June 28, 2017
Striking a Balance Between Privacy and Security
By Rachel Ansley
“We’re going to have to make this fundamental trade between how much do we value national security and protection, versus how much do we want to behave in a free society,” said Robert Schukai, global head of design and digital identity solutions at Thomson Reuters. “Technology can solve a lot of problems,” said Schukai, “but if we can’t figure out the rules of the road… it’s an asymmetric battle.”
Leslie Ireland, who served as assistant secretary for intelligence and analysis at the US Department of the Treasury in the Obama administration, said “there needs to a broader conversation in our country about what needs to be done for protection and what that cost can be to your privacy.”
“I wonder if there’s going to have to be such a [large-scale] privacy breach for individual people to say it’s worth it,” she added.
Schukai and Ireland spoke at a conference hosted by the Atlantic Council’s Foresight, Strategy, and Risks Initiative in the Brent Scowcroft Center on International Security to launch its latest report: Big Data: A Twenty-First Century Arms Race.
Twenty-first-century technologies and services—from social media to online transactions—aggregate “big data,” or large data sets that may be analyzed to reveal patterns and connections. Big data helps governments and business trace trends in human behavior and track correlations between seemingly disjointed data sets, giving them an advantage when tackling major challenges.
However, in the wake of a transnational cyberattack that was initially reported in Ukraine and quickly spread across the world on June 27, the second of its kind in as many months, the security of personal information stored in cyberspace is increasingly cause for concern. “It’s especially a problem given the ubiquitous nature of devices collecting data,” Erica Briscoe, a chief scientist in the ATAS Laboratory at Georgia Tech Research Institute and one of the authors of the Big Data report, said in opening remarks. Schukai said that while “we’ve been in this amazing technology change over the last twenty years… everything tech can do sits about ten to fifteen years beyond where law and policy sits.”
“If you collect profiles, data, and you think you can keep it safe, you are mistaken,” said Benjamin Dean, a Ford/Media Democracy Fund technology exchange fellow at the Center for Democracy and Technology, and another author of the report.
The panelists agreed that the vast amount of data collected and stored necessitates a reconsideration of how data is protected, but that it remains an essential tool in combating international crime. In order for such an arrangement to continue, said Briscoe, it is necessary that government agencies and the general public build “a relationship of mutual trust such that both sides believe they are in a situation where everyone can achieve their goals.”
Schukai wondered: “How can we build this sphere of cooperation?”
Big data is an essential tool in the fight against terrorism and transnational crime, according to Channing May, a policy analyst at Global Financial Integrity. May described how international criminal organizations operate like a large corporation, and in order to track their activities and catch the perpetrators, governments analyze big data sets, particularly finances. “It’s about looking at the money and the global shadow financial institution that supports it,” she said.
May joined Schukai and Juan Zarate, chairman and co-founder of the Financial Integrity Network, in a panel discussion on how big data is used to fight crime. Todd Rosenblum, a nonresident senior fellow with the Council’s Brent Scowcroft Center on International Security, moderated the discussion.
According to Zarate, tracking financial information associated with international criminal organizations, such as cartels in Mexico, is important because money trails provide essential information showing not only how organizations function on their own, but when they work with rival groups in marriages of convenience to achieve a common goal.
Zarate, who served as deputy national security advisor for combating terrorism in the George W. Bush administration, described how the data sets collected inform law enforcement and government agencies, “applying resources in ways that rely on data to be a bit more predictive,” and allowing them to more effectively target criminals.
While not a perfect system, “predictive analytics is a key to solving security challenges,” said Schukai, describing big data sets as “disconnected points to bring together.” He described how the analysis of big data means intelligence agencies are “looking for patterns, looking for nontraditional ways to make decisions,” because “by the time you prove it, it’s already too late.”
“It’s looking for patterns… and giving an educated guess,” said May. However, she added, while “data is there to help inform our decisions, you still need the human element.”
According to Dean, the most effective and secure means of analyzing big data involves not only crunching numbers, but involving an operational team of individuals with practical knowledge of the situation on the ground to make sense of the numbers and operationalize their findings.
Opening the second panel of the conference, Joel Schectman, a white-collar crime reporter at Reuters, said that while there is “obviously greater need to use data analysis… to predict and stop crime and terrorism,” since revelations by Edward Snowden, a former CIA contractor, in 2013 that the National Security Agency (NSA) collected information on US citizens the notion of the government gaining access to personal information has garnered “more and more of a backlash.”
“In the United States, we trust private companies with our personal information much more than we trust the government,” said Mary Ellen Callahan, chair of the privacy and information governance practice at the law firm Jenner & Block, adding that “in the [European Union] EU it’s absolutely inverted.”
Callahan joined Ireland and Bart van Liebergen, an associate policy adviser at the Institute of International Finance, in the second panel for a discussion on managing financial crime risk. Schectman moderated the conversation.
“Just because data exists doesn’t mean the government should gain access to it,” said Callahan.
Ireland defended the collection and analysis of big data by US intelligence agencies, saying that information is aggregated in an attempt to keep the country safe. She said that the public was shocked and troubled by Snowden’s revelations because of a lack of understanding of how their personal data is used. “Within the intelligence community,” said Ireland, “there are ways that information is shared… such that you build trust, you build confidence, and you have some assurances about ways the information will or will not be used.”
“There’s a realization that you need to share data, but at the same time maintain the integrity of privacy,” said Van Liebergen, calling for an information-sharing network that is more context-dependent and risk-based.
In her opening remarks, Miren Aparicio, counsel and senior consultant at the World Bank Global Practice and a third author of the report, said: “There’s an international need to share certain types of data for security purposes,” focusing on the framework used for data-sharing among and within financial institutions. “This should be starting a dialogue… between agencies,” she said.
However, “there are downsides to technological change if… we don’t put in public policies that are able to mitigate those downsides,” said Dean, adding: “Big feedback mechanisms require big solutions.”
Rachel Ansley is an editorial assistant at the Atlantic Council.