Privacy becoming more elusive for Americans
Despite strict laws, personal data remains vulnerable to unethical employees, human error, and cyberhackers.
(Page 2 of 2)
Harper says such "flags" should be on everyone's files, not just those of important people, so that the government can keep an accurate record, called an "audit log" on the files. "That's a very small, but important, protection, and ... it will be recognized soon enough as standard operating procedure," he says. "If you hold personally identifiable data, then you'll have audit logs so you can have records of who accessed it and when."Skip to next paragraph
Subscribe Today to the Monitor
Software experts are coming up with an array of such programs that could help protect the privacy of data. For instance, one allows a person to compare two different files – say a Federal Bureau of Investigation's list of suspected criminals and a travel agent's list of its customers. The program will sort the information in each and reveal data that both files have in common. That way either side can only see the information in the other file that matches their own. That's also the only data that the person or institution comparing the information can see.
Other programs allow people to interact in cyberspace "pseudonomously," in other words, using a different name. It's similar to the way eBay and PayPal now work. But in this security-conscious world, there are drawbacks to such systems as well.
"It would be especially hard to get established in the post-9/11 environment where there's this idea that you have to have control of the financial system in order to control terrorism," says Harper.
Private security experts say the best protections in place come from companies that have a financial stake in individuals' private data, like banks and credit-card companies.
"They pay a lot of attention to protecting that information, not because of consumer privacy, but because banks don't want to lose money: that's what's driving it, the big financial incentive," says Avivah Litan, vice president of Gartner, a technology consulting firm in Stamford, Conn. "But with other information, like my passport file, what's the incentive to fix my privacy? There isn't one unless there's a consumer revolution and that doesn't look like [it's] coming."
That is one of the things prompting the ACLU to continue to fight government efforts to collect even more data on individuals, including the REAL ID Act. That requires states to issue standard driver's licenses and give the federal government access to information about those licenses. Some government security experts want to combine those state files with the databases that DHS already keeps on Americans' international travel, the State Department's passport files, the Social Security's E-Verify database, and the FBI's criminal records. They argue that those combined files could then be mined to ferret out terrorists. But many privacy experts object, saying such information remains too vulnerable to attack.
"We believe the better way to ensure security is to do actual physical security checks, like screening all the bags that go in the belly of a plane and being sure weapons don't get on," says Mr. Sparapani. "Instead we have all of these data sets that are being created and collected by the government and all of which are vulnerable to hacking and malicious attack and being stolen by identity thieves and terrorists."
Other security experts note that mining such databases can be very helpful in identifying fraud or other patterns of criminal behavior. But they, too, are wary of the privacy implications.
"There really are good reasons for analysts to look at lots of phone records and call detail if you're putting it to the right use: You're not going to find needles in a haystack without a lot of data aggregation and data mining," says Ms. Litan. "But we're always going to be behind the eight ball [on privacy], there's a ton of data on all of us out there and a lot of unauthorized abuse of it. I'm not really sure what the solution is."