UPDATE: Privacy Committee Grapples With Need To Know Vs. Need To Protect - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


UPDATE: Privacy Committee Grapples With Need To Know Vs. Need To Protect

The new Data Privacy and Integrity Advisory Committee must help Homeland Security meet security objectives without trampling privacy concerns.

Since its launch in 2003, the Homeland Security Department has been charged with protecting a diverse country that prides itself on individual freedoms from terrorists who would plot and execute attacks under the veil of such freedoms. Early efforts to screen immigrants, travelers, and workers for security risks have led to criticism that the department could trample privacy and misuse data to accomplish its objectives. The newly formed Data Privacy and Integrity Advisory Committee, launched Wednesday, seeks to address those concerns.

The 20-member committee, which includes executives from Computer Associates, IBM, Intel, and Oracle, must now determine how best to help Homeland Security work through privacy concerns as the department's various directorates and agencies seek to apply technology to help meet their objectives.

"We have to fuse a culture around finding the right balance" between security and privacy, Michael Jackson, Homeland Security's deputy secretary, said at Wednesday's inaugural committee meeting. "We have to innovate one step ahead of the ones President Bush calls 'the evil ones,'" he added.

Most members attending the committee's inauguration agreed that a top priority should be to examine the efficiency and ethics of various screening programs under development by the department. Such programs include the U.S. Visitor and Immigrant Status Indicator Technology (US-Visit), Registered Traveler, and Secure Flight, each of which relies on biometric technology and databases to verify identities.

Several committee members and privacy advocates expressed an interest in addressing Secure Flight because the oft-criticized program includes many elements that can be applied to other Homeland Security initiatives. These include interaction with foreign governments, biometric technology, and public and privately held databases.

The Government Accountability Office said in a report last week that, while the Homeland Security Department's Transportation Security Administration is making progress in developing and testing its Secure Flight program, Secure Flight needs more work before it can become operational. Secure Flight's objective is to identify airline passengers who should undergo additional security scrutiny, in place of the prescreening currently conducted by air carriers themselves.

Several Homeland Security leaders impressed upon the committee the need to use technology to meet their objectives, even if it requires handling sensitive information. When asked what keeps him awake at night, Randy Beardsworth, acting undersecretary for the Border and Transportation Security Directorate, told the committee, "Who's getting on airplanes before they take off?" He implored the committee to try to understand the vulnerability issues that cause the department to worry and let that drive their efforts to improve security.

As Homeland Security works to integrate what previously had been 22 independent agencies, it's unclear whether there's a big-picture understanding of how to balance security needs and privacy concerns, said Homeland Security CIO Steve Cooper, who revealed earlier this week that he would step down from his post.

Homeland Security has made a concerted effort to use IT to run its operations efficiently, but such reliance on technology brings government agencies into greater contact with sensitive data. For example, Homeland Security's Emergency Preparedness and Response Directorate, formerly FEMA, has the capability to transfer aid money directly to the bank accounts of people victimized by natural or manmade disasters, Undersecretary Michael Brown told the committee Wednesday. This means the directorate must access identity and bank-account information to confirm that the money is properly deposited, a process made more complicated by the fact that applicants are generally displaced from their homes when they apply. In this case, technology is a means to help these people recover more quickly, but they have to share sensitive information for this to happen.

Homeland Security's Citizenship and Immigration Services manages several databases containing sensitive information about people who've applied for permission to live and work in the United States. Homeland Security personnel rely on this information when determining whether a person should be allowed to stay, while at the same time ensuring that those allowed to stay aren't security threats, said Robert Divine, Citizenship and Immigration Services' chief counsel. Much of the agency's work is challenged by litigation, which slows down the approval and denial process. The agency is "desperate" for a more efficient means of automating background checks without opening the door to additional litigation, Divine said.

Privacy panelists invited to address the committee called for Homeland Security to establish policies that more clearly define and restrict its use of personal information. A big challenge facing both the public and private sector is how to protect individual privacy in a world of data sharing, said Peter Swire, an Ohio State University law professor who also served as the Clinton administration's chief counselor for privacy in the Office of Management and Budget.

The answer isn't simply to apply technology as a means of safeguarding data but to develop policy that governs the use of this technology. One way to ensure that privacy considerations are given adequate attention is to build room for this into agency budgets. Before major new systems are built, security and privacy considerations should be included from the design phase all the way through to deployment.

One place to start is by telling the American people what information you need from them and why it's needed, said James Gilmore, former Virginia governor and head of the Gilmore Commission and now a partner with law firm Kelley Drye & Warren. Gilmore agreed with Swire that, although the committee is comprised of many technology experts, the real emphasis should be on policy.

Gilmore challenged the committee to consider ways to improve upon the freedoms that American's enjoy, rather than looking for ways to compromise. He added, "If balance means there has to be a tradeoff [between privacy and security], than the terrorists have won."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
AI Ethics Guidelines Every CIO Should Read
Guest Commentary, Guest Commentary,  8/7/2019
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll