Privacy, Policy and Politics: Changes To Security Laws Are Coming

A s last weekis anniversary of the 9/11 attacks brings security and privacy issues to the forefront, the commentary is flying in thick and fast from all areas of the political spectrum. We take a look at some of the discussion and debate that arose during the week.

September 11th itself saw some insightful commentary at ZDNet News.com by Peter Swire and Jeffrey Eisenach. The two ex-politicos - one Democrat, one Republican - call for a commission into privacy, security and freedom, with particular emphasis on the swift changes that technology has brought to the table.

We do not pretend that there are easy answers. At the moment, the need to connect the dots associated with terrorism is first on our minds, as it should be. In the future, however, there will be temptations to combine the information-gathering power of technology with the police power of the new Homeland Security Department to pursue all sorts of "worthy" agendas.

The obvious risk is a permanent diminution in privacy, personal liberty and the open society freedoms that have characterized America from the start.

The legislation creating the Department of Homeland Security provides a natural opportunity to form a commission that can consider these enduring concerns. One important mission of the commission would be to take account of the revolutionary changes in recent years in communication, surveillance and database technology, and the implications of those changes for individual privacy and personal liberties. The last such national commission issued its report a quarter century ago, in 1977.

Meanwhile, the White House is keeping its lips tightly sealed on its upcoming cyber-security report, scheduled for September 18th. Some reports have suggested that drafts contain plans to create a centrally-based data collection facility for security issues, that university-based network traffic may be under particular scrutiny, and that private companies will be encouraged to share their security-related information. An article in eWeek goes into detail:

According to the draft, the governmentis "forward-looking analysis" capabilities are considered sparse because of a shortage of information. The proposed center would improve capabilities for predicting cyber-security incidents as well as responding to hacker or terrorist threats.

[...]

Private companies would also be encouraged to increase the amount of data collected and share it with the government. "Major companies generally report this information internally," [Howard Schmidt, vice chairman of the Critical Infrastructure Protection Board] told eWeek. "Weire looking for that to come back to a central location."

The Washington Post also details the report, mentioning the IT industryis efforts to have some of the reportis recommendations removed, and suggests that there will not be a iprivacy czari appointed to keep an eye on the way companies use their customersi personal information.

The administration no longer plans to recommend that Internet service providers such as America Online, MSN and EarthLink bundle firewall and other security technology with their software. Instead, it will ask ISPs to "make it easier" for home users to get access to such protections.

It also does not plan to recommend that a privacy czar be appointed to oversee how companies make use of their customersi personal information, according to several people involved in drafting the document.

A government official said the changes were made in hopes the plan would be adopted voluntarily by industry and not necessitate another layer of government regulation.

With the reportis release date of September 18th fast approaching, and the bill to create the Department of Homeland Security before the Senate right now, these issues will see a lot more exposure in the media - and, hopefully, in the public consciousness.