From The Brookings Institution,
An Invitational Discussion held at the Brookings Institution

Thursday, June 05, 2003

Sponsored by The Brookings Institution - Information Technology Services group, Ascential Software, and the Computer Ethics Institute, this meeting brought together 35 technologists, government officials, legislators, and public policy scholars. The discussion focused on the following three questions:

1. How can information technologies assist in maintaining a secure homeland?
2. What issues - legal, cultural, ethical ad organization - may arise from the implementation of these IT solutions?
3. What operational framework should policy makers use to maximize the benefits and minimize the harm of implementing these information technology solutions in the post-9/11 environment?

One participant opened the meeting by explaining that, unlike other gatherings on this topic in which people talked past each other, the goal for today was dialog that could lead to better understanding of the issues, awareness of obstacles and identification of potential next steps.

Another participant noted that the group was not engaged in a zero-sum game, because the nation can't have civil liberties without security and can't have security without civil liberties. Another important observation was that while technology can be seen as a threat to civil liberties, it can also be harnessed to protect them. The questions that the group needed to investigate were

1. What information do we need to have? How does it differ from what we needed in the past?
2. How do we get the required information?
3. What restrictions can be placed on the information?
4. Who should decide on those restrictions?
5. How can we harness technology for good purposes?

The information we need today is different from that needed in the past because with terrorism, it is difficult to know who constitutes a threat, where the threat might appear, and what the targets might be. Additionally, much of the required information is in the private sector, not the government.

Another speaker noted that during the Cold War, there were no rules about privacy; the definition of the enemy - and therefore the lengths to which the government could go - kept expanding. It wasn't until Watergate that accountability and judicial oversight became important concepts. Nonetheless, many agencies continue to use data without guidelines or oversight. The Patriot Act, which was rushed through Congress, has resulted in fewer restraints on data use in the government than exist in the private sector.

Trust was identified as important as the concrete things that technology can do. Trust must be developed or technological solutions will not be practical. Additionally, trust must be considered in the post 9/11 context, which is different from the previous context. Finally, trust needs to be built outside conventional political biases or territoriality.

However, as one participant noted, "Trust but verify," a slogan of the Cold War intelligence community, is difficult today because of the inability to verify how data is being used. The government doesn't act as a single unit, and some agencies don't trust what other agencies will do with their data. People hoard the "good stuff" because it is a source of power. Moreover, we need to go beyond technologies that find things above the radar but not under the radar. Also, technology and policy people must work together from the start to ensure the ability to audit and control. Massive integrations of data bases often strip metadata that enables verification. The challenge is to pay attention to people, their sensitivities, and their culture so that the structure persists after the emergency is over. But to build a trustworthy structure takes leadership, a framework, and application of the framework to ensure the quality of the data.

During discussion of the future, one speaker noted that OMB is promoting shared services and architectures, as well as the inclusion of state and local participation in open network systems. In addition, CIOs at the federal level are being made responsible for data linkage and usage through the Paperwork Reduction Act and the Data Quality Act. Another speaker discussed why eventually the news media should be involved in this situation because press coverage can influence public opinion and put a spotlight on the issue. Educating the press is important; otherwise, people with agendas will use the media to promote their cases.

Discussion of future steps saw a variety of responses:

• Develop strong leadership, with a willingness to define expectations and deadlines.
• Define specific goals; avoid generalities.
• Look at alternative frameworks, particularly those that do not pit the government against the people or the world.
• Carefully define what we need to know, what good intelligence is.
• Take privacy seriously and work toward consensus.
• Find out what systems currently exist that deal with the issues previously discussed.
• Determine accountability.
• Bring together groups to work on problems, not just federal government people.
• Frame the questions/issues involved.
• Include private sector, local/state.
• Don't depend on the judiciary to balance civil liberties and security; security always wins out.
• Determine current and future expectations of privacy.
• Focus more specifically rather than trying to cover everything.
• Get more tactical than philosophical.
• Depolarize the issue.
• Consider opportunities to experiment/explore before a crisis; do the difficult research.
• Understand the psychology of human behavior, especially in an environment in which information is power.
• Continue this group as an ongoing forum.
• Determine strategies for dealing with many overseers (rather than a single CEO) in the federal government.
• Have small groups evaluate case studies.
• Provide education.
• Establish a research agenda