- The Washington Times - Monday, May 30, 2005

An issue that most always unites opposition of liberals and conservatives is government reaching more deeply into our personal lives. And, when the government talks about new ways to get more information about us, even for routine use by analysts in the war on terror, we should all be wary.

For example, Department of Homeland Security Secretary Michael Chertoff last month suggested creating nonprofit organizations to collect information on Americans, sort through it and hand over — to the government — any suspicious information. This idea lifted more than a few eyebrows around Washington, especially on Capitol Hill.

With all respect due Mr. Chertoff — who is a former sitting federal judge and recent chief of the Justice Department’s criminal division — this is a goofy idea, hypothetical or not.

Then, while not directly related to Mr. Chertoff’s suggestion, there are the recent and very unsettling revelations that some well-known — and for profit — private “information service” and “data integration” companies have been penetrated by hackers, thieves and con men, compromising personal information about thousands of people. These are some of the same companies that sell information about Americans to government agencies, businesses, insurance companies and financial institutions.

The Senate Judiciary Committee held a hearing on this in April, and it was not at all reassuring. Industry witnesses seemed uniformly and poorly prepared to deal with probing questions from Sens. Arlen Specter, Patrick Leahy and Dianne Feinstein. In fact, by their responses — or lack thereof — the industry witnesses almost begged the committee for comprehensive regulation and oversight.

But things may not as bad as they sound, and — relatively at least — that’s some good news in the complex privacy world.

Most important, there are rules that control the government’s access to and use of commercially and publicly available personal information about us — at least for the federal government — and such rules have been around quite a long time. A separate question, of course, is whether the rules are adequate to protect our privacy while giving the government the access it needs to information that could prevent another terrorist attack. Here’s how it’s supposed to work:

As a general proposition, the government must have a reason or specific authority to search even publicly available information or to buy commercially available information about us. This can be routine — for example, because someone has consented to it as part of a background investigation to get or maintain a security clearance.

But, this isn’t the part most civil libertarians find troubling — the government can also obtain and use this kind of information about someone under criminal investigation or the subject of some kind of intelligence or terrorism inquiry. And the subject might never be aware of it.

However, these circumstances are governed by longstanding “Attorney General Guidelines” or “Attorney General Procedures” — and, for a number of years, I was primarily responsible for the guidelines and procedures governing the Intelligence Community. By the way, this makes Mr. Chertoff’s suggestion even more unusual, because as chief of the Justice Department’s criminal division, he would have been intimately familiar with the attorney general (AG) guidelines, at least those for criminal investigations.

From this point on, an informed and objective policy debate about the government’s access to publicly available or commercially purchased data about us should focus on the substance, adequacy and application of the current AG guidelines and procedures.

In addition, Congress could certainly legislate in this area, if it determined the guidelines or procedures were improper, inadequate or outmoded. Or, more likely, Congress could require the attorney general, in consultation with the Congress, to promulgate revised guidelines or procedures.

One thing is certain: What constitutes “publicly available information” today is far more inclusive and comprehensive that it was in the mid-1970s when most of the basic AG guidelines and procedures were written. And AG guidelines and procedures generally authorize federal agents to collect this category of information even when doing a preliminary investigation, otherwise limited in scope or duration. This aspect alone might justify a change in the rules — simply because new technologies have so vastly and dramatically expanded this category of information from 30 years ago.

So, despite Mr. Chertoff’s recent remarks, and the ever-increasing threats to the accuracy, security and privacy of publicly available and commercially held information about us, AG guidelines and procedures will probably continue to set the “rules” for the government’s access to and use of it.

Nevertheless, most of us would feel more comfortable if appropriate congressional committees took a closer and continuing look at the rules and how they are interpreted and carried out.

Daniel J. Gallington is a national security and privacy consultant. He was deputy counsel for intelligence policy at the Justice Department and later bipartisan general counsel for the Senate Intelligence Committee. He most recently was deputy assistant defense secretary for territorial security.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide