Princeton: Former CIA Admin Talks Technology

" ... Lee said that the government must engage in data-mining — the practice of searching for records of suspicious purchases and online activity kept by some businesses — because 'we, as a country, ... have a responsibility to catch bad people.' ... ”

By PAOLO ESQUIVEL
www.dailyprincetonian.com
September 19th, 2008

New approaches to information technology can better balance individual privacy and the interests of businesses, government, national security and technology, former CIA Chief of Staff Ron Lee ’80 said Thursday afternoon in a lecture in the new ORFE Building.

In addition to serving as CIA Chief of Staff, Lee is a former associate deputy U.S. Attorney General and a former General Counsel to the National Security Agency. He is currently a partner at the law firm Arnold & Porter LLP in Washington, D.C., which he joined in 1987.

Though he received his University degree in history, attended Yale Law School and has had a long legal career, Lee focused his talk on the technical aspects of national security.

Speaking before a small audience, Lee said that the government must engage in data-mining — the practice of searching for records of suspicious purchases and online activity kept by some businesses — because “we, as a country, ... have a responsibility to catch bad people.”

But he quickly added, “At what price [we maintain national security] is another question,” explaining that while data mining is necessary, there was a need for “legal and appropriate” ways to access and analyze personal data.

Lee also emphasized that legislation aiming to stop government data mining will not be a solution to the data mining issue. “That’s not going to happen. It’s like trying to prevent the inevitable.”

No matter how data mining is defined and legislated against, “water goes around an obstacle,” Lee added.

He was, however, hopeful about the legal future of data mining. “There’s a framework, you use technology ... There’s a way to improve the system, [so] that there is accountability and oversight,” he said.

Lee specifically mentioned identity management systems (IDMs) as a promising framework for data mining. IDMs, Lee said, have the idea of selective self-disclosure built into them.

These schemes allow individuals to “reveal only enough information to complete the transaction,” he explained.

IDMs guarantee individual privacy starting when clients give firms their personal data, Lee said. By limiting the data individuals release to each business, it becomes harder to piece together a complete individual profile from different sources of data.

At the same time, this promise of greater privacy makes clients more willing to reveal slightly more information about themselves. This allows IDMs to tell customers, “I’ll give you a little bit more privacy if you cangive me a little bit more info,” Lee noted.

In contrast to these IDMs, “back-end solutions” that “build in the privacy [only] after all this data has been entered into this database” are unwieldy. Lee said that these back-end solutions include allowing the private sector to control how government can use their stored data. This practice also empowers businesses to deny government access whenever they desire.

Lee fondly recalled his time at Princeton, saying that he had learned a lot from his friends during his Princeton days, explaining that he was one of the few non-engineers in Charter Club in 1980.

http://www.dailyprincetonian.com/2008/09/19/21452/