New privacy threat index mimics terrorism alert levels

New privacy threat index mimics terrorism alert levels

SAN FRANCISCO—The Electronic Privacy Information Center today unveiled a new Privacy Threat Index to track what it sees as a growing menace to privacy from the government’s expanding surveillance efforts.

EPIC officials at the RSA 2003 Security Conference said the Washington center’s index would ape the five-level color code established for the Homeland Security Advisory System by the Homeland Security Department. The rankings are green for low, blue for guarded, yellow for elevated, orange for high and red for severe.

Based on developments during the past year, EPIC placed the current level at yellow.

It will become increasingly important to compare surveillance activity over time, EPIC executive director Marc Rotenberg said.

"We will use the Privacy Threat Index to assess developments in the United States and to compare activities in countries around the world,” he said.

Jim Bidzos, chairman of the Bedford, Mass., company’s conferences, said yesterday that he had suggested the color-coded index. Bidzos is a member of the EPIC advisory board.

The index is the result of concern over government’s new powers to investigate and eavesdrop on citizens since the terrorist attacks of Sept. 11, 2001, Rotenberg said.

Chief among the concerns are two items: the USA Patriot Act, passed in the immediate wake of the attacks, and a Patriot II follow-on legislative proposal being developed by the Justice Department.

In an alert about the index, EPIC cited five other factors that led to the index’s creation:

  • Expanded use of the Foreign Intelligence Surveillance Act, which permits the government to conduct surveillance without the safeguards required by the Fourth Amendment

  • The FBI’s decision to relax the legally mandated accuracy requirement for the National Crime Information Center data

  • Increased funding for surveillance systems, including immigration control and video surveillance tools

  • Required use of biometric identifiers for routine identification documents that don’t have associated privacy protection to assure personal information will not be misused

  • Ongoing efforts by the FBI to extend the application of the Communications Assistance for Law Enforcement Act to Internet telephony. The law now requires the development of wiretap-friendly communications services.

  • Though these factors are discouraging, EPIC’s alert also noted three positive signs:

  • The government so far has rejected development of a mandatory national ID card.

  • Congress has limited research efforts planned under the Defense Advanced Research Project Agency’s Total Information Awareness program.

  • Lawmakers have increased their scrutiny of a passenger profiling system project at the Transportation Security Administration.

  • The Privacy Threat Index can be found on EPIC’s Web site, at

    Bidzos, meanwhile, presented his own index, rating the insecurity level of the Internet.

    Based on the growing number of vulnerabilties and attacks, the complexity of software and the government's failure to improve security at many agencies, he set the level at 6.5 on a 10-point scale, with one being best and 10 worst.

    But Bidzos praised industry efforts such as Microsoft Corp.'s trusted computing initiative and said the company's focus on developing secure code is a model for all software makers.

    About the Author

    Connect with the GCN staff on Twitter @GCNtech.


    • Workforce
      White House rainbow light shutterstock ID : 1130423963 By zhephotography

      White House rolls out DEIA strategy

      On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

    • Defense
      software (whiteMocca/

      Why DOD is so bad at buying software

      The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

    Stay Connected