Jun 15 2013

Unreasonable searches and drone killings

Category: Information Privacy,Security and privacy LawDISC @ 1:52 pm

Search (Photo credit: ~FreeBirD®~)

Peter Scheer @ SFChronicle.com on June 12, 2013 – Open Forum on NSA’s snooping

First came news accounts of the government’s use of armed drones in the targeted killing of terrorists abroad. Then came the revelations about government surveillance programs, breathtaking in their scale, tapping into data on phone calls, e-mails, Internet searches and more.

These activities are, in fact, linked.

The use of drones to target America’s enemies represents the fruition of technological evolution in weapon accuracy. Though America’s previous military conflicts have been characterized by military strategies that often maximized enemy casualties (think of the “body counts” during the Vietnam War), the technology of drones makes possible the highly discriminate targeting of selected individuals, with minimal civilian casualties.

U.S. intelligence gathering has evolved in the opposite direction. Before data mining, and especially before the end of the Cold War, intelligence gathering was focused narrowly on selected institutions or individuals. America knew who its enemies were; the objective of espionage operations, from wiretaps to infiltration by American spies, was to find out what they were doing: with whom they were communicating, their capacities and plans.

In recent years, by contrast, the focus has shifted to intercepting and analyzing mountains of data in order to discern patterns of activity that could lead to the identification of individual enemies. Intelligence gathering has evolved from the penetration of known groups or individuals to the sifting and mining of Big Data – potentially including information on all U.S. citizens, or all foreign customers of Google, Facebook, et al. – in order to identify individuals or groups that are plotting attacks against Americans.

The logic of warfare and intelligence has flipped. Warfare has shifted from the scaling of military operations to the selective targeting of individual enemies. Intelligence gathering has shifted from the targeting of known threats to wholesale data mining for the purpose of finding terrorists.

The resulting paradigms, in turn, go a long way to account for our collective discomfort with the government’s activities in these areas. Americans are understandably distressed over the targeted killing of suspected terrorists because the very individualized nature of the drone attacks converts acts of war into de facto executions – and that, in turn, gives rise to demands for high standards of proof and due process.

Similarly, intelligence activities that gather data widely, without fact-based suspicions about specific individuals to whom the data pertain, are seen as intrusive and subject to abuse. The needle-in-a-haystack approach to intelligence gathering is fundamentally at odds with Americans’ understanding of the Constitution’s promise to safeguard them against “unreasonable” government searches. There is nothing reasonable about giving government secret access to phone calls and e-mails of tens of millions of Americans.

Our fear of these changes is reinforced by the absence of transparency surrounding drone strikes – specifically, the protocols for selecting targets – and intelligence operations that cast a broad net in which U.S. citizens are caught. This is why Americans remain supportive of, and thankful for, an independent and free press.

Peter Scheer, a lawyer and writer, is executive director of the First Amendment Coalition. FAC has filed suit against the U.S. Justice Department for access to classified legal memos analyzing the use of drones to target suspected terrorists. The views expressed here are Scheer’s alone and do not necessarily reflect the opinions of the FAC board of directors.

Unreasonable Searches and Seizures: Rights and Liberties
under the Law (America’s Freedoms)

Tags: Big Data, Data mining, First Amendment Coalition

Mar 17 2009

Congressional data mining and security

Category: Information SecurityDISC @ 12:42 am

Data mining
Image by moonhouse via Flickr
“By slipping a simple, three-sentence provision into the gargantuan spending bill passed by the House of Representatives last week, a congressman from Silicon Valley is trying to nudge Congress into the 21st Century. Rep. Mike Honda (D-Calif.) placed a measure in the bill directing Congress and its affiliated organs — including the Library of Congress and the Government Printing Office — to make its data available to the public in raw form. This will enable members of the public and watchdog groups to craft websites and databases showcasing government data that are more user-friendly than the government’s own.”

Would be great if this passes BUT, Government would have to have security provisions so hackers could not manipulate databases in this case raw data. Without proper controls, databases can be easily modified and stolen, so before making the raw data available to public, Congress might need a comprehensive legislation to protect the confidentiality, integrity and availability of the data.

Security principles and controls which should be considered in database legislation?
• Principles of least privilege
• Separation of duties
• Defense in depth at every level
• Strong auditing and monitoring controls
• Security risk assessment to assess risks based on ISO 27002 and NIST 800-53
• Comprehensive risk management program to manage risks

Congressional Data Mining: Coming Soon? (Mother Jones)


Reblog this post [with Zemanta]

Tags: Business, Data mining, database, defense in depth, iso 27002, Mike Honda, National Institute of Standards and Technology, Risk Assessment, Risk management, Security, separation of duities, Silicon Valley