Online Extra: DHS tries to balance terrorism watch with privacy protection
- By Wilson P. Dizard III
- May 14, 2004
The Homeland Security Department has perhaps the most difficult balancing act among federal agencies, trying to mine information for clues about potential terrorists while ensuring personal privacy.
In its effort to detect and disrupt terrorists, the department uses data mining'what it calls advanced data analysis'and other tools that can compromise privacy. These measures have sometimes violated citizens' privacy, but DHS has taken steps to avoid such problems in the future.
Homeland Security is the only cabinet agency to field an office devoted to privacy. Headed by chief privacy officer Nuala O'Connor Kelly, it is adopting policies and practices, such as additional training for employees and new rules about using personal data, intended to improve overall attention to privacy.
The department's most conspicuous failure has been the Transportation Security Administration's use of airlines' passenger data to help a contractor test an air traffic system.
In mid-2002, the Defense Department asked TSA for passenger data to help Torch Concepts Inc. of Huntsville, Ala., develop tools for analyzing traffic patterns near military sites.
TSA, which was considering a similar data analysis method for its Computerized Passenger Prescreening System II (CAPSII) project, a refined no-fly list, supplied the contractor with passenger information it received from JetBlue Airways.
O'Connor Kelly's report on the JetBlue incident in February said the matter 'raises serious privacy concerns about the proper handling of personally identifiable information by government employees.'
The report cleared DHS officials of Privacy Act violations but called for additional privacy training and establishment of clear rules for data sharing.
Such incidents have left Congress and privacy advocates wary of the department's activities, especially with regard to terrorist watch lists and technologies for border security and passenger screening.
At a recent joint hearing of the House Select Homeland Security Subcommittee on Intelligence and Counterterrorism and the House Judiciary Subcommittee on Crime, Terrorism and Homeland Security, lawmakers expressed their concerns about watch-list privacy.
Rep. Christopher Cox (R-Calif.), chairman of the select committee, and other lawmakers said individuals cannot find out if they are on the no-fly list.
But Donna A. Bucella, director of the Terrorist Screening Center, which combines information from numerous government watch lists, assured subcommittee members that the center has methods for protecting civil liberties. 'Procedures are in place to review and promptly adjust or delete erroneous or outdated domestic terrorism information,' she said.
Jerry Berman, president of the Center for Democracy and Technology, questioned the reliability of watch-list databases and called for governmentwide standards for entering and removing names on watch lists.
'Current privacy laws are not well-suited to the modern digital data environment,' Berman testified at the hearing. He called for new privacy rules that would exploit the ability of technology to incorporate privacy protections into information gathering, sharing and analysis.
The department already is working in those areas, officials said.
Under the E-Government Act of 2002, DHS has released a privacy impact assessment for the U.S. Visitor and Immigrant Status Indicator System. The assessment describes the means of information access and sharing, consent, security, records systems and privacy controls.
With many new systems handling personal information that arrives online, DHS faces continuing challenges to avoid privacy pitfalls.
For example, the General Accounting Office recently identified privacy flaws in the CAPPS II system. 'Resolving privacy concerns has not been completely addressed, due in part to the early stage of the system's development,' GAO's report said.
The challenge of building privacy protections into antiterrorist technologies has not deterred O'Connor Kelly. In addition to helping design new DHS systems, she said, the department's privacy office works with CIOs, Freedom of Information Act teams, and policy and program staff across the department to promote privacy awareness.