| Home | Information Sharing & Analysis | Prevention & Protection | Preparedness & Response | Research | Commerce & Trade | Travel Security | Immigration |
The threat level in the airline sector is High or Orange. Read more.
This information is not current, is not being updated, and may contain broken links.
Release Date: 03/07/06 00:00:00
Washington, D.C.
Data Privacy and Integrity Meeting
Ronald Reagan Building and International Trade Center
March 7, 2006
SECRETARY CHERTOFF: Thank you, Maureen. I'm glad we got a chance to shake hands coming in this time instead of going out.
Well, I want to thank committee members for your hard work and advice as we continue to integrate our privacy protections into our programs and address privacy concerns in an environment which is probably one of the most challenging in government, because our various elements interact with the public in a wide variety of settings, and a lot of them do impinge on concerns about privacy.
Some of the things that we have had the benefit of committee recommendations on are use of commercial data to reduce false positives in Secure Flight and other screening initiatives, and I certainly want to recognize Maureen for her tremendous leadership in terms of making this office effective and make its work significant.
Privacy is really about -- I mean, you spend a lot of time talking about what privacy means. It actually means different things to different people. To some people, it's about information management, keeping information confidential, having control over where information goes. For other people, it's physical space, not having people intrude into your physical domain. And in some instances, these various notions of privacy actually clash. One person's privacy is not another person's conception of privacy. There are cultural differences.
Europeans become extremely focused on the issue of data protection. They frankly are much more focused on data protection than we are. They're very intent on creating limitations on how long data is retained and they impose very strict conditions on how it's transmitted -- frankly, more than we do in our law.
On the other hand, in many countries in Europe, you have to carry a national identity card, and if you don't have it, they can put you in jail or take you down to the police station. That would, I think -- certainly the requirement that you must carry a card or you be put in jail would just put Americans into orbit.
So we have a conception of privacy that puts more weight on some things; they have one that puts more weight on others. And I think -- a lot of these are driven by historical examples and historical concerns.
But as we go about doing our work, we really ought to always bear in mind the different conceptions of privacy, the different tradeoffs. People often talk about the fact that we need to trade privacy for security or that there's a tradeoff between privacy and security. And that may be true, in certain respects. But I think it's also true there are different conceptions of privacy we have to trade off.
One of the areas where I see this the most is in the issue of passenger screening. In a sense, right now we are heavy on physical intrusion, and also intrusion by way of questioning people, and light in terms of the amount of data we ask people to give us. And part of what we're trying to migrate to, I think, in our various kinds of screening programs, is a regime in which perhaps with more information about people, we would have to be less physically intrusive, and we have to question them less.
So when we consider, is that protecting privacy or hurting privacy, I think the question is going to be, well, there are different elements of privacy, and some are favored and some are disfavored under different regimes.
So I think these are tough questions we have to talk about and think about as we design our programs going forward.
Of course, another element of privacy is information sharing. We are committed to an information sharing environment. In December of last year, the President issued a memorandum entitled, "Guidelines and Requirements in Support of the Information Sharing Environment," which was an outgrowth of the Silberman-Robb Commission, which talked about the fact that we don't have sufficient information sharing as an embedded element of our operations among the various agencies that have responsibilities to manage information.
And this, of course, has been a theme, even of Congress, which has in legislation spoken to the need to share information. And, again, when we talk about information sharing, we get to the issue of privacy, and we have to again talk about what does it mean, in terms of privacy. Does it mean that we have to restrict the amount of information that's shared, or that we have to restrict the uses to which it's put? This gets us into such issues as mission creep, which is the tendency for information collected for one purpose to eventually be applied to other purposes. And I think we need to be very disciplined about the way we think about these issues and how we discuss them, because I think that the more you get into them, I guess my thesis is, the more you see privacy has a lot of different dimensions. And some of them, in fact, are in tension with each other, and we have to be very clear about what are the benefits and what are the harms, as we consider issues like information sharing and environment and things of that sort.
Clearly, we need to be committed to better information sharing, and the question is, how do we build protocols and regimes to make sure that that information is used appropriately and not misused.
One of the -- I don't want to ruminate too much, but one of the particular challenges is, how do we use information sharing to actually protect people against identity theft. In some ways, a regime of better information sharing is more protective of people, in terms of diminishing the opportunity for thieves or criminals or terrorists to steal their identities. So there, again, what may appear in the first instance to be a challenge to privacy may actually promote privacy.
