Presentation is loading. Please wait.

Presentation is loading. Please wait.

For info, contact: kkw”at”mit.edu K. Krasnow Waterman 1 Accountable Systems: Fusion Center Prototype Spring 2010.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "For info, contact: kkw”at”mit.edu K. Krasnow Waterman 1 Accountable Systems: Fusion Center Prototype Spring 2010."— Presentation transcript:

1 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 1 Accountable Systems: Fusion Center Prototype Spring 2010

2 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 2 About DIG The Decentralized Information Group explores technical, institutional, and public policy questions necessary to advance the development of global, decentralized information environments.

3 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 3 Agenda Challenge of Accountability Prototyping Fusion Center information sharing Scenarios 1.2 parties, 1 document, 1 policy 2.Policy calls 1.Another policy (understanding definitions & cross-ontology reasoning) 2.Another fact (drawing from additional resources) 3.Pre-processing for subjective judgments 4.Modeling – substituting parties or policies 5.Validating – ensuring a hard result 6.Scaling – modeling the Privacy Act 1.Adding to the cross-ontology knowledge base 7.Future possibilities Future work Technical Notes Team

4 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 4 Challenge Organizations have obligations regarding the collection, use, and sharing of information.

5 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 5 Examples Law –HIPAA –SOX –Privacy Act Regulation –Know Your Customer –Suspicious Activity Reporting Contract –Business partners –Vendors Policy –Corporate –Association

6 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 6 Accountability How should organizations ensure that they meet those obligations? How should they prove to others that they are meeting those obligations?

7 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 7 7 The Goal – Accountable Systems System, system on the wall… Is this fair use after all? Ability for systems to determine whether each use of data is/was permitted by the relevant rules for the particular data, party, and circumstance and make that decision available to access control, audit, and other technology for real-time enforcement, retrospective reporting, redress, and risk modeling.

8 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 8 About this Project Sponsor: Department of Homeland Security Modeling Fusion Centers –Information sharing –Privacy rules Creating a prototype Accountable System

9 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 9 Assumptions Web-based –All users and files on internet or intranet Semantic Web –Greater interoperability, reusability, and extensibility Security & Authentication –Enhancement not replacement Enhancing Accountability & Transparency –NOT replacing lawyers

10 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 10 Scenarios Scenario 1 –Massachusetts analyst (Mia) sends Request for Information (RFI) to Department of Homeland Security agent (Feddy). –RFI contains criminal history info about a specific person (RBGuy); regulated by Massachusetts General Law 6-172. RFI re:RBGuy MGL 6-172 Mia Feddy

11 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 11 Transaction Simulator Links to real files - user profiles, the memo, and the relevant policy - that the reasoner will use.

12 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 12 Rule: Mass. General Law § 6-172 (Privacy of Criminal Records) Applies to –Criminal Justice Agencies –Agencies given statutory permission E.g., military recruiting –Agencies determined to be appropriate recipients in the public interest –Requests by the general public

13 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 13 MGL 6-172 MA DHS User Profiles User Docs Policies Mia MGL Ontology RFI Reasoner Feddy RBGuy What the Reasoner Knows

14 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 14 Simple Compliance Answer “Transaction is compliant with Massachusetts General Law, Part I, Title II, Chapter 6, Section 172.”

15 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 15 Detailed Explanation “[Recipient,] Fred Agenti, is a member of a Criminal Justice Agency…”

16 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 16 Accomplishment Reasoner received –Mia’s user profile (27 facts) –Feddy’s user profile (25 facts) –Mia’s document (6 facts) –MGL § 6-172 (35 sub-rules) Produced correct result!

17 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 17 Scenarios Scenario 2 –Baltimore police detective, Maury, does a federated search query across multiple systems; Mia’s memo is responsive. –The Massachusetts system will decide whether Maury can access the document. RFI re:RBGuy MGL 6-172 Maury ?

