UPDATE: USA Today reports, “Homeland Security Secretary Janet Napolitano endorsed the use of body scanners Wednesday to screen airline passengers despite concerns that the machines create vivid images of people under their clothing.” I’ve written about the privacy risks connected with these scanners before.
In testimony to the House Committee on Homeland Security on Wednesday, Secretary Janet Napolitano explained “how DHS will work in the future to keep Americans safe.” Her comments on privacy include noting that the Committee’s platform items for DHS included “securing the homeland and preserving privacy, civil rights, and civil liberties.” She also said:
Of course, amid the implementation of new technology, we will continue to be diligent in honoring the rights of Americans and addressing concerns raised about privacy. To this end, last week I appointed an experienced new Chief Privacy Officer for the Department, who will bolster a Privacy Office already recognized as a leader in the federal government. Homeland security and privacy need not be exclusive, and the Department will look to include privacy in everything we do.
More importantly, Napolitano also discussed several programs affecting individual privacy: employment verification (“E-Verify), Western Hemisphere Travel Initiative, and state and local intelligence sharing (through “fusion centers”).
There has been much debate about DHS’s employment eligibility verification program E-Verify. especially the databases it uses. (President Bush issued an executive order last year that greatly expanded the number of employers required to use the system.) Napolitano said Wednesday, “I issued a directive to measure employer compliance and participation with the Department’s E-Verify program and ways that DHS has worked both to reduce false negatives in order to protect the rights of Americans and to strengthen the system against identity fraud.” The false negatives problem is substantial. Several federal (pdf) government evaluations (pdf) note problems with database checks that lead to initial rejections for individuals who are legally eligible to work in the US, causing significant problems for eligible workers who have done nothing wrong.
Napolitano also spoke about the Western Hemisphere Travel Initiative. WHTI is a program, developed by the departments of Homeland Security and State, that requires everyone entering the United States through land or sea ports to present a passport or other documents to prove identity and citizenship. Currently, WHTI-compliant “passport cards” and “enhanced driver’s licenses” are equipped with long-range radio frequency identification (RFID) technology. These chips are “read” at test border crossings by long-range RFID readers, and their security is highly suspect. Researchers have detailed privacy and security vulnerabilities in the RFID chips used by cards that are WHTI-compliant.
And DHS’s own Data Privacy and Integrity Advisory Committee and the Government Accountability Office have both cautioned against (pdf) using RFID in identification documents. The privacy committee has urged (pdf) that long-range RFID only be used in ID documents if RFID is the “least intrusive means,” because there are significant privacy and security drawbacks. (You can learn more about RFID tags and tracking in a recent article in Scientific American magazine by Katherine Albrecht, How RFID Tags Could Be Used to Track Unsuspecting People.) Yet Napolitano is supportive of these long-range RFID identification cards. She said:
A good example of better technology leading to greater capability is going live this week in San Diego. The port of entry at San Ysidro, the largest land port in the Nation, is now equipped with radio frequency identification (RFID) infrastructure – including software, hardware, and vicinity technology – that allows Customs and Border Protection Officers to identify travelers faster than ever. The technology expedites the travel of law-abiding border crossers and allows agents to focus on where they are most needed. The high-tech RFID system works in tandem with RFID-enabled documents such as passport cards, Customs and Border Protection’s trusted traveler programs, and enhanced driver’s licenses. An RFID tag embedded in these documents transmits a unique number to a secure CBP database as the traveler approaches the border, allowing agents to identify the crosser quickly. The high-tech system expands law enforcement capabilities while improving the process for Americans.
Napolitano also discussed fusion centers, defined by the Department of Justice, as “mechanism[s] to exchange information and intelligence, maximize resources, streamline operations, and improve the ability to fight crime and terrorism by analyzing data from a variety of sources,” which includes private sector firms and anonymous tipsters. The privacy and civil liberties debate over fusion centers has only become more heated as more evidence of the centers’ use has become public. DHS has issued a privacy impact assessment (pdf) of the centers.
On Wednesday, Napolitano said:
I issued two action directives concerned with the Department’s partnerships and intelligence-sharing activities with state, local, tribal, and territorial partners. As a result of the directives, the Department is considering a possible future assessment of all intelligence-sharing efforts within DHS with an eye toward reducing duplication. DHS is also considering ways to improve intelligence sharing by involving state and local partners during the formulation of intelligence-sharing policies and programs. The Department is looking to improve the coordination of activities involving state and local partners across DHS.
We will need to watch closely how the Napolitano’s Department of Homeland Security handles privacy and civil liberties issues. There were numerous criticisms (and some positive statements) about how DHS handled such issues under previous Secretary Michael Chertoff.