Feeds

US outlines privacy safeguards – and reveals plans to mine personal data

'Invasive and unprecedented'

Using blade systems to cut costs and sharpen efficiencies

The US Government signalled some willingness this week to address concerns over citizens' privacy, but also launched a scheme which will analyse secret airline passenger risk profiles and keep them for 40 years.

The US Government released guidelines which it says will protect the privacy of US citizens in an era of increasing data collection and information sharing by and between Government bodies.

Congress had previously mandated greater information sharing within government and law enforcement, but there have been concerns that that process undermines individuals' privacy.

The office of the US intelligence chief John Negroponte has now released a set of guidelines for state agencies to follow in dealing with individuals' data.

The guidelines say that Government bodies must ensure that information is being gathered lawfully and that sharing with other bodies is legal. Information can only be shared if it is to do with homeland security, terrorism or law enforcement, they say.

"Protected information should be shared through the Information Sharing Environment (ISE) only if it is terrorism information, homeland security information, or law enforcement information," said the guidelines. "Each agency shall adopt internal policies and procedures requiring it to ensure that the agency’s access to and use of protected information available through the ISE is consistent with the authorized purpose of the ISE."

Meanwhile, however, the US Government began a planned scheme this week which creates risk assessments of airline passengers, assessments that passengers can never see and which are kept on file for 40 years.

A programme has been identified by digital rights group the Electronic Frontier Foundation (EFF) which collects information about individuals, stores it in a database and performs a risk assessment about whether or not the individuals concerned are likely to break US law.

"Personally identifiable information is collected to ensure that people and cargo entering or exiting the United States comply with all applicable US laws," said a privacy impact report on the Automatic Targeting Scheme (ATS). "Relevant data, including personally identifiable information, is necessary for CBP to assess effectively and efficiently the risk and/or threat posed by a person, a conveyance operated by person, or cargo handled by a person, entering or exiting the country."

Information will be gathered and stored on US citizens and foreigners, including EU citizens. A major source of data will be passenger name records (PNR), themselves the subject of data protection controversy in Europe.

The US has agreed a controversial deal with the European Commission to allow airlines to pass 34 pieces of information to US authorities every time an EU citizen flies into the US. The European Parliament opposed the deal, as did privacy activists, in part because US data protection is weaker than that in the EU.

"Generally, data maintained specifically by ATS will be retained for up to forty years," said the ATS privacy report. "Certain data maintained in ATS may be subject to other retention limitations pursuant to applicable arrangements."

European PNS data will not be kept for as long as 40 years, said the report, because of the conditions of its transferral.

The EFF says that the system is invasive and unprecedented. "The government is preparing to give millions of law-abiding citizens 'risk assessment' scores that will follow them throughout their lives," said EFF Senior Counsel David Sobel. "If that wasn't frightening enough, none of us will have the ability to know our own score, or to challenge it. Homeland Security needs to delay the deployment of this system and allow for an informed public debate on this dangerous proposal."

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.