By Safiya Merchant
WASHINGTON — As government officials criticize Google’s recent decision to revise its privacy policy to monitor and record user activity, watchdog organization The Constitution Project released a report claiming the government must also protect the public’s privacy when heightening online security measures.
The report, released Jan. 27, outlines recommendations to protect privacy in drafting cypbersecurity legislation.
“As proposals have arisen that would enable the federal government to move toward monitoring all information transferred over private networks, individuals face the risk of being subjected to the equivalent of a perpetual ‘wiretap’ on their tprivate communications and web browsing behavior,” the report stated.
he report also noted aspects of the current federal cybersecurity initiative that could threaten personal information of computer users.
According to the study, the government’s Comprehensive National Cybersecurity Initiative includes components called Einstein, whose purpose is to erase “harmful activity” from federal computer systems.
Because the Einstein programs monitor information transmitted to and from the federal computer system, the Justice Department’s Office of Legal Counsel has stated the Einstein technologies do not breach the civil liberties of federal employees or the public, the report said.
The Justice Department argued that federal employees “do not have a reasonable expectation of privacy in their communications” but even if they do have expectations of privacy, they have consented to this search, the report states.
But the Constitution Project said Einstein could violate Fourth Amendment rights.
If individuals consent to the monitoring of their computer communications for federal security purposes, the report stated, that does not necessarily mean they “consented to having that information stored for human review or transferred to federal or local law enforcement.”
The Constitution Project recommends any legislation establish oversight procedures, create privacy safeguards and minimize the amount of access to or use of computer user information.
“A lot of these bills contemplate information-sharing programs, where private companies would share cybersecurity information with the federal government,” said Sharon Bradford Franklin, senior counsel of The Constitution Project, in an interview with The Federal Drive with Tom Temin. “We want to make sure personally identifiable information is sanitized out of that sharing unless that is absolutely necessary for the cybersecurity purpose.”
Some specific recommendations the report proposes include requiring federal agencies to create Privacy Impact Assessments if they plan to make or expand cybersecurity initiatives; limiting the amount of personally identifiable information that can be shared between the government and the private sector; and prohibiting private industries with access to Einstein from keeping or reviewing user information/communications for projects other than those of the Einstein program.
