Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: PowerSquid |
| Me on Airline Security »
January 2, 2007
Secure Flight Privacy Report
The Department of Homeland Security's own Privacy Office released a report on privacy issues with Secure Flight, the new airline passenger matching program. It's not good, which is why the government tried to bury it by releasing it to the public the Friday before Christmas. And that's why I'm waiting until after New Year's Day before posting this.
"Secure Flight Report: DHS Privacy Office Report to the Public on the Transportation Security Administration's Secure Flight Program and Privacy Recommendations":
The Department of Homeland Security (DHS) Privacy Office conducted a review of the Transportation Security Administration's (TSA) collection and use of commercial data during initial testing for the Secure Flight program that occurred in the fall 2004 through spring 2005. The Privacy Office review was undertaken following notice by the TSA Privacy Officer of preliminary concerns raised by the Government Accountability Office (GAO) that, contrary to published privacy notices and public statements, TSA may have accessed and stored personally identifying data from commercial sources as part of its efforts to fashion a passenger prescreening program.
These new concerns followed much earlier public complaints that TSA collected passenger name record data from airlines to test the developmental passenger prescreening program without giving adequate notice to the public. Thus, the Privacy Office's review of the Secure Flight commercial data testing also sought to determine whether the data collection from air carriers and commercial data brokers about U.S. persons was consistent with published privacy documents.
The Privacy Office appreciates the cooperation in this review by TSA management, staff, and contractors involved in the commercial data testing. The Privacy Office wishes to recognize that, with the best intentions, TSA undertook considerable efforts to address information privacy and security in the development of the Secure Flight Program. Notwithstanding these efforts, we are concerned that shortcomings identified in this report reflect what appear to be largely unintentional, yet significant privacy missteps that merit the careful attention and privacy leadership that TSA Administrator Kip Hawley is giving to the development of the Secure Flight program and, in support of which, the DHS Acting Chief Privacy Officer has committed to provide Privacy Office staff resources and privacy guidance.
I've written about Secure Flight many times. I suppose this is a good summary post. This is a post about the Secure Flight Privacy/IT Working Group, which I was a member of, and its final report. That link also includes links to my other posts on the program.
Posted on January 2, 2007 at 7:24 AM
• 15 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I am having a regular reading to your articles, they are pretty cool and informative.
With the best of intentions, we are flying to hell, which is admittedly quicker than taking the paved road.
The trouble is, no privacy mandate whose source is within TSA -- or even DHS -- has any real chance of having an impact.
The reason is that the main priority at DHS, the one that dominates the agenda, is security. The same goes for the other law-enforcement and intelligence agencies. Their job, as they construe it, is to stop threats -- terrorists, criminals, hostile states, etc. Privacy, civil rights, etc. are not part of their core mandate, do not inform their institutional values, and are easily pushed off the agenda or trumped by security-based arguments. Expecting them to care is like expecting the Agriculture Department to care about air quality.
This is perhaps as it should be. In principle, the drive for protection of civil liberties, including privacy, should come from above the securocracy. It is the responsibility of their political masters to *balance* security and civil rights.
It is the President's job, as chief custodian of the Constitution, to reject (or at least moderate) efforts by the intelligence/law-enforcement complex to circumvent civil liberties in the name of security. It should be the White House that vetos illegal phone monitoring, that questions the necessity of building dossiers on all citizens who travel, that declines demands to inter un-prosecutable suspects in para-legal prisons "for the duration of the war".
Which is to say, it won't happen any time soon. If we have to wait for a President with both the values and the spine to stand up to the political and institutional pressure that the securocracy can bring to bear, it may possibly never happen.
No, it's not the President's responsibility.
It is the responsibility of all three branches of the government -- Executive, Legislative, and Judiciary -- to keep each other in check.
In many ways, George W. Bush is using tools that were bought and paid for by Bill Clinton and Patrick Leahy.
The politicians, and the courts that the appoint the judges too, will not on their own suddenly develop a benevolent heart -- especially with all the money that can be spent on "security."
It is up to the people to put the pressure on the politicians, and it's up to those of us concerned about these matters to keep evangalizing to the masses and get them to put pressure on the politicians.
Because above the politicians is the people.
"It is the President's job, as chief custodian of the Constitution" - I'm pretty sure the framers of the Constitution intended the Supreme Court to be the chief custodians of the Constitution - hence their ability to declare actions by the other two branches as un-Constitutional.
And as for the politicians being below the people - wouldn't that be nice. The problem is the current politicians have been successful in framing the security debate such that the price paid to be "secure" is that we (the people) have no "rights," only privileges bestowed upon us by our Benevolent Leaders.
Furthermore, they insist on pursuing this security through obscurity - why educate the people about what they're doing since all we can do is leak this information to the enemy? Eh.
Sorry, this message is disjointed by frustration.
