Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Information Sharing in the War on Terror Peter P. Swire Ohio State University Villanova Law Review Conference in Villanova Law Review Conference.

Published byJennifer Casey Modified over 10 years ago

Similar presentations

Presentation on theme: "Privacy and Information Sharing in the War on Terror Peter P. Swire Ohio State University Villanova Law Review Conference in Villanova Law Review Conference."— Presentation transcript:

1 Privacy and Information Sharing in the War on Terror Peter P. Swire Ohio State University Villanova Law Review Conference in Villanova Law Review Conference in Memory of Richard Turkington Memory of Richard Turkington October 29, 2005

2 Overview My background in privacy My background in privacy The lack of information sharing as a cause of 9/11 attacks The lack of information sharing as a cause of 9/11 attacks The Bush Doctrine of information sharing The Bush Doctrine of information sharing A due diligence checklist for when proposed information sharing makes sense A due diligence checklist for when proposed information sharing makes sense

3 Chief Counselor for Privacy U.S. Office of Management & Budget, 1999-early 2001 U.S. Office of Management & Budget, 1999-early 2001 Trying to build privacy in for policies/laws Trying to build privacy in for policies/laws HIPAA: medical privacy HIPAA: medical privacy Gramm-Leach: financial privacy Gramm-Leach: financial privacy FTC enforcement of privacy promises FTC enforcement of privacy promises Especially for the InternetEspecially for the Internet Safe Harbor with Europe Safe Harbor with Europe Federal agency web policies & privacy impact assessments Federal agency web policies & privacy impact assessments Chaired WH Working Group on how to update surveillance law for the Internet age Chaired WH Working Group on how to update surveillance law for the Internet age

4 My Normative Baseline My own views are roughly those reflected by the Clinton Administration during that period My own views are roughly those reflected by the Clinton Administration during that period Achieve progress in building privacy into public and private systems Achieve progress in building privacy into public and private systems Fair information practices as the baseline Fair information practices as the baseline Be realistic about how laws are actually implemented in practice, avoiding over- and under-regulation Be realistic about how laws are actually implemented in practice, avoiding over- and under-regulation

5 Information Sharing The failure of intelligence to prevent the 9/11 attacks The failure of intelligence to prevent the 9/11 attacks Belief that did not have enough information sharing Belief that did not have enough information sharing Between FBI and CIA Between FBI and CIA Between federal and first responders Between federal and first responders Among all the good guys to get the bad guys Among all the good guys to get the bad guys

6 Encouraging Information Sharing Several Executive Orders to encourage it Several Executive Orders to encourage it Intelligence Reform Act of 2004 & National Director of Intelligence Intelligence Reform Act of 2004 & National Director of Intelligence Markle Task Force on National Security in the Information Age Markle Task Force on National Security in the Information Age Intellectual rationale for information sharing Intellectual rationale for information sharing Says privacy, data security, and civil liberties should be built in as well Says privacy, data security, and civil liberties should be built in as well

7 The Bush Doctrine of Information Sharing Disclaimer – I often critique the Bush Administration on privacy & information sharing Disclaimer – I often critique the Bush Administration on privacy & information sharing First explain the logic of the position First explain the logic of the position Axiom 1: The threat has changed Axiom 1: The threat has changed Was threat of Soviet tank or missile attack Was threat of Soviet tank or missile attack Now is asymmetric threat – a few individuals with boxcutters or home-made explosives Now is asymmetric threat – a few individuals with boxcutters or home-made explosives

8 Bush Doctrine Axiom 2: The threat is significant Axiom 2: The threat is significant The intellectual importance of WMDs The intellectual importance of WMDs One nuke can ruin your whole day One nuke can ruin your whole day Measures that are not justified by small attacks may be justified for asymmetric, large attacks Measures that are not justified by small attacks may be justified for asymmetric, large attacks

