SECRET-DHS Wants to Create a “Federated Information Sharing System”

CONFIDENTIAL, DOCUMENTARY, JOURNALISM, SECRET 6 Minutes

To understand the extent of the Federated Information Sharing System proposal, see our overview of just one of the databases maintained by a DHS component agency: Immigration and Customs Enforcement’s ICEPIC system which contains over 332,000,000 records on more than 254,000,000 entities as of early 2011.

The Department Of Homeland Security Wants All The Information It Has On You Accessible From One Place (Forbes):

Information sharing (or lack thereof) between intelligence agencies has been a sensitive topic in the U.S. After 9/11, there was a push to create fusion centers so that local, state, and federal agencies could share intelligence, allowing the FBI, for example, to see if the local police have anything in their files on a particular individual. Now the Department of Homeland Security wants to create its own internal fusion center so that its many agencies can aggregate the data they have and make it searchable from a central location. The DHS is calling it a “Federated Information Sharing System” and asked its privacy advisory committee to weigh in on the repercussions at a public meeting in D.C. last month.

The committee, consisting of an unpaid group of people from the world of corporate privacy as well as the civil liberty community, were asked last December to review the plan and provide feedback on which privacy protections need to be put in place when info from DHS components (which include the TSA, the Secret Service, and Immigration Services, to name a few) are consolidated. The committee raised concerns about who would get access to the data given the potentially comprehensive profile this would provide of American citizens.

Oversharing Is Never a Good Thing, Especially When it’s With DHS (ACLU):

Sometimes sharing is bad. Don’t worry. We don’t plan to rush into kindergartens across America and break the news to all the 5-year-olds, but it’s true. Especially when it comes to national security and your privacy, it may be necessary to collect and use certain information, but wrong to share it. When a federal government advisory committee recently revealed that the Department of Homeland Security (which contains both the Secret Service and the TSA) is in the “process of creating a policy framework and technology architecture for enhancing DHS’s information-sharing capabilities,” it immediately raised these types of concerns and today we sent a letter to DHS outlining those concerns.

At this point details are very scarce. But we do know DHS’s 230,000 employees collect enormous amounts of information every day. A small sampling includes:

  • benefit information from the Federal Emergency Management Agency,
  • traveler information from Customs and Border Patrol and TSA,
  • work history from the E-Verify program,
  • permit and payment information from the Coast Guard,
  • naturalization records from the Citizenship and Immigration Service, and
  • personal information like social security number, date of birth and email address from a wide variety of sources.

Privacy Office – DHS Data Privacy and Integrity Advisory Committee Membership (dhs.gov):

Chairman: Richard V. Purcell,Chief Executive Officer, Corporate Privacy Group, Nordland, Wash. Mr. Purcell runs an independent privacy consulting group, focusing on policies, practices, and education. He is currently Chairman of TRUSTe and was formally the Chief Privacy Officer for the Microsoft Corporation.

Ana I. Anton, Professor of Computer Science at North Carolina State University, Raleigh, N.C. Dr. Anton is a distinguished research professor in the software engineering field and is the Director of privacy research team that is partially funded by the National Science Fund comprised of researchers at three universities. She has extensive professional expertise with research concerning privacy and security.

Ramon Barquin, President, Barquin International, Washington, D.C. Dr. Barquin has extensive technical and policy experience in data mining, system interoperability, and computer ethics. He worked at IBM for many years in both management and technical assignments prior to starting his own business developing information system strategies for public and private sector enterprises.

J. Howard Beales III, Associate Professor of Strategic Management and Public Policy, The George Washington University, Arlington, Va. Mr. Beales recently stepped down from his position as Director of Consumer Protection at the Federal Trade Commission, where privacy was a key initiative during his tenure.

Renard Francois, Attorney, Data Protection and Policy, Caterpillar, Inc., Peoria, Ill. Mr. Francois is in the firm’s Regulatory-Data Privacy, Legal Services Division where he works on privacy investigations. Prior to joining Caterpillar Inc., he was an attorney at Bass, Berry & Sims in Nashville, Tenn., where he worked in the firm’s Litigation Department on corporate internal investigations. He also has an LL.M. in Information Technology and Privacy Law.

