The Homeland Security Department is pursuing a number of programs that gather far more information than it has in the past on its citizens, all in the name of national security. That's raising an uncomfortable question: How fair or even effective is compiling mountains of data without clear policies governing how this data is used?
In its second meeting since being formed in April, the Homeland Security Department's Data Privacy and Integrity Advisory Committee on Wednesday made it clear the government is just getting started sorting this out. The group laid out a plan to focus its efforts around gaining a greater understanding of how IT can be used to fight terrorism without exposing personal data to theft or abuse. The committee identified four key areas and created a subcommittee for each: the privacy implications of security screening, the policies that govern data sharing and usage throughout the department, emerging areas of technology that facilitate data sharing, and an analytical framework for the committee to use in assessing the department's data privacy needs.
Homeland Security chief privacy officer Nuala O'Connor Kelly Wednesday acknowledged before the committee that there may have been cases involving data-security breaches in certain departmental programs. Kelly wouldn't elaborate but said the department is investigating and will issue reports in the coming months that explain the situation.
The issue of whether citizens can trust the government to protect personal information has hindered public support for several of Homeland Security's projects, such as the Transportation Security Administration's Secure Flight and Registered Traveler programs. This comes at a time when several private-sector foibles have generally shaken the public's trust regarding data security, most recently as Citigroup last week revealed that a box of tapes containing account information for 3.9 million customers was lost in transit.
Secure Flight has been top of mind for citizens concerned that the government is collecting too much information without adequate policies for using this information. The program is designed to compare passenger data against the FBI Terrorist Screening Center's Terrorist Screening Database to ensure that passengers aren't on Homeland Security's "no-fly" or terrorist watch lists.
"Secure Flight addresses keeping known and suspected terrorists off of domestic flights," Justin Oberman, assistant administrator for TSA's Secure Flight and Registered Traveler programs, said Wednesday. Both Secure Flight and Registered Traveler rely on the cooperation of private-sector airlines to deliver this data to the government. "They're sending their data to us; we're not in their systems," Oberman said. Still, the Government Accountability Office in early April issued a report recommending Homeland Security more clearly develop Secure Flight test plans, privacy and redress requirements, and program cost estimates.
While people worry about the government collecting too much information and keeping that information secure, they also expect the government to prevent another attack like 9/11 in this country. Concerns over where and when such an attack could occur compel the government to develop data-gathering and -sharing capabilities. Homeland Security's Customs and Border Protection division processes 1.1 million travelers daily across the nation's air, land, and sea points of entry, Robert Jacksta, executive director of border security and facilitation for CBP, said Wednesday. This volume of data capture and transfer creates a challenge for securing borders. "Agencies need information so they can make a good decision about whether to let someone into this country," said Patty Cogswell, Homeland Security's chief strategist for its U.S. Visitor and Immigrant Status Indicator Technology program.
Critics of Homeland Security's program say the department and its associates in the law-enforcement and intelligence communities are arbitrarily growing the pool of data available to them without really knowing what they're looking for. One attendee of the meeting encouraged the Homeland Security Department to remember that all of the data collected and disseminated represents people. "I don't agree that when you make the haystack bigger, you find the needle," said Carol Rose, executive director of the American Civil Liberties Union of Massachusetts.
The need to balance more data with better data will be a key discussion point for the Data Privacy and Integrity Advisory Committee when it next meets in September.