"There are some valid uses of commercial data," Nuala O'Connor Kelly, chief privacy officer for the Department of Homeland Security, said in closing remarks at a two-day public workshop hosted by the office she runs. She pointed to the roles data brokers have played during Hurricane Katrina's aftermath in providing, for example, information needed to verify the identities of displaced storm survivors seeking their prescription medications.
The best protection against privacy intrusions is "for the government not to have the data for any long amount of time," O'Connor Kelly said. "Let's use basic holding and processing constraints to limit the government's access to data, whatever the source."
But building public trust in the government's intentions is still a major obstacle, a host of workshop panelists said. The Transportation Security Administration, for one, took heat recently forof personal data usage.
To start building that trust, the government must more clearly define its purposes for acquiring certain information, said Jim Dempsey, executive director of the Center for Democracy and Technology. Then it should ask, "Is it accurate enough for this purpose? Is it relevant to this purpose? Are we getting what we need for this purpose?" he said.
The already requires government agencies to disclose information about their data use in many cases and to allow people to correct errors in their own data sets. But some panelists noted that the law's wording makes it unclear whether such regulations apply to government interactions with commercial data brokers, which the measure did not anticipate.
Now Congress needs to step in and form privacy rules that apply equally to all government agencies, suggested Fred Cate, director of the Center for Applied Cybersecurity Research at Indiana University. Ageared toward data safeguards have been introduced this term, but they primarily address steps data brokers must take in the event of a security breach.
Michael Daconta, Homeland Security's metadata program director, spoke of the need to bring "discipline" to the way that agencies manage personal data. "There are really no strong, consistent rules across the federal government on how to model these things," he said.
He cited, as an example, databases that have a column labeled "identifier," which contains a number that corresponds to a person's set of data. Some systems assign a random number, which wouldn't divulge a person's identity at a glance, but others use a social security number. Creating standardization--in this example, doing away with using social security numbers--would provide privacy benefits, Daconta said.
New techniques on the technology side are also important, though they could raise privacy questions of their own, panelists said.
John Bliss of IBM said the government could consider employing systems that "anonymize" data. Say, for example, the government wanted to compare a cruise passenger list and to a terrorist watch list, but the cruise company feared that turning over the complete list for the sake of a few potential violators would anger its customers. The anonymization system would hash each of the lists so that they would be indecipherable to the opposite parties but, even in this encrypted state, could be programmed to flag matches among the lists.
But if a match did surface, who would be allowed to decode and analyze it? "Ultimately, it becomes a very critical question for which business rules must be implemented and enforced," Bliss said.
Several panelists suggested that any new systems need to be equipped with an immutable audit trail--that is, a tamper-proof, automated way of logging who has accessed data sets and what they have done with them.
"I think we're all saying the same thing," said Steven Adler, also of IBM. "We want effective checks and balances in the use of data."