A Model for When Disclosure Helps Security

1
(No Transcript)
2
Overview

• My background support from Glenn Institute
• The lack of information sharing as a cause of
  9/11 attacks
• The Bush Doctrine of information sharing
• A due diligence checklist for when proposed
  information sharing makes sense
• A few comments on NSA wiretaps

3
Chief Counselor for Privacy

• U.S. Office of Management Budget, 1999-early
  2001
• Trying to build privacy in for policies/laws
• HIPAA medical privacy
• Gramm-Leach financial privacy
• FTC enforcement of privacy promises
• Especially for the Internet
• Federal agency web policies privacy impact
  assessments
• Chaired WH Working Group on how to update
  surveillance law for the Internet age

4
Since 2001

• As OSU professor, have written on privacy
  information security
• Glenn grant on What Should Still be Secret
  Lessons on Anti-Terrorism, Cyber-Security, and
  Privacy
• 2 papers on computer security when disclosure
  helps or hurts security
• The System of Foreign Intelligence Surveillance
  Law
• Legal FAQs on NSA Wiretaps
• Should the data flow or not?

5
Information Sharing

• The failure of intelligence to prevent the 9/11
  attacks
• Belief that did not have enough information
  sharing
• Between FBI and CIA
• Between federal and first responders
• Among all the good guys to get the bad guys
• Today, focus on sharing, not collection

6
Encouraging Information Sharing

• Several Executive Orders to encourage it
• Intelligence Reform Act of 2004 National
  Director of Intelligence
• Markle Task Force on National Security in the
  Information Age
• Intellectual rationale for information sharing
• Says privacy, data security, and civil liberties
  should be built in as well

7
The Bush Doctrine of Information Sharing

• Disclaimer I often critique the Bush
  Administration on privacy information sharing
• First explain the logic of the position
• Axiom 1 The threat has changed
• Was threat of Soviet tank or missile attack
• Now is asymmetric threat a few individuals with
  boxcutters or home-made explosives

8
Bush Doctrine

• Axiom 2 The threat is significant
• The intellectual importance of WMDs
• One nuke can ruin your whole day
• Measures that are not justified by small attacks
  may be justified for asymmetric, large attacks

9
Bush Doctrine

• Axiom 3 Progress in IT dwarfs progress in
  defensive physical security
• Price of sensors, storage, and sharing down
  sharply
• Useful knowledge patterns extracted from data
• The efficient mix of security measures has a
  large ongoing shift to information-intensive
  strategies

10
Bush Doctrine

• (1) The threat has changed
• (2) The threat is significant
• (3) Progress in IT shifts the best response
• For critics, which of these assertions seems
  incorrect?
• There is a powerful logic to this approach
• Now we turn to possible responses

11
Has the Threat Changed?

• Yes.
• Conventional threat, typified by satellite
  reconnaisance of military targets, is clearly
  less than before 1989
• Enemy mobilization was often graduated and
  visible (levels of military alert)
• Current threats from asymmetric attacks
• No visibility of imminent attacks unless get
  information about the individual attackers

12
How Significant is the Threat?

• This topic is controversial
• I address this in 2004 article on foreign
  intelligence surveillance
• Perhaps threat is less than portrayed
• No WMDs in Iraq
• Nation states as havens likely much more
  dangerous than isolated individuals
• Exception in my view nuclear proliferation

13
Significance of the Threat

• Within the U.S., has been difficult politically
  to question the threat
• Republicans have been loyal to Pres. Bush
• Democrats cant appear weak
• Within U.S., privacy and civil liberties
  advocates question the threat but have not won
  that argument
• The debate since 9/11 has been what to do
  assuming a large threat The War on Terrorism
  or The Long War

14
Due Diligence List for Whether Shift to
Information Sharing is Efficient

• Here is the battleground for each proposal
• (1) Ends/means rationality does the proposed
  surveillance actually improve security?
• Does security measure work? Cost effectively?
• E.g., carry-ons over-broad (nail cutters) and
  under-broad (ingenious attackers can attack)
• E.g., data mining may create so many false
  positives that the noise swamps the signal

15
Due Diligence List

• (2) Security experts concern about information
  sharing
• Imagine you are General Counsel for the CIA
• Will sharing compromise our sources and
  methods?
• When should we abandon need to know?
• How often will bad guys infiltrate the
  information sharing that is intended to inform
  only the good guys?
• Tell first responders in Ohio?

