Privacy czar plays homeland role

After a two-year absence, a privacy czar of sorts is returning to the federal government.

The Homeland Security Department will have a privacy officer whose job will be to ensure that activities of the new department do not erode the privacy of ordinary Americans.

But in light of recent legal, technological and political developments, the new privacy chief will have a tough job, privacy advocates predict.

"Many of the missions of the Homeland Security agency are so inherently invasive of privacy that it will be difficult for the privacy officer to offset the risk to personal privacy," said Chris Hoofnagle, legislative counsel at the Electronic Privacy Information Center.

For example, the new department will oversee a new data mining system under development at the Transportation Security Administration to scour electronic databases of airline passengers for information that might identify those who pose a terrorist threat.

The department will also have authority to merge massive amounts of personal data from the FBI, CIA, law enforcement and other government agencies, and even private companies such as phone companies and Internet service providers to analyze for evidence that might indicate terrorist activity.

All that adds up to "substantial and potentially invasive authorities to compile, analyze, and mine the personal information of millions of Americans," said Jerry Berman, director of the Center for Democracy and Technology.

The Homeland Security Act passed by the Senate Nov. 18 "is huge step forward in the hasty expansion of government powers without corresponding checks and balances," he said.

The vote to create a new department with the authority to buy and use invasive technology is the latest in a string of decisions to increase the government's ability to collect and analyze information about Americans.

In October 2001, Congress passed the USA Patriot Act, expanding the FBI's authority to collect, wiretap and intercept information. And last May, Attorney General John Ashcroft announced new investigative guidelines that eased restrictions on FBI surveillance and data mining.

The new department's power concerned House members enough that last summer they added a provision to the act creating the position of privacy officer. The goal was "to protect against unauthorized use and disclosure of personally identifiable information," according the Rep. F. James Sensenbrenner Jr., (R-Wis.) chairman of the House Judiciary Committee.

Among the privacy officer's responsibilities are to:

*Ensure that the use of information technologies sustain, not erode, privacy protections.

*Ensure that the department complies with the Privacy Act of 1974. Evaluate proposals for government collection, use and disclosure of personal information.

*Conduct assessments on the impact that department rules and practices have on privacy.

*Report to Congress annually on department activities that affect privacy.

Reporting to Congress may turn out to be the privacy officer's most important function, said Peter Swire, who was chief privacy counselor to President Clinton. "That will help create oversight" of the Homeland Security Department.

It remains to be seen how effective the privacy officer will be at preserving privacy, Swire said. But "it is better to have a privacy officer than not to have one," he said.

In testimony to a House committee last summer before the Homeland Security Act included a privacy officer, Swire compared the act to a truck. It was "all accelerator when it comes to information sharing, but with no breaks," he said. "The bill puts the pedal down when it comes to spreading around sensitive personal information in hopes of reducing terrorism."

During his tenure as Clinton's chief adviser on privacy matters, Swire said he was often most effective behind the scenes. "One of my biggest jobs in the White House was to look at proposals before they went public and when they had privacy problems, often we could fix them before they came out." The privacy officer at the Homeland Security Department could also do that, he said.