Policy appliances

Last updated

Policy appliances are technical control and logging mechanisms to enforce or reconcile policy rules (information use rules) and to ensure accountability in information systems. [1] Policy appliances can be used to enforce policy or other systems constraints within and among trusted systems.

The emerging global information society consists of many heterogeneous but interconnected systems that are governed or managed according to different policies, rules, or principles that meet local information management needs. For example, systems may be subject to different international, national or other political subdivision information disclosure or privacy laws; or different information management or security policies among or between government agencies, government and private sector information systems, or producers and consumers of proprietary information or intellectual property, etc.

This interconnected network of systems (for which the Internet as we currently know it serves as the transport layer) increasingly requires dynamic agreement (negotiation) and technical mediation as to which policies will govern information as it flows between or among systems (that is, what use policies will govern what information goes where, under what constraints, and who has access to it for what purposes, etc.). The alternative to developing these mediating mechanisms to provide automated policy negotiation and enforcement across interconnection between disparate systems is the increased "balkanization" or fragmentation of the Internet. [2]

Because no single policy can govern all systems or information needs, methods of reconciling differences between systems and then enforcing and monitoring agreed policies are necessary in order to share useful information and keep systems interconnected. Current static methods based on all-or-nothing access control are insufficient to meet variable information production and consumption needs, particularly when there are potentially competing policies (for example, the conflict between disclosure and privacy laws) that are contextually dependent. Access control mechanisms that simply control who has access between systems result in stove-piped information silos, "walled gardens", and increased network fragmentation. Policy appliance is a general term to describe dynamic, contextually-aware control mechanisms currently being researched and developed to enforce use policies between systems.

Although policy development and enforcement itself is a political or cultural process, not a technological one, technical systems architecture can be used to determine what policy opportunities exist by controlling the terms under which information is exchanged, or applications behave, across systems. In order to maintain the open transport, end-to-end principles embedded in the current Internet design – that is, to avoid hard-coding policy solutions in the transport layer or using strict access control regimes to segment the network – policy appliances are required to mediate between systems to facilitate information sharing, data exchange, and management process interoperability.

Policy appliances -- a generic term referring to any form of middleware that manages policy rules -- can mediate between data owners or producers, data aggregators, and data users, and among heterogeneous institutional systems or networks, to enforce, reconcile, and monitor agreed information management policies and laws across system (or between jurisdictions) with divergent information policies or needs. Policy appliances can interact with smart data (data that carries with it contextual relevant terms for its own use), intelligent agents (queries that are self-credentialed, authenticating, or contextually adaptive), or context-aware applications to control information flows, protect security and confidentiality, and maintain privacy.

Policy appliances support policy-based information management processes by enabling rules-based processing, selective disclosure, and accountability and oversight.

Examples of policy appliance technologies for rules-based processing include analytic filters, contextual search, semantic programs, labeling and wrapper tools, and DRM, among others; policy appliance technologies for selective disclosure include anonymization, content personalization, subscription and publishing tools, among others; and, policy appliance technologies for accountability and oversight include authentication, authorization, immutable and non-repudiable logging, and audit tools, among others.

Control and accountability over policy appliances between competing systems is becoming a key determinant in policy implementation and enforcement, and will continue to be subject to ongoing international and national political, corporate and bureaucratic struggle. Transparency, together with immutable and non-repudiable logs, are necessary to ensure accountability and compliance for both political, operational and civil liberties policy needs. Increasingly, international and national information policy and law will need to rely on technical means of enforcement and accountability through policy appliances.

Related Research Articles

Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible or intangible. Information security's primary focus is the balanced protection of the confidentiality, integrity, and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves:

Information Awareness Office DARPA division overseeing the "Total Information Awareness" program

The Information Awareness Office (IAO) was established by the United States Defense Advanced Research Projects Agency (DARPA) in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to U.S. national security by achieving "Total Information Awareness" (TIA).

Total Information Awareness US mass detection program

Total Information Awareness (TIA) was a mass detection program by the United States Information Awareness Office. It operated under this title from February to May 2003 before being renamed Terrorism Information Awareness.

Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. It is also known as data privacy or data protection.

Medical privacy or health privacy is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility, and to modesty in medical settings. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) and patient care management systems (PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.

