Peter Pietra's mission impossible

He's tasked with defending Homeland Security privacy policies--not a job for anyone with a thin skin.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
7 min read
Peter Pietra has what must be an unenviable task: defending the Transportation Security Administration's privacy decisions.

The TSA is the arm of the Homeland Security Department that is charged with protecting air, train and other forms of transportation. It's best known for its occasionally problematic no-fly list and legions of white-shirted screeners at U.S. airports.

In its relatively short history--it took over airport security in February 2002--the TSA has already been embroiled in a series of privacy flaps. Probably the biggest was related to its testing of the Secure Flight program; last summer government auditors said the program violated federal privacy laws. (Secure Flight is supposed to spot whether a passenger is on a watch list.)

"If your name is also Osama bin Laden but you're not the one they're looking for, it's difficult to give you a completely smooth entry, although there are processes in place to get on the clear list."

The TSA has also come under fire for aggressive screeners at checkpoints who allegedly grope women and, according to The New York Times, have required them to take off their shirts. (Some changes to pat downs have since been made.) It's also placed Sen. Edward Kennedy, a Massachusetts Democrat, and Rep. John Lewis, a Georgia Democrat, on lists that have caused them hassles at airports.

Pietra, whose new position as the TSA's director of privacy policy and compliance was announced April 17, is a former U.S. Army field artillery officer and was previously the TSA's assistant chief counsel. He joins Lisa Dean, a TSA privacy officer since 2004.

In his first interview since joining the TSA, Pietra sat down with CNET News.com to discuss what he's going to be doing and whether he thinks the agency is on the right track.

Q: Do you see the purpose of your job as ensuring compliance with the Privacy Act, or defending decisions the agency makes?
Pietra: I don't know yet. I think a big part is going to be compliance. I hope not to spend too much time defending our decisions.

The other part of what I'm going to try to do is come up with good policies. In terms of how it's going to mix, I don't know.

At the Computers, Freedom and Privacy conference, Rep. Joe Barton's chief of staff said the House is drafting a bill to address the "comprehensive privacy rights of American citizens." What advice would you give them?
Pietra: I haven't seen any specific proposals. When I'm asked, I'll give consideration to that.

Homeland Security is currently in the process of coming up with regulations for Real ID cards, which have been the subject of some controversy. What would the TSA like to see happen?
Pietra: It's so early on that I don't know what those proposals are. DHS is heading up that effort on drafting a regulation. It is in the early stages. A lot of it is trying to flesh out what standards have applied (and) whether states have been implementing these.

There are federalism issues; it's been about a month since I've seen anything on that.

Last July, auditors at the Government Accountability Office told Congress that the TSA violated the Privacy Act by obtaining personal information about airline passengers from commercial data brokers while developing the Secure Flight screening program. What procedures does the TSA have in place today to avoid another debacle?
Pietra: That was a very complicated circumstance. What we've been doing in the program is trying to build in ground-level privacy work.... Right now the program has three major business units--each will have a privacy person.

Everything they're doing is legally permissible and follows our privacy policies. That's not going to happen again.

Can you elaborate on what's happened since a Senate hearing in February at which a TSA official testified about Secure Flight?
Pietra: They've stopped everything on the program in terms of testing, use of data, while the re-baselining effort is under way.

What TSA did in that testing was have a contractor try to determine whether there was any utility in using commercial data. When I say "utility," what I mean is trying to reduce false positives, the number of people who would pop up in a match from a watch list. We know that people in the public might needlessly suffer when they're not really the person on the list.

We didn't want any personal data coming into TSA so we had a contractor perform that test. As the test was designed, we built in protections in the contract with that contractor, saying that no commercial data was going to come into TSA.

What kind of commercial data did the TSA obtain?
Pietra: We tried in every way possible to keep commercial records from coming to us. Where a person's address or phone number was missing from a record, commercial data was used to add that phone number and address. That ended up on a disc (that was not given to TSA but kept in a safe).

