< Day Day Up > |
The climate for personal privacy in Washington, D.C. hasn't been this chilly since the days when J. Edgar Hoover wore pumps. However, there are recent signs the Feds are at least acknowledging the increased threat to privacy, even if they're not doing much to stop it. In February 2005, the Department of Homeland Security announced the formation of a Data Privacy and Integrity Advisory Committee to consult on "issues that affect privacy, data integrity, and data interoperability in DHS programs." But the 20-member board has drawn criticism for being composed largely of corporate executives, including D. Reed Freeman, chief privacy officer for Claria (makers of the controversial Gator adware application). Many longtime privacy advocates were shut out. Committee member Jim Harper, director of information policy studies for the Cato Institute and editor of Privacilla (http://www.privacilla.org), believes the panel will spur the DHS to think harder about privacy issues. And, he adds, "it will give me and others a microphone and an opportunity to quit loudly if DHS disregards privacy." In March 2005, the DHS issued a report on its ill-fated Computer Assisted Passenger Pre-screening System II (CAPPS II) in which the agency's Inspector General acknowledged a host of shoddy privacy practices. Among the highlights: the Transportation Safety Agency (TSA) failed to obtain confidentiality agreements with some companies with whom it shared data, and/or failed to enforce such agreements; it allowed passenger records to be transferred between companies unencrypted and without password protection; and the agency publicly denied having actual passenger data in its possession, when in fact it did. However, the report concluded that the agency had not broken any Federal laws. (The report includes this wonderful slice of bureaucratese: "In 2003 and 2004, TSA officials made inaccurate statements regarding these transfers that undermined public trust in the agency. These misstatements were apparently not meant to mischaracterize known facts. Instead, they were premised on an incomplete understanding of the underlying facts at the time the statements were made." In other words, they lied, but they didn't know they were lying, and even if they did know they were lying, it wasn't their fault.)
The good news is that the TSA has asked privacy consultants, including security guru Bruce Schneier, to serve on an oversight committee for its Secure Flight proposal, the successor to CAPPS II. The bad news is that a March 2005 report by the Government Accountability Office reveals that the TSA has yet to articulate how it's going to safeguard passenger privacy with Secure Flight, despite plans to launch the service in late summer 2005. Thanks to the recent, egregious data leaks at ChoicePoint, Acxiom, LexisNexis, and Bank of America, Congress will almost certainly pass some kind of law regarding identity theft. Likely legislation could range from requiring data brokers (see Figure 7-6) to notify consumers when their information has been stolen (what the data brokers are pushing) to making it harder for them to sell sensitive information like Social Security numbers (what the brokers are definitely opposing). annoyances 7-6. Quick are you a Boomtown Single, a City Startup, or a Middleburg Manager? These are some of the faux categories dreamed up by data vendors like Claritas, who slice and dice demographic data, then sell it for a profit.![]() The Electronic Privacy Information Center (EPIC), which has been contacted by Congressional offices on both sides of the aisle seeking guidance on ID theft issues, is pushing to expand the Fair Credit Reporting Act to include data brokers like ChoicePoint and Acxiom. Putting data mining firms under the umbrella of the FCRA would provide consumers access to their data, notice about how it's being used, and the ability to correct inaccurate information which becomes especially vital when that data is used by government agencies to identify possible terrorists.
|
< Day Day Up > |