TAMI Scenario 11

From TAMI

Jump to: navigation, search

Overview

This hypothetical scenario is designed to deal with distributed data and competing policies on the Web.

We observed the following challenges in auditing information usage activities on the Web

distributed data: in the current Web environment, it is most common for each entity and system to maintain its own transaction logs (of information usage) and use policies, so both of these kinds of information are distributed on the Web
linked data: any time information is passed from one entity or system to another, each has a transaction log record of the event, so it should be possible to trace data usage as it crosses organizational boundaries
distributed policy checking: a policy may consistently apply to use of particular data, which means it must be possible to apply policy to transactions or transaction log records that are distributed
policy confusion: a single data transaction may be governed by several applicable alternative policies and there may be conflicting results -- an over-ride relation is needed to properly apply the precedence of the rules and resolve such conflicts.
modeling laws: some laws have complicated semantics, and it is difficult to capture their semantics

Scenario Description

plot summary

Private Data: a private party collected some data about a suspicious incident and turned it over to local police (Florida government agency)
State Data: the local police investigated this incident by gathering information from various other government agencies and, then, provided a summary to the state fusion center
Federal Data: a federal agency, upon discovering the information in the fusion center, needs to decide whether to share related information. Its decision will be based upon whether the state agency's rules for releasing information are more liberal than the federal agency's.

Scenario 11 plot

TAMI Scenario 11 Plot lists the details of and links to all events in chronological ordered

Demo

Distributed Transaction Logs

Here, the logs are distributed at different government agencies. In what follows, each location maintains logs for the events in which they were involved. The global view requires aggregation of the six logs.

category	transaction log	statistics	live dump
Private Data	St. Lucie Plant Log	5 events	live RDF/XML dump
State Data	St. Lucie Police Log	16 events	live RDF/XML dump
	Florida DMV Log	4 events	live RDF/XML dump
	CFIX Log	2 events	live RDF/XML dump
Federal Data	NCIC Log	2 events	live RDF/XML dump
Federal Data	FBI Log	4 events	live RDF/XML dump

Distributed Policies

In this case, we consider different polices including state law and federal law. We only select a handful of polices from each law.

(State Law) Florida Sunshine Law - Public Records
(Federal Law) Privacy Act of 1974
(Federal Law) Freedom of Information Act (United States) (FOIA)

Variation 1: Conflicting Policies due to status change

In this variation, we evaluate potential conflicting policies via several hypothetical future events.

category	transaction log	statistics	live dump
Private Data	TAMI Log S11 V1	8 events	live RDF/XML dump

Potential conflict of policies (status change)

Demo (s11v1-1): Event 5b and Event 7 are required to disclose because it is compliant with Fla. Stat. Ch. 119.01(2)(a) (2008)

Demo (s11v1-2): Event 5b and Event 7 is required to disclose because it is compliant with Fla. Stat. Ch. 119.01(1) (2008)

Demo (s11v1-3): The collected IDW Record(v1) is classified as Criminal Information because it is compliant with Fla. Stat. Ch. 119.011(3)(a) (2008)

Demo (s11v1-5): Event 5b is not-compliant with Fla. Stat. Ch. 119.071(2)(c)1 (2008) because the referenced data (the SLPD record v2) is still active

Demo (s11v1-6): Event 7 is compliant with (permit: the data is required to be disclosed) Florida Sunshine Law because no exception was found (we simplified this case by only considering the above laws); however, Event 5b is not.

Variation 2: Conflicting Policies due to distributed log

In this case, FBI and St. Lucie Police Department may derived different results (whether a record is active) using different log data.

Potential conflict of policies (distributed log)

Demo (s11v2-1): (St. Lucie PD) Event 7 is compliant with (permit: the data is required to be disclosed) Florida Sunshine Law because no exception was found (we simplified this case by only considering the above laws).

Demo (s11v1-2): (FBI) Event 7 is not-compliant with Fla. Stat. Ch. 119.071(2)(c)1 (2008) because the referenced data (the SLPD record v2) is still active.

Demo (s11v2-3): (FBI) Event 7 is not compliant with (permit: the data is required to be disclosed) Florida Sunshine Law because the record is still considered active at FBI was found (we simplified this case by only considering the above laws).

Variation 3: Conflicting Policies due to distributed log (TODO)

In this case, FBI and St. Lucie Police Department may derived different results using different log data and laws.

Potential conflict of policies (distributed log)

there are at least three relations between a law and an event

law non-applicable-to event
- law applicable-to event
  - event compliant-with law
    - law permit event
    - law require event
  - event non-compliant-with law
    - law prohibit event

Apply Freedom of Information Act

Demo (s11v1-6): the collected IDW Record(v1) is compliant with the condition of a FOIA Exception

Demo (s11v1-7): the collected IDW Record(v1) is compliant with a FOIA Exception

Demo (s11v1-8): Event 5 is compliant with FOIA (a)

Demo (s11v1-9): Event 5 is non-compliant (non-applicable: the data is not required to be disclosed) with FOIA because exception was confirmed

Apply Privacy Act of 1974

Demo (s11v1-10): Event 5 is non-compliant one condition of Privacy Act of 1974

Demo (s11v1-11): Event 5 is compliant with Privacy Act of 1974 (b) because exception was confirmed (we simplified the case such that only check one exception)

Demo (s11v1-12): Event 5 is compliant (forbid: the data is required not to be disclosed) with the Privacy Act of 1974 because non exception has been confirmed