{"title":"Towards a privacy management framework for distributed cybersecurity in the new data ecology","authors":"T. Breaux, Catherine B. Lotrionte","doi":"10.1109/THS.2011.6107840","DOIUrl":null,"url":null,"abstract":"Cyber security increasingly depends on advance notice of emerging threats as individuals, groups or nations attempt to exfiltrate information or disrupt systems and services. Advance notice relies on having access to the right information at the right time. This information includes trace digital evidence, distributed across public and private networks that are governed by various privacy policies, inter-agency agreements, federal and state laws and international treaties. To enable rapid and assured information sharing that protects privacy, the US government needs a means to balance privacy with the need to share. In this paper, we review US laws and policies governing government surveillance and describe key elements for a privacy management framework that seeks to enable government investigations while protecting privacy in a systematic way. The framework aligns existing Federal investigative guidelines for attributing a cyberattack with concerns for automated decision making that arise from the Fourth Amendment “reasonable expectation of privacy” and several fair information practice principles. We discuss technical challenges for those seeking to implement this framework.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"131 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/THS.2011.6107840","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
Cyber security increasingly depends on advance notice of emerging threats as individuals, groups or nations attempt to exfiltrate information or disrupt systems and services. Advance notice relies on having access to the right information at the right time. This information includes trace digital evidence, distributed across public and private networks that are governed by various privacy policies, inter-agency agreements, federal and state laws and international treaties. To enable rapid and assured information sharing that protects privacy, the US government needs a means to balance privacy with the need to share. In this paper, we review US laws and policies governing government surveillance and describe key elements for a privacy management framework that seeks to enable government investigations while protecting privacy in a systematic way. The framework aligns existing Federal investigative guidelines for attributing a cyberattack with concerns for automated decision making that arise from the Fourth Amendment “reasonable expectation of privacy” and several fair information practice principles. We discuss technical challenges for those seeking to implement this framework.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
