The Year 2013 Has Become 1984



Similar documents
Government Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015

UNITED STATES DISTRICT COURT DISTRICT OF OREGON PORTLAND DIVISION

As the US debates privacy a Berlin start up surges with...

FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, My name is Richard Allan, and I am the Director of Public Policy

Selecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns

Privacy and data protection in a post-snowden world. Carly Nyst Head of International Advocacy

Context. To cloud or not to cloud, that is a very serious question. Legal challenges in a post Safe Harbour and pre GDPR cloud world

Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised

Securing our information we have the technology; we just have to have the will to do it

NSA Surveillance, National Security and Privacy

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)

National Security Agency

POTOMAC INSTITUTE FOR POLICY STUDIES. Revolution in Intelligence Affairs: Transforming Intelligence for Emerging Challenges

Brief on Did GCHQ Spy on You Illegally?

Report on Data Aggregation Kelly Heffner, Rachel Popkin, Reem Alsweilem, Anjuli Kannan

THE NOT A SEARCH GAME

Where can I get help after a sexual assault?

Patriot Act Impact on Canadian Organizations Using Cloud Services

Insider Threats in the Real World Eavesdropping and Unauthorized Access

Vocabulary Builder Activity. netw rks. A. Content Vocabulary. The Bill of Rights

ROGERS JOSEPH O'DONNELL

Future Proof Your ediscovery Practices

IN THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF MISSOURI WESTERN DIVISION

Cybercrime: The Investigation, Prosecution and Defense of a Computer-Related Crime (3d ed.)

Website Security: How to Avoid a Website Breach. Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions

ediscovery: The New Information Management Battleground Developments in the Law and Best Practices

Professional Ethics for Computer Science

What Lawyers Don t Tell You The Realities of Record Keeping

What Is A Security Program? How Do I Build A Successful Program?

SPECIAL REPORT ON ATTORNEY WEBSITES: WATCH FOR THESE TOP 10 RED FLAGS BEFORE HIRING A PERSONAL INJURY LAWYER

PRIVACY, ANTI-SPAM AND YOUR BUSINESS: WHERE DO WE STAND? Presented by: Cameron Mitchell B.A., LL.B.

Privacy & Data Security: The Future of the US-EU Safe Harbor

Accession to Convention 108: Benefits and Commitments. Marc Rotenberg, President Electronic Privacy Information Center Washington, DC

Federal Criminal Court

Business Internet Banking Agreement Effective November 12, 2012

TOP TEN TIPS FOR WINNING YOUR CASE IN JURY SELECTION

How To Adopt A Child In Germany

Investigating the prevalence of unsecured financial, health and personally identifiable information in corporate data

CITIZEN ADVOCACY CENTER

Foreign Currency Account & Foreign Currency Term Deposit Terms and Conditions Effective 1 April 2015

Self-Encrypting Hard Disk Drives in the Data Center

If You have Been Arrested Don t Do Anything Until You Read My Special Report!

Critical analysis. Be more critical! More analysis needed! That s what my tutors say about my essays. I m not really sure what they mean.

CONDUCT A NEBRASKA SEARCH AND SEIZURE OF YOUR HOME?

AN INSIGHT TO CYBER WORLD WITH PROF. MICHAEL E.SMITH

Computing, Python and Robots Net Neutrality

GUESTBOOK REWARDS, INC. Privacy Policy

How Do People Settle Disputes? How a Civil Trial Works in California

Image credits: Front cover: U.S. Army photo by Sgt. Brandon Little, Task Force XII PAO, MND-B Inside back cover: U.S Army photo by Staff Sgt.

A Guide to the Human Rights Act

Drunk Driving Vocabulary Lesson

Bush Lets U.S. Spy on Callers Without Courts

What You Need to Know and What You Need to Do

Notice of Privacy Practices

Big Data Big Security Problems? Ivan Damgård, Aarhus University

ROLES TO ASSIGN. 1. Judge. 2. Courtroom Deputy. 3. Prosecutor 1 opening statement. 4. Prosecutor 2 direct of Dana Capro

Castle Branch Guide to the Fair Credit Reporting Act

PEOPLE V. HARRY POTTER

Developed by. Emma Oettinger, Anti-Money Laundering Policy Officer Law Society of England & Wales

PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009

Know your rights. Q: What If police, FBI, or immigration agents contact me? Do I have to answer questions?

