Title: Technology, Security and Privacy: Designing Technical Features to Meet Policy Goals
Speaker: Kim Taipale, Founder and Executive Director, Center for Advanced Studies in Science & Technology Policy
Date: April 15, 2004 2:00-3:30pm
Location: DIMACS Center, CoRE A, Room 301, Rutgers University, Busch Campus, Piscataway, NJ
Presented under the auspices of the Special Focus on Communication Security and Information Privacy.
Security and privacy are dual obligations, not dichotomous rivals to be traded one for the other in a zero sum game. Designing technical information systems or applications for data sharing, data analysis or data security requires design and development strategies that can accommodate a diverse range of policy, legal and market considerations relating to the presumed tension between security (both national and systems) and privacy. Technical design choices constrain potential policy developments and implementations, and may or may not facilitate market adoptions. Therefore, technologists need to understand policy, legal and market concerns and requirements, and policy makers need to understand technical potentials and constraints.
Real-world procedural mechanisms to protect privacy, in particular those premised on inefficiencies in information acquisition, management and use (for example, doctrines of "practical obscurity" and anonymity through data transience) are challenged by automated information processing, particularly emergent data aggregation and data analysis technologies, as well as new identification, authentication and collection technologies.
Thus, technologists need to understand the policy, legal and market issues in terms of technical design requirements that can provide for rule-based interventions and accountability in automated processes -- thereby enabling familiar political or legal oversight and control mechanisms, procedures and doctrines (or their analogues) to function under novel, technology-enabled conditions. Relevant strategies are rule-based processing, selective revelation, and authentication and audit procedures. Relevant technologies include distributed access tools, intelligent agents, rule-based processing, privacy protocols, proof-carrying code, data labeling, data wrappers, encryption, analytic filtering, self-reporting data, network and systems security, and immutable logging, among others.
This presentation is intended to provide policy insight and practical guidance to technologists engaged in the development of advanced information and communication systems and applications.
Kim Taipale is the founder and executive director of the Center for Advanced Studies in Science & Technology Policy, a private, non-partisan research and advisory organization focused on information, technology and national security policy. Mr. Taipale has over twenty years of diverse experience relating to information technology and policy as a lawyer, investment banker, business executive, consultant, academic researcher and educator. Mr. Taipale is the author of several white papers and academic articles, most recently, "Data Mining and Domestic Security: Connecting the Dots to Make Sense of Data," 5 Columbia Sci. & Tech. Law Review 2 (December 2003) and "Technology, Security and Privacy: The Fear of Frankenstein, the Myth of Privacy, and the Lessons of King Ludd," an invited paper presented at the Yale Law School cybercrime conference (March 2004). More information about the Center for Advanced Studies and Mr. Taipale is available at www.advancedstudies.org.