Modernizing Authentication — What It Takes to Transform Secure Access
WASHINGTON -- Privacy and civil liberties debates are hindering the U.S. government from taking full advantage of America's technology to fight the war on terrorism, security experts said Tuesday.
The views are the result of the Markle Foundation's Task Force on National Security in the Information Age second annual report on homeland defense. The private panel of leading information technology and national security experts called on President Bush to establish guidelines to clearly define the security interests in the data mining research of private information and to provide controls to address the privacy implications of such programs.
The Markle Foundation is a private philanthropy that focuses on using information and communications technologies to address critical public needs.
Earlier this year, Congress cut off funding to the Defense Department's Total Information Awareness (TIA) data mining program that sought to capture the "information signature" of people in order to track potential terrorists. In March, another firestorm of criticism erupted over disclosures that the Transportation Security Administration (TSA) planned to scan government and commercial databases for potential terrorist threats when a passenger makes flight reservations.
"We are disappointed that Congress found it necessary to ban research and development of technologies that would make use of privately held data," the report states. "Innovation in technology is an important part of our nation's competitive edge against terrorist organizations and the states that back them."
But, noted Markle Foundation President Zoe Baird, "Public trust in a network that uses information about people in the U.S. can only be achieved if government-wide guidelines for information sharing and privacy protections are established after open debate."
In its report, the task force urges the government to effectively utilize the often valuable information that is held in private hands, but only within a system of rules and guidelines designed to protect civil liberties. According to the task force, the government must rely on information to detect, prevent, and effectively respond to attacks since it is not possible for the nation to "harden" all potential targets against terrorist attack.
"Using currently available technology, the government can set up a network that substantially improves our ability to prevent terrorism and protect civil liberties," Baird, who served on President Clinton's Foreign Intelligence Advisory Board, said.
The task force warns, however, that the government should not have routine access to personally identifying information even if it is widely available to the public.
"If government is to sustain public support for its efforts, it must demonstrate that the information it seeks to acquire is genuinely important to the security mission and is obtained and used in a way that minimizes its impact on privacy and civil liberties," the task force said in a prepared statement. "Until government-wide guidelines that achieve this are developed, public concern over potential privacy infringements will continue to hamper the necessary development of new technologies and new operational programs necessary to use that information."
The report says rules governing access to and use of private sector data should be based on two primary considerations: the value of the information to the government, and the sensitivity of the information from the perspective of individual privacy and other civil liberties.
"Currently we have the worst of both worlds. The public doesn't trust the technology and government is hesitant to use it because of the public reaction," James B. Steinberg, a senior advisor to the Markle Foundation and former Deputy National Security Advisor to Clinton.
The task force, whose members served in the Carter, Reagan, Bush and Clinton administrations, also said Bush needs to clarify the respective roles of the Department of Homeland Security, the Terrorist Threat Inegration Center, the FBI and other federal agencies involved with the collection and analysis of domestic terrorism information
"Our Task Force's fundamental objective was to identify the technological tools and infrastructure, the policies, and the processes necessary to link different levels of government and the private sector, so that important information can be shared among the people who need it as rapidly as possible, within a system of guidelines and technologies designed to protect civil liberties," said Michael Vatis, executive director of the task force. "The government has caused confusion by creating multiple new agencies without clearly defining their respective roles and responsibilities."
The report will also be addressed during the National Cyber Security Summit this week in Santa Clara, California. In conjunction with the U.S. Department of Homeland Security, Secretary Tom Ridge is expected to join with public and private sector leaders to discuss developing plans to address cyber security awareness, early warning, corporate governance, software development and testing and evaluation.