18 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 18 The rule calls another rule: Comparing definitions MGL § 6-172 –requires recipient be a “Criminal Justice Agency” But, having the label “Criminal Justice Agency” is not sufficient Different jurisdictions have different definitions MGL § 66A-1 (defines “CJA”) – “… an agency at any level of government which performs as its principal function activity relating to (a) the apprehension, prosecution, defense, adjudication, incarceration, or rehabilitation of criminal offenders; or (b) the collection, storage, dissemination, or usage of criminal offender record information.” Maury’s MD user profile –“…exercise the power of arrest”

19 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 19 Cross-Ontology KB MDCCL 12.15.01.03 (Definitions) MGL 6-172 MD MA User Profiles User Docs Policies Mia MGL 66A-1 (Definitions) MGL Ontology RFI Reasoner Maury RBGuy MDCCL Ontology What the Reasoner Knows New input

20 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 20 Cross-ontology Knowledge Base “authorized by law to exercise power of arrest…” is “sameAs” “apprehension”

21 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 21

22 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 22 Determines that Maury’s MD function of “…arrest” meets the MA definition of Criminal Justice Agency

23 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 23 Adding additional fact requirements MGL § 6-172 –Requires that the requestor be a CJA –AND certified by a Board In writing No access until after that certification

24 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 24 Cross-Ontology KB MDCCL 12.15.01.03 (Definitions) MGL 6-172 MD MA User Profiles User Docs Policies Mia MGL 66A-1 (Definitions) MGL Ontology RFI Reasoner Maury RBGuy MDCCL Ontology What the Reasoner Knows New input Org. Admin. Certified List MGL 6-172

25 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 25 Determines that Maury is a member of an organization “which is certified by the board…”

26 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 26 Addressing subjective rules: In the Result In Scenario 1 (Mia to Feddy), the reasoner listed subjective requirements as conditions to the finding of compliance

27 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 27 Result Conditional on Subjective Compliance “additionally requires” that recipient “is performing Criminal Justice Duties” and the “Request…is limited to data necessary for [those] duties”

28 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 28 Next: Pre-processing subjective requirements

29 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 29 Scenarios Scenario 3 –Baltimore detective (Maury) is sending a response to the Massachusetts analyst’s (Mia’s) Request for Information (RFI). –Response contains detailed criminal history info about a specific person (RBGuy); regulated by MD Code of …. Law 12.15.01.11. Maury Response re:RBGuy MDCCL 12.15.01.11 Requests Subjective Assertions Mia

30 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 30 Query for Subjective Assertions

31 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 31 Decision incorporates Subjective Assertions Data is “required in the performance of Mia’s function as a criminal justice agency.” Recipient’s “identity has been verified by” sender.

32 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 32 What if? Applying a different rule Scenario 4 –Maury is cautious. Before giving his information to Mia, he wants to understand what she can do with his information. –Maury compares: Scenario 4a - Maury seeking to share his Response with Florida Dept of Law Enforcement (FDLE) under MD law Scenario 4b - Mia seeking to share Maury’s Response with FDLE under MA law Maury Response re:RBGuy MDCCL 12.15.01.11 Mia Response re:RBGuy MGL 6-172 MDCCL 12.15.01.11 XX

33 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 33 Risk Modeling with a Different Party &/or Policy

34 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 34 Cross-Ontology KB MGL 6-172 MA User Profiles Policies Mia MGL 66A-1 (Definitions) MGL Ontology Reasoner Org. Admin. Certified List MGL 6-172 MDCCL 12.15.01.03 (Definitions) MD User Profiles User Docs Policies Reasoner Maury Responses ToMia MDCCL 12.15.01.11 MDCCL Ontology Cross-Ontology KB FDL E User ProfilesPolicies FDLE FL Ontology What the Reasoner Knows

35 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 35

36 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 36 Testing the policy expression Scenario 5 –Under the MA law, the public can have access to some criminal history info If there was a conviction If the possible sentence was greater than 5 years If the subject is still in jail or on parole Maury’s Response re:RBGuy MGL 6-172 John Q. PublicMia

37 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 37 Testing with “John Q. Public”.

