DHS Data Privacy Committee Releases Privacy and Technology Recommendations for a Federated Information-Sharing System
UPDATE: DPIAC member Barry Steinhardt has written a statement (DPIAC pdf; archive pdf) about the report that he describes as being “more in the way of a partial concurrence than a pure dissent.” Steinhardt wrote that he agrees with much of the DPIAC report, “But, as explained below, I could not vote in favor of a report that contained conflicting statements regarding the critical question of the creation of a new centralized database containing search results.” [Disclosure: Steinhardt is a friend and colleague.]
The report is a response to a request by DHS Chief Privacy Officer Mary Ellen Callahan. The report notes that “the Department is in the process of creating a policy framework and a technology architecture for enhancing DHS’s information-sharing capabilities,” and details suggestions for this new framework and architecture.
Currently, the information sharing environment at DHS is composed of individual systems intended to support the unique missions of the various DHS components. The data are used within those systems, which essentially comprise a series of stovepipes, to support the unique functions of the distinct DHS components. The new information-sharing project aims to create a federated system to facilitate efficient and effective data sharing among the various DHS components.
We understand that there are two possible approaches in designing such a system. One approach envisions a centralized database at the “hub,” which would contain pointers to participating component databases, the queries of users searching for information in other component databases, and the results of those queries. The hub also would contain an audit log. An alternative approach would be to retain far less information at the hub, limited to pointers to participating component databases and an audit log. The audit log would retain the queries and information on the users.
As discussed in detail in this white paper, the Committee believes the latter approach, with minimal data stored at the hub, would be preferable (assuming little or no reduction in effectiveness of the proposed data-sharing project), reducing the possibility of adverse privacy impacts and database management challenges.