This page links to research, working papers, articles, presentations and other material relating to CAS work on the use of trusted systems for security or social control. In particular, this project stage is focused on the use of identification and the authentication of identity and reputation to mediate trust-based systems ("trusted systems").
Trusted systems for purposes of this research are systems in which some conditional prediction about the behavior of people or objects within the system has been determined prior to authorizing access to system resources. For example, trusted systems include the use of "security envelopes" in national security and counterterrorism applications, "trusted computing" initiatives in technical systems security, and the use of identity or credit scoring systems in financial and anti-fraud applications; in general, they include any system (i) in which probabilistic threat or risk analysis is used to assess "trust" for decision-making before authorizing access or for allocating security resources against likely threats (including their use in the design of systems constraints to control behavior within the system), or (ii) in which deviation analysis or systems surveillance is used to insure that behavior within systems complies with expected or authorized parameters..
The adoption of these authorization-based security strategies (where the default state is DEFAULT=DENY) for counterterrorism and anti-fraud is helping accelerate the ongoing transformation of modern societies from a notional Beccarian model of criminal justice based on accountability for deviant actions after they occur, see Cesare Beccaria, On Crimes and Punishment (1764), to a Foucauldian model based on authorization, preemption, and general social compliance through ubiquitous preventative surveillance and control through system constraints. See Michel Foucault, Discipline and Punish (1975, Alan Sheridan, tr., 1977, 1995). [And, ultimately, to a Deleuzian model of a "control society," see Gilles Deleuze, Postscript on Control Societies, L'Autre Journal, No. 1 (May 1990)].
In this emergent model, "security" is geared not towards policing but to risk management through surveillance, exchange of information, auditing, communication, and classification. These developments have led to general concerns about individual privacy and civil liberty and to a broader philosophical debate about the appropriate forms of social governance methodologies. Our work in this area examines these issues.
K. A. Taipale, "Who Am I? Authenticating Identity and Reputation in Trust-based Systems," CAS Working Paper No. 05:09:01 (2005-2006) (incorporates "ID-me: Using Identity Registrars to Eliminate Identity Theft and Protect Privacy," 2005)
K. A. Taipale, "Play Room in the National Security State," CAS Working Paper No. 05:05:15 (2005-2006); The Surveillancce Society: Play Room in the Nationa Security State (2007).
"DEFAULT=DENY: Mediating Trust in the Panopticon"
K. A. Taipale, "The Trusted Systems Problem: Security Envelopes, Statistical Threat Analysis, and the Presumption of Innocence," Homeland SecurityTrends and Controversies, IEEE Intelligent Systems, Vol. 20 No. 5, pp. 8082 (Sept./Oct. 2005).
K. A. Taipale, "Technology, Security and Privacy: The Fear of Frankenstein, the Mythology of Privacy and the Lessons of King Ludd," 7 Yale J. L. & Tech. 123; 9 Int'l J. Comm. L. & Pol'y 8 (Dec. 2004).
K. A. Taipale, "Data Mining and Domestic Security: Connecting the Dots to Make Sense of Data," 5 Colum. Sci. & Tech. L. Rev. 2 (Dec. 2003).
Papers, abstracts, project descriptions:
K. A. Taipale, "Transnational Intelligence and Surveillance: Security Envelopes, Trusted Systems, and the Panoptic Global Security State," [ABSTRACT] Working Paper No. 05:06:01 [invted paper prepared for presentation at the 'Beyond Terror: A New Security Agenda' Conference, Watson Institute for International Studies, Brown University, Providence , RI, June 3-4, 2005,].
Identity and Identification Research: Identity Commons [preliminary project description].
K. A. Taipale, "Designing Technical Systems to Support Policy: Enterprise Architecture, Policy Appliances, and Civil Liberties," Chapter 9.4 [9.4-introduction] in "Emergent Information Technologies and Enabling Policies for Counter Terrorism" (Robert Popp and John Yen, eds., IEEE Press, forthcoming 2005). See also Policy Alliance Reference Model.
