Wednesday, May 14, 2008

ISIPS 2008 Notes

As I previously noted, the Rutgers University program on Interdisciplinary Studies in Information Privacy and Security sponsors an annual workshop on the topic. This year's workshop was last Monday. The conference proceedings will be published in the series Lecture Notes in Computer Science (LNCS) published by Springer.

The caliber of the participants was high; they were interesting people with interesting things to say. For me, much of the benefit came from the fact that at least half of them were people that I would probably not otherwise have met, representing viewpoints that I don't generally encounter. (I plan to say more about this in future posts.)

Given the diverse backgrounds and interests of the participants, the discussions were remarkably amicable and constructive. The atmosphere was that everyone had good reasons for what they were trying to do, and that it was worthwhile for the rest of us to understand the reasons, the approach, the results, and the limitations.

I probably learned the most from the presentations by Joan McNamara of the Los Angeles Police Department on "Suspicious Activity Reporting," and by Timothy Edgar of the Office of the Director of National Intelligence on "Protecting Civil Liberties & Privacy in the Use of Advanced Analytic Tools."

Joan's talk was a lesson in the power of even simple taxonomies (event codes) when applied broadly and consistently.

Timothy's talk provided me with a lot of new information about the policies and processes within "the IC" (the US national intelligence community) intended to ensure that information about "US persons" (citizens and legally resident aliens) is collected and disseminated only as allowed by US law and regulations (e.g., EO 12333). One of the surprises was the extent to which he said that the policies and processes are matters of public record--even though information about their application to particular cases is closely held (because "you don't want a potential terrorist to be able to discover whether or not he is on the watch list"). In fact, Timothy expressed some frustration at ODNI's inability to interest the national press in reporting on these policies and processes--"We'd have much better success if we stamped them SECRET and 'leaked' them to the Washington Post than we have had with putting them on our website.") I plan a further post on this topic after I gather more information.

I gave a short talk focusing on the various meanings of the words "privacy" and "security," and the confusions that can result from using the words without ensuring that your audience knows which meanings you intend (e.g., despite the similarities in the titles, there was very little overlap between the subjects discussed at ISIPS 2008 and those that are discussed at the annual IEEE Symposium on Security and Privacy and in the journal IEEE Security and Privacy). The talk seemed to be well-received and drew some good questions. Only time will tell whether I persuaded my audience to use these words more carefully in the future.

Labels: , ,


Post a Comment