Let me conclude before we throw it open to discussion with the observation of where the Department is. We are still a very young and comparatively immature department. We are a little over three years old, as we sit here today. And so we have a lot of opportunity to build into the sinews of this what I could describe as maybe an adolescent or young adolescent organization, respect for privacy and a thoughtful approach to privacy, which I hope very much this committee will help us do, and I look forward also to Maureen helping us do that.
I think we all know we don't want to live in a society where our privacy is regularly invaded. Heaven knows it seems to be invaded by private actors much of the time, and we certainly don't want the government to become an invader of privacy. We want the government to be a protector of privacy, and we want to build security regimes that maximize privacy protection and that also do it in a thoughtful and intelligent way.
So I think you all have the opportunity to really be present at the creation of a culture of privacy in this Department, which I think, if it's done right, will be not only a long-lasting ingredient of what we do in Homeland Security, but a very good template for what government ought to do in general when it comes to protecting people's personal autonomy and privacy.
So Maureen, those are my comments. I guess we have a little bit of time for some discussion.
QUESTION: Mr. Secretary, thanks for being here. Appreciate hearing from you. One of the things you said piqued a memory of mine from the recent past when you talked about Europeans and their concerns about data. Obviously, the European data privacy directive represents a significant part of the data protection regime worldwide. But contrarily, Europe has also passed a data retention directive that will seem to require telecommunications firms to collect information for surveillance purposes, for the use of governments.
At Davos, The Financial Times quoted FBI Director Mueller as wanting to implement international standards, among other things, pertaining to data retention. And I wonder if you're considering a U.S. data retention standard.
SECRETARY CHERTOFF: Well, it's an interesting question. I don't know that anybody has proposed a specific standard. Generally speaking, my understanding is, a lot of data -- my understanding is the Europeans actually have pressed to minimize the amount of retention. The issue there is they've actually required that data be disposed of and eliminated. Here, generally data is kept for a long time, and the issue is whether we can obtain the data or not through subpoenas or other kinds of means.
An interesting challenge would arise if companies went to the business model of destroying data very quickly. Of course, they usually keep it for billing purposes, but if they were to decide they wanted to destroy it very quickly, whether we would compel them to do more data retention, I think that would implicate two issues. One would be, of course, the financial issue -- is it an unfunded mandate -- and we would get some pushback on that. The second is a privacy issue.
One of the proposals that was floated and shot down for a period of time, I think, before I got here, was the idea of having screens for protection -- instead of the government actually retaining data and collecting it, letting private parties keep their own data, but letting us run screens against the data -- submitting a name, having it pinged against a private database, and then have the private data holder, who has the data anyway, go "yea" or "nay," red flag, green flag. And only if it was a red flag would we then get the underlying data.
So that might be a model for some kind of data retention issue. It might be one that would say the government, instead of holding the data itself, will allow it to remain in the private sector, provided the private sector retains it for a period of time so we can ping against it.
This comes back to my basic underlying thesis. It's too easy to say something is pro-privacy or anti-privacy. On a lot of these issues, actually, putting security totally aside, some of the proposals that we encounter actually are simply tradeoffs on different elements of privacy. It may promote privacy in one respect and may diminish it in another, or may impinge it in different ways. And that seems to me to require a deeper analysis of the tradeoffs. In this case, a requirement of data retention in the private sector might be seen as being anti-privacy, and yet, if that led to the government having less information and keeping it more in the originating private hands, people might say that protects privacy.
So I think you've got to ask yourself with specificity what, actually, privacy objectives are served or disserved by a particular proposal.
QUESTION: Thank you. And thank you, Mr. Secretary, for joining us. I wanted to actually pick up the theme that you just last mentioned, which was that kind of concept of the privacy tradeoffs. And in your earlier comments, you had talked about the concept of more or less intrusive, as part of the airport questioning and things of that nature. And I guess I wondered what you thought about -- because I think most people would agree on the less intrusive, but would also want to have an awareness so that they would be able to judge reasonableness of the questioning. And I guess there's a fear that when things get taken out of the direct interaction, there's less of an ability to judge reasonableness. Are there any mechanisms that the Department can use to help people get a better understanding of the reasonableness and the nature of the questions of the benefits that accrue to them?
SECRETARY CHERTOFF: Well, I'm not sure -- do you mean questioning when people are directly questioned at the airport?
QUESTION: Well, if you're shifting from questioning to a screening process that is perhaps less evident to them, they can judge the reasonableness of the question; the screening is a little harder for them to judge. And I think for a lot of people, there's the question of the transparency of what's done with the information and how.
