Getting Big Things Started

The bigger or should I say the more strategic and widely significant an initiative, the less likely it will ever see the light of day, at least any time soon. So it has occurred to me that a better way to get really important projects off the ground is by starting with “A tightly held conspiracy to do good.”

Had the world recognized the significance of the Internet, it is possible the world would still be debating the standard … to this day.

Great things seem to start in the minds of a few, then come to life rather quickly and in a form that is highly usable. And if this creation also happens to be convenient and economical – you may have a “killer application” on your hands. If you have not heard this term … know that it is a good thing. It does not mean death … quite the opposite!

And while “tightly held conspiracies to do good” may not prove essential in such fields as the development of supersonic aircraft I think it is highly relevant to innovation in the information age.

The Information Sharing Paradox

The big buzz in the field of Information Management in government these days is “Information Sharing.”  Why?  Information sharing is seen as necessary to safeguard our nation from terrorists.  Of course, it is also seen as important to solve other societal challenges ranging from identity theft and fraud detection to avian flu bio-surveillance and better health care.

In thinking about what an effective information sharing system should really look like I have noticed a very seminal paradox that I think will force a shift in the “think”.

The Information Sharing Paradox

If you can’t share everything with everyone and,

you can’t ask everyone every question every day,

then how is someone going to find something?

The missing piece of the puzzle is “discovery.”  If you know who to ask for what, then information can be shared – and shared in a more precise and relevant manner.  This also translates into less risk of data escaping, which makes this model better from a privacy and civil liberties protection point of view.

The card catalog at the library is a pretty good example of discovery.  No one roams the halls to look for a certain book; they go to the card catalog first.  And if some shelf at the library were to receive a book without a corresponding card placed in the card catalog … well I would say that document (book) is basically “undiscoverable.”

Implementing information sharing will require solving discovery first.  And solving for discovery will substantially redefine (and in fact simplify) the information sharing challenges.  Therefore, discoverability is where we should be focusing our policy thinking and resources. 

Let’s start talking about discoverability.

Related post: No Need to Over Share

IEEE Spectrum Story: Vegas 911

Vegas 911 - "A sin city programmer busted some of the biggest swindlers of all time.  Now he's helping the Feds nail terrorists."

This story by David Kushner in the April 2006 edition of IEEE Spectrum is one of the most accurate stories about my work that I have ever seen.  David’s attention to detail and magazine’s fact checking process was unparalleled.

I would have never guessed that my work to help the gaming industry to better understand who they were doing business with – and all those weekly meetings with the principals and investigators behind Griffin Investigations where we developed strategies and tactics to deal with the “MIT team” (as described in Ben Mezrich’s book “Bringing Down the House”) – would have turned out to be so widely known.  I guess at the time I thought this behind-the-scenes and somewhat private story would go untold.

Come to think of it, I may have to add some more color to this story one day.  Like how we closed the gap in the window between “detect and preempt” to minutes – even when dealing with their brand new, never before seen, recruits.  Or, the other highly organized team that was operating at the same time, which seemed even more threatening, that to this day is hardly talked about.  But, I’ll have to check with my old friends from “back in the day” to make sure such fun stories don’t effect any trust half-life curves. 

Stay tuned, I have a few Las Vegas "cops and robbers" stories of my own.

Trust Has a Half-Life

Left unattended, things decay over time, and I would argue this includes trust.  While everyone may already know this, nonetheless this concept just hit me as an epiphany while I was noodling at a recent national security-related think tank.  It suddenly struck me as obvious – that personal information one entrusts to a friend in confidence has a risk of future unanticipated disclosure that increases in relation to the elapsed time over which one has grown apart from this person.

I’ll bet this is true of for everyone.  Have you ever told someone something very personal, someone who you have not spoken to in some great time?  Would you consider this “secret” equally safe as when you first decided to share this confidential tidbit?  Well if it is family, a counselor, someone governed by some legal mechanism, etc. fine – but what about everyone else?  What about long gone co-workers, old roommates or that x-girlfriend?

