- Related Stories
NORAD orders Web deletion of transcriptMarch 9, 2006
Tens of thousands mistakenly matched to terrorist watch listsDecember 6, 2005
GAO: Security agency broke privacy lawsJuly 25, 2005
Sidelining Homeland Security's privacy chiefApril 11, 2005
Oracle inks homeland security dealApril 7, 2003
Senate scrutinizes air travel databaseMarch 13, 2003
Federal agency pulls Web documentsJanuary 2, 2003
Perspective: Will this land me in jail?December 23, 2002
The TSA is the arm of the Homeland Security Department that is charged with protecting air, train and other forms of transportation. It's best known for its occasionally problematic no-fly list and legions of white-shirted screeners at U.S. airports.
In its relatively short history--it took over airport security in February 2002--the TSA has already been embroiled in a series of privacy flaps. Probably the biggest was related to its testing of the Secure Flight program; last summer government auditors said the program violated federal privacy laws. (Secure Flight is supposed to spot whether a passenger is on a watch list.)
The TSA has also come under fire for aggressive screeners at checkpoints who allegedly grope women and, according to The New York Times, have required them to take off their shirts. (Some changes to pat downs have since been made.) It's also placed Sen. Edward Kennedy, a Massachusetts Democrat, and Rep. John Lewis, a Georgia Democrat, on lists that have caused them hassles at airports.
In his first interview since joining the TSA, Pietra sat down with CNET News.com to discuss what he's going to be doing and whether he thinks the agency is on the right track.
Q: Do you see the purpose of your job as ensuring compliance with the Privacy Act, or defending decisions the agency makes?
Pietra: I don't know yet. I think a big part is going to be compliance. I hope not to spend too much time defending our decisions.
The other part of what I'm going to try to do is come up with good policies. In terms of how it's going to mix, I don't know.
At the Computers, Freedom and Privacy conference, Rep. Joe Barton's chief of staff said the House is drafting a bill to address the "comprehensive privacy rights of American citizens." What advice would you give them?
Pietra: I haven't seen any specific proposals. When I'm asked, I'll give consideration to that.
Homeland Security is currently in the process of coming up with regulations for Real ID cards, which have been the subject of some controversy. What would the TSA like to see happen?
Pietra: It's so early on that I don't know what those proposals are. DHS is heading up that effort on drafting a regulation. It is in the early stages. A lot of it is trying to flesh out what standards have applied (and) whether states have been implementing these.
There are federalism issues; it's been about a month since I've seen anything on that.
Last July, auditors at the Government Accountability Office told Congress that the TSA violated the Privacy Act by obtaining personal information about airline passengers from commercial data brokers while developing the Secure Flight screening program. What procedures does the TSA have in place today to avoid another debacle?
Pietra: That was a very complicated circumstance. What we've been doing in the program is trying to build in ground-level privacy work.... Right now the program has three major business units--each will have a privacy person.
Everything they're doing is legally permissible and follows our privacy policies. That's not going to happen again.
Can you elaborate on what's happened since a Senate hearing in February at which a TSA official testified about Secure Flight?
Pietra: They've stopped everything on the program in terms of testing, use of data, while the re-baselining effort is under way.
What TSA did in that testing was have a contractor try to determine whether there was any utility in using commercial data. When I say "utility," what I mean is trying to reduce false positives, the number of people who would pop up in a match from a watch list. We know that people in the public might needlessly suffer when they're not really the person on the list.
We didn't want any personal data coming into TSA so we had a contractor perform that test. As the test was designed, we built in protections in the contract with that contractor, saying that no commercial data was going to come into TSA.
What kind of commercial data did the TSA obtain?
Pietra: We tried in every way possible to keep commercial records from coming to us. Where a person's address or phone number was missing from a record, commercial data was used to add that phone number and address. That ended up on a disc (that was not given to TSA but kept in a safe).
The only case law out there is contrary to what GAO found. But we didn't dispute that point, we didn't fight that point. We don't dispute it now.
Going forward, embedded deep down in the program is an awareness and sensitivity of privacy matters. At this point TSA is at the forefront of a lot of privacy issues in the federal government.
Page 1 | 2
3 commentsJoin the conversation! Add your comment