Search
CRA TumbleLog
Archives
December 2009
November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004
Archives by Category
Action Alerts (2)
American Competitiveness Initiative (96) CRA (61) Computing Community Consortium (CCC) (22) Computing Education (6) Diversity in Computing (26) Economic Stimulus and Recovery (14) Events (36) FY06 Appropriations (13) FY07 Appropriations (32) FY08 Appropriations (37) FY09 Appropriations (28) FY10 Appropriations (1) Funding (205) Misc. (49) People (106) Policy (249) R&D in the Press (90) Research (85) Security (30)
Recent Entries
DARPA Challenge
SCIENCEWORKSFORUS LAUNCH National CS Education Week Prizes and Computing Research House S&T Committee Considers Cyber Security R&D President Obama Touts Role of Basic Research in Innovation Business Week on Research in Industry A Systems Approach to Improving K-12 STEM Education Healthcare Robotics Briefing CCC Announces New Networking Research Agenda
CRA Links
Computing Research News
CRA-Bulletin Computing Data and Resources CRA in the News Computing Research in the FY05 Budget
What We're Reading
Computational Complexity
CNSR Online Danger Room Defense Tech Freedom to Tinker InsideHPC Lessig Blog Nothing is as simple... Reed's Ruminations Schneier on Security Techdirt UMBC eBiquity Blog USACM Tech Policy Blog
Advocacy Materials
IT R&D One-pager (pdf)
DARPA and University Research One-pager (pdf) Cyber Security R&D One-pager (pdf) Current and Requested IT R&D Funding Charts (pdf)
Recent Testimony
|
April 25, 2004"Computer Freedom and Privacy 2004" and Privacy R&DI'm back from the 2004 edition of ACM's Computer Freedom and Privacy Conference, held this year at the Claremont Hotel in Berkeley, California. This is the second time I've attended, and I've enjoyed it each time. The conference's focus on the intersection between technology and civil rights brings together a fascinating blend of personalities -- from EFF Founder John Gilmore to Rachel Brand of the Office of Legal Policy at the Department of Justice to Bill Scannell, of DontSpyOn.us to Nualla O'Conner Kelley, Chief Privacy Officer, Department of Homeland Security. The sessions are always lively and thought-provoking. A few issues seemed to get the most attention at this year's conference -- the perils of "Direct Recording Electronic" (DRE) voting systems, government profiling using TIA-like systems, and civil liberties issues surrounding Google services. Of these, I was particularly frustrated by the government profiling discussions. A number of speakers made the point (though Doug Tygar probably made it most emphatically) that the government spends a disproportionate amount of its IT privacy and security research funding on security rather than privacy. Given the current state of funding for federal cyber security R&D (see previous blog entry), that's a sobering thought. But the frustrating part for me is that many of the same people at CFP who are now clamoring for more federal R&D for privacy related research were among the loudest voices calling for cancellation of DARPA's TIA project (I'm not including Tygar in this, as I don't know where he stood on TIA). Let me explain. DARPA's Total Information Awareness (pdf) project was an attempt to "design a prototype network that integrates innovative information technologies for detecting and preempting foreign terrorist activities against Americans." In order to do this, DARPA was funding research into a range of technologies including real-time translation tools, data mining applications, and "privacy enhancing technologies" including development of a "privacy appliance" that would protect the identities of all individuals within any of the databases being searched until the government had the appropriate court order to reveal them. At CFP, Philippe Golle, from Xerox's Palo Alto Research Center, described one such project at PARC (led by Teresa Lunt), that DARPA agreed to fund for 3 years as part of TIA. The plan was to create a "privacy appliance" that owners of commercial databases of interest to the government could deploy that would control government access to the databases using inference control (deciding what types of queries -- individually or in aggregate -- might divulge identifying information), access control and an immutable audit trail to protect individual privacy. Really neat stuff. Anyway, the idea that the government might one day deploy a TIA-like system before all of the privacy and security challenges had been sorted out and thereby imperil American civil liberties and security was worrying to a great many people and organizations, including CRA. However, there seemed to be a number of different approaches among the various people and organizations to deal with the concerns. There was a vocal contingent that believed Congress should cancel TIA outright -- the threat the research posed was greater than any possible good. CFP participant Jim Harper, of Privacilla.org, addressed this approach directly at the conference, saying the reason groups like his try to kill government programs when they're still in R&D and small is because they're too hard to kill when they get big. CRA had a more nuanced view, I believe, that argued that the challenges that needed to be overcome before any TIA-esque system would ever be fit for deployment were large and that CRA would oppose any deployment until concerns about privacy and security were met. However, we also argued that the research required to address those concerns was worthy of continued support -- the problems of privacy and security (as well as the challenge of ever making something like TIA actually work) were truly difficult research problems..."DARPA hard" problems -- and so we opposed any research moratorium. Unsurprisingly, the "nuanced" position failed to carry the day once Congress got involved. At about the same time Congress was deciding TIA's fate, stories broke in the press about DARPA's FutureMAP project -- which attempted to harness the predictive nature of markets to glean information about possible terrorist activities -- and JetBlue airline's release of customer data to the Defense Department (in violation of their privacy policies) that helped cement opinion that DARPA was out of control. It also didn't help that the TIA program resided in DARPA's Information Assurance Office, headed by the controversial Adm. John Poindexter. TIA's fate was sealed. Congress voted to cut all funding for the program and eliminate the IAO office at DARPA that housed it. However, Congress also recognized that some of the technologies under development might have a role to play in the war against terrorism. They included language in the appropriations bill (Sec 8131(a)) that allowed work on the technologies to continue at unspecified intelligence agencies, provided that work was focused on non-US citizens. As a result, much of the research that had been funded by DARPA has been taken up by the Advanced Research Development Agency, the research arm of the intelligence agencies. Because it's classified, we have no way of knowing how much of TIA has been resurrected under ARDA. We also have no way of overseeing the research, no way of questioning the approach or implementation, no way of questioning the security or privacy protections (if any) included. In short, those who argued in support of a research moratorium just succeeded in driving the research underground. Finally, one thing we do know about current TIA-related research efforts is that PARC's work on privacy-enhancing technologies is no longer being funded. Posted by PeterHarsha at April 25, 2004 08:12 PM | TrackBackPosted to Policy |