Surrendering personal info best way to protect privacy?

This week, I'm in Montreal, Canada, attending the 29th International Conference of Data Protection and Privacy Commissioners.

Speaking at the opening ceremony was none less then Michael Chertoff, secretary, US Department of Homeland Security (DHS).

Chertoff''s presentation was clearly defensive. He knew that he was not among friends and used his keynote to defend and explain some of the controversial and intrusive practices his department had recently introduced for cross-border travel.

He started out that to say that the conflict between security and privacy was a false dichotomy. "I want to reject the implicit zero-sum premise that privacy must be traded for security," Chertoff said. In a police state, such as the Soviet Union, citizens have neither security, nor privacy. He assured the audience that the DHS was committed to both security and privacy.

He specifically cited his department's controversial initiative requiring everyone crossing a US border to carry a passport meeting certain standards and containing a RFID chip, the transfer of Passenger Name Record (PNR) data and travel histories from airlines to the US authorities, and the fingerprinting of visitors to the U.S.

According to Chertoff, cross border travel is a logistical problem. 80 million people each year, up to two million people on a give day, passes through US borders, most of them by plane and most of them during a peak period lasting only three hours. Also, more than 8000 different ID-documents had been in use prior to the new regulations, many of them very simple to forge. Border officers had problems both in spotting forgeries and in getting relevant information from the some of the legacy identity-documents.

Air travellers into the U.S. are now required to carry the new type of passports (for land and sea ports, the requirement has been delayed until as late as June 2009) that encodes biometric data and that contains an RFID-chip that can be read at a distance.

Travel is essential both for cultural exchange, and for the free flow of trade, so it was important that border crossing presented as little inconvenience and interference as possible to those with benign intentions, while still preventing those with ill intentions from entering the US.
The security system set up by DHS was based upon three strategies:

  • Looking for suspect behaviour (i.e. training border officers in psychology to recognise potential terrorists and carriers of contraband).
  • Technology (i.e. RFID passports, x-ray machines and body imaging technology).
  • Information gathering (i.e. PNR obtained from airlines, and travel history).

The idea behind all this was to pick out the exceptions (potential terrorists) for second level questioning and further examination, while letting the majority of passengers pass through the system with minimal interference and without having their privacy invaded.

By collecting little pieces of information from everyone that aren't overly private or invasive to gather, security officials can quickly target potential threats and avoid subjecting all travellers to intensive scrutiny or searches.

The alternative to this system, according to Chertoff, was either wholesale screening of all passengers,or racial and ethical profiling – the former was dismissed as not practical and latter as unethical and not an option for a democracy.

Chertoff had some good news, the initial proposal of retaining data collected at the border for 40 years had been deemed excessive, and such data are now retained for only 15 years. However, long retention times was necessary, because terrorists work with along time frame, Chertoff asserted. For instance, some of the individuals behind the 1993 attack on the WTC, was also involved in the Sep. 11 2001 attack.

As for the value of the PNR data, Chertoff mentioned one case, where a man stopped at Chicago's O'Hare airport was flagged as suspicious, referred to second level questioning and refused entry after his fingerprints were obtained. The next time his fingerprints were identified was on the steering wheel of a vehicle used in a suicide bombing in Iraq that killed 132 people. "I have to say, I'm very glad that individual was not let into the United States," Chertoff concluded.