38 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 38

39 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 39 Accomplishment Recognizes that John Q. Public doesn’t meet any of the criteria in paragraph 1. Finds the match in sub-rules from paragraph 7. Reads the tags from the document to match with the requirements –there was a conviction –the possible sentence was greater than 5 years –the subject is still in jail or on parole

40 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 40 Scenarios: Increasing Rule Complexity Scenario 6 –Feddy from DHS wants to respond to Mia. –His response will be regulated by the Privacy Act and its 135 sub-rules (1200 lines of code) Feddy Response re:RBGuy 5 USC 552a Mia

41 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 41 MA User Profiles Policies Mia MGL Ontology Reasoner What the Reasoner Doesn’t Know 5 USC 552a (Privacy Act) DHS User Profiles User Docs Policies Reasoner Responses FeddyToMia Priv Act Ontology Cross-Ontology KB Routine Uses X Other Policies Other Policies Other Policies Other Policies Other Policies Other Policies X There is a Routine Use notice that would permit the sharing The law requires each agency to create 40 other policies

42 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 42 Non-compliant for Many Reasons

43 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 43 Adding to Cross-Ontology Knowledge - Feddy notices something not quite right. - He knows* he can treat Mia as “head of” her agency for this purpose because the head of her organization delegated the record requesting authority to “section chiefs”. - The system will let him add that equivalency to the cross-ontology knowledge base. * DOJ says (http://www.justice.gov/opcl/1974condis.htm):http://www.justice.gov/opcl/1974condis.htm Record-requesting authority may be delegated down to lower-level agency officials when necessary, but not below the "section chief" level. See OMB Guidelines, 40 Fed. Reg. at 28,955; see also 120 Cong. Rec. 36,967 (1974), reprinted in Source Book at 958, available at http://www.loc.gov/rr/frd/Military_Law/pdf/LH_privacy_act-1974.pdf. http://www.loc.gov/rr/frd/Military_Law/pdf/LH_privacy_act-1974.pdf Requestor: Mia Analysa job title section head does not match head ofMia Analysasection headhead of as required by The_Privacy_Act_of_1974_552a_b7.

44 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 44 Knowledge Base Editor Feddy tells his system that “section chief” and “head of” are equivalent in this context by cutting and pasting their link addresses into the blanks.

45 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 45 –Feddy runs his request again (after adding the “same as” information to the cross-ontology knowledge base) Feddy Response re:RBGuy 5 USC 552a Mia Cross-Ontology KB “section chief” same as “head of”

46 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 46 “…compliant with… a Federal Statute The Privacy Act of 1974, 5 U.S.C. 552a (b)(7)a Federal Statute The Privacy Act of 1974, 5 U.S.C. 552a (b)(7)”

47 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 47 Possible Future Scenarios Hand-shake –Recipient is permitted to accept –Sender is permitted to send Applying multiple rules Potentially conflicting rules Recognizing compliant pattern and applying it to large volume transactions

48 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 48 Future Research Scalability –Goal-directed reasoning Transparency –Permanent store for TMS –Aggregate reporting Validation –Policy expression –Results Flexibility –Handling incomplete information –Propagation

49 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 49 Technology Notes

50 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 50 MGL 6-172 MA DHS User Profiles User Docs Policies Mia MGL Ontology RFI Reasoner Feddy RBGuy What the Reasoner Knows: n3 & RDF User profiles adapted from FOAF Memos in pdf with xmp Policies expressed in AIR

51 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 51 User Profile: rdf

52 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 52 User Profile: Tabulator

53 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 53 User Document: pdf

54 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 54 User Document: embedded xmp

55 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 55 Policy: English

56 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 56 Policy: AIR Each policy is represented as rules and patterns in a policy file definitions and classifications in an ontology file.

