DARPA is the principal agency within the Department of Defense for high-risk, high-payoff research, development and demonstration of new technologies and systems that serve the warfighter and the Nation’s defense. DARPA’s core mission is to prevent and create technological strategic surprise for the United States. The Agency has a rich 50-year history of successes ranging from the Internet to GPS, stealth, and UAVs, but these advances, now ubiquitous, were once the source of discomfort and unease. Such is the nature of work performed at the Agency. Many of the now ubiquitous technologies pioneered at DARPA were once considered impossibilities. And this progression—first impossible, then improbable, eventually inevitable—characterizes many of the Agency’s most important advances. We take on new, seemingly impossible challenges each year. In so doing, there is often a tension between novel concepts and an underdeveloped ethical, legal, and societal framework for addressing the full implications of such research. This is a problem not unique to DARPA. Other agencies have faced it, such as NIH, during the Human Genome Project. If we do our research well, we will necessarily bump up against these concerns. Our responsibility to the defense of the Nation is such that we must thoughtfully address these issues, while simultaneously pursuing our work. We expect it of ourselves. And sound leadership demands it.
In Rosen’s New York Times Magazine article “The Web Means the End of Forgetting” on July 19, 2010, privacy was described as the first existential crisis of the digital age. It is an issue not confined to government research, but rather central to concerns regarding personally identifiable information in a digital era. This issue of privacy spans government, industry, academia, individual and country boundaries. DARPA’s Total Information Awareness (TIA) program is a historic example. TIA was at the leading edge of the tension created between new technological approaches to addressing threats to the Nation’s security and individual privacy or civil liberties that are core values for the Nation.
DARPA’s privacy principles are intended to describe the Agency’s renewed commitment to addressing privacy implications throughout the program lifecycle.
DARPA resolves to:
- Consistently examine the impact of its research and development on privacy
- Responsibly analyze the privacy dimension of its ongoing research endeavors with respect to their ethical, legal and societal implications (ELSI)
- Transparently respond to the findings of its assessments for unclassified work, and ensure independent review of its classified work, in accordance with a commitment to shared responsibility for addressing the privacy issue
In May of 2010, President Obama issued his National Security Strategy that addresses all these issues. Consistent with this strategy, DARPA will carefully balance its commitment to civil liberties and its mandate to provide security for the American people.
To fulfill its responsibilities both to innovation and thoughtful, ethical leadership, DARPA has taken the following specific steps:
1. Research: Engaged the National Academy of Sciences to conduct a study entitled, “Navigating the ethical and societal implications of technologic advances in a global, democratized and rapidly changing environment.”
2. Internal Controls: Assigned an internal privacy ombudsman to work closely with the DoD Privacy Office, and created an independent Privacy Review Panel to assess existing and emerging privacy laws, regulations, technologies and norms and analyze their potential. The Privacy Experts (PEs) are leading scholars and policy and technology experts in the privacy field. DARPA is leveraging each of their respective areas of expertise to help the Agency meet its responsibilities to research and develop novel technologies while also addressing privacy issues and concerns in the context of the ethical, legal and societal framework of the nation.
UPDATE (03/09/11): DARPA met with the Privacy Experts in February 2011. The PEs discussed the implications of privacy laws and policies on DARPA programs and are working to help DARPA create an internal privacy accountability process. Going forward, the privacy experts will be consulting with individual DARPA Program Managers to help them address privacy concerns early in a program’s life cycle and to ensure each program’s privacy implications are readily understood.
3. Independent Review: Established an Ethical, Legal and Social Implications (ELSI) Working Group with the National Science Foundation that will identify, analyze and address the ELSI of personally identifiable information during scientific and development activities. This activity is driven not only by identity theft and cyber crime interests, but by the unique and additional national security concerns associated with operations security and the protection of sources and methods. This board is an extension of the Institutional Review Board model of shared responsibility—a powerful tool designed to enable all participants to share equally in responsibility for, in this case, protecting privacy.
UPDATE (08/04/11): Last year, DARPA engaged the National Academy of Sciences to conduct a study entitled, “Navigating the ethical and societal implications of technologic advances in a global, democratized and rapidly changing environment.” That study is currently underway. Additionally, the joint Ethical, Legal and Social Implications (ELSI) Working Group was formed by the Agency with the National Science Foundation. That Working Group will identify, analyze and address the ELSI of personally identifiable information during scientific and development activities. This group is an extension of the Institutional Review Board model of shared responsibility—a powerful tool designed to enable all participants to share equally in responsibility for, in this case, protecting privacy.
UPDATE (10/05/11): In the case of SMISC, an independent privacy review panel and the Agency’s legal counsel were consulted from the beginning and throughout formulation of the SMISC program with regard to data privacy. Accordingly, SMISC has been structured to ensure that best practices are strictly followed by all researchers to protect the privacy of the individuals whose data is used in the program. To emphasize this commitment two experts on Data Privacy and Internal Review Boards participated in the program’s industry day where they helped educate the audience of potential bidders (roughly 160 individuals) about what is expected of them in this arena. That session, including questions and answers, lasted about two hours and appeared to be greatly appreciated by the audience.
In the case of Living Foundries, DARPA recently launched an Independent Expert Panel comprised of leading scholars and policy and technology experts in the synthetic biology field. DARPA is leveraging each of their respective areas of expertise to help the Agency meet its responsibilities to anticipate, mitigate and address potential ethical, legal, safety and security issues and concerns while researching and developing novel technologies. The Experts will also assist DARPA in providing a leadership role in the Federal R&D community for ESLI, safety and security matters related to synthetic biology.
DARPA’s work is consistent with recommendations in the recent report released in December of 2010 by the Presidential Commission for the Study of Bioethical Issues, New Directions: The Ethics of Synthetic Biology and Emerging Technologies, which addresses the emerging field of synthetic biology and develops a framework to evaluate emerging technologies.
Questions regarding the principles should be addressed to Privacy@DARPA.mil.