Information Security Management The Implicit Need for Privacy Requirements or How Ignoring Privacy Can Kill Your Program.

Slides:



Advertisements
Similar presentations
Data Mining: Potentials and Challenges Rakesh Agrawal & Jeff Ullman.
Advertisements

Digital Preservation A Matter of Trust. Context * As of March 5, 2011.
Support the spread of “good practice” in generating, managing, analysing and communicating spatial information Factors Influencing the Choice of Mapping.
Database Woes Plague Homeland Security and Law Enforcement.
Chapter 17 Law and Terrorism.
Effects of Counterterrorism Legislation post 09/11 James J. Clements Honors Colloquium May 3 rd, 2007.
Works Citied. How Has the War on Terrorism Affected Civil Liberties? Opposing Viewpoints Civil Liberties Cole, David. The War on Terrorism.
Machine Learning and Data Mining Course Summary. 2 Outline  Data Mining and Society  Discrimination, Privacy, and Security  Hype Curve  Future Directions.
SciVal Experts & SciVal Funding Information Sessions.
Chapter 3 Database Management
DARPA and the IAO -Defense Advanced Research Project Agency -Information Awareness Office.
Copyright 2002 Prentice-Hall, Inc. Chapter 1 The Systems Development Environment 1.1 Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
Privacy-Aware Computing Introduction. Outline  Brief introduction Motivating applications Major research issues  Tentative schedule  Reading assignments.
Chapter 161 Information Technology For Management 4 th Edition Turban, McLean, Wetherbe John Wiley & Sons, Inc. Impacts of IT On Organizations, Individuals,
Information and communication technology (ICT) capability Australian Curriculum, F10.
GSA Expo 2009 Impact of Secure Flight Program on DoD Travel Mr. George Greiling GSA Expo June 2009.
1 Raymond Doray Conflicts between the new Canadian Money Laundering Act and the rules of professional conduct and ethics September 13, 2002.
Information and Communication Technologies in the field of general education in Armenia NATIONAL CENTER OF EDUCATIONAL TECHNOLOGIES.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 August 15th, 2012 BP & IA Team.
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
Building Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Semantic web technologies for secure interoperability and.
Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.
Navigating the Maze How to sell to the public sector Adrian Farley Chief Deputy CIO State of California
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Self-Learning Ontologies Presented to the 25 th Soar Workshop Ann Arbor, MI June 15-17, 2005 Tim Darr, Ph. D. University of Michigan AI Lab ‘96.
The Declining Half Life of Secrets & the Future of Signals Intelligence Peter Swire Huang Professor of Law and Ethics Security & Human Behavior Conference.
Addressing Metadata in the MPEG-21 and PDF-A ISO Standards NISO Workshop: Metadata on the Cutting Edge May 2004 William G. LeFurgy U.S. Library of Congress.
Intelligence in National Security Association of Former Intelligence Officers Banquet 2 May 2014 Dr. John M. Poindexter
CAPPS II: A Case Study of Homeland Security Computer Applications Marcia Hofmann Staff Counsel Electronic Privacy Information Center Computer Freedom &
Program Manager, Information Sharing Environment UNCLASSIFIED ISE Enterprise Architecture and Common Standards Program.
PAMS Export Control Page UTHSC Campus –Wide Business Managers Meeting May 17, 2012.
Copyright 2002 Prentice-Hall, Inc. Chapter 1 The Systems Development Environment 1.1 Modern Systems Analysis and Design.
The Patriot Act Protecting the US or Violating People’s Freedoms.
Best Practices for ADL Registry Metadata Thursday, August 29, 2007 Nina Pasini Deibler Joint ADL Co-Lab.
Chapter 6: Foundations of Business Intelligence - Databases and Information Management Dr. Andrew P. Ciganek, Ph.D.
Data Mining as Pre-EDD Investigatory Tool Team 9.
Information Sharing Challenges, Trends and Opportunities
1 Controversial Issues  Data mining (or simple analysis) on people may come with a profile that would raise controversial issues of  Discrimination 
Presidency & Executive Branch President of the United States, head of the Executive Branch of the federal government, and the most important and powerful.
KMS Products By Justin Saunders. Overview This presentation will discuss the following: –A list of KMS products selected for review –The typical components.
From Topic to Text: The Evolution of reSearcher, An Integrated Open Source Software Project Kevin Stranack, Consortial Support Librarian
Against Data-Mining Uses Team 10 Ben Jabara Jesse Lentz Ben Heller.
Economic Development for the DFW Metroplex Related to Security: An Academic Perspective Dr. Bhavani Thuraisingham The University of Texas at Dallas December.
September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.
Chapter 4 Data and Databases. Learning Objectives Upon successful completion of this chapter, you will be able to: Describe the differences between data,
Expository Essays. Introduction Paragraph and Thesis  Your introductory paragraph must always have a clear, efficient and firm thesis as the first sentence.
Mission Statement The mission of NW3C is to provide training, investigative support and research to agencies and entities involved in the prevention,
© Prentice Hall, 2005Excellence in Business, Revised Edition Chapter Fundamentals of Information Management, the Internet, and E-Commerce.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
1 Technology in Action Chapter 11 Behind the Scenes: Databases and Information Systems Copyright © 2010 Pearson Education, Inc. Publishing as Prentice.
Chapter Nineteen Understanding Information and e-Business.
1 Information Technology For Management 4 th Edition Turban, McLean, Wetherbe Lecture Slides by A. Lekacos, Stony Brook University John Wiley & Sons, Inc.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Presented by the College of Arts & Sciences with the Office of Contracts and Grants University of San Francisco April 2012.
A Resource Discovery Service for the Library of Texas Requirements, Architecture, and Interoperability Testing William E. Moen, Ph.D. Principal Investigator.
Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas Cyber Security Research on Engineering Solutions Dr. Bhavani.
Data Warehousing Data Mining Privacy. Reading FarkasCSCE Spring
Objective 4.7 The Cabinet. Objective 4.7 how do cabinet departments and federal agencies, help to carry out the laws?
1 Careers As requested…dates for your diary Events 2 October – Experience Works, 5-7pm 14 October – London Graduate Fair, 11am – 6pm 20 October – Technology.
1 Database Systems, 8 th Edition Star Schema Data modeling technique –Maps multidimensional decision support data into relational database Creates.
Argonne Office of Counterintelligence Intelligence Analysis Division Argonne National Laboratory.
November 19, 2002 – Congress passed the Homeland Security Act of 2002, creating a new cabinet-level agency DHS activated in early 2003 Original Mission.
Summer Bridge 2011 /Freshman Seminar By: William Sears & Jonathan Suits.
Law and Terrorism Chapter 17.
Data and Applications Security Developments and Directions
Chapter 6 Innovative Systems: From E-Government and E-Learning to C2C E-Commerce and Collaborative Commerce.
Data Warehousing and Data Mining
FIU - STR Red Flags.
Presentation transcript:

