Presentation for FOCUS Winter School #FocusFP7

1. Open
Government
Data
Security Risk or
Mean for Threat Prevention?

2. Agenda
▪ Political Mindset
▪ What is Open Govt. Data and What Not
▪ OGD Risk Assessment
▪ Future prospects of OGD Security
Research

3. Datasets by Government or Public Body
http://datos.fundacionctic.org/sandbox/catalog/faceted/

4. Political Mindset

5.  Transparency
 Participation
 Collaboration
“My Administration is committed to creating an
Unprecedented level of openness in Government.“
Barack Obama, “Memorandum for the Heads of Executive Departments and Agencies -
Transparency and Open Government,” Jan. 2009.

7. Neelie Kroes
Vice-President of the European Commission
responsible for the Digital Agenda
“Take the example of public sector information –
possibly a €30 billion market in Europe. I have said it
before, and I say it again: yes to open data!”
“Lift-Off towards Open Government" conference, Brussels, 15 December 2010
http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/752

8. Re-Iteration
What is
Open Government Data
Why and What Not

9. Open Government Data
Open Government Data are data sets
released by the government on public
interest. Usage is unconstrained with
the right to re-share and re-purpose
without further notice.

10. Open Data Principles
 Complete
 From a Primary Resource
 Timely
 Easily Findable and Accessible
 Machine Processable
 Content shall be non-Discriminating
 Using Open Standards
 Liberal Licensing
 Reliable Resources
 Free of Charge or Non-Discriminating fees
[1] http://sunlightfoundation.com/policy/documents/ten-open-data-principles/
[2] von Lucke and C.P. Geiger, “Open Government Data - Frei verfügbare Daten des öffentlichen Sektors,” Dec. 2010.

11. Open Data Principles ctd.
 Non-personal
 Unclassified
● Non-negative economic, military or
security related effects

12. Examples

13. http://data.gov.au/data/?category=Emergencies

14. http://data.gov.uk/apps/crime-spy-uk

15. Why?
▪ More information leads to better decisions
● UK Audit Commission, “Improving information to support decision making: standards for
better quality data”, London, 2007.
▪ Higher degree of effectiveness & efficiency
● P. Weiss, "Borders in Cyberspace: Conflicting Public Sector Information Policies and their
Economic Impacts," ed: U.S. Department of Commerce, 2004.
▪ Strengthen trust in establishment
● R. Marcella and G. Baxter, "Information need, information seeking behaviour and
participation, with special reference to needs related to citizenship: results of a national
survey," Journal of Documentation, vol. 56, pp. 136-160, 2002.
▪ Leverage benefits of peer production
▪ New business models
● D. Tapscott and A. D. Williams, Wikinomics: How Mass Collaboration Changes Everything,
Expanded. Portfolio Trade, 2010.
▪ “Peoples right to know”

16. Open Govt. Data - What's Not
. /$$ /$$ /$$$$$$
.| $$ | $$ /$$__ $$
.| $$ /$$ /$$| $$ /$$$$$$$$| $$ __/ /$$$$$$ /$$$$$$$
.| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/
.| $$ | $$ | $$| $$ /$$$$/ ____ $$| $$$$$$$$| $$
.| $$ | $$ | $$| $$ /$$__/ /$$ $$| $$_____/| $$
.| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$
.|________/ ______/ |__/|________/ ______/ _______/ _______/
//Laughing at your security since 2011!
+
__
)| ________________________.------,_ _
_/o|_____/ ,____________.__;__,__,__,__,_Y...:::---===````// #anonymo
|========== ; ; ; ; ; __,____,_____ --__,-. OFF (( #anarchi
`----------|__,__/__,__/__/ )=))~(( '- THE #antisec
==== ~~ PIGS #lulzsec
`| === | ))~~ ```"""=,)) #fuckfbi
| === | |'---') #chingal
/ ==== / `====='
´------´

17. Open Govt. Data - What's Not (2)
Social Media Analysis – Mapping Publics Online
A. Bruns, J. Burges, K. Crawford, and F. Shaw, “#qldfloods and @QPSMedia: Crisis Communication on Twitter
in the 2011 South East Queensland Floods,” ARC Centre of Excellence for Creative Industries & Innovation (CCI),
Brisbane, Jan. 2012.

18. OGD Risk Assessment

22. Mashup?

23. http://afterschoolsf.org/

24. More …
● The Nuclear Regulatory Commission
publishes both the U.S. Nuclear Power
Reactor Inspection Reports (Data.gov
Dataset, 2010) and the U.S. Nuclear
Power Reactor Plant Status Reports
(Data.gov Dataset, 2010).
Can multiple nuclear power reports be
correlated to find weaknesses in a
nuclear power plant’s system?
V. Houghton and M. L. Garnar, “Data.gov: The Risks and Benefits of Transparency,”
University of Denver, Denver, LIS 4020, May 2011.

25. and more …
● The U.S. Geological Survey publishes
the National Water Information System
dataset with information on the
quantity and quality of potable water at
over 1.5 million sites around the U.S.
(Data.gov Dataset, 2002).
Can this data be used to contaminate
waterways with biotoxins rendering the
water undrinkable?

26. … even more
● Department of Agriculture publishes
geospatial data on global crop
conditions complete with satellite
imagery and weather data on
CropExplorer (Data.gov Dataset, 2010).
Can this geospatial data be used to
locate crops targeted for eradication via
infestation? When datasets are
combined, is there the potential to use
the data to commit biological warfare?

27. Actions and Prospect for
OGD Security Research

28. Actions
▪ Remove data sets?
● Problematic to assess the risks of open data,
without also assessing the opportunity
▪ Make data less granular?
● Security by obscurity seldom works
● Devaluation also leaves positive potential behind
● Not intended by the open data activists –
Pandora's box has been opened

29. Future research topics
▪ Are isolated data sets safe for release?
● Data of different federal bodies on one meta-platform
● Semantically linked, layered data
● Data enriched by other public sources like Social
Media Networks
▪ Selection of Open Data by govt. agencies based on
utility and risk assessment
▪ Data security on the gateway between internal data
systems and open data platforms

30. Model to assess the effective direction of open data,
incorporating risk and security research methodologies
+ overall net effect
+ security
- welfare + welfare
- security
- overall net effect

31. + net effect
+ security
- welfare + welfare
- security
- net effect

32. + net effect
+ security
- welfare + welfare
- security
- net effect

33. + net effect
+ security
Overall positive
- welfare + welfare
or negative effect ?
- security
- net effect

35. Thank you!
Questions & Contact: Dr. Johann Höchtl
Center for E-Governance
Danube University Krems, Austria
johann.hoechtl@donau-uni.ac.at
10. Security Conference Krems
FOCUS Dissemination Event
3. October 2012 Krems, Danube University Krems
Call for Papers now open:
http://www.donau-uni.ac.at/en/department/gpa/sicherheit/security/14962/index.php