Privacy and information sharing in the war on terror
1 / 25

Privacy and Information Sharing in the War on Terror - PowerPoint PPT Presentation

  • Uploaded on

Privacy and Information Sharing in the War on Terror. Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Fellow, Center for American Progress IAPP Summit, March 9, 2006. Overview. My background in privacy The lack of information sharing as a cause of 9/11 attacks

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Privacy and Information Sharing in the War on Terror' - tekla

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Privacy and information sharing in the war on terror l.jpg

Privacy and Information Sharing in the War on Terror

Peter P. Swire

Ohio State University

Consultant, Morrison & Foerster, LLP

Fellow, Center for American Progress

IAPP Summit, March 9, 2006

Overview l.jpg

  • My background in privacy

  • The lack of information sharing as a cause of 9/11 attacks

  • The Bush Doctrine of information sharing

  • A due diligence checklist for when proposed information sharing makes sense

Chief counselor for privacy l.jpg
Chief Counselor for Privacy

  • U.S. Office of Management & Budget, 1999-early 2001

  • Trying to “build privacy in” for policies/laws

    • HIPAA: medical privacy

    • Gramm-Leach: financial privacy

    • FTC enforcement of privacy promises

      • Especially for the Internet

    • Safe Harbor with Europe

    • Federal agency web policies & privacy impact assessments

    • Chaired WH Working Group on how to update surveillance law for the Internet age

My normative baseline l.jpg
My Normative Baseline

  • My own views are roughly those reflected by the Clinton Administration during that period

    • Achieve progress in building privacy into public and private systems

    • Fair information practices as the baseline

    • Be realistic about how laws are actually implemented in practice, avoiding over- and under-regulation

    • No reason that should be a partisan position

Information sharing l.jpg
Information Sharing

  • The failure of intelligence to prevent the 9/11 attacks

  • Belief that did not have enough information sharing

    • Between FBI and CIA

    • Between federal and first responders

    • Among all the “good guys” to get the “bad guys”

Encouraging information sharing l.jpg
Encouraging Information Sharing

  • Several Executive Orders to encourage it

  • Intelligence Reform Act of 2004 & National Director of Intelligence

  • Markle Task Force on National Security in the Information Age

    • Intellectual rationale for information sharing

    • Says privacy, data security, and civil liberties should be built in as well

The bush doctrine of information sharing l.jpg
The Bush Doctrine of Information Sharing

  • Disclaimer – I have often critiqued the Bush Administration on privacy & information sharing

    • First explain the logic of the position

  • Axiom 1: The threat has changed

    • Was threat of Soviet tank or missile attack

    • Now is asymmetric threat – a few individuals with boxcutters or home-made explosives

Bush doctrine l.jpg
Bush Doctrine

  • Axiom 2: The threat is significant

    • The intellectual importance of WMDs

    • “One nuke can ruin your whole day”

    • Measures that are not justified by small attacks may be justified for asymmetric, large attacks

Bush doctrine9 l.jpg
Bush Doctrine

  • Axiom 3: Progress in IT dwarfs progress in defensive physical security

    • Price of sensors, storage, and sharing down sharply

    • Useful knowledge & patterns extracted from data

    • The efficient mix of security measures has a large & ongoing shift to information-intensive strategies

Bush doctrine10 l.jpg
Bush Doctrine

  • (1) The threat has changed

  • (2) The threat is significant

  • (3) Progress in IT shifts the best response

  • For privacy advocates, which of these assertions seems incorrect?

  • There is a powerful logic to this approach

  • Now we turn to possible responses

Has the threat changed l.jpg
Has the Threat Changed?

  • Yes.

  • Conventional threat, typified by satellite reconnaisance of military targets, is clearly less than before 1989

    • Enemy mobilization was often graduated and visible (levels of military alert)

  • Current threats from asymmetric attacks

    • No visibility of imminent attacks unless get information about the individual attackers

How significant is the threat l.jpg
How Significant is the Threat?

  • This topic is controversial

  • I address this in 2004 article on foreign intelligence & surveillance

  • No WMDs in Iraq

  • Nation states as havens likely much more dangerous than isolated individuals

  • Exceptions in my view – nuclear proliferation, tailored viruses

Significance of the threat l.jpg
Significance of the Threat

  • Within the U.S., has been extremely difficult politically to question the threat

    • Republicans have been loyal to Pres. Bush

    • Democrats can’t appear weak

  • Within U.S., privacy and civil liberties advocates question the threat but have not been likely to succeed much

  • The debate since 9/11 has been what to do assuming a large threat: “The War on Terrorism”

Due diligence list for whether shift to information sharing is efficient l.jpg
Due Diligence List for Whether Shift to Information Sharing is Efficient

  • Here is the battleground for each proposal

  • (1) Ends/means rationality – does the proposed surveillance actually improve security?

