Friday, December 01, 2006

Homeland Security Privacy Report 18 Months Late


Homeland Security Releases Overdue Privacy Report

The Department of Homeland Security Privacy Office has released its report on the Privacy Office's activities over the past two years. The law creating the Department of Homeland Security requires the Privacy Office to issue a report every year, but the report was delayed without explanation for a year and a half.

The Homeland Security Act of 2002, ยง 222, gave the Secretary of Homeland Security the responsibility to "appoint a senior official in the Department to assume primary responsibility for privacy policy." The responsibilities of the Chief Privacy Officer include:

  1. assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information;
  2. assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974;
  3. evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;
  4. conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected; and
  5. preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters.

The report discusses general efforts the Privacy Office has made since July 2004 to "embed" privacy considerations into the evaluation processes in the Department of Homeland Security, but there is no information on whether these efforts have succeeded in reducing threats to Americans' privacy. The report is lighter on specifics than the previous report, covering through June of 2004. The new report discusses the Privacy Office's work with airport and immigration screening, but it ignores recent programs like video surveillance of public spaces.

The report identifies several privacy problems in DHS programs. In 2005 Congress ordered the Government Accountability Office to investigate the Transportation Security Administration's airline passenger screening programs. The GAO found significant problems with handling of personal information and violations of privacy laws. The GAO turned its findings over to the Privacy Office, which then did its own investigation. The Privacy Office claims to have continued its work with the TSA to resolve these issues. However, the report did not resolve EPIC's concerns about TSA redress procedures -- namely that citizens do not have the right to litigate to ensure their records are correct or even to view their records.

The Department of Homeland Security has received wide criticism for its identification card programs, many of which use radio frequency identification technology. The Privacy Office's report did not mention a draft report by the Department of Homeland Security Data Privacy and Integrity Advisory Committee also recommending against the use of RFID in identification documents. "RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity," the committee said.

Earlier this year, EPIC wrote to the Department of Homeland Security to urge the release of the report. Then President Bush issued a statement in which he said the "executive branch shall construe section 522 of the Act, relating to privacy officer reports, in a manner consistent with the President's constitutional authority to supervise the unitary executive branch." The White House influence on federal privacy policy can be found in Section V of the agency's report.

Congress will be able to use the new report to evaluate the Privacy Office's performance.

DHS Chief Privacy Officer Report Covering July 2004 to July 2006 (PDF)

EPIC's Letter to Chief Privacy Officer Teufel (PDF)

Department of Homeland Security Data Privacy and Integrity Advisory Committee: The Use of RFID for Human Identification (PDF)

Homeland Security Act of 2002 (PDF)

Presidential Signing Statement, H.R. 5441

EPIC's page on Privacy Report Held Hostage

Technorati: Homeland Security, privacy office, Privacy


Save To Del.icio.us    Digg! Digg This!
posted by RealitySEO at 12:56 PM

0 Comments:

Post a Comment

<< Home