Transcription:

The Year 2013 Has Become 1984 Saturday, September 21, 2013 23:33 idiscovery Solutions Tom Matzen The Editor interviews Tom Matzen, Director at idiscovery Solutions, in charge of the firm s International e Discovery and Data Privacy Group. Editor: In view of your more than 13 years in the field of data analysis, advance search technologies and data production, what is your assessment of the security surrounding the NSA s data collection techniques in view of the Edward Snowden revelations? Tom Matzen Matzen: As far as the security surrounding how the NSA s data collection was done, Edward Snowden shined a light on PRISM, a collaboration between the government and private companies that store all data for their own accounts Google, Microsoft, Hotmail, Yahoo. The fact that the U.S. government was able to access all that information without revealing it to the public has long been debated. Congress apparently was told, but may not have understood the implications, or the extent, to which information was gathered. The real question deals with the security of the NSA s data collection techniques. Yes, they definitely kept secret their techniques, which Snowden exposed. As for me, personally, having lived in Washington, DC for the past 10 to 15 years, none of this disclosure surprised me. Editor: As I recall, it was very much in the news a few years back that some of the telecoms were resisting turning over their records and other information to the government. Matzen: Yes, the news came and went. Snowden s revelations had to do with Verizon and AT&T handing over documents to the government. The telecoms were put in a very bad spot, since they make their money on what is technically government bandwidth, which is entrusted to them. When the government comes knocking on your door, you really cannot say no when you are making billions of dollars off of a national resource. Snowden s revelations mention the telecoms directly, pointing out that the telecoms have access to all your text messages, all your emails, all your browsing history, etc. Should people have known about it? How did they do it? The way the NSA is building an infrastructure to store such a colossal amount of information is unlike anything else anyone has built. The NSA has built an even larger facility in Utah to house up to 12 exabytes of data. Naturally, the NSA expects to store more and more data. If there is a government agency

that does not delete anything, the question becomes: who has access to the data and why? Editor: Do you place the blame for allowing Snowden to have access to such sensitive information on the NSA s (and earlier CIA s) failure to perform adequate measures in his security clearance? Matzen: It is easy to place the blame on the person who certified he should be given topsecret clearance. Getting top clearance is too easy to obtain, in my opinion. What kind of background check was made? Not everyone needs clearance to do certain NSA or government jobs. There seems to be a disconnect between a job description and what a person has access to. The government has shown laxity in giving large numbers of personnel access to so much information because it is hard to segregate the wheat from the chaff. For what Snowden was supposed to be doing, I do not understand the reason to give him unfettered access to all that was made available to him, as well as the security of being able to move it. One would think that moving such a large amount of data off of a server could have been avoided by providing a computer that had more limited capabilities. The failure was on two fronts: the background check issue and the making available of data that was more than was required for a given position. Editor: Do you consider there was also a failure to properly screen Bradley Manning in placing him in a pivotal position among highly classified documents in the U.S. military? Matzen: Manning had access to more information than he needed to do his job, and he was able to remove data from systems, although it was not his responsibility to monitor the data. Information security is something these systems all seem to lack, or at the very least their security was easily circumvented. Editor: By the NSA using the argument that it is only filtering out metadata from telephone conversations, an assertion which has been challenged, should U.S. citizens feel that their privacy has not been breached? Matzen: No, their privacy has definitely been breached. This statement is being made for political reasons. Metadata is often more important than readable, hard data in what we do. You can have over 250 fields of metadata around a single communication. Metadata can contain the time, the date, the destination, your longitude and latitude, location of where a picture was taken that you attached, and more. You can track people with metadata. That is why the courts in e discovery require production of the metadata along with the other data. They know it is just as important. Oh, it s just metadata is factually incorrect. In any case, your privacy has been breached. Is that a legal cause of action? It depends on what state you reside in. Different courts are interpreting it differently. Editor: It was reported in June 2013, that the U.S. military blocked access to parts of the Guardian website related to government surveillance programs for thousands of defense personnel not only in Britain, but also in Afghanistan, the Middle East and South Asia. If this report is correct, how does this affect data transfers from nation to nation and across the world?

