Fall  >>  2005

Security Risks of Public Access to Geospatial Data

Should Your Company Have a Geospatial Data Security Program?

Kevin Pomfret
McGuireWoods LLP
Richmond, Va.

You are the CEO of a large geospatial company driving to work one morning, two days after an attempted terrorist attack on a large nuclear power plant 50 miles west of a major metropolitan city in the U.S.

You hear on the radio that the government believes other attacks on nuclear power plants are imminent. You also hear that police have found “satellite pictures” of the plant and the surrounding area in a suspect’s house, as well as detailed “maps” of a nearby neighborhood that include routes to access the plant overlaid with personal data on the individuals living nearby. Related items were also found, including a number of computers and a GPS device.

Immediately, you call the office and learn that two government officials are already waiting for you. The company has also received a number of calls from the media, including one from a reporter who wants to know what you think about Senator Jones’ recent statement on CNN that this information is another example of how we give terrorists too much access to information that is critical to our national security. The Senator is calling for immediate action, including Congressional hearings.

Upon arriving at the office, you learn that your company recently sold an image of the plant and surrounding area to an individual in New York City. Unfortunately, that customer gave a false address and the credit card he used turns out to have been stolen. You are also told that your help-desk received a call two months ago from someone who was looking for a way to search your archive for information “on all nuclear power plants in the United States and England close to major cities.” The person who took the call also seems to remember the customer placing an order for an image of the subway and train system of a city in the United States but he can’t remember which city. Or maybe it was another customer; he can’t be sure. In any event, although he admits he found the call a little strange, he did nothing because he did not know whom to tell within the company.

You walk into your office and greet the two government officials, one of whom immediately hands you a subpoena requesting all geospatial products related to nuclear power plants your company has sold in the past two years.

The scenario described above has not yet unfolded. however, given the abundance of satellite imagery, maps and related Web-based applications on the Internet, something similar is likely to occur in the near future. In fact, government officials have expressed potential national security concerns about Google Earth, and the media are already reporting on its potential risk to U.S. soldiers in Iraq. See Figures 1 and 2. Such reports are likely to increase as the number of geospatial applications increases.

One significant step a geospatial company can take to prepare for this scenario, and others like it, is developing a comprehensive written security program with respect to geospatial data that can be considered sensitive. Such programs are not new; similar programs already are becoming the cornerstone of other industries that collect, process or use sensitive personal data, due in large part to federal legislation. For example, financial institutions are required to develop a written program under the Gramm-leach-Bliley act, so as to protect customers’ bank account numbers and other sensitive information.

Figure 1 << Baghdad, Iraq Presidential Palace high-resolution image from DigitalGlobe, data provider for Google Earth.

Many industry leaders expect that Congress soon will pass legislation requiring all companies with access to personal data — social security numbers, credit card information, etc. — to develop such programs. Similarly, laws such as the Patriot act require that companies in designated industries develop programs to acquire and retain data on certain customers and transactions to assist law enforcement and intelligence agencies.

Geospatial data are not yet directly subject to any of these laws and regulations. however, geospatial data can be sensitive, particularly with regard to national security. as a result, government efforts to regulate geospatial data are likely to increase. By developing and implementing a comprehensive security program relating to its sensitive geospatial data, a company will be better prepared to manage government relations. Industry- wide adoption of such a program could preclude more onerous government regulation, such as shutter control, the Kyl-Bingaman amendment (restricting the collection or dissemination of imagery of Israel), or allowing individuals, companies and governments to elect not to have geospatial data pertaining to them collected or distributed. In addition, such a program could limit a company’s exposure in civil litigation matters.

A comprehensive geospatial security policy will depend upon a number of factors, including the size of the company, the type and nature of the data collected, and how the data are used and sold to customers. however, based upon programs in other industries, there are certain elements that every program should address.

These Include:

Identification of what constitutes sensitive geospatial data: Identifying which geospatial data are sensitive is surely subjective. For many companies, most geospatial data will not be sensitive. data that relate to U.S. military forces, critical U.S. infrastructure or potential targets for terrorists, such as the nuclear power plant described above, might be considered sensitive. however, if there are readily available alternative sources for the data, a company may decide that the data are not sensitive. The nature of the data sets is also important. Whereas a simple image of critical infrastructure may not be deemed sensitive, a geocoded image of the same facility might be. The definition of sensitive data should be reviewed periodically, as what constitutes sensitive data will change as threats to security change. also, geospatial data of a particular location can become less sensitive over time.

Introduction of procedures to mitigate risks: Once sensitive data are identified, internal procedures should be developed to help reduce the risk that the data will be used to harm national security. Clearly, a fool-proof system cannot be designed. however, there are steps that a company can take to help ensure that sensitive data are properly used. For example, commercial sales of sensitive data could require the approval of a few designated senior managers. These managers would be in a better position to identify unusual requests or patterns, as described in the scenario above. In addition, potential customers attempting to acquire sensitive geospatial data could be required to provide additional identifying information, as in other industries. If the data are being distributed via the Internet, for example, a password could be required to access sensitive data. The intent would not be to make such sales more dif- ficult or cumbersome, but simply to ensure that greater scrutiny would be given internally to such sales.

Figure 2 << Google Earth image of Baghdad from the Web. Images in both Figures 1 and 2 are available to the public.

Establishment of procedures on retaining records on customers and transactions: There are a number of good business reasons to have a complete and accurate history of transactions. however, in some industries, it is becoming a legal requirement to do so. For example, the Bank Secrecy act and the Patriot act require financial institutions to collect and retain certain records on customers and transactions so as to help prevent moneylaundering and terrorism. Geospatial companies should consider similar measures with respect to sales of sensitive geospatial data. In the scenario described above, such a policy would have helped authorities identify other potential targets and suspects.

Introduction of employee training: Any security program should include a section on the training of employees. Each employee, particularly those in contact with customers, should understand the unique aspects of geospatial data and why special attention should be given to sensitive data. The training program should address the procedures described above to reduce risk, as well as the need to collect and obtain customer and transaction data. Employees should also be told which individuals within the company to approach with any questions or concerns.

Designation of compliance officer: A critical component to the success of any security program is the designation of a compliance officer. The compliance officer is responsible for reviewing the definition of sensitive geospatial data, and for monitoring the company’s compliance with the procedures set forth in the security program. he or she would help prepare the training program for employees and would also be responsible for auditing the collection and retention of records.

The increased availability of geospatial data (particularly via the Internet) will result in numerous commercial and civil applications unrelated to national security. however, as the geospatial industry continues to grow, many people will focus on the potential security implications.

Key challenges in the commercial growth of the geospatial industry will be to avoid overly restrictive government regulation in the name of national security and to reduce exposure in civil litigation. One solution to both challenges is to adopt measures that are being used in other industries that handle sensitive data: a comprehensive security program, focused on sensitive geospatial data and tailored to address the company’s needs.

Sensors & Systems | Monitoring, Analyzing and Adapting to Global Change | Stay in tune with the transformation. Subscribe to the free weekly newsletter.