The only case law out there is contrary to what GAO found. But we didn't dispute that point, we didn't fight that point. We don't dispute it now.

Going forward, embedded deep down in the program is an awareness and sensitivity of privacy matters. At this point TSA is at the forefront of a lot of privacy issues in the federal government.

Can you tell us if there have been any improvements in terms of who's on the "no fly list" and the "selectee" list that targets people for additional screening?
That's a database maintained by the Terrorist Screening Center. TSC was created by (presidential directive) HSPD 6, which mandated that the Department of Justice, the State Department, DHS and other agencies create it. What exactly is in there I don't think I'm allowed to say.

The lists started out in TSA but once the TSC was created, it took over the management of them.

What privacy oversight is there at the TSC?
Pietra: They have their own privacy officer who's very active. They've got very strict limitations on access to the data (through a memorandum of understanding). They also have a separate process where they examine every program that gets access to any of their databases--it has to be cleared by their director.

Does the TSA impose any measures on the third parties it does business with? How about airlines or other suppliers of information to the TSA--do they need to submit the information in an encrypted format, for example?
Pietra: Yes. Transmission coming into the agency often depends on the capability of the person. In some cases, under a court order, we require facility officers to transmit information through the Coast Guard Web portal. We also accept it in a password-protected CD. Once it's in TSA it's in a secure system that's FISMA (Federal Information Security Management Act.)-compliant.

Are these memorandums of understanding public?
Pietra: I don't know. We've had FOIA (Freedom of Information Act) requests. We had one from EPIC (the Electronic Privacy Information Center), but it was a draft MOU so we didn't release it.

"A lot of it is a matter of awareness, getting out to employees that they've been entrusted with personal information."

Is it getting easier to get off the no-fly list? Who gets access to that list?
Pietra: It's not a matter of getting off the no-fly list. It's a matter, I think, of clearing up who you are and showing you're not the same person who's on the list.

If your name is also Osama bin Laden but you're not the one they're looking for, it's difficult to give you a completely smooth entry, although there are processes in place to get on the clear list. There is a process that's been implemented for at least two years that allows people to distinguish themselves from those who are on the no-fly list.

The question about how you end up on the no-fly list itself--it's not up to TSA. It's a TSC list. People are nominated for the no-fly list by intelligence agencies. There is a way to get off that list. There are challenges that have resulted in people being pulled off that list.

We get a lot of bad press about the list. A lot of times I feel it's undeserved because it's not us.

Some airports have been experimenting with face-recognition software hooked up to surveillance cameras. Does this help security?
Pietra: I'm not in a position to say one way or another. TSA has very few cameras. They're almost all owned by the airports.

General aviation pilots are worried about airspace restrictions, such as those surrounding Washington, D.C., appearing elsewhere in the country. Will that happen?
Pietra: There's no contemplation of those being made more widespread.

Back to the Privacy Act, which regulates what types of personal information federal agencies may collect. Do you view it as a floor--that is, a minimum set of requirements--or a ceiling?
Pietra: I don't know that I'd call the Privacy Act a floor. It's a pretty robust system if it's implemented as it's been contemplated. The department has committed to implementing fair information practices.

That means keeping data safe so people can't get into it. That's what we're doing. A lot of it is a matter of awareness, getting out to employees that they've been entrusted with personal information.

What, if any, privacy concerns do you have about the Secure Flight program?
Pietra: I think that given the stronger focus on privacy, TSA's going to put into place a program that's as protective of privacy as it can possibly be. I expect we'll have a good redress process where the rubber meets the road, so to speak. I hope that'll give people a better experience and better feelings about the program.

TSA's been directed to implement the program, so I don't think we're in a position of questioning whether the program should go forward or not.

The issue is how can we make this as privacy friendly as we can, collect as little information as is needed to provide a useful product, which is why we're focused on things like collecting names, dates of birth and so on, for vetting. Occasionally we do have people with the same name and date of birth and that's when we need additional information.