Thursday, March 10, 2005

DHS Privacy Officer On National ID

DHS privacy chief wary of national IDs

Washington Technology magazine

By Alice Lipowicz
Staff Writer

The chief privacy officer for the Homeland Security Department is not a supporter of a national identification card.

“I’m not a fan,” Nuala O’Connor Kelly said at a March 8 cybersecurity conference sponsored by Government Computer News, a sister publication of Washington Technology.

“We have huge issues with managing identification and getting identification right,” Kelly added. For example, she said, there are many risks to privacy from possible misuses of “breeder documents” — birth certificates and drivers’ licenses issued by state and local agencies that are used to apply for U.S. passports.

“You have to be very vigilant and concerned,” Kelly said.

Proposals for secure national ID card systems have gained supporters, but civil libertarians say any security gains would be overshadowed by the risks of “Big Brother” infringements upon personal rights and freedom.

Congress is considering legislation (H.R.418) introduced by Rep. James Sensenbrenner (R-Wis.), chairman of the House Judiciary Committee, that would give the DHS secretary authority to control states’ drivers’ licenses and identification cards, set up a national database to share drivers’ license information and loosen privacy regulations approved by Congress in 2004.

Kelly told the crowd of industry and government officials that new information technologies, specifically “biometrics, RFID, data mining, data sharing and data technologies,” are keeping federal privacy officers busy.

“It’s boom time for privacy,” Kelly said. “This is a terrific time to be a privacy officer. You’ll see more of us.”

Asked if privacy officers need to be tech-savvy, Kelly said that IT knowledge is essential to the job. Technological expertise represents about “20 percent of my knowledge base [and] 20 percent of my job,” she added.

However, Kelly said, people often make the mistake of believing privacy’s only challenges are technological, when in fact privacy is based on “values, compliance, legal and policy issues.”