CSCE 201 Open Source Information Privacy

CSCE Farkas2 Reading List Recommended reading: – Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisitions, and Operations, m m – The Economic Espionage Act, /eea.html /eea.html

CSCE Farkas3 Open Source Unclassified information in the public domain or available from commercial services Example: newspapers, magazines, scientific publications, television and radio broadcasting, databases, etc.

CSCE Farkas4 Open Source Intelligence Intelligence operation that uses open source data Goal: answer specific question in support of some mission Process: – Requirement analysis – Data collection/filtering/analysis – Information integration Intelligence about

CSCE Farkas5 Open Source Intelligence Generally legal (uses readily available information) Attacker gains access to protected information, e.g., – Business trade secrets – Military strategy, – Personal information Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data

CSCE Farkas6 Open Source Intelligence Widely used (e.g., Department of Defense) Cheap, fast, or timely Most often legal Advantages: no risk for collector, provides context, mode of information acquisition, cover for data discovery by secret operations Disadvantages: may not discover important information, assurance of discovery(?)

CSCE Farkas7 Online Open Source Intelligence Large amount of public data online – Web pages, online databases, digital collections, organizations on line, government offices, etc. Freedom and Information Act (FOIA): industry data U.S. Patent Office: copies of U.S. patents Trade shows, public records, etc.

CSCE Farkas8 Privacy Use open source to find out confidential data about people Find confidential data about people while they browse through open source (e.g., Web searches)

CSCE Farkas9 Online Investigative Tools Find out confidential data for small fee – Net Detective ( – Dig Dirt ( ) Privacy Tools ( )

CSCE Farkas10 Legislations Privacy Act of 1974, U.S. Department of Justice ( ) Family Educational Rights and Privacy Act (FERPA), U.S. Department of Education, ( ) Health Insurance Portability and Accountability Act of 1996 (HIPAA), ( _Accountability_Act ) _Accountability_Act Telecommunications Consumer Privacy Act ( privacy-act ) privacy-act

CSCE Farkas11 Privacy Violations Snooping via Open Sources Online activities – Questionnaires – Customers’ data – Web site data collection (Cookies, IP address, operating system, browser, requested page, time of request, etc.) – without user’s permission

CSCE Farkas12 Other Open Source Attacks Piracy – Available in open source, but still protected by copyright, patent, trademark, etc. Copyright Infringement – Acquisition of protected work without the owner’s permission and sold for a fee – Human perception: not serious crime – Significant loss for marketing/manufacturing/owner – Berman Bill ( html ) html – Copyright Law of the United States ( )

CSCE Farkas13 What is Intelligence? Information Activities Organization

CSCE Farkas14Information “…relevant to a government’s formulation and implementation of policy to further its national security interests and to deal with threats from actual or potential adversaries.” (Silent Warfare) Examples: – Military matters of foreign nations – Diplomatic activities and intentions of foreign nations – Intelligence activities of foreign nations Other party may or may not want to keep it secret Raw data and analyses and assessments based on raw data

CSCE Farkas15 Activity Activities: – Collection and analysis on intelligence information – Counterintelligence Collection: wide range (e.g., wiretapping, broadcasts, newspapers, research publications, aerial photography, espionage, etc.) Analysis: quality of data, correctness of analysis, timeliness, etc.

CSCE Farkas16 Organization Secrecy! Secret activities -- Covert actions – Same organization vs. two organizations Central Intelligence Agency

CSCE Farkas17 Scope of Intelligence Government -- national security –Range from peace time to war time intelligence –Type of government Domestic Intelligence -- depends on nature of regime Business corporations – competitive advantage Economics and Intelligence –Government-run economy –Economic well-being of nation Non-traditions Intelligence –Environmental issues

CSCE Farkas18 Intelligence and Law Enforcement Transnational threats: –Do not originate primarily from a foreign government –Serious threats for nation’s well-being –Fall within law enforcement rather than intelligence –Examples: narcotics trafficking, international terrorism Law enforcement: waiting until a crime has been committed Intelligence: collection of convincing evidence Criminal investigation vs. criminal intelligence investigation –Punishment of a given criminal act or struggle with an organization engaged in criminal activity

CSCE Farkas19 Intelligence – Information Age Advent of information age Change the mode of operations for business corporations and government Technology: communicating and processing information Behavioral and institutional change: information as the key of organizational activities Intelligent Services vs. competing organizations

CSCE Farkas20 Intelligence and Information Age Globalization – Flow of information across borders – International trade – Division of labor – Increased travel – Increased penetration by news media

CSCE Farkas21 Open Source Collection Goal oriented Publications and broadcast Additional information available from non- intelligence sources Special sources (e.g., speeches of political leaders, legal documents, demographic data, etc. ) Large amount of openly available data  Need processing power

CSCE Farkas22 Problem of Increased Availability How to locate sources How to evaluate source reliability How to analyze information and integrate with other intelligence information How to protect confidentiality of policy maker’s interest