In 1965, a National (or sometimes, Federal) Data Center was proposed, which would permit centralized management of statistical data collected by various U.S. federal agencies. The goal was wider availability and better correlation of statistical population data for social science researchers. The evolution and ultimate failure of the proposal is documented by Rebecca S. Kraus.
The House Committee on Government Operations heard testimony on July 26 - 28, 1966 about the the proposed Center and its potential privacy risks. Some remarks from Paul Baran are in line with modern security practice.
If the computer industry is to avoid external regulation, then it behooves everyone who is involved with time-shared systems handling potentially sensitive information to start working, or a[t] least thinking, about the problem of privacy. The computer industry should take the initiative and the responsibility of building in the needed safeguards itself before "Big Brother" is forced to do it himself...
To be more specific, what safeguards do I envision? Of course, we do not know all the answers yet. But, clearly, there are steps that we should be considering, including:
Provision for minimal cryptographic-type protection to all communications lines that carry potentially embarrassing data -- not super-duper unbreakable cryptography, just some minimal, reversible, logical operations upon the data stream to make the eavesdropper's job so difficult that it isn't worth his time...
Never store file data in the complete "clear." Perform some simple -- but key controllable -- operation on the data so that a simple access to storage will not dump stored data out into the clear.
Make random external audits of file operating programs a standard practice to insure that no programmer has intentionally or inadvertently slipped in a "secret door" to permit a remote point access [to] information to which he is not entitled by sending in a "password."
When the day comes when individual file systems are interconnected on a widespread basis, let us have studied the problem sufficiently so that we can create sensible, precise ground rules on cross-system interrogation access.
Provide mechanisms to detect abnormal informational requests. That is, if a particular file is receiving an excessive number of inquiries or there is an unusual number of cross-file inquiries coming from one source, flag the request to a human operator.
Build in provisions to verify and record the source of requests for information interrogations.
Audit information requests and inform ·authorities of suspected misuse of the system.This is followed by some discussion on aggregated and anonymized ("statistical") information vs. personally-identifiable information, and how personal information might be protected by legally-mandated system design.
Mr. HORTON. [I]s it possible technically to design a system so that only statistical information could be utilized or be furnished and thus protect the-so-called individual information?
Mr. BARAN. If you say I know all the questions I want to ask in the future, perhaps. But if you don't, that means you have to keep the information in raw form. This is the most efficient way of keeping it.
Mr. HORTON. I am assuming you are an expert in this field (the field of computers and what they can do. I am asking you from a technical standpoint whether or not it is possible -- in other words, could we pass a law that would require the construction of a computer that would only produce statistical information that would be foolproof insofar as individual information was concerned?
Mr. BARAN. "Foolproof" is a rough word. I think we could build safeguards to make it difficult. How effective they are, I think, requires a level of detail that we have not examined yet.
Mr. HORTON. The point I am trying to make is that I think any law Congress would enact to safeguard the right of individuals in this area would depend to a large measure upon the state of the art.
Mr. BARAN. That is right.
Mr. HORTON. With regard to the technical aspects, I do not think we have sufficient information to protect the private individual in the computerized systems.
Mr. BARAN. That is right. The technical art is changing very rapidly in computers. The speed of the computer is going up tremendously. The cost is coming down. The size of the memories is expanding very rapidly. As we look to the future we could probably see increases of size of computers -- perhaps on the order of 10,000 times as powerful as today's computers.
No comments:
Post a Comment