Health Insurance Portability and Accountability Act United States federal law concerning health information

The Health Insurance Portability and Accountability Act of 1996 is a United States federal statute enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It was created primarily to modernize the flow of healthcare information, stipulate how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

Privacy law refers to the laws that deal with the regulation, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handing sensitive information.

Data governance is a term used on both a macro and a micro level. The former is a political concept and forms part of international relations and Internet governance; the latter is a data management concept and forms part of corporate data governance.

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow online users to protect the privacy of their personally identifiable information (PII) provided to and handled by services or applications. PETs use techniques to minimize possession of personal data without losing the functionality of an information system. Generally speaking, PETs can be categorized as hard and soft privacy technologies.

Social translucence is a term that was proposed by Thomas Erickson and Wendy Kellogg to refer to "design digital systems that support coherent behavior by making participants and their activities visible to one another".

The United States Federal Trade Commission's fair information practice principles (FIPPs) are guidelines that represent widely accepted concepts concerning fair information practice in an electronic marketplace.

Communication privacy management (CPM), originally known as communication boundary management, is a systematic research theory designed to develop an evidence-based understanding of the way people make decisions about revealing and concealing private information. CPM theory suggests that individuals maintain and coordinate privacy boundaries with various communication partners depending on the perceived benefits and costs of information disclosure. It was first developed by Sandra Petronio in 1991.

Cyber Insider Threat, or CINDER, is a digital threat method. In 2010, DARPA initiated a program under the same name to develop novel approaches to the detection of activities within military-interest networks that are consistent with the activities of cyber espionage.

The Financial Sector Legislative Reforms Commission (FSLRC) is a body set up by the Government of India, Ministry of Finance, on 24 March 2011, to review and rewrite the legal-institutional architecture of the Indian financial sector. This Commission is chaired by a former Judge of the Supreme Court of India, Justice B. N. Srikrishna and has an eclectic mix of expert members drawn from the fields of finance, economics, public administration, law etc.

Contextual integrity is a theory of privacy developed by Helen Nissenbaum and presented in her book Privacy In Context: Technology, Policy, and the Integrity of Social Life.

Privacy in education refers to the broad area of ideologies, practices, and legislation that involve the privacy rights of individuals in the education system. Concepts that are commonly associated with privacy in education include the expectation of privacy, the Family Educational Rights and Privacy Act (FERPA), the Fourth Amendment, and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Most privacy in education concerns relate to the protection of student data and the privacy of medical records. Many scholars are engaging in an academic discussion that covers the scope of students’ privacy rights, from student in K-12 and even higher education, and the management of student data in an age of rapid access and dissemination of information.

Spatial cloaking is a privacy mechanism that is used to satisfy specific privacy requirements by blurring users’ exact locations into cloaked regions. This technique is usually integrated into applications in various environments to minimize the disclosure of private information when users request location-based service. Since the database server does not receive the accurate location information, a set including the satisfying solution would be sent back to the user. General privacy requirements include K-anonymity, maximum area, and minimum area.

References

  1. The use of policy appliances in this context was first described in K. A. Taipale, "Designing Technical Systems to Support Policy: Enterprise Architecture, Policy Appliances, and Civil Liberties", in Emergent Information Technologies and Enabling Policies for Counter Terrorism (Robert Popp and John Yen, eds., Wiley-IEEE Press, Mar. 2006)
  2. Internet panel: "Balkanization" looms, ars technica (Oct. 12, 2006)

See also

See also, Technology, Security, and Privacy: The Fear of Frankenstein, the Mythology of Privacy, and the Lessons of King Ludd, 7 Yale J. L. & Tech. 123; 9 Intl. J. Comm. L. & Pol'y 8 (2004) at 56-58 (discussing “privacy appliances” to enforce rules and provide accountability). The concept of privacy appliances originated with the DARPA Total Information Awareness project. See Presentation by Dr. John Poindexter, Director, Information Awareness Office (IAO), DARPA, at DARPA-Tech 2002 Conference, Anaheim, CA (Aug. 2, 2002); ISAT 2002 Study, Security with Privacy (Dec. 13, 2002); and IAO Report to Congress regarding the Terrorism Information Awareness Program at A-13 (May 20, 2003) in response to Consolidated Appropriations Resolution, 2003, No.108-7, Division M, §111(b) [signed Feb. 20, 2003].