Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Slides:

Advertisements

Similar presentations

Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.

Advertisements

Privacy and National Security After September 11 Professor Peter P. Swire Ohio State University FLICC 2002 Forum Library of Congress March 19, 2002.

"Security and Privacy After September 11 Professor Peter P. Swire Ohio State Law School Consultant, Morrison & Foerster Privacy & Data Security Summit.

Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.

The Sunset of the Patriot Act Professor Peter P. Swire Moritz College of Law Ohio State University Winter College February 19, 2005.

The Year in Privacy and Security Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association of Privacy.

A State of the Union for Privacy: Fall, 2002 Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Privacy Officers.

"Security and Privacy After September 11: The Healthcare Example Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP April.

Better Security and Privacy for Home Broadband Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference.

Gag Rules and Information Flows: Or, How to Do Secret Surveillance in an Open Society Peter P. Swire Ohio State University Modest Proposals Conference.

"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.

Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,

HIPAA and the War on Terrorism Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP HIPAA Summit West June 7, 2003.

Reflections on the White House Privacy Office Peter P. Swire Ohio State University Center for American Progress N.C. State Privacy Day January 29, 2008.

Government Pattern Analysis: Securing Terrorists While Preserving Privacy? Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster.

The Need for Government-Wide Privacy Policy Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP DHS Privacy Advisory Committee.

Surviving Securely & Surviving Security -- Thoughts After 9/11 Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP HIPAA.

The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

A Model for When Disclosure Helps Security Peter P. Swire Ohio State University Stanford Cybersecurity Conference November 22, 2003.

The Secret of Grey Unveiled Grey Literature and the Freedom of Information Cees de Blaaij Library of Zeeland, Ac.Dep. Grey Literature Conference, Dec 14.

Security Through Obscurity: When It Works, When It Doesn’t Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Confidentiality and HIPAA

USA PATRIOT Act and Libraries Eric Johnson & Rodney Clare Jackman Sims Memorial Library.

Patriot Act October 26, United (and) Strengthening America (by) Providing appropriate tools required (to) intercept (and) obstruct Terrorism Act.

Chapter 17 Law and Terrorism.

USA Patriot Act I  Immediately post 9/11  Expanded search authority  Roving wiretaps  Monitor private internet and traffic  Acquisition of library.

Effects of Counterterrorism Legislation post 09/11 James J. Clements Honors Colloquium May 3 rd, 2007.

Works Citied. How Has the War on Terrorism Affected Civil Liberties? Opposing Viewpoints Civil Liberties Cole, David. The War on Terrorism.

USA PATRIOT ACT USA PATRIOT ACT

Chapter 15 Counter-terrorism. Introduction  United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Information Security Management The Implicit Need for Privacy Requirements or How Ignoring Privacy Can Kill Your Program.

Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Behind the Machine “The Good, The Bad, and the Ugly” Copyright © 2008 by Helene G. Kershner.

USA Patriot Act FBI Public FISA Foreign policy ExecutiveCongressSupreme Court Government agencies International surveillance.

Allows FBI to request (from FISA court judges) access to certain business records, including Common carriers (airlines, bus companies, and others in the.

Law and Terrorism “The laws will thus not be silent in time of war, but they will speak with a somewhat different voice.” Chief Justice Rehnquist.

Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Newsgathering: Access to Meetings & Records. Access and the First Amendment How has the U.S. Supreme Court responded to claims that the First Amendment.

“Privacy and the Future of Justice Statistics” Peter P. Swire Chief Counselor for Privacy OMB/OIRA National Conf.on Privacy, Technology & Criminal Justice.

The Declining Half Life of Secrets & the Future of Signals Intelligence Peter Swire Huang Professor of Law and Ethics Security & Human Behavior Conference.

CAPPS II: A Case Study of Homeland Security Computer Applications Marcia Hofmann Staff Counsel Electronic Privacy Information Center Computer Freedom &

Other Laws (Primarily for E-Government) COEN 351.

