The US Government released guidelines which it says will protect
the privacy of US citizens in an era of increasing data collection
and information sharing by and between Government bodies.
Congress had previously mandated greater information sharing
within government and law enforcement, but there have been concerns
that that process undermines individuals' privacy.
The office of the US intelligence chief John Negroponte has now
released a set of guidelines for state agencies to follow in
dealing with individuals' data.
The guidelines say that Government bodies must ensure that
information is being gathered lawfully and that sharing with other
bodies is legal. Information can only be shared if it is to do with
homeland security, terrorism or law enforcement, they say.
"Protected information should be shared through the Information
Sharing Environment (ISE) only if it is terrorism information,
homeland security information, or law enforcement information,"
said the guidelines. "Each agency shall adopt internal policies and
procedures requiring it to ensure that the agency’s access to and
use of protected information available through the ISE is
consistent with the authorized purpose of the ISE."
Meanwhile, however, the US Government began a planned scheme
this week which creates risk assessments of airline passengers,
assessments that passengers can never see and which are kept on
file for 40 years.
A programme has been identified by digital rights group the
Electronic Frontier Foundation (EFF) which collects information
about individuals, stores it in a database and performs a risk
assessment about whether or not the individuals concerned are
likely to break US law.
"Personally identifiable information is collected to ensure that
people and cargo entering or exiting the United States comply with
all applicable US laws," said a privacy impact report on the
Automatic Targeting Scheme (ATS). "Relevant data, including
personally identifiable information, is necessary for CBP to assess
effectively and efficiently the risk and/or threat posed by a
person, a conveyance operated by person, or cargo handled by a
person, entering or exiting the country."
Information will be gathered and stored on US citizens and
foreigners, including EU citizens. A major source of data will be
passenger name records (PNR), themselves the subject of data
protection controversy in Europe.
The US has agreed a controversial deal with the European
Commission to allow airlines to pass 34 pieces of information to US
authorities every time an EU citizen flies into the US. The
European Parliament opposed the deal, as did privacy activists, in
part because US data protection is weaker than that in the EU.
"Generally, data maintained specifically by ATS will be retained
for up to forty years," said the ATS privacy report. "Certain data
maintained in ATS may be subject to other retention limitations
pursuant to applicable arrangements."
European PNS data will not be kept for as long as 40 years, said
the report, because of the conditions of its transferral.
The EFF says that the system is invasive and unprecedented. "The
government is preparing to give millions of law-abiding citizens
'risk assessment' scores that will follow them throughout their
lives," said EFF Senior Counsel David Sobel. "If that wasn't
frightening enough, none of us will have the ability to know our
own score, or to challenge it. Homeland Security needs to delay the
deployment of this system and allow for an informed public debate
on this dangerous proposal."
See:
US government's privacy guidelines (9-page / 207KB PDF)
http://www.dni.gov/press_releases/PrivacyGuideline.pdf
ATS risk assessment document (30-page / 232KB PDF)
http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_cbp_ats.pdf
