- The counter-terrorism/homeland security challenge we face today is very different from the Cold War. During the Cold War most information was in the hands of the government/military, and used by them. In counter-terrorism, the private sector plays a central role, as collectors and holders of information, stewards of critical infrastructure and material that could be used in an attack, and important actors in preventing and responding to attacks.
- Current privacy protection laws and procedures are not well adapted to the challenges and possibilities that rapidly advancing technology is bringing.
- There is also concern that inaccurate information entered into these databases could lead to mismatches and false identifications.
- There are questions about the effectiveness of the proposed programs with the specter of many useless and time-consuming searches being conducted.
- With a growing number of collectors, analyzers and users of this data, there is also concern about the security guidelines and mechanisms in place to prevent unauthorized access and use of this information.
- What information do we want to acquire, retain and disseminate?
- What rules should govern the acquisition, retention and dissemination of that information—including what oversight mechanisms?
- How can technology help with both tasks—assuring that we can use the information effectively while protecting civil liberties?
More specifically: the Working Group intends to identify the following:
- The privately held data that is most needed by the government to prevent terrorism by facilitating investigations or searches for particular individuals and efforts to analyze information to find certain patterns. There will be consideration of:
- What information the government is already accessing, how it is being accessed, the rules that govern the access, acquisition, use, retention, and dissemination of this information, how much this access is costing the government and private sector and whether there can be alternative methods of access.
- What different types of information the government should be able to access, why they need to be accessed and the timeframe that would be required to acquire each.
- The guidelines and requirements that will apply to the access, acquisition, use and dissemination of each type of data, the conditions under which they can be accessed and the procedures to be followed. The idea is to enable the acquisition, use and dissemination of this data under certain circumstances while preventing its misuse.
- The audit and accountability procedures and mechanisms that should be in place to ensure procedural and operational responsibility by overseeing how the data is being used and whether or not it is being abused.
- The period that the data will be retained for once accessed and acquired. The technical and policy considerations will be kept in mind when considering different time frames and options.
- The guidelines and systems that might be required to check the reliability of data and allow the correction of inaccuracies to make this data more fair and useful.
- To access, acquire, use and distribute privately held data more effectively and securely.
- To prevent misuse of the data and protect privacy.
- To provide effective auditing and accountability.
- To minimize the costs to business and government.