Mobilizing Information to Prevent Terrorism – Accelerating Development of a Trusted Information Sharing Environment

Today, July 13, 2006 the Markle Foundation Task Force released its third and final report.

Press release available here.

Full report available here.

It has been an absolute honor to be called upon by the Markle Foundation to serve on this task force. Zoë Baird and James Barksdale were co-chairmen. And the members included Robert D. Atkinson, Rand Beers, Eric Benhamou, Jerry Berman, Robert M. Bryant, Ashton B. Carter, Wesley Clark, William P. Crowell, Bryan Cunningham, Jim Dempsey, Mary DeRosa, Sidney D. Drell, Esther Dyson, Amitai Etzioni, David J. Farber, Richard Falkenrath, John Gage, John Gordon, Slade Gorton, Morton H. Halperin, Margaret A. Hamburg, John J. Hamre, Eric H. Holder, Jr., Jeff Jonas, Arnold Kanter, Tara Lemmey, Gilman Louie, John O. Marsh, Jr., Judith A. Miller, James H. Morris, Craig Mundie, Jeffrey H. Smith, Abraham D. Sofaer, James B. Steinberg, Kim Taipale, Rick White and Richard Wilhelm.

Needless to say I met some amazing people and learned a great deal along this journey.

In today’s public release I was asked to speak for the Task Force about the technology related recommendations. If you are interested in my opening statements, here is my transcript:

"A number of technologies are available that can be used to better connect the right people with the right information and at the same time these technologies can help enforce policy and enhance public trust.

In this report the Markle Task Force has highlighted technologies that will improve information sharing and enhance security, while facilitating greater accountability and higher levels of privacy protections.

While the report is not intended to be an exhaustive discussion of specific technology or ongoing research, it does provide an overview of certain technologies and approaches that have particular applicability to implementing a trusted information sharing environment.

For example, (on page 59) we call for the use of electronic directory services to enable organizations to locate relevant content in the enterprise; much in the same way one uses the card catalog at the library, as opposed to roaming the halls to find the book.

The Task Force has never called for the wholesale transfer of data between systems or agencies; rather, we have called for leaving the data with the original holder. The electronic directory services approach enables information to be discovered while avoiding large party-to-party data dumps.

This approach simply enables users to discover who has information specifically relevant to their case. Holders of the information can then grant access, based on policy, to each information request. This approach to discoverability delivers on the "need to share" goal by first answering the question "share what with who?"

Further (On page 63,) we encourage the use of data anonymization before transfer between systems wherever possible. While this reduces the risk of unintended disclosure of any transferred information being later stolen and repurposed, it also enhances overall privacy, as personally identifiable information is no longer being exchanged in a human readable form.

Notable, we prefer anonymization over encryption (when possible), the difference being encrypted data can be decrypted, whereas anonymized data can only be practically unlocked by requesting the human readable record from the original data holder. Again, information transfer is minimized.

(On page 70,) The Task Force also calls for the use of Immutable Audit Logs. This type of technology is intended to permanently record, in a tamper resistant manner, how users have used a system. Even corrupt database administrators cannot alter history.

Immutable logs can increase security, build trust among users, measure compliance with policies and guidelines, and improve transparency and the ability to conduct oversight by appropriate stakeholders. This concept is more fully spelled out in a free stranding paper published by the Task Force and available on the Markle web site [here].

Today’s report also calls attention to other technology that will be useful to improve collaboration, security and trust.

(Between pages 57 and 71,) We cover standards for greater interoperability, improved analyst tools to organize, visualize and make better sense of the information at hand, subscription-based processes that enable users to be alerted when something becomes relevant (e.g., a watch listed party they are preparing to investigate is later removed from the watch list).

Equally important, we cover information rights management – technology that enables the owner of data to control what a recipient can do with the data, much in the same way a PDF can be created without enabling the recipient to print it.

Improved collaboration tools are discussed as these are seen as essential to improving communication between specific individuals working on specific problems.

Strong user authentication and encrypting data both in transit and at rest are suggested as well.

And last but not least, we encourage the use of automated tools to detect users of the information sharing environment who are using the system in a manner inconsistent with policy.