A. Michael Froomkin, Professor of Law and Director of Faculty Development in the University of Miami’s School of Law. Professor Froomkin’s current research explores the legal and technical aspects of identification and authentication. Professor Froomkin also serves on the Electronic Frontier Foundation’s Advisory Board.

Joanna L. Grama, Information Security Policy and Compliance Director for Purdue University. Ms. Grama leads the University’s information technology policy and compliance activities related to security and privacy of personally identifiable information.

David A. Hoffman, Director of Security Policy and Global Privacy Officer, Intel Corporation, Hillsboro, Ore. Mr. Hoffman has experience in privacy policy issues at the business and technical level, working on issues of interoperability, improved data quality, and data retention. He serves on the board of directors for the non-profit privacy compliance organization, TRUSTe.

Lance Hoffman, Distinguished Research Professor, The George Washington University, Washington, D.C. Professor Hoffman is a professor of Computer Science and founded and leads the George Washington University computer security program.

Joanne McNabb, Chief, Office of Privacy Protection, California Department of Consumer Affairs, Sacramento, Calif. Ms. McNabb provides consumer education and practice recommendations on privacy issues to California state residents, businesses and government.

Lisa S. Nelson, Assistant Professor, Graduate School of Public and International Affairs, University of Pittsburgh, and Affiliated Assistant Professor, University of Pittsburgh School of Law. Professor’s Nelson research focuses on the implications of biometric technology for privacy, autonomy, and policy.

Greg Nojeim, Director, Project on Freedom, Security, & Technology, Center for Democracy and Technology. Mr. Nojeim is a former legislative counsel for the American Civil Liberties Union responsible for national security, immigration, and privacy.

Charles Palmer, Chief Technology Officer, Security and Privacy, Associate Director of Computer Science Research at IBM, Yorktown Heights, N.Y. Dr. Palmer manages the Security, Networking, and Privacy Departments at the IBM Thomas J. Watson Research Center, where various teams around the world are developing privacy-related technology and exploring how technology can help preserve privacy while improving data quality.

Lydia Parnes, Partner, Wilson Sonsini Goodrich & Rosati, P.C. Ms. Parnes leads the firm’s Privacy and Consumer Regulatory Practice Group. She served as Director of the Federal Trade Commission’s Bureau of Consumer Protection from 2004-2009 and as Deputy Director from 1992-2004.

Christopher Pierson, Chief Privacy Officer and Senior Vice President, Citizens Financial Group, Inc. (Royal Bank of Scotland- RBS). Dr. Pierson was President and Chairman of the Board of the Intraguard Phoenix Member’s Alliance, Inc., from 2003-2007 and served on the Arizona Office of Homeland Security’s Homeland Security Coordinating Council from 2003-2006.

Jules Polonetsky, Co-Chair and Director, Future Privacy Forum. Mr. Polonetsky focuses on privacy issues posed by new technologies and new uses of personal data, including government use of Web 2.0 technologies. He was formerly Vice President, Integrity Assurance, at America Online, Inc., and Chief Privacy Officer and Special Counsel at DoubleClick.

John Sabo, Director, Global Government Relations, CA Technologies, Washington D.C. Mr. Sabo has over 17 years experience addressing privacy, cybersecurity, and trust issues with both CA Technologies and the Social Security Administration. He is President of the International Security Trust and Privacy Alliance and board member of the Information Technology – Information Sharing and Analysis Center.

Ho Sik Shin, General Counsel and Chief Privacy Officer, Millennial Media, Inc. Mr. Shin is an Adjunct Professor in the Georgetown University Sports Industry Management Program, and was formerly General Counsel for Octagon Athletes & Personalities and General Counsel for Advertising.com, Inc.

Lisa J. Sotto, Partner at Hunton & Williams, New York, N.Y. Ms. Sotto heads the firm’s Privacy & Information Management Practice and works extensively with the firm’s Center for Information Policy Leadership on topics ranging from improved privacy notices to responsible pattern analysis. She is a member of the family of a 9/11 victim.

Barry Steinhardt, Senior Advisor, Privacy International. From 1993-2009 Mr. Steinhardt served in various leadership roles in the American Civil Liberties Union, most recently as Director of the ACLU’s Technology and Liberty Project working on issues including airline passenger screening, video surveillance, database privacy, and border security.

Published