I was frank about Google miscontruing privacy the other day. I’ll be frank about DHS Secretary Michael Chertoff likewise missing the mark in his recent Leadership Journal post, “Privacy and Security.”
Like Google’s Peter Fleischer, Chertoff calls privacy a “right” – in this case, a “fundamental right.” (Two data points is a trend!: People call privacy a “right” just before they drop it in the blender.)
Unlike Fleischer, Chertoff edges up to Orwellian: “Our efforts to secure our homeland need not harm our privacy. Rather, in many cases they can actually strengthen it.”
I’m dubious. How so?
“By creating secure driver’s licenses and travel documents, we can reduce the egregious privacy violation of identity theft.”
Ok . . . . let’s look at that. The argument is that by throwing all this personal data into nationally accessible state DMV databases, we get a reduction in identity fraud.
But control of information – what we would give up – is at the heart of privacy. The DHS Privacy Committee’s Framework document, for example, asks, “How do[ DHS] program[s] affect individuals’ ability to control how personal information about them is collected, used, or shared?”
Identity fraud is a crime. It uses personal information – yes, some of it private. But identity fraud is a threat to people’s financial reputation because it sullies their credit histories. Thus, it is a threat to their financial security. Catch that? A threat to their security.
Chertoff’s claim to be enhancing privacy by releasing people from control of personal information is actually a demonstration of how privacy and security really are often in tension They aren’t always, but in this case they are.
Now, how would a uniform national ID system do at controlling identity fraud? As I pointed out in my testimony to the Senate Governmental Affairs Committee, the Department of Homeland Security’s cost-benefit study of the REAL ID Act found that, having borne costs of $17 billion dollars to implement REAL ID, society would see a reduction of $1.6 billion in costs from identity fraud over a ten-year period. That is not effective protection, getting back a dime’s worth of security for every dollar you spend. And this doesn’t even consider the potential increase in identity fraud driven by the greater benefits from committing the crime and the greater availability of personal data when a state DMV database is hacked or breached.
These concepts are tough sledding, to be sure, but I’m available to the Secretary and the Department and, obviously, happy to offer guidance.