Comments On The Federal Data Strategy Action Plan

Regulation ¦ July 11th, 2019, 11:00 pm

Earlier this week I was invited to offer feedback on the 16 draft action items in the Federal Data Strategy at the Data Coalition and White House Office of Management and Budget joint forum. This is a summary of my analysis and feedback on the specifications of the federal data strategy action plan.

The strategy in question details a ten-year vision to ‘accelerate the use of data to support the foundations of democracy, deliver on mission, serve the public, and steward resources while protecting security, privacy and confidentiality.’ While this is a significant progression for data rights and privacy, we must consider the benefits pertaining to the communities that the action plan will affect, in terms of protecting privacy, security and confidentiality. If the purpose of the action plan is to ‘serve the public’ and ‘support the foundations of democracy’, one must identify and question how the general public will be involved in the conversation and contribute to the control and protection of their own data.

Universal Data Encryption and Public-Private Key Cryptography to Control Access to Data Assets

All data collected and managed by federal agencies should be encrypted, and access to the different data assets should be governed through a public key encryption via Access Control technology. This technology enables a limited set of admins to control the parties entitled to have access to specific data assets. Every party is given a private key, and only specified parties are entitled to have access to the respective data asset, as their private key is required to decrypt said data asset.

This best practice aligns with the ideas laid out for Action 3 (“Develop a Data Ethics Framework”) a method to enforce guidelines set in said Ethics Framework. Furthermore, it is of significant importance in Action 6 (“Pilot a One-Stop Standard Research Application”). Applications that are granted access should encompass the issue of a private key able to unlock the requested data asset. An additional benefit of using public-key encryption is an immutable blockchain record created each time a file has been accessed, thus providing accountability and transparency in the handling of governmental data. The aforementioned benefits are also of immense importance for Action 9 (“Improving Data Resources for AI Research and Development”) as access to high performance and high sensitivity AI models should be safeguarded, verified, and timestamped by public-key cryptography.

Personal Data Implications for the Federal Data Strategy Action Plan

Federal agencies handling personal data should, to the greatest extent possible, provide individuals data access rights similar to CCPA, most notably to “[k]now what personal data is being collected about them” and “[a]ccess their personal data,” as well as, where appropriate, delete specific data fields. Giving individuals the ability to control their own data is fundamental to Action 3 (“Develop a Data Ethics Framework”), and will improve mapped data across disparate governmental data silos — aiding efforts to avoid re-identification as per Action 4 (“Develop a Data Protection Toolkit”). Potentially, it could also act as a catalyst for Action 9 (“Improving Data Resources for AI Research and Development”), as individuals will then have the ability to permission their federal, or other, data for the purpose of developing and training machine learning algorithms.

Get the Data Digest in your inbox