PRIVACY RESEARCH
AND BEST PRACTICES
Summary of a Workshop for the Intelligence Community
Emily Grumbling, Rapporteur
Computer Science and Telecommunications Board
Division on Engineering and Physical Sciences
THE NATIONAL ACADEMIES PRESS
Washington, DC
www.nap.edu
THE NATIONAL ACADEMIES PRESS 500 Fifth Street, NW Washington, DC 20001
This activity was supported by the Office of the Director of National Intelligence, under Contract No. 2014-14041100003-001. Any opinions, findings, conclusions, or recommendations expressed in this publication do not necessarily reflect the views of any organization or agency that provided support for the project.
International Standard Book Number-13: 978-0-309-38919-8
International Standard Book Number-10: 0-309-38919-4
Digital Object Identifier: 10.17226/21879
Additional copies of this workshop summary are available for sale from the National Academies Press, 500 Fifth Street, NW, Keck 360, Washington, DC 20001; (800) 624-6242 or (202) 334-3313; http://www.nap.edu.
Copyright 2016 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America.
Suggested citation: National Academies of Sciences, Engineering, and Medicine. 2016. Privacy Research and Best Practices: Summary of a Workshop for the Intelligence Community. Washington, DC: The National Academies Press. doi:10.17226/21879.
The National Academy of Sciences was established in 1863 by an Act of Congress, signed by President Lincoln, as a private, nongovernmental institution to advise the nation on issues related to science and technology. Members are elected by their peers for outstanding contributions to research. Dr. Ralph J. Cicerone is president.
The National Academy of Engineering was established in 1964 under the charter of the National Academy of Sciences to bring the practices of engineering to advising the nation. Members are elected by their peers for extraordinary contributions to engineering. Dr. C. D. Mote, Jr., is president.
The National Academy of Medicine (formerly the Institute of Medicine) was established in 1970 under the charter of the National Academy of Sciences to advise the nation on medical and health issues. Members are elected by their peers for distinguished contributions to medicine and health. Dr. Victor J. Dzau is president.
The three Academies work together as the National Academies of Sciences, Engineering, and Medicine to provide independent, objective analysis and advice to the nation and conduct other activities to solve complex problems and inform public policy decisions. The Academies also encourage education and research, recognize outstanding contributions to knowledge, and increase public understanding in matters of science, engineering, and medicine.
Learn more about the National Academies of Sciences, Engineering, and Medicine at www.national-academies.org.
Other Recent Reports of the Computer Science and Telecommunications Board
Bulk Collection of Signals Intelligence: Technical Options (2015)
Interim Report on 21st Century Cyber-Physical Systems Education (2015)
A Review of the Next Generation Air Transportation System: Implications and Importance of System Architecture (2015)
Telecommunications Research and Engineering at the Communications Technology Laboratory of the Department of Commerce: Meeting the Nation’s Telecommunications Needs (2015)
Telecommunications Research and Engineering at the Institute for Telecommunication Sciences of the Department of Commerce: Meeting the Nation’s Telecommunications Needs (2015)
At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues (2014)
Emerging and Readily Available Technologies and National Security: A Framework for Addressing Ethical, Legal, and Societal Issues (2014)
Future Directions for NSF Advanced Computing Infrastructure to Support U.S. Science and Engineering in 2017-2020: An Interim Report (2014)
Interim Report of a Review of the Next Generation Air Transportation System Enterprise Architecture, Software, Safety, and Human Factors (2014)
Geotargeted Alerts and Warnings: Report of a Workshop on Current Knowledge and Research Gaps (2013)
Professionalizing the Nation’s Cybersecurity Workforce? Criteria for Future Decision-Making (2013)
Public Response to Alerts and Warnings Using Social Media: Summary of a Workshop on Current Knowledge and Research Gaps (2013)
Computing Research for Sustainability (2012)
Continuing Innovation in Information Technology (2012)
The Safety Challenge and Promise of Automotive Electronics: Insights from Unintended Acceleration (2012, with the Board on Energy and Environmental Systems and the Transportation Research Board)
The Future of Computing Performance: Game Over or Next Level? (2011)
Public Response to Alerts and Warnings on Mobile Devices: Summary of a Workshop on Current Knowledge and Research Gaps (2011)
Strategies and Priorities for Information Technology at the Centers for Medicare and Medicaid Services (2011)
Wireless Technology Prospects and Policy Options (2011)
Achieving Effective Acquisition of Information Technology in the Department of Defense (2010)
Critical Code: Software Producibility for Defense (2010)
Improving State Voter Registration Databases (2010)
Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy (2010)
Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop (2010)
Limited copies of CSTB reports are available free of charge from
Computer Science and Telecommunications Board
National Academies of Sciences, Engineering, and Medicine
Keck Center of the National Academies
500 Fifth Street, NW, Washington, DC 20001
(202) 334-2605/cstb@nas.edu
www.cstb.org
COMMITTEE FOR A WORKSHOP ON PRIVACY FOR THE INTELLIGENCE COMMUNITY: EMERGING TECHNOLOGIES, ACADEMIC AND INDUSTRY RESEARCH, AND BEST PRACTICES
FRED H. CATE, Indiana University, Chair
FREDERICK R. CHANG, Southern Methodist University
TADAYOSHI KOHNO, University of Washington
SUSAN LANDAU, Worcester Polytechnic Institute
HELEN NISSENBAUM, New York University
Staff
EMILY GRUMBLING, Program Officer, Computer Science and Telecommunications Board (CSTB)
JON EISENBERG, Director, CSTB
SHENAE BRADLEY, Administrative Assistant, CSTB
ELIZABETH EULLER, Program Assistant, Board on Energy and Environmental Systems
CHRIS JONES, Financial Manager, Air Force Studies Board
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD
FARNAM JAHANIAN, Carnegie Mellon University, Chair
LUIZ ANDRÉ BARROSO, Google, Inc.