"Science and Technology: Identity Theft: Policy Implications" presented at The Heritage Foundation, Washington, DC, Nov. 2, 2005. [download presentation ]
"Technical and Policy Challenges: Implications for Evolving Business Models" presented at the 16th Annual Economic Crimes Institute Conference, Tysons Corner, VA, Oct. 24, 2005. [download presentation]
"Technology, Policy, and Cultural Dimensions of Biometric Systems: Information Sharing," presented at Computer Science and Telecommunications Board, The National Academies, Washington, DC, Mar. 15-16, 2005 [agenda][download presentation]
"Public Safety vs. Personal Privacy: The Case For and Against Secure Flight" presented at the InfoSecurity 2004 conference, New York, Dec. 8, 2004 [download presentation]
"Technology, Security, and Anonymity: Redefining the Problem Statement," presented at the WWICS/AAAS/ABA Roundtable "Can Anonymity Survive in Post-9/11 Society," Woodrow Wilson Center, Washington, DC (May 4, 2004) [download presentation]
"Identification Systems and Domestic Security: Who's Who in Whoville" Potomac Institute for Policy Studies, Arlington, VA, "The Politics and Law of Identity and Identification in the Context of the War on Terror," Jan. 28, 2004 [download presentation]
"Not Issuing Driver's Licenses to Illegal Aliens is Bad for National Security," PLENSIA 12/2004. [Full statement]
"Who's Who in Whoville? Congress should not rush to legislate a massive government identity surveillance system under the press of a politically expedient deadline without considering alternatives that can meet legitimate law enforcement and national security needs while still protecting privacy," PLENSIA conference October 29, 2005. [Full Statement]
The Center for Advanced Studies in Science and Technology Policy is a private, non-partisan research and advisory organization focused on information, technology and national security policy and related issues.
Kim Taipale, BA, JD (New York University); MA, EdM, LLM (Columbia University), is the founder and executive director of the Center.
The Center seeks to inform and influence national and international policy- and decision-makers in both the public and private sectors by providing sound, objective analysis and advice, in particular by identifying and articulating issues that lie at the intersection of technologically enabled change and existing practice in policy, law and industry.
In addition to its independent research activities and public engagements [see news and publications], the Center provides select advisory services to policy-makers in government and decision-makers in the private sector [see advisory services].
The Center is also a partner in the Global Information Society Project, a joint research effort of the Center and the World Policy Institute. The Global Information Society Project has research programs in Law Enforcement and National Security in the Information Age, Telecommunications and Spectrum Policy, Information Warfare (Information Operations, Information Assurance and Operational Resilience), Environment and Energy Policy, and Intellectual Property and Trade, among others [see research programs].
Areas of Focus:
Information Policy: National and domestic security and civil liberties (including privacy), cybersecurity and computer crime, telecommunications and spectrum, intellectual property, innovation and antitrust, internet and free speech. Information policy and free trade, globalization and global security, international jurisdiction, internet governance. Information management, institutional and organizational architecture and business process engineering.
Enabling Technologies: Data aggregation, data integration, data fusion, data analysis, data mining, artificial intelligence, decision support, distributed networks, enterprise architecture, distributed computing, wireless communication, remote sensing, nanotechnology, identification, authentication, network and computer security, biometrics, cryptography, rule-based processing, digital rights management, knowledge management.
Security Applications: Foreign intelligence (FI), defense intelligence (DI), counter intelligence (CI), domestic intelligence, homeland security, law enforcement, counter terrorism, regulatory compliance, corporate and enterprise security, corporate intelligence, competitive intelligence, systems security, cybersecurity, information security (INFOSEC), communication security (COMMSEC), information assurance (IA), information warfare (IW), information operations (IO), computer network operations (CNO), computer network attack (CNA), computer network exploitation (CNE), computer network defense (CND), psychological operations (PSYOPS), netcentric strategy, environmental monitoring, international relations and global security.