The Patriot Act Protecting the US or Violating People’s Freedoms.

Internet regulation National limits of Internet Content.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Computer and Internet privacy (2) University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2011 Feb 2011 ITSS 4201 Internet.

Chapter 22: Organization and Coordination of Counterterrorism Investigations.

Agencies and Surveillance Authority SNFI Agencies and Surveillance Authority 1.Civics 101, Courts, and the Constitution 2.Executive Agencies 3.PATRIOT.

The USA PATRIOT Act An Overstatement of ALA Concerns?

A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

American Government Chapter 12: The Bureaucracy. What is Bureaucracy? A large organization that is structured hierarchically to carry out specific functions.

FREEDOM of INFORMATION CHAPTER 9

ABUSE OF POWER BY OUR GOVERNMENT By Vinay Mathur.

Healthcare Privacy and Security After September 11 The HIPAA Colloquium At Harvard University August 20, 2002 Presented by: Lauren Steinfeld Privacy Consultant,

TASFAA 2016 Legacy of Leadership. TASFAA 2016 Legacy of Leadership Family Educational Rights and Privacy Act (FERPA) An Overview Molly Thompson Associate.

HIPAA for Students Health Insurance Portability and Accountability Act.

For Official Use Only (FOUO) and Similar Designations NPS Security Office

November 19, 2002 – Congress passed the Homeland Security Act of 2002, creating a new cabinet-level agency DHS activated in early 2003 Original Mission.

Law and Terrorism Chapter 17.

Bellwork Think about this…. Historical Event

U.S. and Texas Politics and Constitution Civil Liberties I February 3, 2015 J. Bryan Cole POLS 1336.

USA PATRIOT ACT WHAT DOES IT STAND FOR?.

“Court Records and Data Privacy: Online or Over the Line?”

The Surveillance State

Electronic Surveillance, Post 9/11

APK Bellwork Think* Pair* Share

Presentation transcript:

Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association of Privacy Officers February 27, 2003

Overview n The Poindexter TIA program n The Poindexter program is simply one example of the Administrations consistent philosophy of TIA n Security, privacy & democracy critiques of TIA n What to do next

I. The Poindexter Program n Announcement fall 2002 of Total Information Awareness Program in Dept. of Defense, headed by Adm. John Poindexter n Vacuum cleaner for government, public- record, and private databases n Research program, but expected to go operational soon

Poindexter Program n Public outcry against the program n Wyden-Grassley amendment to de-fund it n Bush Administration tried to save it with a blue-ribbon oversight board n No member of Congress spoke for it n So, ban on expenditure won

II. The Bush Doctrine of Total Information Awareness n The Poindexter program is simply one example of a Bush Administration doctrine of Total Information Awareness n At its most basic: – The government should know more – Everyone else should know less

The Government Should Know More n Maximize information available to the Enforcers – That is what Total Information Awareness means n Maximize detection and surveillance by the Enforcers n Maximize information sharing among the Enforcers

Maximize Detection & Surveillance n Examples: – Poindexter program itself – TIPS -- get information from the letter carrier and the cable guy – USA-Patriot Act -- stored records, etc. – Patriot II proposal -- get FCRA records without consent, etc.

Maximize Information Sharing n Break down the wall between law enforcement and foreign intelligence/FISA n TTIC State of the Union and Director of CIA should head analysis of domestic, foreign, and law enforcement data n OMB initiatives to end data silos n Homeland Security Departments many functions share data n Money laundering data at home & abroad

Everyone Else Should Know Less Bush Administration policy of increasing government secrecy (1) Tell less about government actions (2) More rules to prevent leaks

Tell less about government actions n FOIA change by Ashcroft before 9/11 n Cheney refusal to release energy policy meeting list to GAO n FOIA rollback in Homeland Security n Take down web sites, including information to neighbors about potential leaks from chemical plants

