Upload
matthew-mcdonald
View
214
Download
1
Tags:
Embed Size (px)
Citation preview
“Critiquing the Idea of Total Information Awareness”
Professor Peter P. Swire
Ohio State University
Consultant, Morrison & Foerster LLP
International Association of Privacy Officers
February 27, 2003
Overview
The Poindexter TIA program The Poindexter program is simply one
example of the Administration’s consistent philosophy of TIA
Security, privacy & democracy critiques of TIA
What to do next
I. The Poindexter Program
Announcement fall 2002 of Total Information Awareness Program in Dept. of Defense, headed by Adm. John Poindexter
Vacuum cleaner for government, public-record, and private databases
Research program, but expected to go operational soon
Poindexter Program
Public outcry against the program Wyden-Grassley amendment to de-fund it Bush Administration tried to save it with a
blue-ribbon oversight board No member of Congress spoke for it So, ban on expenditure won
II. The Bush Doctrine of Total Information Awareness The Poindexter program is simply one
example of a Bush Administration doctrine of Total Information Awareness
At its most basic:– “The government should know more”– “Everyone else should know less”
The Government Should Know More
Maximize information available to the Enforcers– That is what “Total Information Awareness”
means Maximize detection and surveillance by the
Enforcers Maximize information sharing among the
Enforcers
Maximize Detection & Surveillance
Examples:– Poindexter program itself– TIPS -- get information from the letter carrier
and the cable guy– USA-Patriot Act -- stored records, etc.– Patriot II proposal -- get FCRA records without
consent, etc.
Maximize Information Sharing Break down the wall between law enforcement
and foreign intelligence/FISA TTIC -- 2003 State of the Union and Director of
CIA should head analysis of domestic, foreign, and law enforcement data
OMB initiatives to end “data silos” Homeland Security Department’s many
functions share data Money laundering data at home & abroad
“Everyone Else Should Know Less”Bush Administration policy of increasing
government secrecy
(1) Tell less about government actions
(2) More rules to prevent leaks
Tell less about government actions
FOIA change by Ashcroft before 9/11 Cheney refusal to release energy policy
meeting list to GAO FOIA rollback in Homeland Security Take down web sites, including information
to neighbors about potential leaks from chemical plants
More Rules to Prevent Leaks
Theme -- don’t inform the terrorists of our vulnerabilities
Patriot I -- criminal gag rules on libraries, employers, and others if they are asked to turn over records to the government
Homeland Security -- new criminal penalties against whistleblowers
Patriot II -- more proposed gag rules
Summary on Administration Actions to Date Total Information Awareness as the overall
Administration policy– Maximize surveillance and information sharing– Minimize sharing of information with public
Implicit view that this approach shows you are serious about national security
Implicit view that raising privacy and civil liberties means you care less about security
III. Critiques of the Philosophy of Total Information Awareness Negative impacts on security Negative impacts on privacy Lack of accountability and concerns about
preserving democracy
Negative Impacts on Security
More security lapses Lack of accountability and weaker security
over time Cost-effective security
More security lapses
The positive effects of information sharing– More “good guys”/enforcers get to see the data
The negative effects of information sharing– More “good guys”/enforcers get to see the data
State and local officials -- quality of systems? International officials -- money laundering data
shared with many governments When have leaks, the rogue enforcers have access to
far more data than before
Lack of Accountability and Weaker Security over Time Mantra of computer security experts: “There
is no security through obscurity”– Fix your vulnerabilities, don’t try to hide them– If you try to hide them, only the “bad guys” will
learn about the weaknesses– Essential role of peer review to maintaining
quality of system security over time– Gag rules on whistleblowers lead to
systematically greater vulnerabilities over time
Cost-effective Security
Implicit assumption of Total Information Awareness -- More Data is Better
Is the goal “total” information? Or is it the most cost-effective measures that
actually improve security? Better security to focus on the most effective
actions rather than the chimera of “total” information and control
Negative Impact on Privacy
Just gave reasons for believing TIA creates weaker security over time
And it creates weaker privacy Sensitive data sought for TIA -- medical,
financial, communications, etc. Chilling effects and less freedom if all of us
always under surveillance
Privacy Effects & Risk Profiles
Individuals will be assigned terrorist risk scores, like credit scores
Where have “high risk profile”, then government will act
Expect many “false positives” -- government has to act before it is certain that someone is a terrorist
False (and true) positives get put on “watch lists”
Privacy Effects & Watch Lists
WSJ article on FBI watch list after 9/11– Many innocent people on the watch list– Employers and others received the list– The list morphed, with mistakes, over the Internet– No access or correction for individuals who were
wrongfully on the list A return to the blacklists and secret dossiers
of the anti-Communist era
Preserving Accountability and Democracy We have gone down the TIA path before
– Maximize government surveillance– Minimize disclosure to the public
My IAPO speech in Chicago and the history of “The Lawless State: The Crimes of the U.S. Intelligence Agencies”
“The Lawless State”
Surveillance and smears of MLK, Jr. FBI infiltration of political groups
– FBI agents in KKK to Black Panthers, including participating in bombings, etc.
– “Fringe groups”? Large fraction of delegates to 1972 Democratic National Convention under surveillance
– Blackmail files on political officials IRS & CIA abuses
Reactions to the Lawless State
Title III (1968) -- federal wiretap standards Privacy Act, 1974 -- no secret dossiers Government in the Sunshine
– FOIA Amendments, 1974– Open meeting & whistleblower laws
Foreign Intelligence Surveillance Act, 1978 Electronic Comm. Privacy Act, 1984
Summary on the Lawless State
The Lawless State Round 1: history of abuse of power and lack of accountability
We built laws and institutions to:– Limit surveillance– Protect privacy– Create openness in government– Promote accountability
Has unaccountable and secretive government changed so we can ignore the history?
Concluding Remarks
The Poindexter program of Total Information Awareness was unanimously shut down by Congress
The Administration philosophy of Total Information Awareness, however, continues unabated– Patriot II proposal in 2003
What To Do?
Those of us outside government have a responsibility to voice the threat of TIA to security, privacy, and democracy
Inside the government, there needs to be someone at home on these issues -- in Homeland Security, OMB, & elsewhere
We must remember the history of the Lawless State, or we may be doomed to repeat it