Comments to DHS Data Privacy and Integrity Advisory Committee

Posted by Dharmesh Shah on Sat, Nov 05, 2005 @ 06:11 AM

Public Statement I gave to the DHS Privacy and Integrity Advisory Committee on behalf of the DHS Information Sharing and Collaboration Office, June 15, 2005, Harvard Law School.
( The official transcript with follow-on questions and answers is posted on the DHS website: http://www.dhs.gov/interweb/assetlibrary/privacy_advcom_06-2005_trans_am.pdf)

On behalf of myself and the DHS Information Sharing and Collaboration Office, I thank you for the invitation to speak here today. The Information Sharing and Collaboration Office, commonly known as “ISCO”, is working on a number of projects that we believe will have a direct impact on preserving privacy -- while at the same time improving information sharing.

 

In the late summer and fall of last year, ISCO served as the DHS lead in the drafting of a multi-agency plan for a broad-ranging terrorism Information Sharing Environment. That plan was required by Executive Order 13356 (issued last August) and is now a part of the work under Section 1016 of the Intelligence Reform and Terrorism Prevention Act (passed in December). In its work on the Information Sharing Environment, ISCO acted as the conduit between the components of DHS and the other federal agencies with anti-terrorism missions.

 

In that role, ISCO received a clear message from the DHS Privacy Office: “Privacy should not be addressed as an afterthought. It should be an integral part of any information sharing plan.” I am pleased to say that the draft plan submitted to the White House carries that message forward.

Within DHS, ISCO also has a broad information sharing policy and implementation role. As you know, effective screening and credentialing require the sharing of information about persons. So, while the Terrorism Information Sharing Environment moves forward on a multi-agency basis, ISCO is also working on near-term and mid-term tactical steps to ensure that privacy will be at the forefront of policy and process development as DHS develops information sharing activities.

One of ISCO’s duties is to assess the current state of information sharing within DHS. The Privacy Act requires federal agencies to publish System of Records Notices, called SORNs, to publicly describe the sources, collection, and manipulation of “person” data in each system; and to publish Routine Use Notices to describe the parties with whom the data is going to be shared, and under what circumstances. One of ISCO’s projects was to gather all of the SORN and Routine Use Notices for DHS systems and parse their published information sharing rules in spreadsheet format. To our knowledge, this is the first such compilation.

Now that this information is compiled, and in a spreadsheet, the information from the SORN and Routine Use notices can be cross-matched with the information from a department-wide electronic survey ISCO conducted to understand information flow in DHS. By comparing the two, DHS can supplement and harmonize the knowledge about systems that contain person information.

As we learn more about information sharing in DHS and with our stakeholders, and in particular while doing this project, we note that the terms for describing Routine Uses – the terms and phrases used for the “who, what, and when” of privacy sharing – are not consistent, either internally to DHS or externally around the federal government. ISCO and the DHS Privacy Office have begun discussions about establishing a project to either harmonize routine use terms or to build equivalency tables for the terms. That work will take copious amounts of time and effort; if we begin now, we may have the results that are needed when the time comes to computerize any of these processes.

ISCO’s responsibilities include making proposals for “what should be” and how to move DHS there. In part, we derive our ideas from the knowledge we glean about the current (“as-is”) state of information sharing. For example, we know that agencies or components enter into agreements for information sharing, setting forth the mechanics and rules for sharing information. ISCO conducted a brief study and confirmed that there was no standardized methodology for entering into such information sharing agreements with other agencies. Based on its assessment of what appear to be best practices, and as a part of its duties to establish policies and procedures, ISCO has now established a methodology, a facilitation team, and a prototype system for building information sharing agreements.

The methodology includes the requirements that a Privacy Office representative be contacted and that certain privacy-related questions be answered as part of the creation of each new information sharing agreement. This provides a near-term improvement to the goal of integrating privacy concerns into information sharing.

The facilitation team has been approached to help components that have received many requests for the same information. ISCO, then, can facilitate an understanding of the broader scope of sharing that may be under review; with that broader view, ISCO can ensure that the Privacy Office is given the opportunity to address not only the implications of an individual agreement, but also the implications of the aggregate of the agreements. This provides both near and mid-term improvements to privacy.

A prototype information system that has just been developed collects whole information sharing agreements and ultimately will permit authorized individuals to draft and edit the specific provisions of the agreement over which they have authority. Over time, such individuals also will have the ability to select from the language of earlier agreements. As part of that process, every agreement will have to address privacy requirements, and only a person authorized by the Privacy Office will be able to create those provisions. This will provide mid-term improvement to integrating privacy concerns into information sharing.

We are, perhaps, most proud of the work that ISCO is doing to ensure that privacy needs are integrated into the long-term information sharing efforts. We have been a regular participant in internal discussions with the DHS CIO’s Office, and external discussions with the Information Sharing Council and the Information Sharing Environment Program Manager.

An interactive Information Sharing Environment must have log-on identity management functions that will act as the key to unlock the access and security controls each information provider in the environment will place on their data. At ISCO, we have begun to focus on the source, nature, and scope of the rules that will need to be in place to protect the data and the concomitant user identity information, such as roles and credentials, that will be needed to apply the access rules. We are also co-sponsoring with the DHS CIO Office acquisition of a Departmental identity management system that will use the roles and rules to control and audit access to DHS information resources. DHS recently issued a “request for information” to seek public input on the requirements for this system

In that vein, as we work towards an interactive environment, ISCO is evaluating whether a live prototype can be built with the SORNs and Routine Use notices as a gatekeeper for access – a prototype that would match information about the requestor with privacy access rules associated with the requested data. We are currently evaluating whether there is sufficient detail in the parsed SORNs and Routine Use notices we have already produced, or whether we need to also parse Privacy Impact Assessments to get the fine-grained detail that will be needed to reduce these requirements to the formal logic – the 1’s and 0’s of a computer system – required to automate the thousands or millions of access decisions made daily to conduct anti-terrorism and other operations.

ISCO has proposed this activity because the Privacy Act appears to provide some of the most complex and diverse rules inside a single rule set and, therefore, a prototype of privacy access could provide great insight into the requirements for all the other rule sets that will need to be added.

ISCO is working collaboratively with the Privacy Office to provide privacy rules that can be used as early use cases for the builders of this technology. ISCO and the Privacy Office have worked together to deconstruct the Privacy Act into a comprehensive flow diagram, detailing each decision that will need to be implemented at the systems level. There is a draft companion document that lays out which rules will be consistent for all government agencies, which rules have exceptions for some agencies, which rules are subject to legal interpretation and will have variants between agencies, and which rules – the routine use rules – are unique to each dataset.

A first draft of this material has been presented to DHS’ Metadata Center of Excellence and to the Federal Enterprise Architecture Data Reference Model working group -- and we have received an enthusiastic response. If we succeed in having this information be a use case for each of these activities, we will have succeeded in placing Privacy Act implementation into the earliest stages of future system development. That would be a significant long-term success.

ISCO works on many information sharing policies, processes, and projects. The scope of ISCO’s work is across the many diverse interests and responsibilities of the Department. Our broad view of the work that is underway and the work that needs to be done, allows us to integrate the needs and requirements of the components of DHS into a cohesive plan. As you have heard today, the DHS Information Sharing and Collaboration Office is proud and pleased to be able to work with the Privacy Office to ensure that privacy interests are set into the foundation of government information sharing.

Topics: privacy technology