The National Academies Press

Currently Skimming:

6 Looking to the Future
Pages 78-92

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 78... ... Privatesector business records may become fewer in number and less useful for intelligence purposes. On the other hand, more powerful computation can analyze raw data, such as speech and images, to extract useful intelligence information in real time. Read the entire page →
From page 79... ... Today, NSA says it cannot collect any sizeable fraction of all global communications data, and it may likewise be that despite declining computing costs, NSA will not be able to automatically analyze more than a tiny bit. However, in many cases, the operators of the sensors will apply the algorithms to meet business needs, such as identifying license plates to bill parking charges. Read the entire page →
From page 80... ... For example, if a telephone company bills a flat monthly rate, it need not keep a record of each call, so no call data records would be available for intelligence purposes.2 Communications providers today are acutely aware of their customer's concerns about surveillance,3 a fact that gives providers an additional incentive to refrain from keeping records that might be used against them. Services that hold data for customers may find ways to encrypt the data with a key known only to the customer so as to evade surveillance. Read the entire page →
From page 81... ... An important idea in many cases is "peer-to-peer" communications, which establishes an encrypted channel between two communicators without needing a third party to set up the communication. This technique means there is no third-party business that might hold business records or other data that could identify the communicators. Read the entire page →
From page 82... ... report ridiculed the turgid privacy terms that the public is typically asked to accept today: "Only in some fantasy world do users actually read these notices and understand their implications before clicking to indicate their consent."4 Moreover, "consent" may imply that a person is volunteering personal data, which will mean it is afforded weaker Constitutional protection. An alternative, which is starting to be discussed in policy circles, is to control use rather than collection of data. Read the entire page →
From page 83... ... For example, recent research shows how to protect data and communications in a three-part system: one issues queries, a second authorizes queries, and a third holds data and performs searches specified by authorized queries.7 6.3.2 Other Technologies for Protecting Data Privacy Although the focus of this report is signals intelligence that provides data about individual people and groups, signals intelligence can also 6 Office of the Director of National Intelligence, Intelligence Advanced Research Projects Activity, "Security and Privacy Assurance Research (SPAR) ," http://www.iarpa.gov/index. Read the entire page →
From page 84... ... Differential privacy is an active research area tackling the problem of enabling statistical queries from collections of data while preserving the privacy of individuals.9 The purpose is to permit useful information to be determined while not exposing data on specific individuals, including individuals not included in the data. This is done by adding probabilistically structured noise (small probabilistic changes to the data) Read the entire page →
From page 85... ... The same thing applies to query languages; indeed, the standard SQL database query language is 11 NSA has developed and donated to the Apache open-source community such a database. Accumulo is a scalable key/value store that allows "access labels" to be attached to each cell that enables low-level query authorization checks (Apache Software Foundation, "Apache Accumulo," https://accumulo.apache.org/, accessed January 16, 2015) Read the entire page →
From page 86... ... In analogous fashion, operating systems and networking equipment write voluminous logs of security-relevant events, and review of such logs usually requires a great deal of manual effort.14 It should be possible to develop much better tools that automatically review the log, highlight 13 S Chaudhuri, An overview of query optimization in relational systems, pp. Read the entire page →
From page 87... ... Because there is a lot of audit data, machine learning can also play a role, although it would probably require introducing a lot of synthetic misbehavior (that is, deliberately introduced misbehavior) to get enough true positives into the training set. Read the entire page →
From page 88... ... Learning techniques potentially allow one to extract more information (better results) from collected data, or more confidently ignore data that 15 See, for example, Privacy and Civil Liberties Oversight Board, Report on the Telephone R ecords Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court, January 23, 2014, http://www.pclob.gov/ SiteAssets/Pages/default/PCLOB-Report-on-the-Telephone-Records-Program.pdf, p. Read the entire page →
From page 89... ... The firm In-Q-Tel acts somewhat like a venture fund for innovative technology potentially useful to the IC, supporting commercially viable technologies that might serve IC needs. Both appear to be effective, but their structures and policies are not primarily intended to build long-term and vigorous relationships with academic disciplines. Read the entire page →
From page 90... ... Some of these methods may require a great deal of computing, so that filters should be cascaded to first apply cheap tests, followed by more expensive filters only if earlier filters warrant. For example, if metadata indicates a civilian telephone call to a military unit under surveillance, speech recognition and subsequent semantic analysis might be applied to Read the entire page →
From page 91... ... Some of the necessary technologies exist today, although they may need further development for use in intelligence applications; others will require research and development work. This approach and others for privacy protection of data held by the private sector can be exploited by the IC. Read the entire page →

From page 78...

