Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« State-Level Breach Notice Laws as of June 7, 2006 | Main | Privacy Gurus and Tech Giants Speak to Congress on 6/20 About the Need for a Unified Data Protection Law »

Semantic web and privacy

Over the past few weeks I have been intrigued with semantic web and the impact of it upon privacy and security.  I was at CSI's NetSec in Scottsdale, AZ last week (followed by a wonderful first visit to the Grand Canyon...and then some hardware problems...AARRRRGGGGHHHHH!!!!!...thus my lack of blog postings), and I was surprised that no one I spoke with (admittedly a small fraction of the total number of attendees) had heard of semantic web.

Semantic web has actually been in the news lately.  For example,

  • NSA Looking At Social-Networking Spaces - "Bajarin also mentioned that the NSA searches are also tying into a time when the Internet is evolving towards what's known as the "semantic Web." With simple code revisions to major Web sites, the Internet's content becomes far easier to search through and index, larger systems and search engines seeing the structure of the Internet in a more logical, easily searchable way. "While it (the "semantic Web") might help surveillance, it helps make searches more accurate," Bajarin said. "It would have to help data mining and surveillance efforts to some degree. If you want serious data mining done for lower-level access, you'd need legal access to the back end."  Others have wondered about the NSA's logic in tracking terrorist connections through social-networking sites such as MySpace.com and Facebook.com."
  • Pentagon datamines social networks - "New Scientist reports that the Pentagon is datamining social networks.  This is to allow the US government to draw up detailed personal profiles of individuals, according to what they post to the internet.  It is also intended to work out which individuals are connected to blacklisted organisations, either directly, or through people they interact with online.  Ironically, attempts by the W3C to make the web more interaccessible via different data formats - the so-called semantic web, using the Resource Description Framework (RDF) - will expedite this process. "
  • Inventor of 'Semantic Web' hired as RPI professor - "He is recognized as one of the inventors of the "Semantic Web," which is the development of a language for the Internet that can be understood by computers. Such a system can allow far fuller use of the Web, Hendler said. "As a simple example, imagine being able to search the Web for 'the scene where the guy throws his hat at a statue and its head falls off' and finding the right clip from the movie Goldfinger to download to your hand-held video device," Hendler said in a statement released by Rensselaer."

Several web sites are devoted to semantic web, such as W3C and the Semantic Web Community portal.

Much has been written about semantic web in various universities.  For example, just a few include:

It certainly has great potential...imagine the computing power! 

However, when delving into the possibilities, there are certainly significant privacy issues to consider in the way it is used, and the impact of incorrect labelings and codings. 

Consider a 1000 piece jigsaw puzzle of a blue lake and blue sky...looking at just one piece at a time would not tell someone what the completed puzzle would look like.  Even looking at a few connected pieces would not tell much more of significance.  However, by putting together significant portions of the puzzle, eventually leading to puzzle completion, everything about the picture becomes clearly obvious.  The semantic web holds that same potential for piecing together the private lives of people; taking a piece from here and a piece from there to form the complete picture about an individual.  A huge risk is when the semantic web does not interpret the pieces correctly, makes vastly inaccurate conclusions, and subsequent mistakes are made that negatively impact lives.  Similar to the profiling programs used by the TSA that have resulted in a few incorrect interpretations of travellers that resulted in significant impacts to their otherwise comparatively normal lives, only on a potentially larger scale.

There is much more to say about this...more research first, however...

Technorati Tags





 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on June 19, 2006 9:24 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/107

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.