More Rules to Prevent Leaks n Theme -- dont inform the terrorists of our vulnerabilities n Patriot I -- criminal gag rules on libraries, employers, and others if they are asked to turn over records to the government n Homeland Security -- new criminal penalties against whistleblowers n Patriot II -- more proposed gag rules

Summary on Administration Actions to Date n Total Information Awareness as the overall Administration policy – Maximize surveillance and information sharing – Minimize sharing of information with public n Implicit view that this approach shows you are serious about national security n Implicit view that raising privacy and civil liberties means you care less about security

III. Critiques of the Philosophy of Total Information Awareness n Negative impacts on security n Negative impacts on privacy n Lack of accountability and concerns about preserving democracy

Negative Impacts on Security n More security lapses n Lack of accountability and weaker security over time n Cost-effective security

More security lapses n The positive effects of information sharing – More good guys/enforcers get to see the data n The negative effects of information sharing – More good guys/enforcers get to see the data n State and local officials -- quality of systems? n International officials -- money laundering data shared with many governments n When have leaks, the rogue enforcers have access to far more data than before

Lack of Accountability and Weaker Security over Time n Mantra of computer security experts: There is no security through obscurity – Fix your vulnerabilities, dont try to hide them – If you try to hide them, only the bad guys will learn about the weaknesses – Essential role of peer review to maintaining quality of system security over time – Gag rules on whistleblowers lead to systematically greater vulnerabilities over time

Cost-effective Security n Implicit assumption of Total Information Awareness -- More Data is Better n Is the goal total information? n Or is it the most cost-effective measures that actually improve security? n Better security to focus on the most effective actions rather than the chimera of total information and control

Negative Impact on Privacy n Just gave reasons for believing TIA creates weaker security over time n And it creates weaker privacy n Sensitive data sought for TIA -- medical, financial, communications, etc. n Chilling effects and less freedom if all of us always under surveillance

Privacy Effects & Risk Profiles n Individuals will be assigned terrorist risk scores, like credit scores n Where have high risk profile, then government will act n Expect many false positives -- government has to act before it is certain that someone is a terrorist n False (and true) positives get put on watch lists

Privacy Effects & Watch Lists n WSJ article on FBI watch list after 9/11 – Many innocent people on the watch list – Employers and others received the list – The list morphed, with mistakes, over the Internet – No access or correction for individuals who were wrongfully on the list n A return to the blacklists and secret dossiers of the anti-Communist era

Preserving Accountability and Democracy n We have gone down the TIA path before – Maximize government surveillance – Minimize disclosure to the public n My IAPO speech in Chicago and the history of The Lawless State: The Crimes of the U.S. Intelligence Agencies

The Lawless State n Surveillance and smears of MLK, Jr. n FBI infiltration of political groups – FBI agents in KKK to Black Panthers, including participating in bombings, etc. – Fringe groups? Large fraction of delegates to 1972 Democratic National Convention under surveillance – Blackmail files on political officials n IRS & CIA abuses

Reactions to the Lawless State n Title III (1968) -- federal wiretap standards n Privacy Act, no secret dossiers n Government in the Sunshine – FOIA Amendments, 1974 – Open meeting & whistleblower laws n Foreign Intelligence Surveillance Act, 1978 n Electronic Comm. Privacy Act, 1984

Summary on the Lawless State n The Lawless State Round 1: history of abuse of power and lack of accountability n We built laws and institutions to: – Limit surveillance – Protect privacy – Create openness in government – Promote accountability n Has unaccountable and secretive government changed so we can ignore the history?

Concluding Remarks n The Poindexter program of Total Information Awareness was unanimously shut down by Congress n The Administration philosophy of Total Information Awareness, however, continues unabated – Patriot II proposal in 2003

What To Do? n Those of us outside government have a responsibility to voice the threat of TIA to security, privacy, and democracy n Inside the government, there needs to be someone at home on these issues -- in Homeland Security, OMB, & elsewhere n We must remember the history of the Lawless State, or we may be doomed to repeat it