A Dual-Edged Sword: Providing Information, Stealing Privacy
A former National Security Council cyberspace expert explains how government technology can be used to simultaneously provide useful data--and steal privacy.
The power of new technologies to do good is often inextricably linked to their ability to cause harm.
Think about it. Early steam engines afforded enormous benefits--but, until labor laws were enacted, they allowed men, women, and children to work appallingly long days in mills and mines. Automobiles gave us freedom of movement--but, before public outrage resulted in new safety standards, auto accidents killed thousands needlessly. And, of course, the same nuclear energy that provides much of our electricity alarms us when despots threaten to use it in weapons of mass destruction, real or imagined.
Advanced information technologies are today's new "dual-edged sword." Computers can gather and analyze trillions of pieces of personal information about us, but we haven't yet faced up to what these powerful technologies can do in the hands of law enforcement.
Last summer, we saw a Pentagon proposal to "protect" the nation from crime and terrorism. The Total Information Awareness, or TIA, program would deploy cutting-edge information technologies to gather all available information about almost everybody. Using new data-mining techniques to comb this data, officials would look for patterns and try to identify which of us were the "bad guys."
When the plans for TIA were disclosed, the public immediately reacted with such furor that Congress quickly killed the program.
But since then, other questionable ideas have stepped into the breach. The Multistate Anti-Terrorism Information Exchange (yes, it's known as Matrix) is still not getting the level of public attention it warrants. Matrix gives participating law-enforcement agencies the ability to almost instantly build files on individuals, using essentially the same data-collection and analysis approaches the Pentagon's TIA program proposed.
Matrix officials won't reveal exactly what data sets might be tapped, but, at a minimum, we can expect the details of our drivers' licenses and traffic violations, property-tax records, lists of business associates, and marriage and divorce records to be included, along with available images. The files will also comprise vast amounts of data purchased from private companies that make it their business to track our purchasing and other behaviors. And, if pilot projects are an indication, any appearance in police files--even as a victim, complainant, or witness--will land us in the Matrix.
Matrix helps law-enforcement personnel make predictions--Is this person a good guy? A bad guy? Apt to be problematic?--through "factual data analysis" algorithms. Those highly educated guesses are produced through the system's enormous computing power.
Matrix outrages many people because of its possible privacy and civil-liberty violations. But even if privacy issues don't disturb you, Matrix presents at least four other serious concerns:
Matrix as a system may have fatal design flaws. At its core, Matrix is a human/software system that collects information, collates it, and analyzes it. Each of these steps has potentially fatal flaws. "Garbage in, garbage out" is as true today as it ever was. Data can be wrong, out of date, or generated by those with malicious motivations. Information will be added from jurisdictions with different laws, standards, interpretations, and expectations for accuracy. No amount of sophisticated technology can make up for bad data.
And when it comes to analyzing this data, both machines and humans can fail. Data-mining techniques to tease out patterns or correlations in complex databases are still very much in their infancy. Those in charge of interpreting these patterns will certainly have wide variations in training, capability, and interest. In the age of paper files and faxes, this might not have mattered much. But now, at the push of a button, hundreds and perhaps thousands of innocent people can come under police suspicion.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.