protecting society by protecting information
Download
Skip this Video
Download Presentation
Protecting Society by Protecting Information

Loading in 2 Seconds...

play fullscreen
1 / 21

Protecting Society by Protecting Information - PowerPoint PPT Presentation


  • 136 Views
  • Uploaded on

Protecting Society by Protecting Information. Reducing Crime by Better Information Sharing Adam Shostack [email protected] Information Sharing (Ideal). Information is rapidly and securely shared amongst law enforcement to prevent serious crime & catch criminals

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Protecting Society by Protecting Information' - beatrice-wallace


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
protecting society by protecting information

Protecting Society by Protecting Information

Reducing Crime by Better Information Sharing

Adam Shostack

[email protected]

information sharing ideal
Information Sharing (Ideal)
  • Information is rapidly and securely shared amongst law enforcement to prevent serious crime & catch criminals
  • This is a very worthwhile goal
  • My talk: focus on deviations from ideal
    • Not because all uses are deviations, but because as a society we must consider how things break
privacy and info sharing both protect people
Privacy and Info Sharing Both Protect People
  • Our panel title sets up a false dichotomy
  • Goal is to protect people
    • False data, misuse of data is a burden
  • How much information should we share achieve that?
  • Use the No-Fly List as an example application
    • No fly list exists because of terrorists
no fly list
No Fly List
  • Typical Information Sharing Application?
    • Data brought to bear to prevent criminal activity/terrorism
    • Data gathered from a plethora of sources
    • No privacy policy around the data
    • We hear only about failures
no fly list analysis
No Fly List Analysis
  • Assembled from a plethora of sources
  • No privacy policy
    • Using privacy in sense of Fair Information Practices:
    • Notification, Consent, Access, Correction, Reliability
  • Large quality problems
  • False positive vs. real hit frequency
    • Waste of officer time
information sharing nightmare
Information Sharing (nightmare)
  • Kafka-esque
    • Denied civil rights (travel, voting)
    • ID theft victims being arrested
    • No ability to solve problem
  • Orwellian World
    • Surviellance for its own sake
  • Stalkers
  • All the data sold to marketeers
info sharing economics
Info Sharing Economics
  • Building systems is expensive, hard
  • Outsource to private sector!
    • Choicepoint, Siesint
  • Data shared is data shared
    • Data will “update” other records
    • (Eg, Change of address)
info sharing by data brokers
Info Sharing by Data Brokers
  • [Choicepoint] disclosed that it had agreed to pay as much as $7 million to settle an Illinois class-action lawsuit by insurance agents.
  • The agents said ChoicePoint took information from their inquiries about potential insurance clients and then sold the names back to them and to competitors as sales leads."
info sharing with whom
Info Sharing with Whom?
  • Siesint, a Lexis Nexis Company
    • MATRIX
    • 320,000 records accessed
    • 57 account breaches
    • detected and reported
  • How much data was from law enforcement?
commercial databases
Commercial Databases
  • Data sales to all sorts, for all sorts of purposes
    • Stalking
    • ID Theft
    • Revenge
  • EPIC Phone complaint
  • Real ID Act, home addresses
  • Judge Lefkow (?)
increased information sharing
Increased Information Sharing
  • More information sharing through companies will lead to more crime
    • Stalking, ID theft, Assaults
    • More data capture will increase value of ID theft
  • Is this trade-off worthwhile?
    • Hard to say: need more on how lists work
  • Some 9/11 Hijackers were on lists
    • Too many lists, too many people on them?
economics of fraudulent id
Economics of Fraudulent ID
  • Increase in document checking
  • Getting harder to exist without papers
  • 15 million illegal immigrants need paper
  • So did 19 terrorists
  • Demand facilitates supply
  • Hijacker Alghamdi (pictured)
    • A facilitator helped him get VA ID
economics of fraudulent id1
Economics of Fraudulent ID
  • Economic incentives hard to resist
  • Arrests across the country
  • Katrina will lead to a groundswell of fraudulent issuance as processes are relaxed for hurricane survivors who need ID
  • More ID checking, more “acceptable” reasons to evade
why does this matter
Why Does This Matter?
  • If information sharing is based on “database data,” the quality of that data is dropping rapidly
  • Easier “investigation” by computer may distract from other avenues
alternatives
Alternatives?
  • Pose requirements as what to achieve
    • “Need to distinguish between Johnnie Thomas and Johnnie Thomas”
  • Not how to achieve it
    • “Need social security numbers to distinguish JT and JT”
share queries not data
Share Queries, Not Data
  • Move to allowing database queries, rather than shipping data
  • Allows data to be stored, managed, corrected, by creators
  • The FBI’s database is updated, but
    • bad data whose source is unknown, corrupts new lists.
share less invasive data
Share Less Invasive Data
  • Fingerprints vs:
    • Left thumb to right thumb, my fingerprints:
    • Right loop, whorl, right loop, whorl, right loop...
    • Using a 4 class system, over a million permutations
    • Hard to loan IDs when it’s a million to one match
    • 5 class (arch/tented arch) close to a billion possibilities
conclusions
Conclusions
  • Privacy protects people
  • Information sharing protects people
  • Privacy can improve information sharing
questions comments
Questions, Comments?

Thank you for your time and attention

ad