... Privatesector business records may become fewer in number and less useful for intelligence purposes. On the other hand, more powerful computation can analyze raw data, such as speech and images, to extract useful intelligence information in real time.

Read the entire page →

From page 79...

... Today, NSA says it cannot collect any sizeable fraction of all global communications data, and it may likewise be that despite declining computing costs, NSA will not be able to automatically analyze more than a tiny bit. However, in many cases, the operators of the sensors will apply the algorithms to meet business needs, such as identifying license plates to bill parking charges.

Read the entire page →

From page 80...

... For example, if a telephone company bills a flat monthly rate, it need not keep a record of each call, so no call data records would be available for intelligence purposes.2 Communications providers today are acutely aware of their customer's concerns about surveillance,3 a fact that gives providers an additional incentive to refrain from keeping records that might be used against them. Services that hold data for customers may find ways to encrypt the data with a key known only to the customer so as to evade surveillance.

Read the entire page →

From page 81...

... An important idea in many cases is "peer-to-peer" communications, which establishes an encrypted channel between two communicators without needing a third party to set up the communication. This technique means there is no third-party business that might hold business records or other data that could identify the communicators.

Read the entire page →

From page 82...

... report ridiculed the turgid privacy terms that the public is typically asked to accept today: "Only in some fantasy world do users actually read these notices and understand their implications before clicking to indicate their consent."4 Moreover, "consent" may imply that a person is volunteering personal data, which will mean it is afforded weaker Constitutional protection. An alternative, which is starting to be discussed in policy circles, is to control use rather than collection of data.

Read the entire page →

From page 83...

... For example, recent research shows how to protect data and communications in a three-part system: one issues queries, a second authorizes queries, and a third holds data and performs searches specified by authorized queries.7 6.3.2 Other Technologies for Protecting Data Privacy Although the focus of this report is signals intelligence that provides data about individual people and groups, signals intelligence can also 6 Office of the Director of National Intelligence, Intelligence Advanced Research Projects Activity, "Security and Privacy Assurance Research (SPAR) ," http://www.iarpa.gov/index.

Read the entire page →

From page 84...

... Differential privacy is an active research area tackling the problem of enabling statistical queries from collections of data while preserving the privacy of individuals.9 The purpose is to permit useful information to be determined while not exposing data on specific individuals, including individuals not included in the data. This is done by adding probabilistically structured noise (small probabilistic changes to the data)

Read the entire page →

From page 85...

... The same thing applies to query languages; indeed, the standard SQL database query language is 11 NSA has developed and donated to the Apache open-source community such a database. Accumulo is a scalable key/value store that allows "access labels" to be attached to each cell that enables low-level query authorization checks (Apache Software Foundation, "Apache Accumulo," https://accumulo.apache.org/, accessed January 16, 2015)

Read the entire page →

From page 86...

... In analogous fashion, operating systems and networking equipment write voluminous logs of security-relevant events, and review of such logs usually requires a great deal of manual effort.14 It should be possible to develop much better tools that automatically review the log, highlight 13 S Chaudhuri, An overview of query optimization in relational systems, pp.

Read the entire page →

From page 87...

... Because there is a lot of audit data, machine learning can also play a role, although it would probably require introducing a lot of synthetic misbehavior (that is, deliberately introduced misbehavior) to get enough true positives into the training set.

Read the entire page →

From page 88...

... Learning techniques potentially allow one to extract more information (better results) from collected data, or more confidently ignore data that 15 See, for example, Privacy and Civil Liberties Oversight Board, Report on the Telephone R ecords Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court, January 23, 2014, http://www.pclob.gov/ SiteAssets/Pages/default/PCLOB-Report-on-the-Telephone-Records-Program.pdf, p.

Read the entire page →

From page 89...

... The firm In-Q-Tel acts somewhat like a venture fund for innovative technology potentially useful to the IC, supporting commercially viable technologies that might serve IC needs. Both appear to be effective, but their structures and policies are not primarily intended to build long-term and vigorous relationships with academic disciplines.

Read the entire page →

From page 90...

... Some of these methods may require a great deal of computing, so that filters should be cascaded to first apply cheap tests, followed by more expensive filters only if earlier filters warrant. For example, if metadata indicates a civilian telephone call to a military unit under surveillance, speech recognition and subsequent semantic analysis might be applied to

Read the entire page →

From page 91...

... Some of the necessary technologies exist today, although they may need further development for use in intelligence applications; others will require research and development work. This approach and others for privacy protection of data held by the private sector can be exploited by the IC.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

6 Looking to the Future Pages 78-92

6 Looking to the Future
Pages 78-92