Protecting Privacy, Preventing Terror

What do your credit history, medical records and Flickr photo streams have in common with the 9-11 Commission?

A new, six-campus research effort, led by UMBC and funded by a five-year, $7.5 million Department of Defense grant sponsored by the Air Force Office of Scientific Research, hopes to turn the 9-11 Commission’s recommendations for better sharing of classified intelligence data into a workable, secure technology network.

What makes the project unusual is that the researchers hope their work will both help prevent future terror attacks and boost information security and privacy for average citizens.

Many pieces of the 9-11 plot puzzle weren't recognized until after the attacks due to inability or reluctance by intelligence agencies to share information. The 9-11 Commission Report recommended that the traditional U.S. intelligence culture of “need to know” be shifted to “need to share.” The challenge is getting the right information shared with the right people or agencies, while making sure that classified intel doesn’t fall into the wrong hands, foreign or domestic, or be misused.

The project is led by principal investigator and UMBC computer science professor Tim Finin, whose ebiquity research group specializes in deep data mining, security, privacy and new research frontiers of the Web, blogs, Twitter, social media and other areas. According to Finin, the new project should prove useful beyond the DOD sphere.

“There are plenty of real-world problems that we can work on that are not classified, such as balancing patient privacy with making sure the right doctor in an emergency can quickly access their medical records,” Finin said.

“Many of the principles of this research can apply to everyday scenarios where information is shared with the right people and protected from the wrong people, such as your location as determined by your cell phone, pictures from the family photo albums on Flickr or the details of your credit history.”

The UMBC team is partnered with researchers from the University of Illinois Urbana-Champaign, Purdue University, University of Michigan, University of Texas at San Antonio and University of Texas at Dallas. The grant was awarded as part of the Department of Defense’s Multi-disciplinary University Research Initiative (MURI) program.

“We want to create the science behind the idea of need to share,” said Anupam Joshi, a key member of the ebiquity group and frequent research partner of Finin. “We’ll be weighing what should be shared with whom and asking if we can balance the utility of sharing something with the risk of its getting disclosed,” said Joshi.

The project will develop new ways for organizations and individuals to express policies for sharing information that can be automatically understood and enforced by information systems.  Such policies will go beyond existing data access control mechanisms and 'digital rights management' schemes in their power to include a wider range of situational constraints and the ability to specify limitations on how the data can be used.

Several other UMBC computer science faculty members will lend their datamining and information security expertise to the effort, including Hillol Kargupta, Yelena Yesha and Alan Sherman. Earlier this year, the National Security Agency and Department of Homeland Security renewed UMBC’s designation as a Center of Academic Excellence in Information Assurance Research for its focus on IT security research.