SECRETARY CHERTOFF: Well, and part of that is we have to have, you know, redress. There are obviously mistakes. But here again, you know, there's a funny issue with tradeoffs. To the extent that we are only able to obtain names from people and we're not -- when we get ticketing information we don't get, let's say, date of birth -- the name is a very blunt instrument for screening, and that leads to a lot of false positives, and that leads to the stories you always hear about, about 11-year-old kids being questioned because they have the same name of somebody who is on a terrorist watch list.
That is very, I think, counter-intuitive and distressing to people. If you got more information -- date of birth, address; none of which is super-secret -- you would really be able to screen out an awful lot of people from being stopped and questioned. Now, I think actually most people would prefer that, particularly if we explained why we're doing what we're doing. And that's an example, I think, of what you say, where we can make it clear that -- and that's not very sophisticated, it just creates finer screens for separating out people that we're interested in and people that we're not interested in.
As we get further down the line you start to ask questions, are there other things we could ask that would even allow us to expedite the travel process for more people, require even less -- people going into secondary and things of that sort.
One solution to this might be voluntary systems, what we call "registered traveler systems," where, while it wouldn't completely eliminate your physical screening, your identity screening would be taken care of if you've enrolled in registered traveler and you've got a biometric card and we did a check. And that's a market-based or a voluntary-based system. So that's another way to approach the problem, I think.
QUESTION: Again, thank you for being here, Mr. Secretary. One of the things that in this drive for information sharing we believe will be critical -- and it will raise a number of privacy considerations also -- but has been lacking has been the ability to share information with the first responders, across levels of government. And a significant part of that, I think, a necessary pre-condition is the question of trust -- trust up and down. And the question is specifically what is the Department doing to try to increase that level of trust between governments?
SECRETARY CHERTOFF: Well, a lot of what we're doing through our information analysis and intelligence analysis -- intelligence and analysis component is to share both in terms of our Internet and our secure Internet to actually embed some of our officials in state and local and bring some of them into our operations center, precisely to increase this level of trust.
You know, there are always two elements to information-sharing. One is trust, which means getting people an appropriate security clearance or background check. The other is, of course, need to know, which is the less often commented element. And sometimes people, even when they're trusted, don't get information if they don't have a need to know it. That's good security practice. I know people get offended sometimes because they think if they've been cleared they should be able to see anything. But I can tell you that I think even among people who have the highest level clearances you can get in the government, you still don't get information and you shouldn't get information not pertinent to your job. So there's always a reason -- you have to justify why you're getting information, in terms of the job function.
That's, by the way, another good example of protecting privacy as well as security.
I guess my thesis here is that the simple privacy versus security balance we often hear about is simply way oversimplified, that in many ways these things serve common interests and that it's much more complicated. The bottom line is we're doing a lot to try to increase the networks through which we communicate, but we also have to remind people that in the end people get information because they can use it, not merely because they want to be in the know or satisfy their curiosity.
QUESTION: Mr. Secretary, thank you for joining us this morning. I noted with delight, I think, and I share it by most of the committee members, that you mentioned the government wants to be a protector of privacy -- we certainly support that -- and that your interest is here in developing a culture of privacy in the Department. Part of that culture has to be based on leadership, and I think the committee would be very interested in hearing your thoughts about filling the vacant position of Chief Privacy Officer in the Department. It's a position that we all have a very fond attachment to, not only the individual filling the acting position in Ms. Cooney, but also in the long-term prospects of making sure that leadership is not only filled, but also really firmly supported over time.
SECRETARY CHERTOFF: Well, we do support it. The process of filling jobs is one that's often lengthy because we do look for a lot of candidates. We want to make sure that even if we have people in place who we could promote, we also want to look outside to see if there are other candidates. Then the prospect of your background checks and things of that sort.
So we do -- we are focused on this position. And more than that, we want to be focused on it not as a kind of component that's a stand-alone, but we want to have it be an issue that we talk about even in all of our regular activities. I think leadership is not just having a Privacy Officer say, okay, here's your Privacy Office, go deal with privacy, but it's treating privacy as an element of everything that we do. And I can tell you that we often discuss these issues -- and I've discussed these issues with counterparts in other countries as we consider how to devise our programs. So we look forward to continuing to interact with the Privacy Office, both in terms of their perspective, but also because we want to get just general good advice on how to work privacy into everything that we do.
MS. COONEY: I have just gotten the nod that the Secretary needs to move on to his next appointment. Thank you so very much for joining us, we appreciate it.
SECRETARY CHERTOFF: Thank you very much. Thanks a lot. Thanks for your fine work.
# # #
This page was last reviewed/modified on 03/07/06 00:00:00.