Matzen: The president of Brazil, Dilma Rousseff, was supposed to meet with President Obama recently, but she cancelled her trip upon learning that her own privacy had been breached. Some parties in Germany expressed a wish to cut trade ties. Many in the EU, where the sensitivities are so high, expressed political outrage. I think at the end of the day, people are going to make their political points to embarrass the U.S., but politics reacts to economics. No country is going to isolate itself in the global marketplace over this dustup. It all comes down to politics. I see it causing a lot of FUD fear, uncertainty and doubt generated by other countries that are trying to fine Facebook and Google for privacy violations. While those countries will not change their policies, our government is also not willing to change its policies despite the outrage overseas. Editor: As I recall, Google was blocked from China for awhile for having intruded on China s privacy. Matzen: Google has been trying for a year and a half to get back into China, offering to let the Chinese build some of their routers and other devices. An Italian court fined Google a few years ago for mapping and picturing neighborhoods. The U.S. government is now incorporating these same maps into its PRISM program. They are paying millions mostly to Yahoo and Google that s upwards of 80 percent of PRISM for the information. Not only do you have the government storing all this information, but the for profit companies have it, as well. This type of big data storage can lead to predicting outcomes, such as police departments that are now predicting where crimes will occur. This raises an ethical dilemma: can you predict a crime and make an arrest before it actually occurs? In my opinion, the recent Obama election was over before it even took place, owing to the use of big data. Assembling all that data into their systems, algorithms were targeted to certain audiences in terms of what they wished to hear and who was likely to vote. It is difficult to wrap your mind around the predictive aspects of big data, and that is a bit scary. Editor: Is there any means by which encryption can protect documents from would be intruders? It has been said that many efforts at trial and error can usually break any code. Matzen: If somebody wants to break into your database, they probably can. Whether you have encryption or not, it does not stop PRISM and some government entities from entering software through the back door. If your password is a simple password like number numbernumber number, then trial and error can unlock it. If you use eight characters and a number a strong password it is not so easily broken. Editor: Director of National Intelligence James Clapper acknowledged that Snowden may have done a public service, since a debate regarding privacy versus security is very much needed. How does the right to privacy, as perceived in parts of Europe, differ from that in the U.S.? Matzen: In the EU, privacy is considered a fundamental human right, whereas in the United States it is not as important. South American countries are following the EU model, as well. When we collect data there, the collection has to be narrow and targeted, whereas in the U.S., often the whole content of the computer may be made available. EU privacy has gone

as far as adopting an EU Data Directive, with several basic principles on how data transfers should occur. Whereas email of an employee of a U.S. company is recognized as belonging to the company if used on its equipment, the same is not true in the case of an employee of a European company. An EU employee has a personal right to that email. In Europe, you have a personal cause of action if your data is breached. In Switzerland, for example, when we collect data, the custodian can sit next to us and delete data while we are collecting it. While our litigators are uneasy about this practice, there is not much we can do. Editor: While the FISA court overseeing the NSA has found that the NSA has overstepped its authority in certain areas, what measures have been undertaken to curb some of these abuses? Do you expect that any of the NSA s activities will be curbed? Matzen: No. Although, there have been arguments as to how we should change the FISA court, as was the case when one retired judge suggested that it should become an adversarial body with two sides taking opposite views. While the rule is that PRISM is only supposed to retain data for a limited time unless there is a warrant, the practice of retaining documents for much longer has been muddled without the FISA court being involved. The ardor with which the NSA is hailed as the best spying and data gathering group gives cover to their practices. I do not feel the U.S. government is going to change anything, because Obama is able to say we have stopped X number of attacks, and we haven t been struck by a foreign terrorist since I ve been in office. Technically, people do not really understand it. Even if they did understand it, and it does violate the Fourth Amendment, Congress has shown that it does not really matter. If you stop the NSA s accrual of data and you are attacked a year later, who is going to take responsibility for that? No one. Editor: What is your outlook for implementation of greater controls and monitors of international e discovery and data surveillance? Are we living in glass houses? Mantz: In The Washington Post right after 9/11, an article that has remained with me since I read it stated that if you commute from Virginia to DC and back, you have your picture taken no less than, I believe, 43 times. While if you are not doing anything wrong, you should not care, I am still uneasy the government and private companies are able to do this, but I do not think it will change. A friend of mine who used to work at the Department of Commerce in the Safe Harbor Group was charged with coming up with a global compromise relating to international e discovery, since we are faced with e discovery in many different contexts where it is not paramount. In the EU and Asia, they design rules to protect their citizens from spam, telemarketing, and having medical records revealed. France has a blocking statute. We are faced with dealing with laws from other countries that do not have litigation in mind, nor should they. For countries in international commerce, we could allow for encryption, where you collect data with a person s consent; that might be an international solution. The Sedona Conference is trying to develop rules that might apply for onward transfer in e discovery issues. As for the actions of the U.S. government going forward, I do not think solving crimes after the fact is a reason to keep petabytes of data infinitely. That crosses the line between riskreward, not to mention issues with the Constitution. Most data is captured that no one

reviews; it is only scrutinized when someone is looking for predetermined phrases. Obviously you can control who has access to it, but as far as stopping data collection, I do not think that will ever happen. Please email the interviewee at tmatzen@idiscoverysolutions.com with questions about this interview. Disclaimer Privacy The Metropolitan Corporate Counsel, Inc. 1180 Wychwood Road, Mountainside, NJ 07092. Contact us at info@metrocorpcounsel.com 2013The Metropolitan Corporate Counsel, Inc. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information