@-ac-: Flying might not be quicker, after all the "security" delays at the airport! ;)
@Carlo Graziani: "The reason is that the main priority at DHS, the one that dominates the agenda, is security. The same goes for the other law-enforcement and intelligence agencies."
Actually, as far as I can tell, the "real" priority and agenda is to justify and maximize budget. That's why we get security theater, instead of security - it "sells" better in the media.
@ X the Unknown
Yes, the priority is definitely to expand the budget. Our local scene is abroil with a security plot to have DHS buy a $2,000,000 luxury estate to temporarily house some of the 5,000 unattended illegal immigrant minors who arrive by plane in the US annually.
If DHS was on the job, we wouldn't have the illegal immigrants. If the funding was in DHHS, we could provide for our own US children who live in foster care. Instead, we want to buy a luxury home.
Actually, I don't disagree with the intent to help these children, but the expense of the execution is what is ludicrous. But DHS has a budget, and has to spend it somewhere....
All the more reason why Europeans should be concerned by the EU caving to American (lack of) privacy standards.
I'm still surprised that when Chertoff apparently failed to justify the American rules using common sense or an appeal to the EU Parliament's better judgment he instead successfully threatened them with grounded flights and charging $6,000 per passenger in fines. Nothing says "national security" more than "give up your privacy to our loosely-affiliated private data mining companies or we will make you pay out the nose".
Carlo Graziani wrote:
>In principle, the drive for protection of civil liberties, including privacy, should come from above the securocracy. It is the responsibility of their political masters to *balance* security and civil rights.
Yes, but Congress has *already* issued their intent for balance in the form of the Privacy Act of 1974. Waving a 9/11 wand shouldn't make that disappear.
In fact, a major point of this report by the DHS Privacy Office is that DHS did not conform to the Privacy Act provisions regarding the "System of Record Notice", which is how gov't agencies are *required by law* to spell out publicly what will be held in database and how it will be used.
You're absolutely right of course that DHS has a mission which is in tension with civil liberties. And it is ultimately up to Congress to perform oversight when agencies get the balance wrong.
But the report recommends that privacy issues be considered from the inception of a program (instead of bolting on Privacy Act compliance later), and I think if it comes from the top, it can and should happen.
Many corporations took Sarbanes-Oxley to heart; DHS can take the Privacy Act seriously if it Chertoff makes it so.
[Borrowing from my post on this subject in an earlier discussion here:]
Among the report's recommendations:
1. Privacy expertise should be embedded into a program from the beginning [...]
6. Privacy notices should be revised and republished when program design plans change materially [...]
7. Program use of commercial data must be made as transparent as possible [...]
It is unclear to me how influential the DHS Privacy Office is within DHS. There is certainly evidence (as Bruce points out) that DHS officials would like to see this report quietly fade into the document noise of Government. My own view -- informed more by cynicism than by direct knowledge -- is that the PO is itself bolted on to DHS a posteriori for political reasons, and that its counsels are for public consumption, rather than for internal guidance.
The thing is, the tone is set at the top -- Chertoff, the NSC, the White House Staff, the President. None of them have at any time shown evidence of a nuanced view of the balance between security and liberty. It is completely clear that any request for authority or budget by the security establishment is evaluated (at best) purely on the basis of intrinsic effectiveness. No weight whatever is given to impact on civil liberty. Such considerations are simply not taken seriously at the highest levels of our government.
The bureaucracy has very sensitively tuned antennae. The reception for these signals from the top is loud and clear. TSA officials who ignore (or re-interpret, or feign compliance with) this report know that they will suffer no adverse consequences to their careers or to the budgets under their control.
So I'll bet an ASCII dollar-sign that this report in fact vanishes into the noise, and that its impact on Secure Flight will be null. I could be wrong, but expecting this crowd of commissars to finally get religion about civil liberty strikes me as optimistic, to put it mildly.
To me it's encouraging that somebody with DHS letterhead came up with these recommendations, because they say all the right things IMHO.
But your point stands -- without interest from the top, compliance with the letter and spirit of the Privacy Act won't be a priority down the chain.
It's conceivable that Congress could actually do some oversight, and Chertoff doesn't seem like a total wingnut to me. But I'm not ready to take you up on that "$" bet just yet. At least, not without odds ;)
I'd like to put this on a bit more general
topic, but the more I read these security related database stories (and also watching the 24Hours series with the CTU and their "contacts" etc. and the
cross departmental hacking/cracking/snooping/etc.)
The more I see a single world order coming with
a centralized method of controlling everybody in real time :(
Not to mention that we wouldn't have any more privacy because of cameras everywhere and lately the camera streams are made available via the internet/DSL lines to the "central site" for monitoring purposes....
No I don't like these stuff either, and no I wish there would be a way to prevent these things from getting implemented and used all over the show, but I'm stuck with the reality that goverments wants to be in control, and that
the civilians are but pawns in their games :(
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.