Security advisory panel seeks solutions to data dilemmas
CAMBRIDGE, Mass. -- The sharing, use and disposal of public data by government agencies in pursuit of national security is raising questions of oversight and privacy, and a Homeland Security Department advisory committee is working to answer them.
"We see our initial, short-term goal as helping ourselves and the public get a better sense of what the issues are, inventorying the issues at [the department] and [pinpointing] where the open legal questions are," panel Chairman Paul Rosenzweig said at Harvard Law School here Wednesday. The committee discussed privacy policies and standards, as well as the need for data exchanges across institutions covering topics as diverse as health care, travel and border control.
The panel's mission is to determine how federal agencies can improve information sharing without over-reaching into domestic spying and personal abuse. Preserving civil liberties while fighting terrorist threats is the goal, Rosenzweig said.
In the last three months, the committee has examined specific programs and agencies, including the Transportation Security Administration (TSA) and Homeland Security's customs division.
Several federal entities have sought input from state and local agencies and activist groups like the American Civil Liberties Union (ACLU) and Center for Democracy and Technology. Yet ACLU Massachusetts Director Carol Rose said greater government pursuit of presumed terrorists is leading to misidentifications that infringe upon free-speech rights of ordinary citizens.
At Wednesday's panel hearing, activist Bill Scannell noted recent allegations of privacy breaches at TSA, specifically the loss of personal passenger data by JetBlue Airways. "TSA simply cannot be trusted with data," he said. "We've seen it time and time again."
Nuala O'Connor Kelly, Homeland Security's chief privacy officer, said her office is examining about "half a dozen" instances of possible data misuse but said she considers those probes routine. She added that using commercially available data to reduce misidentification would be a benefit it if speeds passenger travel but only if appropriate safeguards are in place.
Individual airlines oversee the "no fly" lists of suspected terrorists and other criminals. TSA is working toward automated systems that scan passenger data from U.S air carriers.
Justin Oberman, assistant director of TSA's Secure Flight passenger-screening initiative, said TSA expects to lower the number of false-positive identifications that cause airplanes to be delayed or diverted. Oberman said airline employees should not be given the names because of their sensitivity and inability to cross-check an estimated 1.8 million passengers daily.
He said "close-match challenges were cut significantly" but that further testing is being done with efforts to use names and documents with greater accuracy than the current practice of checking driver's licenses. One possibility is using birthdates or other commercially available data to reduce possible confusion among people with similar names.
"This will be a core function for us, and we'll be applying state of the art technology on it," he said. "We conducted two separate tests and started by requiring all 65 U.S. air carriers to submit passenger data on people who flew in June 2004. We screened 1.8 million passenger records in a 16-hour period."