DHS pushes global data sharing
Connecting state and local government leaders
Ethics conclave first wants stronger federal privacy laws.
'My question is, how is it ethical not to share?' Robert Mocny, U.S. Visit
Henrick g. de Gyor
Senior DHS officials speaking at a recent conference on biometrics and privacy policy outlined the ethical imperative for technical standards that would foster unrestricted biometric data sharing.
And while they say they recognize and agree with the need for privacy policy, threats of terrorism require governments and private companies to completely eliminate barriers to biometric data sharing.
Robert Mocny, acting program manager for the U.S. Visitor and Immigrant Status Indicator Technology program, sketched the outline of a Global Security Envelope of internationally shared biometric data that would permanently link individuals with their personal data held by governments and corporations.
DHS' assistant secretary for policy, Stewart Baker, condemned restrictions on information sharing that existed before the September 2001 terrorist attacks.
'Those rules that were in effect then [prevented the CIA and FBI from foiling the attacks],' Baker said. 'We have systematically knocked down the 'walls' that prevented sharing of law enforcement and intelligence data. At that time [before the attacks] we were enthralled with creating limits on who would have access to data.'
Baker rejected the policy of separating data to preserve privacy.
He said recent negotiations with European officials over the exchange of airline passenger data had afforded him insight into the strict European privacy laws. DHS participants highlighted privacy concerns that designers of biometric information-sharing standards and systems should take into account.
Mocny sketched a federal plan to extend biometric data sharing to Asian and European governments and corporations, so as to create a Global Security Envelope of identity management.
'My question is, how is it ethical not to share?' Mocny asked. 'It makes no sense for us to develop separate systems.'
Mocny cited the need for new biometric data-sharing systems to incorporate privacy controls.
The Global Security Envelope of biometric data sharing should begin slowly, but 'information sharing is appropriate around the world,' Mocny said.
The department's plans face skepticism from some domestic privacy advocates.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, said, 'I just don't think that the Homeland Security Department has done enough to identify the privacy implications of these biometric technologies and policies.'
Rotenberg added, 'The framers of the Privacy Act saw this day coming. It has become too easy for the administration to manipulate the public's fears of terrorism to override privacy safeguards.'
Thomas Murray, director of the Hastings Institute biometrics policy center in Garrison, N.Y., said his speech focused on how his experience in analyzing the ethical basis for the Human Genome Project illuminated the ethical aspects of counterterrorism information sharing.
Murray said a key lesson of the genome project ethics study was that designers of biometrics databases must forestall possible data abuse by gathering only the data needed for the original task.
'The people who create the technical standards will go a great distance toward upholding that critical privacy principle or undermining it,' Murray said.
Murray praised the European participants in the conference, particularly the Italians, who highlighted the privacy risks of creating massive concentrations of data. The Europeans pointed to the resulting risks of mission creep and data abuse.
Privacy attorney and conference participant Jay Stanley of the American Civil Liberties Union said, 'America is in the Wild West when it comes to privacy, and it is good for American officials to see how other countries have higher standards.'
One Washington-based conference participant, who requested anonymity, said that the conference panels were 'stacked' with analysts who already favor DHS' approach to biometric privacy policy. 'Congress needs to have privacy legislation as a high priority [this] year,' the attendee said.
Sophia Cope, staff attorney for the Center for Democracy and Technology, noted that the ethics discussion at the conference included consideration that governments might opportunistically exploit the differences between various nations' privacy laws to sidestep information-sharing limits and 'push the envelope of the law.'
The ACLU's Stanley noted that in contrast to all other industrialized countries, the United States lacks an overarching privacy law that creates an expectation of privacy among the public and a guarantee of privacy for companies.
Mocny acknowledged in comments following his speech that all 10 federal privacy laws contain waiver provisions for national-security purposes. DHS uses those waivers only when necessary, Mocny said.
The DHS conference itself symbolized the weak federal approach to privacy enforcement in that it took the form of a discussion of nonbinding ethics principles rather than legal mandates, Stanley said.
'Information exchange [such as the DHS conference] is useful, but I hope it is not just sound and fury [signifying nothing],' he said.