So, I started thinking about trust in terms of a half-life, in the same way Carbon-14 has a half life.

The government re-investigates certain employees with Top Secret clearances every five years, while other government employees are subjected to polygraph testing every single year.  Your creditors/lenders typically check your credit report every few months to determine if your trustworthiness (responsibility for debt) has changed.  And, many employers require that their employees change their password every 90 days to account for the risk that you may have compromised the security of this secret – all examples that trust decays and evidence that trust must have some half-life.

Different kinds of relationships will have different trust decay cycles.  Immediate family for example, would typically have a longer half-life than a former classmate who has since gone their own way.

Therefore, I contend that virtually all confidential information would be subject to this trust half-life … as over time and with near certainty it will be disclosed to a broader audience than originally intended, of which some contributing factors would include the number of holders of such information and the degree the holder(s) are left unattended.

What does this mean? And what do we do about it?  Well to be quite honest, I am not sure.  Maybe the government’s half-life for big secrets is so short that its five year background re-investigation (i.e., a large “unattended” window) does not provide sufficient trust – which may in turn contributes to the fact that organizations are often challenged to information share and collaborate even amongst themselves.  And if this was true, then perpetual employee vetting (e.g., Perpetual Analytics deployed for continuous backgrounds checks) might change the slope of the half-life curve, which in turn might lead to better teaming and real process improvements.

I welcome your comments, as I would be very curious to hear what, if anything at all, you might make of this.

Handicapped at the 2006 Arizona Ironman

This last Sunday (April 9th) I competed in the Arizona Ironman.  And although the word “competed” sets the wrong impression, I did finish and I was not last.

Being a full time single parent and traveling extensively for my job makes it hard to train for these events.  To this point, last Friday (two days before the race) I did my second training swim of the year – swimming 2.5 miles all at once, making it the single longest swim of my life.  True to good training, I considered this my peak swim and then had a good two days to taper before the actual race.  Real athletes peak and then begin tapering weeks before the race – not me as I just pretend to be an athlete.  At this race, I did finish the swim in my best time ever, swimming the 2.4 miles in about 1:24.

The 112 miles on the bike took longer than planned (6 hours, 41 minutes) in part because the mid-day wind picked which affected the last half of the ride.

Then after just over eight hours of swimming and biking, I started the 26.2 mile run – a brutal experience considering the heat and the fact that my legs were pretty much destroyed from the hard work on the bike – and finished it in 6 hours, 3 minutes.

Oh … about the bike … I was certainly handicapped.  Trust me, I was the only one to attempt this event on this kind of bike.  Yes, that would be a full suspension mountain bike with knobby tires.

All things considered, I felt pretty good right after this 14 hour and 23 minute effort, and decided I would certainly never do that again on a mountain bike.  Although after a few nights of sleep, I’m already thinking that doing the Ironman with a mountain bike again would be a good idea – obviously I must still be dehydrated!

My Testimony Before The DHS Data Privacy and Integrity Advisory Committee

On Tuesday, December 6th, 2005 I testified before the DHS Data Privacy and Integrity Advisory Committee.  The testimony transcripts were recently posted on the DHS web site.

Transcript Here

In my testimony (which starts on the bottom of page 36) I had to pick just a few key points, so I chose to focus on these four things:

1. The use of directory-based information sharing to enable discovery while limiting information leakage (related post No Need to Overshare);
2. The use of anonymization for enhanced privacy protection (related post Advanced Analytics in the Anonymized Data Space);
3. The importance of Immutable Audit Logs which calls for tamper resistant logs (related post IAL’s); and
4. The limited role of data mining to predict terrorist intent (related post on Data Mining, Predicate Triage and NSA Domestic Surveillance).

With respect to this last point, I was also on the record saying “one in a million things happen millions of times a day.”  This speaks to the notion that statistical anomalies are so prevalent they are uninteresting in and of themselves.  To highlight this, imagine on any given day how many people around the world say “what are the odds of that?”