[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] WPO 08.05.03: (TIA) Balancing Data Needs And Privacy
May 8, 2003
Balancing Data Needs And Privacy
By Leslie Walker
PALO ALTO, Calif.-- It's hard to believe much good will come of the Bush
administration's plan for a grandiose surveillance network that would scour
trillions of data snippets worldwide hunting for signs of terrorism. I
think civil libertarians are right to worry about the dangers lurking in
the massive governmental snooping expedition known as Total Information
Awareness (TIA), especially since it rests on the unproven notion that
machines can automatically detect terrorism patterns in seemingly unrelated
Nonetheless, if such a system can be made to work while respecting the
privacy of law-abiding Americans, Teresa Lunt likely will play a key role.
Lunt is the computer security expert here at the Palo Alto Research Center
(PARC) hired by the Pentagon's research arm to create a "privacy appliance"
prototype for the electronic surveillance network. Lunt's research team
snared a $3.5 million grant last month from the Pentagon's Defense Advanced
Research Projects Agency to do work over the next 42 months. Hers was one
of more than two dozen projects DARPA chose to fund from among 180
proposals submitted to piece together the technology required for the
electronic surveillance network. Lunt's work is already starting, even
though Congress voted in February to freeze funding for the surveillance
network pending a DARPA report due by May 20.
Mind you, I'm not saying the government shouldn't update its technology for
analyzing data it already has legal access to, but I do believe the
potential for computer errors and abuse in a system probing everything from
our telephone habits to our library logs is simply enormous. The point was
well made in a letter to Congress a few months ago by the U.S. Association
for Computer Machinery's policy committee. "We believe that the vast amount
of information and misinformation collected by any system resulting from
this program is likely to be misused to the detriment of many innocent
Americans," the computer scientists wrote.
Still, Lunt's project intrigues me. It falls into a relatively young field
of computer science dubbed "data privacy," in which researchers are
exploring ways to scrub databases of personally identifiable information
without trashing the usefulness of the digital repositories for socially
"It is an emerging and important field," said Latanya Sweeney, the computer
scientist who directs Carnegie Mellon University's Laboratory for
International Data Privacy.
Sweeney's team recently did data-privacy development work for the federal
government that is just starting to be used in the Washington region for
early detection of bioterrorist attacks, through screening such records as
emergency-room visits. "It allows the sharing of information for
bioterrorism surveillance with guarantees that no one can be identified,"
Lunt's charge is to do similar work for the Total Information Awareness
initiative, although her effort also involves controversial ways to let the
government selectively peel away the privacy protections it creates. Her
central goal is creating an information filter to magically strip
personally identifying information from query results delivered to analysts
searching for terrorist patterns in "ultra-large" data warehouses. Those
could include such sensitive records as credit card receipts, phone logs,
chemical purchases, bank statements and travel reservations -- along with
visual images from the expanding number of surveillance cameras positioned
in cities all over the world.
While no one would quibble with protecting privacy and everyone should
cheer the capture of terrorists, critics worry that Lunt's "privacy
appliance" may be veneer slapped onto the data-mining network to blunt
charges that it would infringe the privacy of Americans.
"You can't escape the fundamental contradiction of privacy research being
conducted around a half-a-billion-dollar program of national surveillance,"
said Marc Rotenberg, executive director of the Electronic Privacy
Information Center, a Washington-based advocacy group. "It is like building
environmentally friendly nuclear power plants."
Lunt is acutely aware of the firestorm surrounding the counterterrorism
project but contends her work has other potentially valuable uses. It may
not wind up being used by the government at all, she noted, but could prove
helpful in the commercial sector.
History may be on her side. For one thing, Lunt is working in the storied
lab created by Xerox Corp. where researchers invented the graphical user
interface and Ethernet networking. Moreover, the agency overseeing her
work, DARPA, has commissioned plenty of military research that ended up
having greater impact on civilians than soldiers -- including the Internet,
an uber-network if there ever was one.
In an interview in her light-filled corner office, Lunt said she, too,
worries that technology is chipping away at privacy faster than laws and
policymakers seem to be coping. But she expressed optimism that her
research will help fashion tools to let society exploit the power of
databases without trampling on privacy.
Her work for DARPA involves creating a mix of software and hardware to
allow data scanning and "selective revelation" of personally identifiable
information. What gets revealed, she said, depends on the kind of
authorization each analyst has, perhaps including court orders and
subpoenas. Lunt said her contraption would sit between government data
detectives and the databases they want to mine. "If a private source
decides they are willing to share information with the government, they
would keep their database in their own hands and put this appliance in
front of their database," she said. "Government queries would have to go
through the appliance before getting access to the data. It will do
filtering so no personally identifying information is returned to the
analysts unless they can demonstrate they have authority."
Lunt's team is devising computational methods to figure out what
information might combine to uniquely identify individuals. They are
fashioning "aliasing" systems to replace real names and birth dates, and an
"inference analysis" tool to prevent deduction of people's identities even
after aliases are created. The appliance also will create an elaborate
audit trail to record the time, nature and authorship of all queries --
then encrypt the audit log and store it in fragments with independent
organizations to protect its integrity.
Lunt said the technology could prove useful for doing more than hunting
down terrorists. An appliance that kept patient data anonymous, for
example, could provide a faster way for medical researchers to figure out
effective surgical treatments for certain diseases. No longer would they
have to get consent from thousands of patients to have their records
scanned. "What you want is their medical history, treatment and outcome so
you can study that and improve treatment for others in the future," said Lunt.
Carnegie Mellon's Sweeney agrees that data-privacy software ultimately
should help society ease the growing tension between security and privacy.
"In the absence of good privacy technology, society is left to make a crude
decision -- whether we have to give them the data to keep America safe, or
we don't give them the data to maintain privacy," she said. "And for the
most part, neither option is comfortable for the long term."
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.