Information Security Management - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Information Security Management

Description:

DARPA funds 'high risk/high reward' research for the DoD and Intelligence ... 21, 2002, former Nixon speech writer William Safire writes an Op-Ed piece about ... – PowerPoint PPT presentation

Number of Views:13
Avg rating:3.0/5.0
Slides: 10
Provided by: isis1
Category:

less

Transcript and Presenter's Notes

Title: Information Security Management


1
Information Security Management
  • The Implicit Need for
  • Privacy Requirements
  • or
  • How Ignoring Privacy
  • Can Kill Your Program

2
Background
  • DARPA funds high risk/high reward research for
    the DoD and Intelligence Community (IC)
  • Basic and applied research, but always with the
    DoD/IC application in mind may be classified
  • Look for 2 order of magnitude improvement in
    something
  • Examples of major successes
  • Arpanet became the prototype for the Internet
  • The mouse
  • Aircraft stealth technology
  • High performance computing (Thinking Machines,
    TERA)
  • Decision Support Systems

3
Total Information Awareness (TIA)
  • Goal tools to generate and connect the dots
  • A suite of programs including
  • Language transcription, translation,
    interpretation, metadata creation, gisting
  • Human ID at a distance
  • Collaborative analysis tools for teams of diverse
    experts with supporting, interactive search and
    data analysis
  • Data mining and link analysis mining, graphical
    representation, relationship extraction, link
    discovery, pattern learning (GENOA project)

4
Data mining and link analysis
  • The project calls for the development of
    "revolutionary technology for ultra-large
    all-source information repositories, which would
    contain information from multiple sources to
    create a "virtual, centralized, grand database."
    This database would be populated by transaction
    data contained in current databases such as
    financial records, medical records, communication
    records, and travel records as well as new
    sources of information. Also fed into the
    database would be intelligence data.
  • ---Electronic Privacy Information Center
    (www.EPIC.org)

5
Timeline Getting Started
  • Announced in March 2002 in a Broad Area
    Announcement
  • Several components already under development in
    earlier DARPA programs.
  • New contracts awarded in Spring 2002.
  • Project described to the public at DARPATECH in
    summer 2002 by Program Director John Poindexter.
  • Investigating Privacy Technology
  • No further description of privacy approach in the
    talk or on the DARPA web site.

6
Timeline The Controversy
  • Nov 9, 2002, questions of privacy in TIA are
    raised in the press
  • If deployed, civil libertarians argue, the
    computer system would rapidly bring a
    surveillance state. They assert that potential
    terrorists would soon learn how to avoid
    detection in any case. (NY Times)
  • Nov 21, 2002, former Nixon speech writer William
    Safire writes an Op-Ed piece about TIA with the
    title You Are a Suspect
  • Nov-Dec 2002 more questions raised in congress,
    the press.
  • Defensive comments from DARPA, Rumsfeld, etc.,
    but no discussion of how to enforce privacy.
  • Description of TIA, program managers
    names/contact information removed from public
    DARPA web site

7
Timeline Response Spring 2002
  • Jan, 2002 DARPA signs contract with PARC
    (formerly Xerox PARC) to look into privacy
    technology.
  • US congress votes to limit TIA funding pending a
    report to congress on what they are doing and how
    privacy would be preserved.
  • DARPA changes program name to Terrorist
    Information Awareness, and claims they will only
    use data about non-US citizens
  • Tony Tether, head of DARPA, presents report
    defending TIA privacy to congress.
  • General Accounting Office report questions
    privacy in TIA.
  • Congress cuts all funding for TIA.

8
The TIA Privacy Concern
  • Virtual database of information from numerous
    government (unclassified and classified),
    corporate, and public databases
  • Data objects may contain identifying information
    about individuals, organizations, etc. (entities)
  • Analysts and bots need to search database for
    interesting links
  • Many analysts and others in law enforcement need
    to search database for information about specific
    entities
  • Entity identity may be protected by complex law
    and policy rules until there is a strong
    indication of improper actions
  • Privacy rules may vary based on the source of the
    data (foreign, domestic), the entity (US
    citizen), and the type of data
  • Protection is needed against both internal abuses
    and external threats

9
Is TIA dead?
  • Some states use MATRIX, a commercial product
    using commercially available data
  • Many who signed up originally have dropped out
    due to privacy concerns, including NY (liberal)
    and Utah (very conservative)
  • CIA and FBI use NORA (Non Obvious Relationship
    Analysis), originally developed for use by Las
    Vegas casinos to identify gamblers with potential
    mob connections. An annonymizing version, ANNA,
    is being developed. Issue what data are they
    using?
  • Much of the data used by TIA is in commercial
    databases, available for use for a fee.
    ChoicePoint (among others) sells a service to
    aggregate information about an individual for a
    fee.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Security Management" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!