“That the individual shall have full protection in person and in property is a principle as old as the common law; but it has been necessary from time to time to define anew the exact nature and extent of such protection…
Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right… “to be let alone…“
— Samuel D. Warren and Louis D. Brandeis, THE RIGHT TO PRIVACY, 4 Harvard Law Review 193 (1890)
Spencer Hsu of the Washington Post reports today that 28 groups and individuals belonging to the Privacy Coalition are calling for Congress to investigate the Department of Homeland Security’s Privacy Office. The Coalition, in a letter to House Homeland Security Committee, questioned the adequacy of the Office’s work, especially as it relates to the following technologies:
- Fusion Centers and the Information Sharing Environment
- Whole Body Imaging
- Closed-Circuit Television (CCTV) Surveillance
- Suspicionless Electronic Border Searches
The group seems to be most concerned with the Privacy Officer’s first responsibility, under Sec. 222(a) of the Homeland Security Act, to assure that “the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information.” The group also finds fault with the Office’s certifications for exemptions to its obligations under the Privacy Act.
The letter’s premise is interesting in that it furthers the privacy versus security rhetoric that has permeated homeland security. Rather than noting how the two can co-exist, the letter places each against other, with little room for mitigation or reinforcement — which is at odds at how the Homeland Security Act – rightly or wrongly- put together the Privacy Office’s responsibilities.
The Coalition notes that the Department’s Privacy Compliance Group “manages statutory and policy-based responsibilities by working with each component and program throughout the Department to ensure that privacy considerations are addressed when implementing a program, technology, or policy.” The letter discusses the Compliance process and then criticizes the Department for focusing its efforts on Privacy Impact Assessments to assure that implementing programs build in privacy protections. That said, it admits that the assessment process is a possible avenue for the Department to protect privacy and then proceeds to criticize the agency for not providing enough examples in an annual report, even though every PIA is listed.
If the Privacy Office is doing all of the above- it is doing its job. The Coalition, it would seem, is requesting, in part, that programs be dismantled. For example,the letter’s section on whole body imaging suggests that the technology itself is the problem, not the assessment of what privacy measures should be in place. According to TSA and the Privacy Office’s assessments, TSA has put in place privacy protections regarding the use, collection and disclosure of personal information in the case of whole body imaging. According to TSA’s website, the following procedures are in place:
- The officer who assists the passenger never sees the image the technology produces.
- The officer who views the image is remotely located, in a secure resolution room and never sees the passenger.
- To further protect passenger privacy, millimeter wave technology blurs all facial features and backscatter has an algorithm applied to the entire image.
- The two officers communicate via wireless headset. Once the remotely located officer determines threat items are not present, that officer communicates wirelessly to the officer assisting the passenger. The passenger may then to continue through the security process.
- This state-of-the-art technology cannot store, print, transmit or save the image. In fact, all machines are delivered to airports with these functions disabled.
- Officers evaluating images are not permitted to take cameras, cell phones or photo-enabled devices into the resolution room.
- Each image is automatically deleted from the system after it is cleared by the remotely located security officer
If the Privacy Office evaluated the program during its implementation and worked with TSA to require these protections, hasn’t its statutory duty been met? The Coalition suggestions on the Privacy Office’s responsibilities would require a reinterpretation of the statutory language so as to delete the “protections relating to the use, collection, and disclosure of personal information.” The Coalition, it seems, would have the Privacy Office be both judge and jury in deciding whether technologies in and of themselves “erode” privacy in the broadest sense. That, however, is not the Privacy Office’s mandate.
Don’t get me wrong, the letter does raise some legitimate issues that the Privacy Office does need to address. For example, in the section relating to Fusion Centers and Closed-Circuit Television (CCTV) Surveillance, it suggests that the Privacy Office should have pushed harder for mandatory privacy protections, rather than guidelines and voluntary efforts. To the degree DHS has procurement, grant, and partnering decisions over such programs, then stronger protections should be pursued.
In its closing the letter notes that if DHS’s internal privacy office cannot “protect the privacy of American citizens, through investigation and oversight” then “the situation calls for an independent office that can truly evaluate these programs and make recommendations in the best interests of the American public.” The Privacy Office’s mission, as envisioned by the Homeland Security Act, is not that of an independent voice. That voice was created in the 2004 Intelligence Reform Act with the creation of the Privacy and Civil Liberties Oversight Board, which is neither staffed nor active. That is where the Privacy Coalition should be focusing its attention.
Indeed, in a letter today, Rep. Jane Harman and Sen. Susan Collins rightly raised concerns with President Obama re the delayed status of nominations to that board. That independent board is the watchdog for evaluating the privacy in the programs that the Privacy Coalition has raised. Its mission includes
in providing advice on proposals to retain or enhance a particular governmental power, consider whether the department, agency, or element of the executive branch concerned has explained—
(iii) that the need for the power, including the risk presented to the national security if the Federal Government does not take certain actions, is balanced with the need to protect privacy and civil liberties.
Notably this responsibility is not included in DHS’ Privacy Office job description. Rather than re-interpreting the DHS Privacy Office’s role or creating ANOTHER independent body – the focus should be on getting the Privacy and Civil Liberties Oversight Board in place so that a voice exists to help the government to determine when security and our “right to be left alone” clash and what steps need to be taken to assure that our nation is secure and our fundamental values and rights are protected.