Program on
Law Enforcement and National Security in the Information Age

Program Overview [print .pdf]:

New information technologies have the potential to significantly affect how information is collected, shared, analyzed, used, or manipulated by law enforcement and national security agencies in response to certain perceived threats posed by transnational terrorism, international organized crime, cross-border criminal gangs, cybercrime, or hostile information operations directed against national or global interests.  These technologies can enable remote observation or transaction monitoring (surveillance and identification), easy access to distributed data (information sharing), and efficiencies in processing and analysis (automated data and traffic analysis and data mining).  In addition, the use of (and reliance on) advanced information technologies by criminals or hostile interests provides opportunities for the employ of offensive and defensive information operations to counter these threats.

The Program on Law Enforcement and National Security in the Information Age ("PLENSIA") is mainly concerned with five issues: (1) the civil liberties and privacy implications of digital law enforcement and national security practices, (2) the operational and information security aspects of such practices, (3) the opportunities for advanced information technology to improve allocation of law enforcement and security resources, (4) the offensive and defensive use of information operations, and (5) protecting against and responding to cybercrime.

1. Civil liberties and privacy:

New information technologies can improve efficiencies in law enforcement and national security information collection, sharing, and analysis. Such developments, however, are challenging to political and legal systems, and social expectations, that are at least partially based on protecting certain civil liberties and individual freedoms by maintaining privacy through the “practical obscurity” of inefficient information access technologies and procedures.  On the one hand there is a need to "connect the dots" through improved information sharing and analysis to provide for collective security and on the other hand the notion of individual liberty in free society is at least partially built on keeping the power to easily "connect the dots" out of the control of government agencies by maintaining or imposing inefficiencies in information sharing through a system of checks and balances, due process, and technical constraints.

PLENSIA is focused on developing, examining, and articulating value sensitive development strategies that can take civil liberty and privacy concerns into account during technology development and can build in technical features that enable existing legal control mechanisms and related due process procedures for the protection of civil liberties to function. In particular, PLENSIA advocates organizational, procedural, and technical mechanisms premised on separating knowledge of behavior from knowledge of identity based on the anonymization of data (for data sharing, matching and analysis technologies) and the pseudonymization of identity (for identification and collection technologies). Technical requirements to support such strategies include rule-based processing, selective revelation, and strong credential and audit. [see related article]

2. Operational and information security:

Information sharing among law enforcement and intelligence agencies requires maintaining operational and information security. PLENSIA is focused on organizational, procedural, and technical mechanisms to maintain such security.

See also the Program on Telecommunications and Cybersecurity Policy [www.telecom-program.org] and the Program on Information Operations [www.information-warfare.info].

3. New tools for digital law enforcement
and national security applications:

Advanced collection, information sharing, and data analysis technologies, including data mining, can improve allocation of law enforcement and national security resources to more effective uses. PLENSIA examines these technologically-enabled opportunities and their effect on existing doctrine, policy, or practice. [see related data mining article]

4. Information operations:

Information is an instrument of national and global power. As such, control over its use, its protection, and its manipulation, are national and global security issues. This Program, together with the Program on Information Operations, Information Assurance, and Recovery/Resilience (the "Information Warfare Program") seeks to examine offensive and defensive aspects of information operations. [see www.information-warfare.info].

Related:

PLENSIA Director Kim Taipale presented Deconstructing Information Warfare to the Committee on Policy Consequences and Legal/Ethical Implications of Offensive Information Warfare, The National Academies, Washington, DC, Oct. 30, 2006.

PLENSIA Director Kim Taipale presented "Seeking Symmetry in Fourth Generation Warfare: Information Operations and the War of Ideas," at the Bantle-Institute for National Security and Counterterrorism (INSCT) Symposium: "Challenges in the Struggle Against Violent Extremism: Winning the War of Ideas" at Syracuse University on Mar. 29-30, 2006. [presentation slides available]

PLENSIA Director Kim Taipale presented paper on "Information as Warfare: Disrupting Terrorist Networks" at the Yale Information Society Project 2005 conference, "The Global Flow of Information," at the Yale Law School on Apr. 1-3, 2005.

5. Cybercrime:

Modern technologically mediated information-based economic and social systems are also subject to cyber-attack and facilitate cybercrime.

[See related NYLS course: Cybercrime, Cyberterrorism, and Digital Law Enforcement]

Cyber-attacks: Cyber-attacks can be malicious or accidental; can involve attacks by other nation states, organized groups, or individuals; and can be motivated by monetary gain, ill-will, or political interests. Cyber-attacks can be directed at governments, firms, or individuals. Cyber-attacks can involve the theft or destruction of information; the theft of services or financial assets; or the destruction of hardware or software infrastructure. Cyber-attacks can result in financial loss, business or service interruption, or infrastructure destruction. Cyber-attacks can be aimed directly at disrupting business or government services or can be launched in conjunction with physical attacks in order to magnify effects or prevent effective response. Developing effective law enforcement or national security policies to deal with cyber threats is a national priority.

Cybercrime: The global reach of the Internet, the low marginal cost of online activity, and the relative anonymity of users have changed the balance of forces that have previously served to keep in check certain undesirable behaviors in the physical world. These characteristics of "cyberspace" have lowered the cost of perpetrating undesirable behavior by eliminating certain barriers to entry, lowering transaction costs, and reducing the probability of getting caught. In addition, these characteristics make traditional enforcement strategies, particularly identifying and apprehending perpetrators after they commit online crime, both less effective and more expensive. At the same time, however, other characteristics of cyberspace provide new opportunities to control illegal acts. Unlike in the physical world, in cyberspace certain readily identifiable third parties – Internet service providers, telecommunication providers, and victims themselves – have exclusive or shared technical control over the infrastructure through which most illegal online behavior is carried out. These characteristics provide additional opportunities for innovative policy approaches to controlling undesirable behavior. [Related article: "Internet and Computer Crime: System Architecture as Crime Control"]

The Program on Law Enforcement and National Security in the Information Age, the Program on Information Operations, Information Assurance, and Recovery/Resilience (www.information-warfare.info), and the Program on Telecommunications and Cybersecurity (www.telecom-program.org) are focused on understanding these cyber-attack and cybercrime threats and developing policies to help prevent, mitigate, or respond to attacks.

PLENSIA Mission

PLENSIA is engaged in research, publication, and outreach projects and activities on these and related issues. PLENSIA seeks to influence national and international policy- and decision-makers at every level in both the public and private sectors by providing independent research and analysis, sound advice and insight, and a forum for objective analysis and discourse.

Download plensia.pdf to print.

K. A. Taipale, Executive Director, Center for Advanced Studies in Science and Technology Policy and a Senior Fellow at the World Policy Institute serves as Program Director. Mr. Taipale has over twenty-five years of diverse experience relating to information, communications, and technology issues and policy. [bio]

Links:

The Global Information Society Project Web Site
[www.global-info-society.org]

World Policy Institute (WPI)
[www.worldpolicy.org]

GISP Page on WPI Web Site
[www.worldpolicy.org/projects/gisp/]

Center for Advanced Studies in Science & Technology Policy
[www.advancedstudies.org]

Center for Advanced Studies Publications
[www.stilwell.org/cas/publications.html]

Program on Telecommunications and Cybersecurity
[www.telecom-program.org]

Program on Information Operations, Information Assurance, and State/Enterprise Resilience (Information Warfare Program)

Center for Law and Security at NYU Law School [link]

Information Society Project at Yale Law School [link]

Cybercrime, Cyberterrorism, and Digital Law Enforcement, New York Law School [link]