DHS Privacy Office Report on MATRIX
The Privacy Office of the Department of Homeland Security has issued a report on MATRIX: The Multistate Anti-Terrorism Information Exchange. MATRIX is a now-defunct data mining and data sharing program among federal, state, and local law enforcement agencies, one of the many data-mining programs going on in government (TIA—Total Information Awareness—being the most famous, and Tangram being the newest).
The report is short, and very critical of the program’s inattention to privacy and lack of transparency. That’s probably why it was released to the public just before Christmas, burying it in the media.
Davi Ottenheimer • January 3, 2007 1:07 PM
I suppose this is irrelevant to the report, but the first thing that jumped out at me (aside from the ridiculous name) was that the giant cover graphic has the shared 1 and Uplink ports both filled…no wonder they had trouble.
Reads like a typical postmortem for scary information systems projects:
1) unclear objectives
2) failure to adequately assess risks
3) lack of documentation/guidelines
4) weak authorization lines (e.g when to aggregate data) with no auditing
So they experienced scope creep/wander, ran right into predictable roadblocks, had to stop and write guidelines midstream, and grafted on audit/log capability at the end.
Although the report talks about a lack of transparency as the root of the problem, it seems to me it would have only helped if the project had also been able to address the four points mentioned above.
Most interesting, I thought, was that they moved from a centralized model to a more sensible decentralized (federated?) one where states could keep their own data, and they defined “authorized use” including a separation of public data from commercial. That lesson seems particularly relevant given recent news of unified database projects like OneDOJ