of military targets, is clearly less reconnaisance of military targets, is clearly less than before 1989than before 1989 Enemy mobilization was often graduated and Enemy mobilization was often graduated and
visible (levels of military alert)visible (levels of military alert) Current threats from asymmetric attacksCurrent threats from asymmetric attacks
No visibility of imminent attacks unless get No visibility of imminent attacks unless get information about the individual attackersinformation about the individual attackers
How Significant is the Threat?How Significant is the Threat?
This topic is controversialThis topic is controversial I address this in 2004 article on foreign I address this in 2004 article on foreign
intelligence & surveillanceintelligence & surveillance Perhaps threat is less than portrayedPerhaps threat is less than portrayed
No WMDs in IraqNo WMDs in Iraq Nation states as havens likely Nation states as havens likely muchmuch more more
dangerous than isolated individualsdangerous than isolated individuals Exception in my view – nuclear proliferationException in my view – nuclear proliferation
Significance of the ThreatSignificance of the Threat
Within the U.S., has been difficult politically to Within the U.S., has been difficult politically to question the threatquestion the threat Republicans have been loyal to Pres. BushRepublicans have been loyal to Pres. Bush Democrats can’t appear weakDemocrats can’t appear weak
Within U.S., privacy and civil liberties advocates Within U.S., privacy and civil liberties advocates question the threat but have not won that question the threat but have not won that argumentargument
The debate since 9/11 has been what to do The debate since 9/11 has been what to do assumingassuming a large threat: “The a large threat: “The War War on Terrorism” on Terrorism” or “The Long War”or “The Long War”
Due Diligence List for Whether Shift Due Diligence List for Whether Shift to Information Sharing is Efficientto Information Sharing is Efficient
Here is the battleground for each proposalHere is the battleground for each proposal (1) Ends/means rationality – does the proposed (1) Ends/means rationality – does the proposed
surveillance actually improve security?surveillance actually improve security? Does security measure work? Cost Does security measure work? Cost
effectively?effectively? E.g., carry-ons over-broad (nail cutters) and E.g., carry-ons over-broad (nail cutters) and
under-broad (ingenious attackers can attack)under-broad (ingenious attackers can attack) E.g., data mining may create so many false E.g., data mining may create so many false
positives that the noise swamps the signalpositives that the noise swamps the signal
Due Diligence ListDue Diligence List
(2) Security experts’ concern about information (2) Security experts’ concern about information sharing:sharing: Imagine you are General Counsel for the CIAImagine you are General Counsel for the CIA Will sharing compromise our “sources and Will sharing compromise our “sources and
methods”?methods”? When should we abandon “need to know”?When should we abandon “need to know”? How often will “bad guys” infiltrate the How often will “bad guys” infiltrate the
information sharing that is intended to inform information sharing that is intended to inform only the “good guys”?only the “good guys”?
Tell first responders in Ohio?Tell first responders in Ohio?
Due Diligence ListDue Diligence List
(3) “Security theater” & Bruce Schneier(3) “Security theater” & Bruce Schneier Perceive, and critique, measures that are Perceive, and critique, measures that are
taken for the sake of “doing something”taken for the sake of “doing something” E.g., show ID to get into office buildings; this E.g., show ID to get into office buildings; this
is worthless in a world of pervasive fake IDsis worthless in a world of pervasive fake IDs Important to have credible and effective Important to have credible and effective
technical critiques of proposed surveillancetechnical critiques of proposed surveillance• U.S. State Dept. RFIDs on passports as U.S. State Dept. RFIDs on passports as
“terrorist beacons” readable at 10 meters“terrorist beacons” readable at 10 meters
Due Diligence ListDue Diligence List
(4) Point out unprecedented nature of proposed (4) Point out unprecedented nature of proposed surveillance – a Burkean, conservative pointsurveillance – a Burkean, conservative point E.g., library records and chilling the right to E.g., library records and chilling the right to
readread ““Gag rule” on foreign intelligence orders to get Gag rule” on foreign intelligence orders to get
library and other databaseslibrary and other databases• Some greater due process in Patriot Act Some greater due process in Patriot Act
revisionsrevisions E.g., national ID cards and build coalition of E.g., national ID cards and build coalition of
libertarians on left and rightlibertarians on left and right
Due Diligence ListDue Diligence List
(5) Invoke historical abuses & ask for checks and (5) Invoke historical abuses & ask for checks and balancesbalances Prevention was tried by Hoover & the FBIPrevention was tried by Hoover & the FBI The theory of “just a bit more data”The theory of “just a bit more data” Prevention led, over time, to vast expansion of Prevention led, over time, to vast expansion of
surveillance but little proven preventionsurveillance but little proven prevention Political and other abuses from that expansionPolitical and other abuses from that expansion Therefore, oversight and limits on new Therefore, oversight and limits on new
surveillance because human nature hasn’t surveillance because human nature hasn’t changedchanged
Due Diligence ListDue Diligence List
(6) Fairness, discrimination, and effectiveness(6) Fairness, discrimination, and effectiveness If single out groups, such as young Arab If single out groups, such as young Arab
males, then that can backfiremales, then that can backfire Is unfair, and perceived as unfair, by manyIs unfair, and perceived as unfair, by many Risk of creating resentment by communities Risk of creating resentment by communities
whose cooperation is needed – better to build whose cooperation is needed – better to build bridges to communities than to treat everyone bridges to communities than to treat everyone as a suspectas a suspect
Due Diligence ListDue Diligence List
(7) Show how proposed measures make the (7) Show how proposed measures make the problem worseproblem worse E.g., trusted traveler programs will give E.g., trusted traveler programs will give
greater powers for harm to the terrorists who greater powers for harm to the terrorists who get the credentialget the credential
E.g., racial profiling that undermines E.g., racial profiling that undermines assistance from the well-informedassistance from the well-informed
Due Diligence ListDue Diligence List
(8) International reaction to U.S. measures(8) International reaction to U.S. measures E.U. & other countries are more regulatory on E.U. & other countries are more regulatory on
many privacy issuesmany privacy issues Not politically popular in U.S. to do it just Not politically popular in U.S. to do it just
because, say, the French want itbecause, say, the French want it Having allies, though, is actually a good thingHaving allies, though, is actually a good thing Concerns from outside the U.S. may require a Concerns from outside the U.S. may require a
more fully developed policy process within more fully developed policy process within U.S.U.S.
