White House CIO Asked About NSA Data Collection, Explains How Metadata Can Reveal A Lot

from the time-to-get-some-press-training dept

Wed, Sep 4th 2013 3:26am — Mike Masnick

Over the entire course of the Obama administration's terms in office, there's been something of a conflict. While there's been a ridiculous amount of secrecy -- from NSA spying scandals, to refusals to respond to FOIA requests -- at the same time, President Obama also set up a federal CTO and federal CIO position, each of which have had two occupants who seem very, very focused on increasing openness and transparency in government (and who really do seem sincere). Over the past few years, they've put together a variety of projects trying to help provide more open data as it relates to the government (though, it appears they've run into the expected frustrations of dealing with one of the largest, if not the largest, bureaucracies in the world).

But given the conflicting messages -- openness over here, extreme secrecy over there -- it was inevitable that someone would be asked a question about this. Fast Company has an interview with the current federal CIO, Steve Van Roekel, where he's asked about the NSA's surveillance and the "conflict" between openness and privacy. Van Roekel seems to go out of his way to not actually say anything about the NSA, while at the same time (we assume) inadvertently pointing out that tiny bits of metadata, when combined with other tiny bits of metadata can reveal a ton of information about someone -- something that defenders of the "just metadata" regime have been trying to pretend isn't true:

I think this notion of the U.S. government treating data as an asset that’s open to everyone is interesting. I’d be remiss if I didn’t mention what’s happening with the NSA controversy--it seems like you have to walk a fine line between being open while also protecting citizens’ privacy.

One of the important parts of formulating the digital strategy and open data policy was to be very clear to people on two fronts. One was that with government data, you need to have a process by which we are not releasing any data that is confidential, that violates any citizens’ or Americans’ privacy, or has any national security implications.

The second part is examining something called the mosaic effect. That means if I released some data independently, there is high likelihood that that data released doesn’t have any private or publicly identifiable information in it. But if I release that data along with another piece of data, and overlay those two sources, then I could garner some identifiable information. For example, if I have a report on geographically dispersed diseases in this relatively unpopulated state, like North Dakota, then release another piece of data that details who lives in certain census blocks, you could suddenly tell who has that disease. That’d break personally identifiable information guidelines. So we’ve asked agencies to set up governance and be very diligent on issues related to privacy, confidentiality, or national security.

How have the recent NSA leaks affected that strategy? Have you tweaked anything in your approach?

Our conversation today isn’t about the NSA, but I can say that our diligence hasn’t waned even before any of this related to protecting confidentiality. The mission here--the mission of government--is how do we best serve the American people, and make sure they are safe, secure, and getting benefits from the services the government provides. That requires a lot of good governance, good security, good cyber-security, and really smart thinking about how we release data--making sure we don’t release any personally identifiable information or anything that would lose the trust of the American citizen.

Note the bolded part of the first answer above. That's the very point that critics of the fact that the government has been collecting so much metadata have been pointing out -- but it's a point that the federal government, including Van Roekel's boss, have been actively denying for months. They keep insisting that "just metadata" doesn't violate anyone's privacy. Yet here is Van Roekel, who understands this stuff, straight up admitting what plenty of people have realized: metadata can reveal an awful lot, especially when you have a few different collections of metadata that you can overlay with one another.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cto, metadata, nsa surveillance, steve van roekel, white house

14 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 4 Sep 2013 @ 3:37am

I like how they're telling us that they can't tell us that they're spying on EVERY SINGLE ONE OF US, because it would "invade our privacy".

I can't believe the NERVE these people have. It's like they think we're all retarded.
[ link to this | view in chronology ]
- btrussell (profile), 4 Sep 2013 @ 4:38am
  
  Re:
  "It's like they think we're all retarded."
  
  Apparently, most of the voting public are.
  [ link to this | view in chronology ]
  - Anonymous Coward, 4 Sep 2013 @ 5:11am
    
    Re: Re:
    After seeing the McChicken Nuggets Rage I believe there is at least one dangerous moron in this world, and suspect there are many more, just like that are the ones that actually go to vote, instead of the people with sane ideas and discourse.
    [ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2013 @ 4:16am

Van Roekel is a new whistleblower!
[ link to this | view in chronology ]
- Anonymous Coward, 4 Sep 2013 @ 5:16am
  
  Re:
  Is he the Iron Mole?
  [ link to this | view in chronology ]
yaga (profile), 4 Sep 2013 @ 7:36am

First sentence, last paragraph, shouldn't that be Note not Not?
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2013 @ 7:52am

Again everything you've heard dealing with the NSA and the executive has all been lies. If they've said 'we don't do it', its a sure sign they do or have some program worse than what you are suspecting.

They don't have data they hold more than 5 years... unless it has a trigger to hold it longer, or unless they want in AT&T's database good for 25 years and counting. Yeah they ain't owned up to that one yet but if its being done for the local yokel cop club, NSA has their fingers in it too.
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2013 @ 8:00am

And that's also the favorite way of US science to try to make sense of what it does not understand. Who needs a theory when one has metadata!?
[ link to this | view in chronology ]
Brazilian Guy, 4 Sep 2013 @ 8:02am

Question: If the NSA decided to take all the garbage of every place, labeled by adress but not by personal names of every occupant, and then created a database of all the garbage by adress, of every DNA strand in the garbage, and then just stored their findings on a database to research whenever they've would deem apropriate - would anyone believe that information obtained through such method would not be personal information, or could not be used to invade the privacy of someone?
[ link to this | view in chronology ]
Peeved, 4 Sep 2013 @ 9:19am

Release
The biggest problem here is NOT sensitivity about "releasing identifiable personal data" it is the practice of gathering it at all. Seems characteristically misleading once again.
[ link to this | view in chronology ]
Molly, 4 Sep 2013 @ 9:48am

So we�ve asked agencies to set up governance and be very diligent on issues related to privacy, confidentiality, or national security.

Sorry, that doesn't cut the mustard. Self policing just isn't effective and hasn't been happening.
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2013 @ 10:04am

The President wants his metadata secret
The administration just got a court to say that the white house visitor logs can be secret - Even though it's just metadata.

http://thehill.com/blogs/regwatch/court-battles/319671-court-rules-white-house-visitor- logs-can-remain-secret
[ link to this | view in chronology ]
Anonymous Coward, 4 Sep 2013 @ 11:02am

Metadata only details a person's past, present and possible future travel locations. Who you called and who calls you. Your name, address and telephone number. Call times, call lengths and who you call most often.

The web pages you visit, the applications you download, the software you use, credit card orders, online chat and email contacts.

What time you go to sleep, wake up, where you work and what time you get off work.

That's all.
[ link to this | view in chronology ]
Anonymous Coward, 8 Sep 2013 @ 6:23am

"...tiny bits of metadata, when combined with other tiny bits of metadata can reveal a ton of information about someone [or something]"

As is likewise the case with information of the type released by persons like Manning and Snowden.
[ link to this | view in chronology ]