270 likes | 281 Views
This article critiques the concept of Total Information Awareness (TIA) and its impact on security, privacy, and democracy. It examines the Poindexter program as an example of the Bush Administration's philosophy of TIA, and discusses the negative consequences of maximizing information available to enforcers while minimizing information available to the public. The article also highlights concerns about accountability and the preservation of democracy.
E N D
“Critiquing the Idea of Total Information Awareness” Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP International Association of Privacy Officers February 27, 2003
Overview • The Poindexter TIA program • The Poindexter program is simply one example of the Administration’s consistent philosophy of TIA • Security, privacy & democracy critiques of TIA • What to do next
I. The Poindexter Program • Announcement fall 2002 of Total Information Awareness Program in Dept. of Defense, headed by Adm. John Poindexter • Vacuum cleaner for government, public-record, and private databases • Research program, but expected to go operational soon
Poindexter Program • Public outcry against the program • Wyden-Grassley amendment to de-fund it • Bush Administration tried to save it with a blue-ribbon oversight board • No member of Congress spoke for it • So, ban on expenditure won
II. The Bush Doctrine of Total Information Awareness • The Poindexter program is simply one example of a Bush Administration doctrine of Total Information Awareness • At its most basic: • “The government should know more” • “Everyone else should know less”
The Government Should Know More • Maximize information available to the Enforcers • That is what “Total Information Awareness” means • Maximize detection and surveillance by the Enforcers • Maximize information sharing among the Enforcers
Maximize Detection & Surveillance • Examples: • Poindexter program itself • TIPS -- get information from the letter carrier and the cable guy • USA-Patriot Act -- stored records, etc. • Patriot II proposal -- get FCRA records without consent, etc.
Maximize Information Sharing • Break down the wall between law enforcement and foreign intelligence/FISA • TTIC -- 2003 State of the Union and Director of CIA should head analysis of domestic, foreign, and law enforcement data • OMB initiatives to end “data silos” • Homeland Security Department’s many functions share data • Money laundering data at home & abroad
“Everyone Else Should Know Less” Bush Administration policy of increasing government secrecy (1) Tell less about government actions (2) More rules to prevent leaks
Tell less about government actions • FOIA change by Ashcroft before 9/11 • Cheney refusal to release energy policy meeting list to GAO • FOIA rollback in Homeland Security • Take down web sites, including information to neighbors about potential leaks from chemical plants
More Rules to Prevent Leaks • Theme -- don’t inform the terrorists of our vulnerabilities • Patriot I -- criminal gag rules on libraries, employers, and others if they are asked to turn over records to the government • Homeland Security -- new criminal penalties against whistleblowers • Patriot II -- more proposed gag rules
Summary on Administration Actions to Date • Total Information Awareness as the overall Administration policy • Maximize surveillance and information sharing • Minimize sharing of information with public • Implicit view that this approach shows you are serious about national security • Implicit view that raising privacy and civil liberties means you care less about security
III. Critiques of the Philosophy of Total Information Awareness • Negative impacts on security • Negative impacts on privacy • Lack of accountability and concerns about preserving democracy
Negative Impacts on Security • More security lapses • Lack of accountability and weaker security over time • Cost-effective security
More security lapses • The positive effects of information sharing • More “good guys”/enforcers get to see the data • The negative effects of information sharing • More “good guys”/enforcers get to see the data • State and local officials -- quality of systems? • International officials -- money laundering data shared with many governments • When have leaks, the rogue enforcers have access to far more data than before
Lack of Accountability and Weaker Security over Time • Mantra of computer security experts: “There is no security through obscurity” • Fix your vulnerabilities, don’t try to hide them • If you try to hide them, only the “bad guys” will learn about the weaknesses • Essential role of peer review to maintaining quality of system security over time • Gag rules on whistleblowers lead to systematically greater vulnerabilities over time
Cost-effective Security • Implicit assumption of Total Information Awareness -- More Data is Better • Is the goal “total” information? • Or is it the most cost-effective measures that actually improve security? • Better security to focus on the most effective actions rather than the chimera of “total” information and control
Negative Impact on Privacy • Just gave reasons for believing TIA creates weaker security over time • And it creates weaker privacy • Sensitive data sought for TIA -- medical, financial, communications, etc. • Chilling effects and less freedom if all of us always under surveillance
Privacy Effects & Risk Profiles • Individuals will be assigned terrorist risk scores, like credit scores • Where have “high risk profile”, then government will act • Expect many “false positives” -- government has to act before it is certain that someone is a terrorist • False (and true) positives get put on “watch lists”
Privacy Effects & Watch Lists • WSJ article on FBI watch list after 9/11 • Many innocent people on the watch list • Employers and others received the list • The list morphed, with mistakes, over the Internet • No access or correction for individuals who were wrongfully on the list • A return to the blacklists and secret dossiers of the anti-Communist era
Preserving Accountability and Democracy • We have gone down the TIA path before • Maximize government surveillance • Minimize disclosure to the public • My IAPO speech in Chicago and the history of “The Lawless State: The Crimes of the U.S. Intelligence Agencies”
“The Lawless State” • Surveillance and smears of MLK, Jr. • FBI infiltration of political groups • FBI agents in KKK to Black Panthers, including participating in bombings, etc. • “Fringe groups”? Large fraction of delegates to 1972 Democratic National Convention under surveillance • Blackmail files on political officials • IRS & CIA abuses
Reactions to the Lawless State • Title III (1968) -- federal wiretap standards • Privacy Act, 1974 -- no secret dossiers • Government in the Sunshine • FOIA Amendments, 1974 • Open meeting & whistleblower laws • Foreign Intelligence Surveillance Act, 1978 • Electronic Comm. Privacy Act, 1984
Summary on the Lawless State • The Lawless State Round 1: history of abuse of power and lack of accountability • We built laws and institutions to: • Limit surveillance • Protect privacy • Create openness in government • Promote accountability • Has unaccountable and secretive government changed so we can ignore the history?
Concluding Remarks • The Poindexter program of Total Information Awareness was unanimously shut down by Congress • The Administration philosophy of Total Information Awareness, however, continues unabated • Patriot II proposal in 2003
What To Do? • Those of us outside government have a responsibility to voice the threat of TIA to security, privacy, and democracy • Inside the government, there needs to be someone at home on these issues -- in Homeland Security, OMB, & elsewhere • We must remember the history of the Lawless State, or we may be doomed to repeat it