Computerworld Has Q&A with DHS Privacy Chief Hugo Teufel
Computerworld sits down with Department of Homeland Security Chief Privacy Officer Hugo Teufel and chats with him about the issues he has faced at DHS.
I have worked often with Teufel and the DHS Privacy Office staff. We do not always agree, but I respect them and the difficult job they have. They work hard to ensure privacy issues are on the table when programs are discussed, though strong privacy protections often are not included in DHS programs.
From Computerworld:
In your speech, you said U.S. CPOs would be wise to understand how the European Union treats privacy differently within its “first pillar” commercial policy and “third pillar” security areas. Can you elaborate? The rules covering the same personally identifiable information appear to be different for security services than they are for businesses operating in the EU. Security services may make demands of businesses for certain data, which by law the businesses are not allowed to collect. The businesses can refuse, risking the wrath of the security service, or they can comply, risking punishment from the data-protection authority, which may not have competence over the security service collection and use of that data. It’s a real catch-22.
What was your top lesson learned from the U.S.-EU compromise on the sharing of airline passenger name records? Sadly, that politics sometimes took precedence over the security and privacy of Americans and Europeans. [...]
You mentioned that you put a lot of materials on the DHS privacy Web site. What do you wish the public knew more about regarding DHS’s privacy function? I wish the public knew how hard we work to protect their privacy while the department secures the homeland. We are at the forefront of American privacy protection domestically and internationally. Come visit our Web site, and you will see what I mean. [...]
Can you point to any government program that has been shut down because it lost public credibility over its privacy practices? At DHS? No. There are two programs, however, that bear mentioning: Fidnet and Talon. Fidnet — Federal Intrusion Detection Network — was a Clinton-era effort led by Richard Clarke to put in place comprehensive cybersecurity measures for the whole nation. The failure to consider privacy and civil liberties issues led to Fidnet’s significant downscaling and the loss of several years before the federal government again took up a comprehensive cybersecurity program. Talon — Threat and Local Observation Notice — was a force-protection system designed by the Air Force but taken over by the Pentagon’s Counter Intelligence Field Activity. The failure to properly educate and train persons reporting into Talon led to violations of the Privacy Act and shutting down of the program. […}
What’s left to do for your successor? Much. Finishing the FOIA/Privacy Act regulations. I couldn’t get them across the finish line, although we made great progress on them. Providing policy advice to senior leaders is never-ending. To do that, my successor is going to have to get to know the key players in the department, career and appointed, and learn about all of the things that the department does is another. I had a real advantage by being at the department for over two and a half years before joining the Privacy Office.
Possibly related posts: