A committee of privacy advisers has recommended that the government add vital privacy protections to two high profile and controversial homeland security efforts.
The Data Privacy and Integrity Advisory Committee made a host of recommendations to the new Department of Homeland Security (DHS) secretary and acting privacy officer in a February 2 draft letter February 5 final letter, which has been posted on the DHS web site. [UPDATE: the February 2 draft letter has been removed from the DHS web site, but is available here.] Among the issues flagged for improvement, the committee highlighted the implementation of the REAL ID Act and handling of travelers' digital information during border searches.
The misguided Real ID Act requires state-issued drivers' licenses and ID cards to meet uniform standards to be used for purposes such as traveling on an airplane or entering a courthouse. The law also calls for the establishment of a vast national database to link all ID records. Last January, DHS released a final rule describing procedures for implementing the law, which EFF opposed because it failed to provide critical privacy and security safeguards for personal data. Moreover, many states have opposed the Real ID Act, refusing to implement its provisions because of crushing cost and privacy concerns.
The advisory committee's letter agreed that the REAL ID final rule fails to "fully address privacy and data security," and noted that the committee's past recommendations to improve the situation have not been carried out. As a result, "the rule leaves states in the position of subjecting their residents' personal information to the vulnerabilities of the state with the weakest protections." The committee suggested that DHS review and revise the rule, but we believe the true source of the problem is the profoundly flawed Real ID Act itself, which Congress should repeal.
The committee also recommended that DHS revisit its policy on searching travelers' digital information at the border, an issue that has prompted heated public debate and proposed legislation to protect travelers' privacy. A recent Freedom of Information Act lawsuit by EFF and the Asian Law Caucus revealed that DHS's policy on searching travelers' personal documents has become dramatically more permissive in recent years. As the advisory committee noted, however, "while certain DHS components may have legal authority to conduct border searches, there is a significant difference between looking at paper documents and searching through the volume of digital information that can be carried by travelers." The committee recommended that the agency's Privacy Office help review DHS's approach to searching and seizing digital information and develop guidelines to protect privacy during such searches.
EFF agrees with the committee's recommendations and hopes that recently confirmed DHS Secretary Janet Napolitano takes this advice seriously. DHS has a long way to go on the civil liberties front, and a commitment to addressing the problems created by REAL ID and digital border searches would be a strong first step.