9 Bush Doctrine Axiom 3: Progress in IT dwarfs progress in defensive physical security Axiom 3: Progress in IT dwarfs progress in defensive physical security Price of sensors, storage, and sharing down sharply Price of sensors, storage, and sharing down sharply Useful knowledge & patterns extracted from data Useful knowledge & patterns extracted from data The efficient mix of security measures has a large & ongoing shift to information-intensive strategies The efficient mix of security measures has a large & ongoing shift to information-intensive strategies

10 Bush Doctrine (1) The threat has changed (1) The threat has changed (2) The threat is significant (2) The threat is significant (3) Progress in IT shifts the best response (3) Progress in IT shifts the best response For privacy advocates, which of these assertions seems incorrect? For privacy advocates, which of these assertions seems incorrect? There is a powerful logic to this approach There is a powerful logic to this approach Now we turn to possible responses Now we turn to possible responses

11 Has the Threat Changed? Yes. Yes. Conventional threat, typified by satellite reconnaisance of military targets, is clearly less than before 1989 Conventional threat, typified by satellite reconnaisance of military targets, is clearly less than before 1989 Enemy mobilization was often graduated and visible (levels of military alert) Enemy mobilization was often graduated and visible (levels of military alert) Current threats from asymmetric attacks Current threats from asymmetric attacks No visibility of imminent attacks unless get information about the individual attackers No visibility of imminent attacks unless get information about the individual attackers

12 How Significant is the Threat? This topic is controversial This topic is controversial Even timely, given indictments yesterday Even timely, given indictments yesterday I address this in 2004 article on foreign intelligence & surveillance I address this in 2004 article on foreign intelligence & surveillance No WMDs in Iraq No WMDs in Iraq Nation states as havens likely much more dangerous than isolated individuals Nation states as havens likely much more dangerous than isolated individuals Exception in my view – nuclear proliferation Exception in my view – nuclear proliferation

13 Significance of the Threat Within the U.S., has been extremely difficult politically to question the threat Within the U.S., has been extremely difficult politically to question the threat Republicans have been loyal to Pres. Bush Republicans have been loyal to Pres. Bush Democrats cant appear weak Democrats cant appear weak Within U.S., privacy and civil liberties advocates question the threat but have not been likely to succeed much Within U.S., privacy and civil liberties advocates question the threat but have not been likely to succeed much The debate since 9/11 has been what to do assuming a large threat: The War on Terrorism The debate since 9/11 has been what to do assuming a large threat: The War on Terrorism

14 Due Diligence List for Whether Shift to Information Sharing is Efficient Here is the battleground for each proposal Here is the battleground for each proposal (1) Ends/means rationality – does the proposed surveillance actually improve security? (1) Ends/means rationality – does the proposed surveillance actually improve security? Does security measure work? Cost effectively? Does security measure work? Cost effectively? E.g., carry-ons over-broad (nail cutters) and under-broad (ingenious attackers can attack) E.g., carry-ons over-broad (nail cutters) and under-broad (ingenious attackers can attack) E.g., data mining may create so many false positives that the noise swamps the signal E.g., data mining may create so many false positives that the noise swamps the signal

15 Due Diligence List (2) Security experts concern about information sharing: (2) Security experts concern about information sharing: Imagine you are GC for the CIA Imagine you are GC for the CIA Will sharing compromise our sources and methods? Will sharing compromise our sources and methods? When should we abandon need to know? When should we abandon need to know? How often will bad guys infiltrate the information sharing that is intended to inform only the good guys? How often will bad guys infiltrate the information sharing that is intended to inform only the good guys?

16 Due Diligence List (3) Security theater & Bruce Schneier (3) Security theater & Bruce Schneier Perceive, and critique, measures that are taken for the sake of doing something Perceive, and critique, measures that are taken for the sake of doing something E.g., show ID to get into office buildings; this is worthless in a world of pervasive fake IDs E.g., show ID to get into office buildings; this is worthless in a world of pervasive fake IDs Important to have credible and effective technical critiques of proposed surveillance Important to have credible and effective technical critiques of proposed surveillance U.S. State Dept. RFIDs on passports as terrorist beacons readable at 10 metersU.S. State Dept. RFIDs on passports as terrorist beacons readable at 10 meters