Conclusion:Conclusion:Summary on Bush DoctrineSummary on Bush Doctrine
Significant moral & political logic to: Significant moral & political logic to: New threatNew threat The threat is largeThe threat is large IT and information sharing will helpIT and information sharing will help
More IT and information sharing is often a logical More IT and information sharing is often a logical response to changing conditionsresponse to changing conditions
The Due Diligence ListThe Due Diligence List Issues to consider include:Issues to consider include:
Does proposal work? Cost-effectively?Does proposal work? Cost-effectively? Risk to sources & methods and other securityRisk to sources & methods and other security It may be “security theater”It may be “security theater” Unprecedented surveillance and not neededUnprecedented surveillance and not needed Historical abuses show need for checksHistorical abuses show need for checks Fairness and non-discriminationFairness and non-discrimination Proposed measures may make the problem Proposed measures may make the problem
worseworse International ramificationsInternational ramifications
What Have We Learned?What Have We Learned?
Description: the types of arguments used in Description: the types of arguments used in information sharing debatesinformation sharing debates
Prescription: Prescription: Do the due diligenceDo the due diligence Empirical assessment of each item on the list Empirical assessment of each item on the list Institutions to screen proposals for sharing Institutions to screen proposals for sharing Institutions for oversight of the programs that Institutions for oversight of the programs that
go forwardgo forward In that way, use new IT if, but only if, that In that way, use new IT if, but only if, that
actually makes senseactually makes sense
NSA WiretapsNSA Wiretaps
The talk to this point has listed rational policy The talk to this point has listed rational policy critiques of new information sharing programscritiques of new information sharing programs
Is that the way to debate each next proposal for Is that the way to debate each next proposal for information sharing?information sharing?
NSA wiretap revelations, and concern that the NSA wiretap revelations, and concern that the government is simply not being honest about government is simply not being honest about how it collects & uses datahow it collects & uses data ““This program” only does limited wiretapsThis program” only does limited wiretaps What are the “other programs”?What are the “other programs”?
NSA & Loss of TrustNSA & Loss of Trust
Pres. Bush in 2004: “Nothing has changed on Pres. Bush in 2004: “Nothing has changed on wiretaps. You still need a court order.”wiretaps. You still need a court order.”
Response to DeWine proposal in 2003: “No Response to DeWine proposal in 2003: “No reason to amend FISA. It provides the flexibility reason to amend FISA. It provides the flexibility we need.”we need.”
In this setting, it becomes In this setting, it becomes muchmuch harder for those harder for those outside the government to accept statements outside the government to accept statements that we should simply trust the government to that we should simply trust the government to use the data welluse the data well
How Secrecy Can Undermine How Secrecy Can Undermine SecuritySecurity
What will be the response to new proposals to What will be the response to new proposals to increase surveillance and information sharing?increase surveillance and information sharing?
The secrecy of recent years now creates a basis The secrecy of recent years now creates a basis for lack of trust in the Administration as it for lack of trust in the Administration as it describes new proposalsdescribes new proposals
This secrecy undermines our ability to adopt This secrecy undermines our ability to adopt even the most sensible new proposals for even the most sensible new proposals for information sharing and collectioninformation sharing and collection Secrecy thus can undermine securitySecrecy thus can undermine security
NSA Wiretaps & Due DiligenceNSA Wiretaps & Due Diligence
NSA wiretap program intended to help securityNSA wiretap program intended to help security Not authorized by statute, so controversy nowNot authorized by statute, so controversy now Unclear whether it has been effective and cost-effective : Unclear whether it has been effective and cost-effective :
“Another visit to Pizza Hut”“Another visit to Pizza Hut” History of abuses in secret programsHistory of abuses in secret programs Secrecy of program, once it is revealed, undermines Secrecy of program, once it is revealed, undermines
trust and future ability to adopt new information sharing trust and future ability to adopt new information sharing programsprograms
In sum, short-term security gains but risk of long-term In sum, short-term security gains but risk of long-term security lossessecurity losses
The importance of due diligence list for creating these The importance of due diligence list for creating these systems – perhaps can help the debate going forwardsystems – perhaps can help the debate going forward
Contact InformationContact Information
Professor Peter P. SwireProfessor Peter P. Swire Phone: (240) 994-4142Phone: (240) 994-4142 Email: Email: [email protected]@peterswire.net Web: Web: www.peterswire.netwww.peterswire.net This talk presented Feb. 7, 2006This talk presented Feb. 7, 2006