Information Exchange between the Public and Private Sector for Homeland Security

James B. Steinberg
James B. Steinberg Former Brookings Expert, University Professor, Social Science, International Affairs, and Law - Maxwell School, Syracuse University

June 19, 2003

  • The counter-terrorism/homeland security challenge we face today is very different from the Cold War. During the Cold War most information was in the hands of the government/military, and used by them. In counter-terrorism, the private sector plays a central role, as collectors and holders of information, stewards of critical infrastructure and material that could be used in an attack, and important actors in preventing and responding to attacks.

In particular some of the information essential to the task is in privately held databases, and if shared in a timely, effective manner this data could prove vital in preventing acts of terror.

At the same civil liberties groups worry that giving government wider access to information in privately held databases could lead to infringements of privacy. Additionally, with inadequate oversight mechanisms in place, there is potential for misuse of this information. Some of the specific concerns include.

  1. Current privacy protection laws and procedures are not well adapted to the challenges and possibilities that rapidly advancing technology is bringing.

  2. There is also concern that inaccurate information entered into these databases could lead to mismatches and false identifications.

  3. There are questions about the effectiveness of the proposed programs with the specter of many useless and time-consuming searches being conducted.

  4. With a growing number of collectors, analyzers and users of this data, there is also concern about the security guidelines and mechanisms in place to prevent unauthorized access and use of this information.

There is also concern in the business community about costs and liability associated with expanded government access to privately held data.

The objective of Working Group II of the Markle Task Force is to identify the kinds of information that exists in the private sector that is valuable to the homeland security/counter-terrorism efforts, and to develop a strategy that will allow government the ability to access and use it effectively, but in a way that is most consistent with our national interest in privacy and civil liberties. Three key elements, therefore

  1. What information do we want to acquire, retain and disseminate?
  2. What rules should govern the acquisition, retention and dissemination of that information—including what oversight mechanisms?
  3. How can technology help with both tasks—assuring that we can use the information effectively while protecting civil liberties?

More specifically: the Working Group intends to identify the following:

  • The privately held data that is most needed by the government to prevent terrorism by facilitating investigations or searches for particular individuals and efforts to analyze information to find certain patterns. There will be consideration of:

    • What information the government is already accessing, how it is being accessed, the rules that govern the access, acquisition, use, retention, and dissemination of this information, how much this access is costing the government and private sector and whether there can be alternative methods of access.
    • What different types of information the government should be able to access, why they need to be accessed and the timeframe that would be required to acquire each.

The legal rules and guidelines that apply to government acquisition of each kind of data. There will be consideration of:

  • The guidelines and requirements that will apply to the access, acquisition, use and dissemination of each type of data, the conditions under which they can be accessed and the procedures to be followed. The idea is to enable the acquisition, use and dissemination of this data under certain circumstances while preventing its misuse.
  • The audit and accountability procedures and mechanisms that should be in place to ensure procedural and operational responsibility by overseeing how the data is being used and whether or not it is being abused.
  • The period that the data will be retained for once accessed and acquired. The technical and policy considerations will be kept in mind when considering different time frames and options.
  • The guidelines and systems that might be required to check the reliability of data and allow the correction of inaccuracies to make this data more fair and useful.

The kind of technology that would need to be developed and deployed for the following purposes:

  • To access, acquire, use and distribute privately held data more effectively and securely.
  • To prevent misuse of the data and protect privacy.
  • To provide effective auditing and accountability.
  • To minimize the costs to business and government.