DARPA sets privacy rules for its programs

As the government agency responsible for much of the nation’s cutting-edge research, the Defense Advanced Research Projects Agency  has been at the forefront of technologies such as the Internet and the Global Positioning System. But some of its research, such as work on the Total Information Awareness program, which was designed to mine and analyze public data in search of terrorist activities, raised concerns about data privacy.

To counter these concerns, DARPA has developed a set of privacy principles intended to address privacy implications throughout a program’s life cycle. On its Web site, the agency said it will resolve to consistently examine how its research affects privacy; analyze the privacy dimensions of ongoing research regarding ethical, legal and societal implications; and to transparently respond to the findings of its assessments for unclassified work and ensure independent review of classified work to address privacy issues.

The agency said that its privacy guidelines are consistent with President Obama’s May 2010 National Security Strategy addressing privacy-related issues.

To meet its responsibilities, DARPA has taken three steps:

On research, the agency has engaged the National Academy of Sciences to undertake a study on the ethical and societal implications of technological advances in a global, democratized and rapidly changing environment.

For internal controls, DARPA has assigned an internal privacy ombudsman to closely work with the Defense Department's Privacy Office. The agency will create an independent privacy review panel to assess existing and emerging privacy laws, regulations, technologies and norms to analyze their potential. The panel will consist of leading scholars, and policy and technology experts in the privacy field. The experts will help DARPA meet its responsibilities to research and develop novel technologies while addressing privacy issues and concerns.

To conduct internal reviews, DARPA has established an Ethical, Legal and Social Implications Working Group with the National Science Foundation to identify, analyze and address the ELSI of personally identifiable information during scientific development activities. This work is not only to identify theft and cyber crime interests, but also by the national security concerns associated with operations security and the protection of sources and methods. According to DARPA, the board is an extension of the Institutional Review Board model of shared responsibility, which allows all participants equal responsibility for protecting privacy.