STEVEN M. BELLOVIN, Columbia University
ROBERT F. BRAMMER, Brammer Technology, LLC
EDWARD FRANK, Brilliant Cloud & Lime Parity
SEYMOUR E. GOODMAN, Georgia Institute of Technology
LAURA HAAS, IBM Corporation
MARK HOROWITZ, Stanford University
MICHAEL KEARNS, University of Pennsylvania
ROBERT KRAUT, Carnegie Mellon University
SUSAN LANDAU, Worcester Polytechnic Institute
PETER LEE, Microsoft Corporation
DAVID E. LIDDLE, US Venture Partners
FRED B. SCHNEIDER, Cornell University
ROBERT F. SPROULL, University of Massachusetts, Amherst
JOHN STANKOVIC, University of Virginia
JOHN A. SWAINSON, Dell, Inc.
ERNEST J. WILSON, University of Southern California
KATHERINE YELICK, University of California, Berkeley
Staff
JON EISENBERG, Director
LYNETTE I. MILLETT, Associate Director
VIRGINIA BACON TALATI, Program Officer
SHENAE BRADLEY, Administrative Assistant
JANEL DEAR, Senior Program Assistant
EMILY GRUMBLING, Program Officer
RENEE HAWKINS, Financial and Administrative Manager
HERBERT S. LIN, Chief Scientist (emeritus)
For more information on CSTB, see its website at http://www.cstb.org, write to CSTB at National Academies of Sciences, Engineering and Medicine, 500 Fifth Street, NW, Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at cstb@nas.edu.
Acknowledgment of Reviewers
This workshop summary has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published workshop summary as sound as possible and to ensure that the workshop summary meets institutional standards for objectivity, evidence, and responsiveness to the project’s charge. The review comments and draft manuscript remain confidential to protect the integrity of the study process. We wish to thank the following individuals for their review of this workshop summary:
Alessandro Acquisti, Carnegie Mellon University,
Fred H. Cate, Indiana University,
Jennifer Glasgow, Acxiom, and
Robert F. Sproull, University of Massachusetts, Amherst.
Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the views presented at the workshop, nor did they see the final draft of the workshop summary before its release. The review of this workshop summary was overseen by Samuel H. Fuller, Analog Devices, Inc., who was responsible for making certain that an independent examination of this summary was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this summary rests entirely with the author and the institution.
This page intentionally left blank.
Contents
Moving Beyond Legal Compliance
Privacy Research Results, Challenges, and Needs
Individual Preferences and the Privacy Paradox
Background and Context from the Intelligence Community
3 PRIVACY IMPLICATIONS OF EMERGING TECHNOLOGIES PART I—PANEL SUMMARY
User Perceptions and Influence
4 PRIVACY IMPLICATIONS OF EMERGING TECHNOLOGIES PART II—PANEL SUMMARY
Unintended Consequences of Data Collection and Use
Emerging Technologies with Potential Consequences
The Evolution of Multiparty Interaction with Data
Collection of Data about One User that Reveals Information about Someone Else
Industry Practice as a Potential for the IC
Challenges Around Control and Use Frameworks
5 SOCIAL SCIENCE AND BEHAVIORAL ECONOMICS OF PRIVACY—PANEL SUMMARY