White House CIO Asked About NSA Data Collection, Explains How Metadata Can Reveal A Lot
from the time-to-get-some-press-training dept
Over the entire course of the Obama administration’s terms in office, there’s been something of a conflict. While there’s been a ridiculous amount of secrecy — from NSA spying scandals, to refusals to respond to FOIA requests — at the same time, President Obama also set up a federal CTO and federal CIO position, each of which have had two occupants who seem very, very focused on increasing openness and transparency in government (and who really do seem sincere). Over the past few years, they’ve put together a variety of projects trying to help provide more open data as it relates to the government (though, it appears they’ve run into the expected frustrations of dealing with one of the largest, if not the largest, bureaucracies in the world).
But given the conflicting messages — openness over here, extreme secrecy over there — it was inevitable that someone would be asked a question about this. Fast Company has an interview with the current federal CIO, Steve Van Roekel, where he’s asked about the NSA’s surveillance and the “conflict” between openness and privacy. Van Roekel seems to go out of his way to not actually say anything about the NSA, while at the same time (we assume) inadvertently pointing out that tiny bits of metadata, when combined with other tiny bits of metadata can reveal a ton of information about someone — something that defenders of the “just metadata” regime have been trying to pretend isn’t true:
I think this notion of the U.S. government treating data as an asset that’s open to everyone is interesting. I’d be remiss if I didn’t mention what’s happening with the NSA controversy–it seems like you have to walk a fine line between being open while also protecting citizens’ privacy.
One of the important parts of formulating the digital strategy and open data policy was to be very clear to people on two fronts. One was that with government data, you need to have a process by which we are not releasing any data that is confidential, that violates any citizens’ or Americans’ privacy, or has any national security implications.
The second part is examining something called the mosaic effect. That means if I released some data independently, there is high likelihood that that data released doesn’t have any private or publicly identifiable information in it. But if I release that data along with another piece of data, and overlay those two sources, then I could garner some identifiable information. For example, if I have a report on geographically dispersed diseases in this relatively unpopulated state, like North Dakota, then release another piece of data that details who lives in certain census blocks, you could suddenly tell who has that disease. That’d break personally identifiable information guidelines. So we’ve asked agencies to set up governance and be very diligent on issues related to privacy, confidentiality, or national security.
How have the recent NSA leaks affected that strategy? Have you tweaked anything in your approach?
Our conversation today isn’t about the NSA, but I can say that our diligence hasn’t waned even before any of this related to protecting confidentiality. The mission here–the mission of government–is how do we best serve the American people, and make sure they are safe, secure, and getting benefits from the services the government provides. That requires a lot of good governance, good security, good cyber-security, and really smart thinking about how we release data–making sure we don’t release any personally identifiable information or anything that would lose the trust of the American citizen.
Note the bolded part of the first answer above. That’s the very point that critics of the fact that the government has been collecting so much metadata have been pointing out — but it’s a point that the federal government, including Van Roekel’s boss, have been actively denying for months. They keep insisting that “just metadata” doesn’t violate anyone’s privacy. Yet here is Van Roekel, who understands this stuff, straight up admitting what plenty of people have realized: metadata can reveal an awful lot, especially when you have a few different collections of metadata that you can overlay with one another.
Filed Under: cto, metadata, nsa surveillance, steve van roekel, white house
Comments on “White House CIO Asked About NSA Data Collection, Explains How Metadata Can Reveal A Lot”
I like how they’re telling us that they can’t tell us that they’re spying on EVERY SINGLE ONE OF US, because it would “invade our privacy”.
I can’t believe the NERVE these people have. It’s like they think we’re all retarded.
Re: Re:
“It’s like they think we’re all retarded.”
Apparently, most of the voting public are.
Re: Re: Re:
After seeing the McChicken Nuggets Rage I believe there is at least one dangerous moron in this world, and suspect there are many more, just like that are the ones that actually go to vote, instead of the people with sane ideas and discourse.
Van Roekel is a new whistleblower!
Re: Re:
Is he the Iron Mole?
First sentence, last paragraph, shouldn’t that be Note not Not?
Again everything you’ve heard dealing with the NSA and the executive has all been lies. If they’ve said ‘we don’t do it’, its a sure sign they do or have some program worse than what you are suspecting.
They don’t have data they hold more than 5 years… unless it has a trigger to hold it longer, or unless they want in AT&T’s database good for 25 years and counting. Yeah they ain’t owned up to that one yet but if its being done for the local yokel cop club, NSA has their fingers in it too.
And that’s also the favorite way of US science to try to make sense of what it does not understand. Who needs a theory when one has metadata!?
Question: If the NSA decided to take all the garbage of every place, labeled by adress but not by personal names of every occupant, and then created a database of all the garbage by adress, of every DNA strand in the garbage, and then just stored their findings on a database to research whenever they’ve would deem apropriate – would anyone believe that information obtained through such method would not be personal information, or could not be used to invade the privacy of someone?
Release
The biggest problem here is NOT sensitivity about “releasing identifiable personal data” it is the practice of gathering it at all. Seems characteristically misleading once again.
So we?ve asked agencies to set up governance and be very diligent on issues related to privacy, confidentiality, or national security.
Sorry, that doesn’t cut the mustard. Self policing just isn’t effective and hasn’t been happening.
The President wants his metadata secret
The administration just got a court to say that the white house visitor logs can be secret – Even though it’s just metadata.
http://thehill.com/blogs/regwatch/court-battles/319671-court-rules-white-house-visitor-logs-can-remain-secret
Metadata only details a person’s past, present and possible future travel locations. Who you called and who calls you. Your name, address and telephone number. Call times, call lengths and who you call most often.
The web pages you visit, the applications you download, the software you use, credit card orders, online chat and email contacts.
What time you go to sleep, wake up, where you work and what time you get off work.
That’s all.
“…tiny bits of metadata, when combined with other tiny bits of metadata can reveal a ton of information about someone [or something]”
As is likewise the case with information of the type released by persons like Manning and Snowden.