    • Does security measure work? Cost effectively?

    • E.g., carry-ons over-broad (nail cutters) and under-broad (ingenious attackers can attack)

    • E.g., data mining may create so many false positives that the noise swamps the signal

Due diligence list l.jpg
Due Diligence List is Efficient

  • (2) Security experts’ concern about information sharing:

    • Imagine you are GC for the CIA

    • Will sharing compromise our “sources and methods”?

    • When should we abandon “need to know”?

    • How often will “bad guys” infiltrate the information sharing that is intended to inform only the “good guys”? To all first responders?

    • Swire research on disclosure & security

Due diligence list16 l.jpg
Due Diligence List is Efficient

  • (3) “Security theater” & Bruce Schneier

    • Perceive, and critique, measures that are taken for the sake of “doing something”

    • E.g., show ID to get into office buildings; this is worthless in a world of pervasive fake IDs

    • Important to have credible and effective technical critiques of proposed surveillance

      • U.S. State Dept. RFIDs on passports as “terrorist beacons” readable at 10 meters

Due diligence list17 l.jpg
Due Diligence List is Efficient

  • (4) Point out unprecedented nature of proposed surveillance – a Burkean, conservative point

    • E.g., library records and chilling the right to read

    • “Gag rule” on foreign intelligence orders to get library and other databases

      • Some greater due process in Patriot Act revisions

    • E.g., national ID cards and coalition of libertarians on left and right

Due diligence list18 l.jpg
Due Diligence List is Efficient

  • (5) Invoke historical abuses & ask for checks and balances

    • Prevention was tried by Hoover & the FBI

    • The theory of “just a bit more data”

    • Prevention led, over time, to vast expansion of surveillance but little proven prevention

    • Political and other abuses from that expansion

    • Therefore, oversight and limits on new surveillance because human nature hasn’t changed

Due diligence list19 l.jpg
Due Diligence List is Efficient

  • (6) Fairness, discrimination, and effectiveness

    • If single out groups, such as young Arab males, then that can backfire

    • Is unfair, and perceived as unfair by many

    • Risk of creating resentment by communities who cooperation is needed – better to build bridges to communities than to treat everyone as a suspect

Due diligence list20 l.jpg
Due Diligence List is Efficient

  • (7) Show how proposed measures make the problem worse

    • E.g., trusted traveler programs will give greater powers for harm to the terrorists who get the credential

    • E.g., racial profiling that undermines assistance from the well-informed

Due diligence list21 l.jpg
Due Diligence List is Efficient

  • (8) International reaction to U.S. measures

    • E.U. & other countries are more regulatory on many privacy issues

    • Not politically popular in U.S. to do it just because, say, the French want it

    • Having allies, though, is actually a good thing

    • Concerns from outside the U.S. may require a more fully developed policy process within U.S.

Conclusion summary on bush doctrine l.jpg
Conclusion: is EfficientSummary on Bush Doctrine

  • Significant moral & political logic to:

    • New threat

    • The threat is large

    • IT and information sharing will help

  • More IT and information sharing is often a logical response to changing conditions

The due diligence list l.jpg
The Due Diligence List is Efficient

  • Issues to consider include:

    • Does proposal work? Cost-effectively?

    • Risk to sources & methods and other security

    • It may be “security theater”

    • Unprecedented surveillance and not needed

    • Historical abuses show need for checks

    • Fairness and non-discrimination

    • Proposed measures may make the problem worse

    • International ramifications

What have we learned l.jpg
What Have We Learned? is Efficient

  • Description: the types of arguments used in information sharing debates

  • Prescription:

    • Do the due diligence

    • Empirical assessment of each item on the list

    • Institutions to screen proposals for sharing

    • Institutions for oversight of the programs that go forward

  • In that way, use new IT if, but only if, that actually makes sense

Contact information l.jpg
Contact Information is Efficient

  • Professor Peter P. Swire

  • Phone: (240) 994-4142

  • Email: [email protected]

  • Web: