1 / 27

“Critiquing the Idea of Total Information Awareness”

“Critiquing the Idea of Total Information Awareness” . Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association of Privacy Officers February 27, 2003 . Overview. The Poindexter TIA program

DoraAna
Download Presentation

“Critiquing the Idea of Total Information Awareness”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Critiquing the Idea of Total Information Awareness” Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association of Privacy Officers February 27, 2003

  2. Overview • The Poindexter TIA program • The Poindexter program is simply one example of the Administration’s consistent philosophy of TIA • Security, privacy & democracy critiques of TIA • What to do next

  3. I. The Poindexter Program • Announcement fall 2002 of Total Information Awareness Program in Dept. of Defense, headed by Adm. John Poindexter • Vacuum cleaner for government, public-record, and private databases • Research program, but expected to go operational soon

  4. Poindexter Program • Public outcry against the program • Wyden-Grassley amendment to de-fund it • Bush Administration tried to save it with a blue-ribbon oversight board • No member of Congress spoke for it • So, ban on expenditure won

  5. II. The Bush Doctrine of Total Information Awareness • The Poindexter program is simply one example of a Bush Administration doctrine of Total Information Awareness • At its most basic: • “The government should know more” • “Everyone else should know less”

  6. The Government Should Know More • Maximize information available to the Enforcers • That is what “Total Information Awareness” means • Maximize detection and surveillance by the Enforcers • Maximize information sharing among the Enforcers

  7. Maximize Detection & Surveillance • Examples: • Poindexter program itself • TIPS -- get information from the letter carrier and the cable guy • USA-Patriot Act -- stored records, etc. • Patriot II proposal -- get FCRA records without consent, etc.

  8. Maximize Information Sharing • Break down the wall between law enforcement and foreign intelligence/FISA • TTIC -- 2003 State of the Union and Director of CIA should head analysis of domestic, foreign, and law enforcement data • OMB initiatives to end “data silos” • Homeland Security Department’s many functions share data • Money laundering data at home & abroad

  9. “Everyone Else Should Know Less” Bush Administration policy of increasing government secrecy (1) Tell less about government actions (2) More rules to prevent leaks

  10. Tell less about government actions • FOIA change by Ashcroft before 9/11 • Cheney refusal to release energy policy meeting list to GAO • FOIA rollback in Homeland Security • Take down web sites, including information to neighbors about potential leaks from chemical plants

  11. More Rules to Prevent Leaks • Theme -- don’t inform the terrorists of our vulnerabilities • Patriot I -- criminal gag rules on libraries, employers, and others if they are asked to turn over records to the government • Homeland Security -- new criminal penalties against whistleblowers • Patriot II -- more proposed gag rules

  12. Summary on Administration Actions to Date • Total Information Awareness as the overall Administration policy • Maximize surveillance and information sharing • Minimize sharing of information with public • Implicit view that this approach shows you are serious about national security • Implicit view that raising privacy and civil liberties means you care less about security

  13. III. Critiques of the Philosophy of Total Information Awareness • Negative impacts on security • Negative impacts on privacy • Lack of accountability and concerns about preserving democracy

  14. Negative Impacts on Security • More security lapses • Lack of accountability and weaker security over time • Cost-effective security

  15. More security lapses • The positive effects of information sharing • More “good guys”/enforcers get to see the data • The negative effects of information sharing • More “good guys”/enforcers get to see the data • State and local officials -- quality of systems? • International officials -- money laundering data shared with many governments • When have leaks, the rogue enforcers have access to far more data than before

  16. Lack of Accountability and Weaker Security over Time • Mantra of computer security experts: “There is no security through obscurity” • Fix your vulnerabilities, don’t try to hide them • If you try to hide them, only the “bad guys” will learn about the weaknesses • Essential role of peer review to maintaining quality of system security over time • Gag rules on whistleblowers lead to systematically greater vulnerabilities over time

  17. Cost-effective Security • Implicit assumption of Total Information Awareness -- More Data is Better • Is the goal “total” information? • Or is it the most cost-effective measures that actually improve security? • Better security to focus on the most effective actions rather than the chimera of “total” information and control

  18. Negative Impact on Privacy • Just gave reasons for believing TIA creates weaker security over time • And it creates weaker privacy • Sensitive data sought for TIA -- medical, financial, communications, etc. • Chilling effects and less freedom if all of us always under surveillance

  19. Privacy Effects & Risk Profiles • Individuals will be assigned terrorist risk scores, like credit scores • Where have “high risk profile”, then government will act • Expect many “false positives” -- government has to act before it is certain that someone is a terrorist • False (and true) positives get put on “watch lists”

  20. Privacy Effects & Watch Lists • WSJ article on FBI watch list after 9/11 • Many innocent people on the watch list • Employers and others received the list • The list morphed, with mistakes, over the Internet • No access or correction for individuals who were wrongfully on the list • A return to the blacklists and secret dossiers of the anti-Communist era

  21. Preserving Accountability and Democracy • We have gone down the TIA path before • Maximize government surveillance • Minimize disclosure to the public • My IAPO speech in Chicago and the history of “The Lawless State: The Crimes of the U.S. Intelligence Agencies”

  22. “The Lawless State” • Surveillance and smears of MLK, Jr. • FBI infiltration of political groups • FBI agents in KKK to Black Panthers, including participating in bombings, etc. • “Fringe groups”? Large fraction of delegates to 1972 Democratic National Convention under surveillance • Blackmail files on political officials • IRS & CIA abuses

  23. Reactions to the Lawless State • Title III (1968) -- federal wiretap standards • Privacy Act, 1974 -- no secret dossiers • Government in the Sunshine • FOIA Amendments, 1974 • Open meeting & whistleblower laws • Foreign Intelligence Surveillance Act, 1978 • Electronic Comm. Privacy Act, 1984

  24. Summary on the Lawless State • The Lawless State Round 1: history of abuse of power and lack of accountability • We built laws and institutions to: • Limit surveillance • Protect privacy • Create openness in government • Promote accountability • Has unaccountable and secretive government changed so we can ignore the history?

  25. Concluding Remarks • The Poindexter program of Total Information Awareness was unanimously shut down by Congress • The Administration philosophy of Total Information Awareness, however, continues unabated • Patriot II proposal in 2003

  26. What To Do? • Those of us outside government have a responsibility to voice the threat of TIA to security, privacy, and democracy • Inside the government, there needs to be someone at home on these issues -- in Homeland Security, OMB, & elsewhere • We must remember the history of the Lawless State, or we may be doomed to repeat it

More Related