Cyber Eye: Privacy enforcement tool could become a TIA boon
It's an ill wind that blows no good, but something positive for privacy might be coming out of the Defense Advanced Research Projects Agency's Terrorism Information Awareness program.
DARPA has awarded a $3.5 million contract to Palo Alto Research Center Inc. of Palo Alto, Calif., a subsidiary of Xerox Corp., to develop a 'privacy appliance.' It would act as a gateway to enforce privacy policies on databases accessed by TIA.
In its report to Congress about TIA'formerly called Total Information Awareness'DARPA acknowledged that 'Americans rightfully are concerned that data collection and analysis activities by the intelligence community threaten their privacy.'
The objective of privacy protection for TIA's Genisys database technology, described as an ultralarge, all-sources information repository, is to make the data collected anonymous.
This technology does not yet exist, but DARPA's Information Awareness Office envisions a hardware-software privacy appliance sitting in front of the database to block unauthorized access and prevent release of information that could identify individuals.
It would have an engine to track already gathered data to keep analysts from accumulating enough sanitized information to infer identities.
'This is a difficult technical problem because, once information is known, it can be combined with other information,' DARPA said. The appliance's algorithms would have to be smart enough to 'perform some analysis automatically and shut off information when human analysts exceed' a preset knowledge threshold.
A so-called immutable log would show overseers not only who accessed what data, but also their search objectives'sort of a TIA in reverse.
Privacy advocates have reservations about the appliance because TIA did not say who would control it but indicated only 'some appropriate oversight authority.' Analysts could still access personal information with appropriate authorization'presumably a court order.
That might mean court-ordered surveillance for a crime that has not been committed'something David Sobel, general counsel for Washington's Electronic Privacy Information Center, has called 'completely alien to our judicial system.'
Technology is only as reliable as those who use it. If we need safeguards against TIA, putting them in the hands of TIA's planners doesn't give us much peace of mind.
But on the bright side, the privacy appliance itself could be promising outside of government. If the appliance does what it's supposed to do, it would improve everyone's security by enforcing policies, controlling access and tracking the use of personal data.