+ All Categories
Home > Documents > Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University...

Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University...

Date post: 27-Mar-2015
Category:
Upload: matthew-mcdonald
View: 214 times
Download: 1 times
Share this document with a friend
Popular Tags:
27
“Critiquing the Idea of Total Information Awareness” Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association of Privacy Officers February 27, 2003
Transcript
Page 1: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

“Critiquing the Idea of Total Information Awareness”

Professor Peter P. Swire

Ohio State University

Consultant, Morrison & Foerster LLP

International Association of Privacy Officers

February 27, 2003

Page 2: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Overview

The Poindexter TIA program The Poindexter program is simply one

example of the Administration’s consistent philosophy of TIA

Security, privacy & democracy critiques of TIA

What to do next

Page 3: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

I. The Poindexter Program

Announcement fall 2002 of Total Information Awareness Program in Dept. of Defense, headed by Adm. John Poindexter

Vacuum cleaner for government, public-record, and private databases

Research program, but expected to go operational soon

Page 4: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.
Page 5: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Poindexter Program

Public outcry against the program Wyden-Grassley amendment to de-fund it Bush Administration tried to save it with a

blue-ribbon oversight board No member of Congress spoke for it So, ban on expenditure won

Page 6: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

II. The Bush Doctrine of Total Information Awareness The Poindexter program is simply one

example of a Bush Administration doctrine of Total Information Awareness

At its most basic:– “The government should know more”– “Everyone else should know less”

Page 7: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

The Government Should Know More

Maximize information available to the Enforcers– That is what “Total Information Awareness”

means Maximize detection and surveillance by the

Enforcers Maximize information sharing among the

Enforcers

Page 8: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Maximize Detection & Surveillance

Examples:– Poindexter program itself– TIPS -- get information from the letter carrier

and the cable guy– USA-Patriot Act -- stored records, etc.– Patriot II proposal -- get FCRA records without

consent, etc.

Page 9: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Maximize Information Sharing Break down the wall between law enforcement

and foreign intelligence/FISA TTIC -- 2003 State of the Union and Director of

CIA should head analysis of domestic, foreign, and law enforcement data

OMB initiatives to end “data silos” Homeland Security Department’s many

functions share data Money laundering data at home & abroad

Page 10: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

“Everyone Else Should Know Less”Bush Administration policy of increasing

government secrecy

(1) Tell less about government actions

(2) More rules to prevent leaks

Page 11: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Tell less about government actions

FOIA change by Ashcroft before 9/11 Cheney refusal to release energy policy

meeting list to GAO FOIA rollback in Homeland Security Take down web sites, including information

to neighbors about potential leaks from chemical plants

Page 12: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

More Rules to Prevent Leaks

Theme -- don’t inform the terrorists of our vulnerabilities

Patriot I -- criminal gag rules on libraries, employers, and others if they are asked to turn over records to the government

Homeland Security -- new criminal penalties against whistleblowers

Patriot II -- more proposed gag rules

Page 13: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Summary on Administration Actions to Date Total Information Awareness as the overall

Administration policy– Maximize surveillance and information sharing– Minimize sharing of information with public

Implicit view that this approach shows you are serious about national security

Implicit view that raising privacy and civil liberties means you care less about security

Page 14: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

III. Critiques of the Philosophy of Total Information Awareness Negative impacts on security Negative impacts on privacy Lack of accountability and concerns about

preserving democracy

Page 15: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Negative Impacts on Security

More security lapses Lack of accountability and weaker security

over time Cost-effective security

Page 16: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

More security lapses

The positive effects of information sharing– More “good guys”/enforcers get to see the data

The negative effects of information sharing– More “good guys”/enforcers get to see the data

State and local officials -- quality of systems? International officials -- money laundering data

shared with many governments When have leaks, the rogue enforcers have access to

far more data than before

Page 17: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Lack of Accountability and Weaker Security over Time Mantra of computer security experts: “There

is no security through obscurity”– Fix your vulnerabilities, don’t try to hide them– If you try to hide them, only the “bad guys” will

learn about the weaknesses– Essential role of peer review to maintaining

quality of system security over time– Gag rules on whistleblowers lead to

systematically greater vulnerabilities over time

Page 18: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Cost-effective Security

Implicit assumption of Total Information Awareness -- More Data is Better

Is the goal “total” information? Or is it the most cost-effective measures that

actually improve security? Better security to focus on the most effective

actions rather than the chimera of “total” information and control

Page 19: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Negative Impact on Privacy

Just gave reasons for believing TIA creates weaker security over time

And it creates weaker privacy Sensitive data sought for TIA -- medical,

financial, communications, etc. Chilling effects and less freedom if all of us

always under surveillance

Page 20: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Privacy Effects & Risk Profiles

Individuals will be assigned terrorist risk scores, like credit scores

Where have “high risk profile”, then government will act

Expect many “false positives” -- government has to act before it is certain that someone is a terrorist

False (and true) positives get put on “watch lists”

Page 21: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Privacy Effects & Watch Lists

WSJ article on FBI watch list after 9/11– Many innocent people on the watch list– Employers and others received the list– The list morphed, with mistakes, over the Internet– No access or correction for individuals who were

wrongfully on the list A return to the blacklists and secret dossiers

of the anti-Communist era

Page 22: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Preserving Accountability and Democracy We have gone down the TIA path before

– Maximize government surveillance– Minimize disclosure to the public

My IAPO speech in Chicago and the history of “The Lawless State: The Crimes of the U.S. Intelligence Agencies”

Page 23: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

“The Lawless State”

Surveillance and smears of MLK, Jr. FBI infiltration of political groups

– FBI agents in KKK to Black Panthers, including participating in bombings, etc.

– “Fringe groups”? Large fraction of delegates to 1972 Democratic National Convention under surveillance

– Blackmail files on political officials IRS & CIA abuses

Page 24: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Reactions to the Lawless State

Title III (1968) -- federal wiretap standards Privacy Act, 1974 -- no secret dossiers Government in the Sunshine

– FOIA Amendments, 1974– Open meeting & whistleblower laws

Foreign Intelligence Surveillance Act, 1978 Electronic Comm. Privacy Act, 1984

Page 25: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Summary on the Lawless State

The Lawless State Round 1: history of abuse of power and lack of accountability

We built laws and institutions to:– Limit surveillance– Protect privacy– Create openness in government– Promote accountability

Has unaccountable and secretive government changed so we can ignore the history?

Page 26: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

Concluding Remarks

The Poindexter program of Total Information Awareness was unanimously shut down by Congress

The Administration philosophy of Total Information Awareness, however, continues unabated– Patriot II proposal in 2003

Page 27: Critiquing the Idea of Total Information Awareness Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association.

What To Do?

Those of us outside government have a responsibility to voice the threat of TIA to security, privacy, and democracy

Inside the government, there needs to be someone at home on these issues -- in Homeland Security, OMB, & elsewhere

We must remember the history of the Lawless State, or we may be doomed to repeat it


Recommended