Experts spell out privacy platform for next Congress

The Homeland Security Department's first chief privacy officer recommended today that the new Congress consider strengthening the nation's 34-year-old Privacy Act and a 2002 statute on electronic government services to uphold privacy and civil liberties safeguards for national security.

Nuala O'Connor Kelly, who left the agency to become General Electric's top privacy executive in 2005, told a House Homeland Security Committee Democratic staff roundtable the original charters of the Homeland Security Department's privacy office and its data privacy and integrity advisory committee might also need to be bolstered legislatively. O'Connor Kelly said she was "optimistic and very excited" about what President-elect Obama and Arizona Gov. Janet Napolitano -- his pick for Homeland Security secretary -- will accomplish on the privacy front.

Several panelists recommended Congress act to block so-called predictive data-mining employed by Homeland Security and other agencies -- a technique they said combs vast quantities of information but does not hinge upon a suspected terrorist or person of interest. Tim Sparapani, senior legislative counsel for the American Civil Liberties Union, said such programs waste scarce security dollars and do not aid terrorism probes. He said the Homeland Security Committee should statutorily zero out funding for such programs.

Cybersecurity expert Fred Cate echoed Sparapani, arguing there is no evidence that this type of data collection works, while bad data compromises personal privacy and hampers national security. A Homeland Security-funded report released in October recommended greater external oversight of data-gathering programs and discouraged behavioral patterns as a predictive measure.

Experts at the Heritage Foundation and elsewhere have touted the usefulness of data-mining in counterterrorism efforts, but they were not invited to speak at the event.

Cate argued Congress can take steps to protect individual privacy and civil liberties in cases when the government collects, stores, and uses sensitive information about Americans. He cited a recent GAO report that concluded technological and policy changes have rendered the Privacy Act "almost entirely ineffective." For example, the law only applies to a "system of records;" which does not apply to the modern databases being created by agencies like the FBI.

Sparapani urged the panel to examine data collection programs already employed by Homeland Security and to hold a closed-door meeting with agency officials to be briefed on programs whose existence has not yet been disclosed. A committee spokesman said staff will compile panelists' recommendations, produce a report early next year, and most likely hold hearings.