Advertisement

U.S. should immunize big data transfers during disasters, attacks — report

Companies that share customers' personal data with federal agencies during a natural disaster or major cyber or terror attack would get legal immunity under a "good Samaritan framework," called for in a draft report to the Obama administration.

Companies that share customers’ personal data with federal agencies during a natural disaster or major cyber or terror attack would get legal immunity under a “good Samaritan framework,” called for in a draft report to the Obama administration.

The National Security Telecommunications Advisory Committee, a telecom industry body, said, “The framework should afford standard agreed upon protections to entities sharing data in good faith” during such a major incident. 

“The framework should pre-establish general rules between the Government and the participating private sector organizations to define the appropriate use of [such shared] data” states the report, titled NSTAC Report to the President on Big Data Analytics.

Specifically, the framework ought to “clarify rules regarding the protection of privacy, data use, ownership, storage, retention, accidental disclosure, and deletion.”

Advertisement

NSTAC’s 21 members are meeting Wednesday in Palo Alto, California, to approve the draft, which will then be formally submitted to the White House. The committee, meeting in Silicon Valley for the first time, will be briefed by Cabinet-level officials including Commerce Secretary Penny Pritzker, Homeland Security Secretary Jeh Johnson and Defense Secretary Ash Carter — all part of the administration’s effort to cross-fertilize some of the valley’s legendary innovation into the sometimes creaky edifice of the federal government.

Addressing the huge volumes of data now available through online devices, the report notes that many newer smartphones and tablets feature “advanced sensors such as high definition microphones, text, cameras, accelerometers, barometers, and more.

“In the future — depending on data agreements between the State government, local law enforcement, and mobile phone carriers — some jurisdictions may have the ability to enable callers to share situational data with [911] operators when a user places an emergency call.”

This “data exhaust” could be crucial to authorities seeking to assess a major incident. “To have the full potential of these technological advancements, it is critical to develop the needed frameworks for data sharing,” the report states.

Big data analysis, or BDA, might also be able to thwart terrorist planning and preparation for an attack in the homeland, the report states, echoing the intent of the controversial Pentagon project in the aftermath of Sept. 11 dubbed Total Information Awareness.

Advertisement

In their hypothetical “use case,” the reports authors envisage that the terrorist planners sometimes use oblique or coded, though unencrypted, messaging — including through social media.

By the time the planners are ready to launch their attack, “there is a significant amount of disjointed information contained in a variety of data sources that point to an eminent [sic] threat … This is the first pivotal point for BDA to play a substantial role in preventing the event.”

By the time the day of the attack arrives, “BDA processes have identified a potential threat and collection of meaningful data intensifies. Correlation of travel itineraries, car rentals and credit card purchases can possibly pinpoint the targeted locations and the individuals that have been dispatched to each location.” 

Contact the reporter on this story via email Shaun.Waterman@FedScoop.com, or follow him on Twitter @WatermanReports.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email Shaun.Waterman@FedScoop.com, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at CyberScoop.com.

Latest Podcasts