17 Due Diligence List (4) Point out unprecedented nature of proposed surveillance – a Burkean, conservative point (4) Point out unprecedented nature of proposed surveillance – a Burkean, conservative point E.g., library records and chilling the right to read E.g., library records and chilling the right to read Gag rule on foreign intelligence orders to get library and other databases Gag rule on foreign intelligence orders to get library and other databases Some greater due process in Patriot Act revisionsSome greater due process in Patriot Act revisions E.g., national ID cards and build coalition of libertarians on left and right E.g., national ID cards and build coalition of libertarians on left and right

18 Due Diligence List (5) Invoke historical abuses & ask for checks and balances (5) Invoke historical abuses & ask for checks and balances Prevention was tried by Hoover & the FBI Prevention was tried by Hoover & the FBI The theory of just a bit more data The theory of just a bit more data Prevention led, over time, to vast expansion of surveillance but little proven prevention Prevention led, over time, to vast expansion of surveillance but little proven prevention Political and other abuses from that expansion Political and other abuses from that expansion Therefore, oversight and limits on new surveillance because human nature hasnt changed Therefore, oversight and limits on new surveillance because human nature hasnt changed

19 Due Diligence List (6) Fairness, discrimination, and effectiveness (6) Fairness, discrimination, and effectiveness If single out groups, such as young Arab males, then that can backfire If single out groups, such as young Arab males, then that can backfire Is unfair, and perceived as unfair by many Is unfair, and perceived as unfair by many Risk of creating resentment by communities who cooperation is needed – better to build bridges to communities than to treat everyone as a suspect Risk of creating resentment by communities who cooperation is needed – better to build bridges to communities than to treat everyone as a suspect

20 Due Diligence List (7) Show how proposed measures make the problem worse (7) Show how proposed measures make the problem worse E.g., trusted traveler programs will give greater powers for harm to the terrorists who get the credential E.g., trusted traveler programs will give greater powers for harm to the terrorists who get the credential E.g., racial profiling that undermines assistance from the well-informed E.g., racial profiling that undermines assistance from the well-informed

21 Due Diligence List (8) International reaction to U.S. measures (8) International reaction to U.S. measures E.U. & other countries are more regulatory on many privacy issues E.U. & other countries are more regulatory on many privacy issues Not politically popular in U.S. to do it just because, say, the French want it Not politically popular in U.S. to do it just because, say, the French want it Having allies, though, is actually a good thing Having allies, though, is actually a good thing Concerns from outside the U.S. may require a more fully developed policy process within U.S. Concerns from outside the U.S. may require a more fully developed policy process within U.S.

22 Conclusion: Summary on Bush Doctrine Significant moral & political logic to: Significant moral & political logic to: New threat New threat The threat is large The threat is large IT and information sharing will help IT and information sharing will help More IT and information sharing is often a logical response to changing conditions More IT and information sharing is often a logical response to changing conditions

23 The Due Diligence List Issues to consider include: Issues to consider include: Does proposal work? Cost-effectively? Does proposal work? Cost-effectively? Risk to sources & methods and other security Risk to sources & methods and other security It may be security theater It may be security theater Unprecedented surveillance and not needed Unprecedented surveillance and not needed Historical abuses show need for checks Historical abuses show need for checks Fairness and non-discrimination Fairness and non-discrimination Proposed measures may make the problem worse Proposed measures may make the problem worse International ramifications International ramifications

24 What Have We Learned? Description: the types of arguments used in information sharing debates Description: the types of arguments used in information sharing debates Prescription: Prescription: Do the due diligence Do the due diligence Empirical assessment of each item on the list Empirical assessment of each item on the list Institutions to screen proposals for sharing Institutions to screen proposals for sharing Institutions for oversight of the programs that go forward Institutions for oversight of the programs that go forward In that way, use new IT if, but only if, that actually makes sense In that way, use new IT if, but only if, that actually makes sense

25 Contact Information Professor Peter P. Swire Professor Peter P. Swire Phone: (240) 994-4142 Phone: (240) 994-4142 Email: peter@peterswire.net Email: peter@peterswire.netpeter@peterswire.net Web: www.peterswire.net Web: www.peterswire.netwww.peterswire.net

Download ppt "Privacy and Information Sharing in the War on Terror Peter P. Swire Ohio State University Villanova Law Review Conference in Villanova Law Review Conference."

