Protecting Privacy

Maureen Cooney finessed the fine line between national security and citizens' rights at DHS.

Maureen Cooney, who resigned recently as acting chief privacy officer at the Homeland Security Department, had it tough from the start.

The job is arguably the most difficult in government. At DHS, the chief privacy officer must monitor 22 agencies with a wide range of missions and fight for power inside the department, all while guiding it down the fine line between protecting national security and the privacy rights of Americans. In other words, if you're not willing to scuffle with other senior officials over the privacy policies of national security programs, walk away battered and bruised with limited concessions, and then catch flak from outside observers for not doing enough, don't bother applying for the job.

After nine months as acting chief, Cooney left DHS in late July. In September, she will join the Hunton & Williams law firm, based in New York, as a senior policy adviser for global privacy strategies at the firm's Center for Information Policy Leadership.

Privacy experts have praised Cooney for her persistence in coaxing DHS leaders to consider the effect of programs on citizens' rights. The Transportation Security Administration's Registered Traveler and Secure Flight programs and Homeland Security's US VISIT initiative for tracking visitors, among others, have raised privacy concerns that have yet to be resolved. But DHS officials say the programs are on a positive path in launching safeguards and a new review of the Secure Flight program. By breathing life back into the impact assessment process, observers say Cooney and her predecessor, Nuala O'Connor Kelly, the agency's first chief privacy officer, were able to put privacy back on the agenda.

This is not a small feat in an organization where program managers are resistant to an autocratic approach to privacy policies, observers say. By building relationships, Cooney embedded best practices in safeguarding personal information. Drawing on her experience as an international negotiator at the Federal Trade Commission, Cooney was able to win over tentative program managers. "She's kind and gentle, but she can be a tough cookie when she wants to be," says O'Connor Kelly, who has a management reputation as a brawler within the DHS bureaucracy. "She motivates people through respect."

But some say Cooney was marginalized at the agency because DHS Secretary Michael Chertoff never gave her the permanent chief privacy officer post. The job is hard enough as it is, says Sally Katzen, Clinton-appointed administrator of the Office of Information and Regulatory Affairs at the Office of Management and Budget, and it becomes "virtually impossible for an acting official."

"The fact that [Chertoff] has allowed the office to languish so long without a permanent confirmed head . . . indicates a probably unwise inattention to the question of privacy," says Jim Dempsey, policy director of the Center for Democracy and Technology, a Washington privacy advocacy organization. O'Connor Kelly had a direct relationship with then-DHS Secretary Tom Ridge, he says, but Cooney did not have that type of rapport with Chertoff.

Cooney says she had Chertoff's ear and respect and already had planned to leave federal service on her 20th anniversary, which is this year. "With any compliance function, people push back a lot," she says. "My experience has really been support from the top." Cooney hopes that the DHS privacy office will become a model for other federal agencies.

Since Cooney joined the office in January 2004, it has grown from a staff of three to more than 30. Under its guidance, DHS officials now assess the effects of programs on privacy and publish notices for public comment before launching systems that contain citizens' records, she says. Public forums on the government's use of information have given the department a better idea of citizens' expectations on privacy, Cooney says. The office's data privacy and integrity advisory committee, which guides Chertoff on policy decisions, has elevated privacy concerns within the department through such forums, she says. "We try to be as transparent as possible," she says. "When the government uses information, we want to know what it's for and how it's being taken care of."

Before she was acting privacy chief, Cooney was the office's chief of staff and director of international privacy policy, serving as O'Connor Kelly's deputy chief operating officer and policy strategist. Previously, she was legal adviser for international consumer protection and information privacy and security at the FTC and worked at the Treasury Department on a variety of international financial enforcement issues.

Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, is sorry to see Cooney go. Protecting the privacy rights of Americans is critical, he says, and Chertoff must be pushed to make a clear statement on privacy issues and their place in agency decision-making.

Cooney's replacement, Hugo Teufel III, must have "a steel spine and a hell of a lot of charm with which to negotiate" within DHS, says Linda Ackerman, an attorney and staff counsel for Privacyactivism.org, a nonprofit organization concerned with the collection and nonconsensual use of personal information. In a department intent on using data mining for advancing national security, anyone bringing up privacy matters is not likely to get a hearing, she says. In fact, Cooney faced huge challenges in replacing O'Connor Kelly, whose remarkable success came on account of her dynamic personality, Ackerman says.

But Cooney's predecessor says she will be the "tough act to follow." Teufel must be a forceful advocate for privacy by demonstrating the importance of the office, says O'Connor Kelly. "They deserve a leader that they respect as a manager and as a privacy expert."