Designing Technical Systems to Support Policy: Enterprise Architecture, Policy Appliances, and Civil Liberties

Abstract

It has become cliche to describe the relationship between security and liberty as one requiring the achievement of some optimal balance between two competing and irreconcilable needs. But such cliche is metaphorically misleading. There is no fulcrum point - as is implicit in the balance metaphor - at which point the correct amount of security and liberty can be achieved. Security and liberty are not dichotomous rivals to be traded one for another in a zero sum game. Rather, security and liberty are dual obligations of a liberal republic and each must be maximized within the constraints imposed by the other.

The events and subsequent investigations of 9/11 have highlighted the national security need for better information management, and for new technologies and techniques to improve collection, information sharing, and data analysis in counterterrorism applications. The need to manage vast data volumes and better "connect the dots" is uncontroverted and has been explicitly set out in a series of executive orders, national strategy documents, committee reports, and legislation.

However, emergent information technologies that can enable such improved information management and analysis processes also challenge traditional policy doctrines and legal structures premised in part on protecting individual liberty by maintaining privacy through the "practical obscurity" arising from inefficiencies in information acquisition, access, management, and analysis. Thus, to some observers, improving the ability of government agencies to "connect the dots" is seen to be in political conflict with the notion of keeping the power to "connect the dots" out of any one hand, particularly that of the central government. The result, as evidenced in the public debate, is a presumed implacable antagonism between security and privacy.

This chapter argues we do not need to resolve this Jacobin discordance in order to design information systems with technical features that can support a broad range of policies to mitigate privacy concerns and still meet security needs. Indeed, this chapter suggests that there is no inherent technical design conflict at all between security and privacy as the technical features required to support privacy policy are in large part the same technologies required to meet operational information assurance and data security needs in national security or law enforcement information sharing applications. Both national security and privacy policy require (i) that shared information be useful (that is, that data is accurate, reliable, and timely, and that it can be up-dated or corrected as needed), and (ii) that information be used appropriately according to policy rules. Technical features to support these concordant policy needs in information systems include rules-based processing, selective disclosure, data quality assurance, error correction, and strong authorization, logging, and audit functions (to control and record for review and oversight purposes what information goes where, under what constraints, and who has access to it).

This chapter discusses policy-enabling systems design (the Policy Appliance Reference Model) based on an enterprise architecture for knowledge management (a lifecycle approach to managing information from production to consumption as a product to support information process needs) that includes policy appliances (technical control mechanisms to enforce policy rules and ensure accountability in information systems), interacting with smart data (data that carries with it contextual relevant terms for its own use) and intelligent agents (queries that are self-credentialed, authenticating, or contextually adaptive).

This chapter provides an overview of the relationship between emerging policy process models, existing legal doctrines, and technical design choice in order to better understand the interdependence of technical architecture and policy implementation.