DARPA sets privacy rules for its programs

Move is a response to concerns about some of the agency's projects

As the government agency responsible for much of the nation’s cutting-edge research, the Defense Advanced Research Projects Agency  has been at the forefront of technologies such as the Internet and the Global Positioning System. But some of its research, such as work on the Total Information Awareness program, which was designed to mine and analyze public data in search of terrorist activities, raised concerns about data privacy.

To counter these concerns, DARPA has developed a set of privacy principles intended to address privacy implications throughout a program’s life cycle. On its Web site, the agency said it will resolve to consistently examine how its research affects privacy; analyze the privacy dimensions of ongoing research regarding ethical, legal and societal implications; and to transparently respond to the findings of its assessments for unclassified work and ensure independent review of classified work to address privacy issues.

The agency said that its privacy guidelines are consistent with President Obama’s May 2010 National Security Strategy addressing privacy-related issues.

To meet its responsibilities, DARPA has taken three steps:

On research, the agency has engaged the National Academy of Sciences to undertake a study on the ethical and societal implications of technological advances in a global, democratized and rapidly changing environment.

For internal controls, DARPA has assigned an internal privacy ombudsman to closely work with the Defense Department's Privacy Office. The agency will create an independent privacy review panel to assess existing and emerging privacy laws, regulations, technologies and norms to analyze their potential. The panel will consist of leading scholars, and policy and technology experts in the privacy field. The experts will help DARPA meet its responsibilities to research and develop novel technologies while addressing privacy issues and concerns.

To conduct internal reviews, DARPA has established an Ethical, Legal and Social Implications Working Group with the National Science Foundation to identify, analyze and address the ELSI of personally identifiable information during scientific development activities. This work is not only to identify theft and cyber crime interests, but also by the national security concerns associated with operations security and the protection of sources and methods. According to DARPA, the board is an extension of the Institutional Review Board model of shared responsibility, which allows all participants equal responsibility for protecting privacy.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Tue, Aug 17, 2010

The key weakness of this strategy is that is relies on American political/legal definitions of "privacy" which are universally considered to be weak. All three branches of government have demonstrated that American privacy is not a priority. For instance, EU has declared that a person's IP address is PII whereas here in the US a recent court decision has declared that an IP is not PII. Many European countries have far stronger privacy laws and mores than we do--and that is our weakness and the weakness in the DARPA plan.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above