57 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 57 Policy: Tabulator

58 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 58 Simple Compliance Answer Can use address line commands Running cwm Forward chaining reasoner Written in python

59 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 59 Truth Maintenance System (TMS) Tracks dependencies Retains premises leading to conclusion Retains logical structure of a derivation Permits automatically generated explanations Pressing the “Why?” button reveals each dependency & all associated premises Detailed Justification

60 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 60 “Lawyer Pane” Format is modeled after IRAC Issue, Rule, Analysis, Conclusion First year law school technique for answering hypotheticals Working towards making output easier to read for lawyers, policy analysts, and line of business

61 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 61 Statute Text MGL § 6-172 –http://www.mass.gov/legis/laws/mgl/6/6-172.htmhttp://www.mass.gov/legis/laws/mgl/6/6-172.htm MCCL 12.15.01.11 –http://www.dsd.state.md.us/comar/comarhtml/12/12.15.01.11.htmhttp://www.dsd.state.md.us/comar/comarhtml/12/12.15.01.11.htm 5 USC § 552a (Privacy Act) –http://www.law.cornell.edu/uscode/5/usc_sec_05_00000552---a000-.htmlhttp://www.law.cornell.edu/uscode/5/usc_sec_05_00000552---a000-.html

62 For info, contact: kkw”at”mit.edu K. Krasnow Waterman 62 Our Team Tim Berners-Lee Hal Abelson Gerry Sussman Lalana Kagal K. Krasnow Waterman Bill Cattey Mike Speciner Ian Jacobi Oshani Seneviratne Samuel Wang Jim Hollenbach Mike Rosensweig Rafael Crespo Patrick Vatterott

Download ppt "For info, contact: kkw”at”mit.edu K. Krasnow Waterman 1 Accountable Systems: Fusion Center Prototype Spring 2010."

Similar presentations

Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Confidentiality and HIPAA

Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Local Coordinator Screening and Training Elizabeth Dickerson, Sr. Compliance Officer James Alexander, Program Analyst U.S. Department of State Bureau of.

Local Coordinator Screening and Training Elizabeth Dickerson, Sr. Compliance Officer James Alexander, Program Analyst U.S. Department of State Bureau of.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.

Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
K. Krasnow Waterman LawTechIntersect, LLC Presented to TTI/Vanguard February 20, 2014.

K. Krasnow Waterman LawTechIntersect, LLC Presented to TTI/Vanguard February 20, 2014.
1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)

1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.

Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.
PA/FOIA INTERFACE OSD/JS Privacy Office (703) 696-4689

PA/FOIA INTERFACE OSD/JS Privacy Office (703)
Project COUNTER Trends in Statistical Standards for E- Resource Management March 2005 Oliver Pesch Chief Strategist, E-Resources EBSCO Information Services.

Project COUNTER Trends in Statistical Standards for E- Resource Management March 2005 Oliver Pesch Chief Strategist, E-Resources EBSCO Information Services.
Refunds More Hassle Than They’re Worth Utility Payment Conference.

Refunds More Hassle Than They’re Worth Utility Payment Conference.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
S.R.F.E.R.S. State, Regional, and Federal Enterprise Retrieval System Inter-Agency & Inter-State Integration Using GJXML.

S.R.F.E.R.S. State, Regional, and Federal Enterprise Retrieval System Inter-Agency & Inter-State Integration Using GJXML.
Chapter 9 Describing Process Specifications and Structured Decisions

Chapter 9 Describing Process Specifications and Structured Decisions
© 2004, The Trustees of Indiana University 1 OneStart Workflow Basics Brian McGough, Manager, Systems Integration, UITS Ryan Kirkendall, Lead Developer.

© 2004, The Trustees of Indiana University 1 OneStart Workflow Basics Brian McGough, Manager, Systems Integration, UITS Ryan Kirkendall, Lead Developer.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
1 1 Interoperating: MIT’s Fusion Center Prototype & JHU/APL’s Back End Attribute Exchange (Identity Management Testbed) January 2013.

1 1 Interoperating: MIT’s Fusion Center Prototype & JHU/APL’s Back End Attribute Exchange (Identity Management Testbed) January 2013.

Similar presentations

Ads by Google