Sabra Horne opens the session. SHe introduces Barbara Alexander, the Director of Collection for the Department of Homeland Security. She introduces Charlie Allan, Undersecretary of DHS and gives a short bio as well as someof his achievements and accolades.
Mr. Allen thanks the members of the IC, notably the DNI and OSC, for their help with DHS’ open source effort. He mentions that open source has always been important for the United States. Describes ways in which open source has been described in the community. He describes his past as an analyst and how he relied on only open sources and his knowledge of his area of concern. He underlines that open source is the source of first resort. Threats and breaking crises? Yes, they call their friends who have classified information but they also find out what is out in open source – what is in the press? They validate classified sources with open source. They check what is happening in the press; evaluate it but they always turn to open sources.
DHS has a responsibility to provide open source intelligence to their constituencies: the policy makers, state and local authorities and the private sector. DHS serves as the tip of the spear for homeland defense. Our audience rarely has clearances. That goal is not to produce a new stove pipe but to augment the classified intelligence.
In 2007, the DHS Open Source Enterprise was created and the new DHS strategic Vision is available at the conference. He highlights the strategic vision goals and vision.
DHS has a 2-day training program that goes out to Fusion Centers, DHS analysts and to component offices. He also highlights online training modules (available at the kiosks today) and has created a DHS website on the DNI-U network. He emphasizes sharing not only with federal partners but with partners outside the community. He intends to create an Open Source Portal for information sharing for communities of interest. They are establishing an Open Source Governing project and are active in the Open Source Steering Community. They partner with the Open Source Center.
We live in a new world, the new world order is very different and we need to work differently in order to deal with this. He thinks we are beginning to transform.
Next up is Richard Willing, Public Affairs for the DNI. Last year he was a reporter covering this event for USAToday. He discusses the vast amount of identifiers that are now online, including genetic profiles of people, communications, etc. He compares trying to track information before and after the internet and how anything online stays online, even if deleted. He mentions the laws and regulations that the community operates under that protect privacy of US citizens, including FISA and EO12333. He announces the panel:
* Jeff Jonas (IBM)
* Alex Joel (ODNI)
* Johnathon Zittrain (via satellite) (Harvard Law School)
* Moderator: David Shedd (ODNI)
Shedd opens with framework: privacy as it involves the handling of open source.
Joel: Even though information is public, it doesn’t mean there aren’t privacy issues with it. Describes EO 1233 and the newest revision. He identifies who is protected through EO 12333 and what types of information can be gathered and held. Identifies what is and what is not open source and how some activities cross the lines into other intelligence activities (such as electronic surveillance of conversations.
Shedd: asks Zittrain how we can use technology to protect privacy?
Zittrain: Agrees on the premise that open source has been seen as the “little sister” and not as sexy as classified means. The reasons? Perhaps it is seen as too easy. That surfing the web all day may not seem like hard enough work to gain the insights. But it is more than reading newspapers and surfing the web. Technology can take what looks like harmless data and crunch the numbers and figure out valuable intelligence. He discusses crowdsourcing – allowing the public to help the Intelligence Community help.
Shedd: asks Jonas same question.
Jonas: Says one of the problems is that neglecting to correlate open source with other data is a mistake. Open Source will co-mingle with other data (datalogs, etc). Tethered data- if data changes somewhere in the chain, it needs to be able to change everywhere so all users of that data have newest info.
Shedd: Where do you think technology is going?
Zittrain: Mentions police case where police used infra-red guns to find contraband in someone’s house and the defendant said it was a privacy issue. Ruling was that when the technology is widely available, it would be legal but since the infra-red gun was not yet available at the local Radio Shack and so they would need a warrant. But when the technology becomes widely available it would be ridiculous to restrict the police from this activity. Same for open source. He talks about location services (find friends nearby) and reputation services (how people rated you) and how people use them but the thought of the government using them is somewhat creepy. He mentions facial-recognition software that may identify you as a bystander in a tourists photo and tags you on the internet. Is this all open source? This is a question we need to ask ourselves before we are in the world.
Jonas: Mentions ACLU “How many minutes to midnight” doomsday clock to a total surveillance society. He says consumers are doing this to themselves. Consumers are driving the available data.
Joel: The open source disciplines are developing across the community and it is being treated as a disciple and that it is not something that can be taken lightly. Implications on the rights of Americans must be understood. Actions taken on that information must also be taken into account. Privacy enhancing technologies are being developed. Technology poses a unique challenge; we have to remember what the definition of publicly available information and distinguish it from surveillance. Directing against a single person could be considered surveillance. Everything must be related to an authorized mission.
Jonas: The scale of publicly available info goes from phone numbers to property ownership to what you paid for your house. What people want is: avoid consumer surprise. But if you want to catch a bad guy in the act, you need to observe what he didn’t mean for you to observe. And that causes a problem.
Zittrain: Brings up the constraints of public service that are not on the private sector.Discusses possibility of looking into people’s computers (cyberlaw perspective) without compromising privacy.
Joel: That would be beyond open source and you would need a warrant. Can this be devised while also be protecting privacy concerns? Technology can offer solutions.
Jonas: There can be a deeper conversation between technologists, public officials and those in the privacy community. Throws around a few acronyms (I thought he was outside the community!).
Zittrain: Is one of the founders of the OpenNet Initiative to discover the effects of filtering on the internet. Gives example of the Chinese “Great Firewall” where they tried to identify what is and is not blocked. They solicit the public at large to see what they can and cannot get. They can make a map of what is filtered around the world.
Joel: Discusses what would be improper collection. Again mentions surveillance and targetting individuals. Mentions making sure that the action is related to the mission. Hacking is not considered publicly available. Not that agencies cannot access that information lawfully but that it would not be open source. The restriction that apply to US persons and activities do not apply to non-US persons, although there may be restrictions based on agreements with foreign partners or internationally recognized laws. You can also not do something through someone else that you cannot legally do yourself as directed through EO 12333.
Zittrain: What was innocuous would be a problem if it was being used for the wrong purpose. Cautionary thing: the line between passive collection is starting to blend with participation. Participating in a public message board – the minute you click enter and send you are engaging in some activity may cross the line as to whether you need to identify yourself as working for an intelligence agency to any US persons.
Jonas: Data is going to be comingled in the network cload and it will be pushed to users as information that they may need to know. Social networks will provide more precise services as people try to streamline their lives.
Zittrain: Generation of digital-natives who are very good at this technology and they have different ideas as to what is privacy and that this would be a good time to start getting these people through the ranks. This is where the advances can take place.
Joel: Technology is advancing at an exponential rate but human nature is immutable. There are important restrictions and analysts need to know those restrictions to know how to do their jobs effectively.
Shedd: A lot of challenges and a lot of opportunities.