Group creates color-coded index for privacy threats
SAN FRANCISCO'The Electronic Privacy Information Center last week unveiled a Privacy Threat Index to track what it sees as the expanding menace of government surveillance.
The EPIC index, announced at the RSA 2003 Security Conference, copies the Homeland Security Department's color-coded threat levels. The Washington privacy center, whose Web site is at www.epic.org, placed the current level at yellow.
'We will use the Privacy Threat Index to assess developments in the United States and to compare activities in countries around the world,' EPIC executive director Marc Rotenberg said.
He called attention to privacy concerns about the USA Patriot Act, passed in the wake of the Sept. 11, 2001, attacks, and the follow-on Patriot II legislation being developed by the Justice Department.
EPIC noted five other invasive factors:
- The Foreign Intelligence Surveillance Act lets the government conduct surveillance without safeguards required by the Fourth Amendment.
- Accuracy requirements for National Crime Information Center data have loosened.
- Funding has risen for surveillance systems, including immigration control and video tools.
- Biometric identifiers lack safeguards against misuse of personal data.
- The FBI wants to extend wiretapping to Internet telephony.
EPIC also noted three positive signs:
- The government so far has rejected a mandatory national ID card.
- Congress has imposed tight reins on the Defense Advanced Research Projects Agency's Total Information Awareness data mining program.
- Lawmakers also are scrutinizing a Transportation Security Administration passenger profiling project.
James Bidzos, president of conference sponsor RSA Security Inc. of Bedford, Mass., gave his own insecurity rating for the Internet.
Based on the growing number of vulnerabilities and attacks, and on government agencies' failure to improve their own security, Bidzos set the current insecurity level at 6.5 on a 10-point scale.
He praised industry efforts such as Microsoft Corp.'s trusted computing initiative and said its focus on developing secure code is a model for all software makers.