New Homeland Security advisory committee on privacy looks at feds' use of personal data
Since its launch in 2003, the Homeland Security Department has been charged with protecting a country that prides itself on individual freedoms from terrorists who would plot and execute attacks under the veil of such freedoms. But early efforts to screen immigrants, travelers, and workers for security risks have led to criticism that the department could trample privacy and misuse data. Homeland Security's Data Privacy and Integrity Advisory Committee, launched last week, seeks to address those concerns.
"We have to fuse a culture around finding the right balance" between security and privacy, Homeland Security Deputy Secretary Michael Jackson said at the inaugural committee meeting. "We have to innovate one step ahead of the ones President Bush calls 'the evil ones.'" The 20-member committee is made up of academic, business, and technology professionals, including executives from Computer Associates, IBM, Intel, and Oracle.
Innovation is key, Homeland Deputy Secretary Jackson says.
Most members agreed that a top priority should be to examine the efficiency and ethics of various screening programs the department is developing, such as the U.S. Visitor and Immigrant Status Indicator Technology (US-Visit) and Secure Flight, which is intended to identify airline passengers who should undergo additional security scrutiny. Both programs rely on biometric technology and public and private databases to verify identities.
Homeland Security has made a concerted effort to use IT to run its operations efficiently, but reliance on technology brings government agencies into greater contact with sensitive data. For example, Homeland Security's Emergency Preparedness and Response Directorate, formerly the Federal Emergency Management Agency, has the capability to transfer aid money directly to the bank accounts of people victimized by natural or man-made disasters, according to Undersecretary Michael Brown. But this means the directorate must access sensitive identity and bank-account information to confirm that the money is properly deposited.
Homeland Security's Citizenship and Immigration Services manages several databases containing sensitive information about people who've applied for permission to live and work in the United States. Department personnel use this information when determining whether a person is a security threat who shouldn't be allowed to stay in the country, said Robert Divine, Citizenship and Immigration Services' chief counsel. The agency is "desperate" for a more efficient means of automating background checks without opening the door for litigation, Devine said.
Privacy advocates invited to address the committee called for Homeland Security to establish policies that more clearly define and restrict its use of personal information. A big challenge is how to protect individual privacy in a world of data sharing, said Peter Swire, an Ohio State University law professor who also served as the Clinton administration's chief counselor for privacy in the Office of Management and Budget.
One place to start is by telling the American people what information is needed from them and why, said James Gilmore, former Virginia governor and head of the Gilmore Commission, a federally funded advisory group formed in 1999 to analyze how the United States could respond to terrorism involving weapons of mass destruction. Gilmore, who's now a partner with law firm Kelley Drye & Warren LLP, agreed with Swire that, although the committee is comprised of many technology experts, the real emphasis should be on policy.
Gilmore challenged the committee to consider ways to improve upon the freedoms that Americans enjoy, rather than looking for ways to compromise. He added, "If balance means there has to be a trade-off [between privacy and security], then the terrorists have won."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.