Information Security Management The Implicit Need for Privacy Requirements or How Ignoring Privacy Can Kill Your Program

Background DARPA funds “high risk/high reward” research for the DoD and Intelligence Community (IC) Basic and applied research, but always with the DoD/IC application in mind; may be classified Look for 2 order of magnitude improvement in something Examples of major successes:  Arpanet became the prototype for the Internet  The mouse  Aircraft stealth technology  High performance computing (Thinking Machines, TERA)  Decision Support Systems

Total Information Awareness (TIA) Goal: tools to generate and “connect the dots” A suite of programs including  Language transcription, translation, interpretation, “metadata” creation, “gisting”  Human ID at a distance  Collaborative analysis tools for teams of diverse experts with supporting, interactive search and data analysis  Data mining and link analysis: mining, graphical representation, relationship extraction, link discovery, pattern learning (GENOA project)

Data mining and link analysis ‘The project calls for the development of "revolutionary technology for ultra-large all-source information repositories,” which would contain information from multiple sources to create a "virtual, centralized, grand database." This database would be populated by transaction data contained in current databases such as financial records, medical records, communication records, and travel records as well as new sources of information. Also fed into the database would be intelligence data.’ ---Electronic Privacy Information Center (

Timeline: Getting Started Announced in March 2002 in a “Broad Area Announcement” Several components already under development in earlier DARPA programs. New contracts awarded in Spring Project described to the public at DARPATECH in summer 2002 by Program Director John Poindexter.  “Investigating Privacy Technology”  No further description of privacy approach in the talk or on the DARPA web site.

Timeline: The Controversy Nov 9, 2002, questions of privacy in TIA are raised in the press:  “If deployed, civil libertarians argue, the computer system would rapidly bring a surveillance state. They assert that potential terrorists would soon learn how to avoid detection in any case.” (NY Times) Nov 21, 2002, former Nixon speech writer William Safire writes an Op-Ed piece about TIA with the title “You Are a Suspect” Nov-Dec 2002: more questions raised in congress, the press. Defensive comments from DARPA, Rumsfeld, etc., but no discussion of how to enforce privacy. Description of TIA, program managers names/contact information removed from public DARPA web site

Timeline: Response Spring 2002 Jan, 2002: DARPA signs contract with PARC (formerly Xerox PARC) to look into privacy technology. US congress votes to limit TIA funding pending a report to congress on what they are doing and how privacy would be preserved. DARPA changes program name to Terrorist Information Awareness, and claims they will only use data about non-US citizens Tony Tether, head of DARPA, presents report defending TIA privacy to congress. General Accounting Office report questions privacy in TIA. Congress cuts all funding for TIA.

The TIA Privacy Concern Virtual database of information from numerous government (unclassified and classified), corporate, and public databases Data objects may contain identifying information about individuals, organizations, etc. (entities) Analysts and “bots” need to search database for “interesting” links Many analysts and others in law enforcement need to search database for information about specific entities Entity identity may be protected by complex law and policy rules until there is a strong indication of improper actions Privacy rules may vary based on the source of the data (foreign, domestic), the entity (US citizen), and the type of data Protection is needed against both internal abuses and external threats

Is TIA dead? Some states use MATRIX, a commercial product using commercially available data  Many who signed up originally have dropped out due to privacy concerns, including NY (liberal) and Utah (very conservative) CIA and FBI use NORA (Non Obvious Relationship Analysis), originally developed for use by Las Vegas casinos to identify gamblers with potential mob connections. An “annonymizing” version, ANNA, is being developed. Issue: what data are they using? Much of the data used by TIA is in commercial databases, available for use for a fee. ChoicePoint (among others) sells a service to aggregate information about an individual for a fee.