Former CIA administrator talks technology

Correction appended

New approaches to information technology can better balance individual privacy and the interests of businesses, government, national security and technology, former CIA Chief of Staff Ron Lee ’80 said Thursday afternoon in a lecture in the new ORFE Building.

In addition to serving as CIA chief of staff, Lee is a former associate deputy U.S. attorney general and a former general counsel to the National Security Agency. He is currently a partner at the law firm Arnold & Porter LLP in Washington, D.C., which he joined in 1987.

Though he received his undergraduate degree in history, attended Yale Law School and has had a long legal career, Lee focused his talk on the technical aspects of national security.

Speaking before a small audience, Lee said that the government must engage in data mining — the practice of searching for records of suspicious purchases and online activity kept by some businesses — because “we as a country ... have a responsibility to catch bad people.”

But, he quickly added, “At what price [we maintain national security] is another question,” explaining that while data mining is necessary, there was a need for “legal and appropriate” ways to access and analyze personal data.

Lee also emphasized that legislation aiming to stop government data mining will not be a solution. “That’s not going to happen. It’s like trying to prevent the inevitable.”

No matter how data mining is defined and legislated against, “water goes around an obstacle,” Lee added.

He was, however, hopeful about the legal future of data mining. “There’s a way to improve the system, [so] that there is accountability and oversight,” he said.

Lee specifically mentioned identity management systems (IDMs) as a promising framework for data mining. IDMs, Lee said, have the idea of selective self-disclosure built into them.

These schemes allow individuals to “reveal only enough information to complete the transaction,” he explained.

IDMs guarantee individual privacy starting when clients give firms their personal data, Lee said.

Get the best of the ‘Prince’ delivered straight to your inbox. Subscribe now »

By limiting the data individuals release to each business, it becomes harder to piece together a complete individual profile from different data sources, he explained.

At the same time, this promise of greater privacy makes clients more willing to reveal slightly more information about themselves. This allows IDMs to tell customers, “I’ll give you a little bit more privacy if you can give me a little bit more info,” Lee noted.

In contrast to these IDMs, “back-end solutions” that “build in the privacy [only] after all this data has been entered into this database” are unwieldy, Lee said.

Correction

The initial version of this article incorrectly stated that the "back-end solutions" that Lee mentions allow the private sector to control how the government uses stored data and to deny the government access to information. In fact, private entities do not have the ability to restrict the government in such a manner.