Watchdog group says DHS privacy guidance allows researchers to break the law

The Homeland Security Department should not be allowed to disregard federal privacy laws when collecting personally-identifiable information on individuals online in the course of researching possible cybersecurity threats, a privacy watchdog group is recommending.

Under DHS’ current privacy guidance under consideration for that type of research, federal analysts would be allowed to ignore federal privacy law in certain cases, Marc Rotenberg, president of the Electronic Privacy Information Center, wrote in a letter to DHS on Feb. 27.

Under the proposed guidelines, “researchers are permitted to make research decisions contrary to law, and are encouraged to ‘accept responsibility’ for their actions,” Rotenberg wrote.


Related story:

Lawmakers worried about possible 'chilling effect' of DHS social monitoring


Rotenberg strongly disagreed with those principles and urged the DHS to reject them, asserting that being allowed to deviate from law is essentially illegal.

“The agencies should not and cannot legally adopt this principle of knowingly violating federal laws for the sake of research,” Rotenberg wrote.

DHS should abide by federal privacy laws rather than adopt the non-binding privacy principles, “which are not enforceable and provide few rights for individuals,” EPIC said in a statement on its website.

DHS officials were not immediately available to comment on Rotenberg’s recommendation.

Rotenberg was responding to DHS’ recent request for comments on the proposed privacy principles contained in a report developed on behalf of the DHS Science & Technology Directorate.

The report, known as the Menlo Report, was prepared by a team of academic and industry experts to identify ethical principles for protecting privacy of individuals while performing information and communication technology research.

The Menlo Report is the latest addition to federal protections for human research subjects’ safety and privacy that have been developed since the 1970s. The protections were developed following several highly-publicized abuses including the Tuskegee Syphilis study in which the U.S. Public Health Service infected African-American men with syphilis and left them untreated so that the disease's effects could be studied.

In 1979, a federal commission published the Belmont Report specifying that in most cases investigators must obtain informed consent from human research subjects. In July 2011, DHS and the Health and Human Services Department issued an advanced notice of proposed rulemaking with additional proposed protections.

In December 2011, the DHS science & technology unit released the Menlo Report with proposed protections for privacy in information and communication technology research.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Ellen Lord - Textron DOD ATL USD

    Lord tapped to lead DOD acquisition

    The Trump administration has nominated Ellen Lord, president and CEO of defense contractor Textron Systems, to serve as undersecretary for Acquisition, Technology and Logistics.

  • Soraya Correa, DHS Chief Procurement Officer

    Confronting the culture of fear in government

    Steve Kelman gives kudos to DHS' Soraya Correa for facing the FLASH cancellation head-on.

  • DHS: Russia tried to hack voting systems in 21 states

    DHS officials confirmed for the first time that Russian hackers tried to penetrate voting systems in 21 different states in the run-up to the 2016 election, but said the hacking did not affect election results.

  • VA Secretary Dr. David Shulkin speaking at a June 20, 2017 Monitor Breakfast. Photo credit: Michael Bonfigli/The Christian Science Monitor

    VA expects to add an integrator to health record mix

    After coming to terms with Cerner on a price for its electronic health record system, VA expects to pivot to finding an integrator to handle legacy interoperability and change management.

  • Soraya Correa, DHS Chief Procurement Officer

    DHS execs own FLASH fail

    The department's failure to launch an agile services contract can serve as a teachable moment, according to DHS procurement officials.

  • Is it time to rethink the TIC?

    Current restrictions on internet gateways complicate agencies' move to the cloud, so the Office of Management and Budget is exploring new security architectures.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group