More Use of Personal Data Can Protect Privacy, Chertoff Says
Govt. use of data is “way oversimplied” when presented as a tradeoff between privacy and security, Dept. of Homeland Security (DHS) Secy. Michael Chertoff told the DHS Data Privacy & Integrity Advisory Committee Tues. It’s better to consider different dimensions of privacy and the contrasting approaches between the U.S. and Europe, he said: DHS is still a “young and comparatively immature” agency, but its privacy initiatives could be “a very good template for what government must do in general.”
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
European authorities are “very intent on creating limitations” on how data is gotten and sent, but Europeans also have to carry national identification cards, a mandate that would “put Americans into orbit,” Chertoff said. For areas like passenger screening, he supports “a regime in which perhaps with more information about people, we would have to be less physically intrusive with people.”
False positives are more likely when screeners have less information, so providing date of birth or other personal data along with name actually can increase privacy for those being screened, he said. People will support such uses of data “if we explain why we're doing what we're doing,” Chertoff said. “We need to be very disciplined in the way we think of these issues,” he said, balancing “mission creep” against legitimate and supervised uses of information: “What may appear to be a challenge to privacy actually could promote privacy.”
Panel member Jim Harper, who runs the Cato Institute’s privacy studies, asked if the U.S. is eyeing a European-style data retention directive, which he said FBI Dir. Robert Mueller implied recently. Chertoff said he didn’t know of any such proposal, but said Europe has strict time limits on retention, whereas “here data is generally kept for a long time.” An idea nixed before Chertoff joined DHS was “screens for protections,” in which private sector companies would keep their own databases on individuals, he said. The govt. could have a name “pinged against a private database” and only get information if the effort raised a “green flag,” indicating that it was relevant and appropriate to look further. The point is “it’s too easy to say something is pro-privacy or anti-privacy,” when different elements of privacy must be weighed, Chertoff said.
The secretary had no answer to when DHS will hire a full-time chief privacy officer, the topic of a recent rebuke by House Democrats on the Homeland Security Committee (WID March 2 p3). Maureen Cooney has served as acting CPO since Nuala Kelly left in 2005. “We are focused on this position,” Chertoff said, adding that it’s a mistake to think the Privacy Office is the only part of DHS with a privacy component. -- Greg Piper
DHS Privacy Notebook
A big bar to information-sharing between federal agencies and state and local authorities isn’t technology, but feds’ overuse of “classified” stamps, a DHS official told the DHS Data Privacy & Integrity Advisory Committee. The dichotomy between intelligence and information doesn’t work post-9/11, said Chet Lunner, acting dir.-Office of State & Local Govt. Coordination: “We have to adopt a different lexicon” that gets “actionable, timely” information to those on the ground outside the Beltway. Talk focused on speeding declassification or redaction of material so it can be shared comfortably among authorities, but “we need to not classify it to begin with,” Lunner said. Information as simple as a suspect’s clothing might get tied up in classified information and keep crucial information from getting shared, he said: “I'm looking for a guy in a yellow jacket that might do harm to my system,” not his entire case history. Carter Morris, dir.-information sharing & knowledge management in the agency’s intelligence & analysis unit, said his office is working on a “much more robust” information- sharing system for use with partners below the federal level. But sharing must be balanced against local responders’ possible reactions, he said, citing recent actions by local officials regarding the N.Y.C. and Baltimore transit systems, when DHS’s ability to “certify that there was really a threat was questionable.” ----
Secure instant-messaging should extend to more areas of federal agencies, especially DHS, Morris said, responding to committee member Jim Harper’s concern that secure IM isn’t deployed widely enough. The entire intelligence community should use IM -- a few sections use it now -- but that brings up other issues, Morris said: “Sometimes… the government doesn’t trust its people to use [IM] wisely.” Said Harper: “Literally I think gossip [between DHS employees] is going to be some of the best source of information” to the agency. ----
DHS is about 65% through certification of its IT in the Federal Information Security Management Act accreditation process, agency CIO Scott Charbo said. The agency was only 20% along when he started last summer, but should be fully compliant by year’s end, he said. DHS is chugging along in improving its IT assets, Charbo said: (1) Aligning systems and budgets with its enterprise architecture. (2) Aligning infrastructure among its 16 data centers, creating common operating environments. A new e-mail consolidation project soon will enable any DHS employee to communicate with another without intensive review. (3) The agency has several wide area networks but recently implemented its first Network Operations Center/Security Operations Center (Noc/Soc) as a central location to track applications and data load throughout the network.