Various U.S. government agencies have been conducting research on how best to meet the challenge of privacy in the digital age, with investigations of a wide range of technology issues including encryption, data tagging, sensors, healthcare records and clinical informatics.
As useful as this research eventually may become, the fragmented nature of these efforts poses a problem that plagues many federal IT projects: Individual agencies pursue their own agendas with little coordination. As a result, these efforts may not be as productive as they could be in terms of results.
The federal investment in privacy technology research has reached a point at which return on investment is a significant consideration.
The White House has initiated a project for assessing federal research in privacy technology and is seeking input from the private sector, as well as from government agencies and other interested parties. The deadline for responses is Oct. 17. The initiative covers not only in-house research by federal agencies, but also research conducted by federal contractors or recipients of federal grants.
Top Goals: Focus and Coordination
The National Privacy Research Strategy, or NPRS, “will establish objectives and prioritization guidance for federally funded privacy research, provide a framework for coordinating research and development in privacy-enhancing technologies, and encourage multidisciplinary research that recognizes the responsibilities of the government, the needs of society, and enhances opportunities for innovation in the digital realm,” reads a request for information from the Networking and Information Technology Research and Development Program, published by the National Science Foundation last month.
The initiative will serve as a catalyst to concentrate federal research resources against critical privacy challenges and to provide enduring objectives for research in privacy-enhancing technologies.
While the initiative will serve as a coordinating mechanism, research projects will be determined on an agency-by-agency basis.
“The NPRS will guide research in privacy funded by various federal agencies. The NPRS objectives and guidance will be reflected in the goals and requirements of specific funding opportunities, as issued by the specific agencies,” Mark Luker, associate director at NITRD, told the E-Commerce Times.
“Agencies will incorporate the NPRS guidance into their R&D programs as appropriate, based on their missions. Furthermore, while the NPRS will provide research guidance and priorities, decisions about specific spending in support of the strategy will be done at the agency level as well,” he said.
The 17 agency members of NITRD include units of the Defense and Energy Departments, The National Institute of Standards and Technology, the Environmental Protection Agency, the Department of Homeland Security, the National Science Foundation and the National Aeronautics and Space Administration. Collectively, all members of NITRD spend nearly US$80 million per year on privacy research activities.
While these agencies are pursuing research aimed at a wide range of privacy activities, current and future impacts of the digital world will require more effort.
“Many challenges remain in areas such as privacy-preserving solutions for data integration and data mining, methods and solutions for managing privacy in electronic health information systems, usage-based controls on privacy, and techniques to express user preferences related to data use, or methods for quantifying risks and harms to privacy of individuals,” NITRD said.
“Furthermore, new technologies such as wearable computing (e.g., glasses with cameras, biomedical sensors), embedded computing (e.g., Internet of Things), or cyberphysical systems (e.g., the smart grid) create new contexts in which privacy can be challenged and that require targeted technologies to support personal privacy,” NITRD says in its RFI.
The coordinating aspect of the NITRD effort should benefit agency research efforts.
“We can use this coordination to better support our research mission as well as specific research directives. It helps us all to identify opportunities to support R&D efforts throughout the federal government,” she said.
While the White House Office of Technology Policy spurred NITRD to launch the privacy research assessment program, calls for better focusing federal privacy technology research have come from outside the government as well.
“This announcement is a really useful step forward,” Daniel Castro, senior analyst at the Information Technology and Innovation Foundation, told the E-Commerce Times.
“Right now, there is little coordination on privacy research across federal agencies. Moreover, many government agencies, as well as the private sector, are struggling with the same privacy-related challenges,” he said. “Coordinating research investment in privacy-enhancing technologies can help ensure that the most pressing challenges are addressed and that underfunded problems are not overlooked.”
Private Sector Views Encouraged
Private sector input into the NITRD Program will be significant, according to Luker.
“We encourage the private sector to participate in the development of the NPRS by providing input through the current Request for Information, and any additional RFIs or workshops” that may occur, he said.
“Once released, we encourage the private sector to implement their own initiatives that will be supportive of the objectives outlined in the NPRS,” Luker added.
“With regards to the private sector, there’s a lot of exchange of ideas between academia, industry and government, although not nearly enough. Ideally, this RFI will allow industry and government users to help identify the applied research problems they are facing, and this information can set the research agenda for academia,” ITIF’s Castro said.
“The private sector is also doing its own work on privacy-enhancing technology, and when presenting at conferences and publishing in journals, this feeds back into the broader body of research,” he pointed out.
“As participants in the National Privacy Research Forum, we look forward to getting feedback from the public about what kind of privacy research the federal government should be focusing on,” noted NIST’s Lefkovitz.
The RFI invites respondents to comment on two areas related to privacy research. The first is general policy issues, such as “describing one or more scenarios that illustrate a critical issue concerning privacy,” and “what capabilities are required to achieve it.” This discussion could include assessment capabilities, such as privacy requirements and risk-mitigation strategies.
The second topic for comment relates to more-specific technology impacts for developing an architecture to address privacy concerns:
- encoding privacy policies in machine-checkable forms and ensuring their compliance and auditability;
- managing the collection, retention, and dissemination of sensitive data; and
- ensuring the confidentiality and integrity of sensitive data, while enabling desired uses of them.
The comments will be posted online; NITRD has advised respondents that no business proprietary information, copyrighted information, or personally identifiable information should be submitted.