We have repeatedly stressed in our reports that technologies and polices must be developed together. By designing systems and employing technologies with features that support and enforce policy, information sharing environment designers can help foster trust that automated systems and their users are conforming to governing laws, rules, and guidelines.

All this being said, the Task Force recognizes that technology, alone, cannot ensure that the information sharing environment is effective, secure or protective of privacy and civil liberties."

Intelligent Organizations – Assembling Context and The Proof is in the Chimp!

I don’t think we can criticize organizations for assembling what they know on one hand … and then criticize them on the other hand for being incompetent and irresponsible.

Organizations are presented with countless observations. And it is their ability to integrate these observations into meaningful context that makes them right or wrong, smart or dumb and competitive or dead.

In case it is not obvious from my blog, a chunk of my work is dedicated to creating technology that can assemble context based on real-time observations for improved enterprise awareness and discovery. With this in mind, check out this advertisement poster (a must see) for London’s Natural History Museum. Basically, my thinking goes:

If .6% makes this much difference, no wonder existing systems are not that intelligent!

There can be no organizational intelligence, situational awareness or whatever one would like to call it, if an organization does not assemble its own observations into context and then use this context for decision making.

If parents were unable to assemble and contextualize their children’s school schedule with their soccer schedule and vacation schedule, they would be dysfunctional -- and possibly criminally negligent (e.g., if they kept losing their kids). Parents put these observations, and countless others, into context so that they can make the best possible decisions.

While more observations produce greater potential intelligence, more contextualized observations produce greater actual intelligence.

This being the case, I think most organizations have a significant gap between potential and actual intelligence because their enterprise observations are unassembled. Their observations are isolated across numerous operational systems – aka "islands of excellence." No wonder organizations make dumb decisions like recruiting people they have previously fired, marketing to people they have arrested, and lowering customer confidence and loyalty when, for example, a casino extends a free buffet coupon to the wife of their biggest high roller.

Organizations must be permitted to assemble their observations if we expect them to be smart, efficient and survive. And emerging technologies like Perpetual Analytics are going to radically improve an organization’s ability to assemble observations into context for improved awareness and intelligence.

So we should ask ourselves what observations (transactions) will we permit an organization to observe, receive and store? And, how smart is too smart? Also, who do we trust with such "smarts"?

There will also be important policy decisions about what supplemental facts will we permit organizations to request on an as-needed basis from secondary organizations for improved context, intelligence and decision making. For example, when and to what extent should a government agency be able to request public records information from a data aggregator?

There are many other policy questions that belong in this debate. Under what conditions should an organization be denied the ability to assemble its own observations? Or denied the ability to request secondary reference data? And since there are policies permitting the construction of knowledge, when must one’s observations be destroyed (i.e., forced forgetfulness). And what if an observation is wrong or has been maliciously fabricated?

We are going to need an army of technologists working on Responsible Innovation.

Surviving the 2006 France Ironman and How Intelligent are Chimpanzees?

I did the Nice France Ironman on Sunday, June 25th, 2006.  It took me 14 hours and 15 minutes.

Apparently my two training swims in the preceeding four months really made a big difference. I improved my 2.4 mile swim time by over ten minutes from my best Ironman swim, completing it in something like one hour and ten minutes.

The 112 mile bike course was unbelievable hilly and some sections reminded me of lines at Disneyland. While it appears the ride starts around the next corner, one eventually discovers another twisting trail leading to another faux start. On this bike ride the "tops" of the hills were always just beyond the next visible stretch. While I whimpered up the biggest hill, I decided to name the endless climb the "will killer."

The 26.2 mile marathon took me about six hours. My stomach had become upset from the unfamiliar energy drinks I found on the course … duh. As a consequence, I did some walking in order to avoid heaving.

My friend Joe crushed me by about two hours. It was his first. And he trains. Must be nice.

Now about chimpanzees. While taking a training run in London a week before the race, I found this advertisement poster outside the Natural History Museum. Apparently chimpanzees are 99.4% similar to humans when using functional DNA as the point of comparison. Suddenly, despite my lack of oxygen (or maybe only because I lacked oxygen) this seemed so relevant. Basically, the thinking goes: "If a .6% difference matters this much then …. "

My next blog post will attempt to explain why this fact is so relevant when thinking about the next generation of intelligent systems.