Bryan Cunningham and I spoke before the Council on Foreign Relations on May 19, 2006 in Washington DC at a session entitled, "The Digital Spy: How Technology is Changing the Intelligence Community." This session was moderated by Daniel Prieto, Director and Senior Fellow, Homeland Security Center, the Reform Institute.
Here is a link to the transcript.
Bryan is a fellow member of the Markle Foundation’s Task Force on National Security in the Information Age, was Deputy Legal Adviser to the National Security Council, and a senior CIA officer and federal prosecutor, and now a nationally know information security and privacy lawyer. He is one smart dude on the subject of law, information security, policy, and technology. Here are some of the topics he addressed:
- Rethinking the US Person rules as related to foreign intelligence collection
- Predicate-based link analysis over data mining
- Monitoring and addressing terrorist propaganda operations
- Legal and operational aspects of NSA’s reported use of phone toll records
- Why analytics on anonymized data is a "huge, revolutionary idea"
- The Supreme Court case establishing that Americans DO NOT have any legitimate expectation of privacy in phone call routing or toll records
- What might it mean in terms of privacy if computers do the analysis over humans
- The importance of immutable audit logs
- The privacy and civil liberty ramifications of looking at data purely on pattern-based analysis
Bryan has a lot of thoughtful things to say … for more about Bryan check out his website.
I covered such topics as:
- Importance of discovery to solve the Information Sharing Paradox
- Anonymized directories for enhanced privacy protections
- Difficulty in predicting terrorist intent from predicate-less data mining
- Using anonymization to address the government’s cross-compartment exploitation challenges
- The Cali drug cartels’ use of link analysis for their counter-intelligence mission
- Why it might be more efficient to anonymize not only US Persons data but also the non-US Persons data for certain applications
- Avoiding consumer surprise
- What is meant by my use of the term "anonymization" and why, despite various known cryptographic attacks (which can be blunted), this is, in many cases, a better solution than sharing data in clear text
- Technology is going to take us to a place where data will find data and relevance finds the user, and distinctions between data and queries will blur