Similar presentations

Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,

Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,
Telecom, Privacy & Security After September 11 Professor Peter P. Swire Ohio State University Ohio Telecommunications Industry Association October 2, 2001.

Telecom, Privacy & Security After September 11 Professor Peter P. Swire Ohio State University Ohio Telecommunications Industry Association October 2, 2001.
The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.

The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.
Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.

Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.
America Faces the World On Privacy: Four Years After 9/11 Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Keynote: Edinburgh.

America Faces the World On Privacy: Four Years After 9/11 Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Keynote: Edinburgh.
Privacy and National Security After September 11 Professor Peter P. Swire Ohio State University FLICC 2002 Forum Library of Congress March 19, 2002.

Privacy and National Security After September 11 Professor Peter P. Swire Ohio State University FLICC 2002 Forum Library of Congress March 19, 2002.
The Chief Privacy Officer for the U.S. Government Professor Peter P. Swire Ohio State University Visiting, George Washington University Privacy Officers.

The Chief Privacy Officer for the U.S. Government Professor Peter P. Swire Ohio State University Visiting, George Washington University Privacy Officers.
Security and Privacy After September 11 Professor Peter P. Swire Ohio State Law School Consultant, Morrison & Foerster Privacy & Data Security Summit.

"Security and Privacy After September 11 Professor Peter P. Swire Ohio State Law School Consultant, Morrison & Foerster Privacy & Data Security Summit.
Reflections on the White House Privacy Office Peter P. Swire U.S. Chief Counselor for Privacy, 1999- 2001 OSU College of Law, 2001-present CFP, March 8,

Reflections on the White House Privacy Office Peter P. Swire U.S. Chief Counselor for Privacy, OSU College of Law, 2001-present CFP, March 8,
Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.

Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.
The Sunset of the Patriot Act Professor Peter P. Swire Moritz College of Law Ohio State University Winter College February 19, 2005.

The Sunset of the Patriot Act Professor Peter P. Swire Moritz College of Law Ohio State University Winter College February 19, 2005.
Security and Privacy After September 11: The Healthcare Example Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP April.

"Security and Privacy After September 11: The Healthcare Example Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP April.
HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
Gag Rules and Information Flows: Or, How to Do Secret Surveillance in an Open Society Peter P. Swire Ohio State University Modest Proposals Conference.

Gag Rules and Information Flows: Or, How to Do Secret Surveillance in an Open Society Peter P. Swire Ohio State University Modest Proposals Conference.
Embedding Privacy in Federal Information Systems Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.

"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.
Elephants and Mice Revisited: Law and Choice of Law on the Internet Professor Peter P. Swire Moritz College of Law Ohio State University Penn Law Review.

Elephants and Mice Revisited: Law and Choice of Law on the Internet Professor Peter P. Swire Moritz College of Law Ohio State University Penn Law Review.
Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.
Sharing of Medical Records Pursuant to an Authorization Professor Peter P. Swire Moritz College of Law, Ohio St. Univ. Consultant, Morrison & Foerster,

Sharing of Medical Records Pursuant to an Authorization Professor Peter P. Swire Moritz College of Law, Ohio St. Univ. Consultant, Morrison & Foerster,
Privacy in America: Your Role as Guardians of the Publics Data Professor Peter P. Swire Moritz College of Law The Ohio State University Ohio Digital Government.

Privacy in America: Your Role as Guardians of the Publics Data Professor Peter P. Swire Moritz College of Law The Ohio State University Ohio Digital Government.
Privacy and the Use of Cost/Benefit Analysis Professor Peter Swire Ohio State University FTC Workshop on Information Flows June 18, 2003.

Privacy and the Use of Cost/Benefit Analysis Professor Peter Swire Ohio State University FTC Workshop on Information Flows June 18, 2003.

Similar presentations

Ads by Google