As it faces intensified scrutiny for data collection practices used in a passenger screening program, the Department of Homeland Security is looking to outsiders for advice on how to improve its privacy practices.
Through the end of the month, the agency will be collecting applications from experts interested in joining an advisory committee on "data integrity, privacy and interoperability," the department said. The committee, expected to include at least a dozen privacy experts, is tentatively slated to convene its first meeting in September.
Nuala O'Connor Kelly, DHS' chief privacy officer and foremost supporter of the advisory committee, said the group will weigh in on questions related to the use of biometrics and "other new information technologies that will affect personal privacy."
Advisors will also be responsible, O'Connor Kelly said, for shaping policies for sharing data between the public and private sector. Demand from privacy advocates for such guidelines has escalated following recent admissions by several American airlines to sharing massive amounts of passenger data with government contractors.
"That cuts across many industries, not just the airlines," O'Connor said of the need to establish data-sharing practices that don't compromise privacy.
The plan for an advisory committee drew a warm response from privacy advocates. But some wondered how effective the group really will be in influencing homeland security powerbrokers.
"This is definitely a good step," said Chris Hoofnagle, associate director of the Electronic Privacy Information Center. "The question is: Will it be balanced in viewpoint and representation and will it be integrated into agency-decision making?"
Hoofnagle, who e-mailed coworkers this past week suggesting that someone apply to join the committee, said the agency could have used some outside privacy expertise several times in its short history. This was apparent most recently in the case of CAPPS II, the airline passenger screening program devised by the Transportation Security Administration, an agency overseen by DHS.
Slated to roll out by the end of the year, CAPPS II searched travelers' backgrounds before boarding by sifting through government and commercial databases. In developing the system, however, critics say TSA officials likely violated a federal law that requires government agencies or their contractors to publicly disclose the existence of databases on Americans.
In order to prevent future homeland security privacy debacles, Hoofnagle recommends that members of the advisory committee make sure their suggestions are heard before a new data-intensive security measures take effect.
O'Connor Kelly said she intends to select a committee representing a variety of interest groups, including private companies, privacy advocates and academics. Selected members are expected to be experts in the fields of data protection, privacy interoperability or emerging technologies.
For privacy mavens, one advantage of an advisory group is that it will have to open meetings to the public, said Lara Flint, staff counsel for the Center for Democracy & Technology. U.S. law requires that designated federal advisory committees hold open meetings and release records to the public, unless they are discussing classified material.
Despite the practical advantages of drawing expert advice, there are instances in which advisory committees do as much harm as good, said Robert Gellman, a privacy consultant and former member of a Department of Health and Human Services advisory committee. In some cases, agencies may use advisory committees to avoid answering tough questions on the spot. A common tactic, he said, is for an agency to defer a decision on a controversial issue until the next advisors meeting, which may be months away.
Still, Gellman said he's encouraged by the mere fact that homeland security officials endured the months-long process of getting approval for a new advisory committee on privacy.
"The fact that they're willing to go through all this suggests that it may well be suitably motivated and it may be used properly," he said.
O'Connor Kelly said she had been planning to create an advisory committee since she began working for the Department of Homeland Security nearly a year ago.
The DHS effort isn't the federal government's first experiment in using outside advisors to guide privacy policy. The Department of Defense established a Technology and Privacy Advisory Committee last year to advise on data collection practices in counter-terrorism efforts.
O'Connor said she intends to select members for the DHS committee by early summer. The group will hold at least four public meetings per year, probably beginning in autumn 2004.