16
Due Diligence List

• (3) Security theater Bruce Schneier
• Perceive, and critique, measures that are taken
  for the sake of doing something
• E.g., show ID to get into office buildings this
  is worthless in a world of pervasive fake IDs
• Important to have credible and effective
  technical critiques of proposed surveillance
• U.S. State Dept. RFIDs on passports as terrorist
  beacons readable at 10 meters

17
Due Diligence List

• (4) Point out unprecedented nature of proposed
  surveillance a Burkean, conservative point
• E.g., library records and chilling the right to
  read
• Gag rule on foreign intelligence orders to get
  library and other databases
• Some greater due process in Patriot Act revisions
• E.g., national ID cards and build coalition of
  libertarians on left and right

18
Due Diligence List

• (5) Invoke historical abuses ask for checks and
  balances
• Prevention was tried by Hoover the FBI
• The theory of just a bit more data
• Prevention led, over time, to vast expansion of
  surveillance but little proven prevention
• Political and other abuses from that expansion
• Therefore, oversight and limits on new
  surveillance because human nature hasnt changed

19
Due Diligence List

• (6) Fairness, discrimination, and effectiveness
• If single out groups, such as young Arab males,
  then that can backfire
• Is unfair, and perceived as unfair, by many
• Risk of creating resentment by communities whose
  cooperation is needed better to build bridges
  to communities than to treat everyone as a suspect

20
Due Diligence List

• (7) Show how proposed measures make the problem
  worse
• E.g., trusted traveler programs will give greater
  powers for harm to the terrorists who get the
  credential
• E.g., racial profiling that undermines assistance
  from the well-informed

21
Due Diligence List

• (8) International reaction to U.S. measures
• E.U. other countries are more regulatory on
  many privacy issues
• Not politically popular in U.S. to do it just
  because, say, the French want it
• Having allies, though, is actually a good thing
• Concerns from outside the U.S. may require a more
  fully developed policy process within U.S.

22
ConclusionSummary on Bush Doctrine

• Significant moral political logic to
• New threat
• The threat is large
• IT and information sharing will help
• More IT and information sharing is often a
  logical response to changing conditions

23
The Due Diligence List

• Issues to consider include
• Does proposal work? Cost-effectively?
• Risk to sources methods and other security
• It may be security theater
• Unprecedented surveillance and not needed
• Historical abuses show need for checks
• Fairness and non-discrimination
• Proposed measures may make the problem worse
• International ramifications

24
What Have We Learned?

• Description the types of arguments used in
  information sharing debates
• Prescription
• Do the due diligence
• Empirical assessment of each item on the list
• Institutions to screen proposals for sharing
• Institutions for oversight of the programs that
  go forward
• In that way, use new IT if, but only if, that
  actually makes sense

25
NSA Wiretaps

• The talk to this point has listed rational policy
  critiques of new information sharing programs
• Is that the way to debate each next proposal for
  information sharing?
• NSA wiretap revelations, and concern that the
  government is simply not being honest about how
  it collects uses data
• This program only does limited wiretaps
• What are the other programs?

26
NSA Loss of Trust

• Pres. Bush in 2004 Nothing has changed on
  wiretaps. You still need a court order.
• Response to DeWine proposal in 2003 No reason
  to amend FISA. It provides the flexibility we
  need.
• In this setting, it becomes much harder for those
  outside the government to accept statements that
  we should simply trust the government to use the
  data well

27
How Secrecy Can Undermine Security

• What will be the response to new proposals to
  increase surveillance and information sharing?
• The secrecy of recent years now creates a basis
  for lack of trust in the Administration as it
  describes new proposals
• This secrecy undermines our ability to adopt even
  the most sensible new proposals for information
  sharing and collection
• Secrecy thus can undermine security

28
NSA Wiretaps Due Diligence

• NSA wiretap program intended to help security
• Not authorized by statute, so controversy now
• Unclear whether it has been effective and
  cost-effective Another visit to Pizza Hut
• History of abuses in secret programs
• Secrecy of program, once it is revealed,
  undermines trust and future ability to adopt new
  information sharing programs
• In sum, short-term security gains but risk of
  long-term security losses
• The importance of due diligence list for creating
  these systems perhaps can help the debate going
  forward

29
Contact Information

• Professor Peter P. Swire
• Phone (240) 994-4142
• Email peter_at_peterswire.net
• Web www.peterswire.net
• This talk presented Feb. 7, 2006