to your telescreen.

The Washington Post reports today on an article coming out in Foreign Affairs in which Deputy Defense Secretary William J. Lynn III reveals a successful 2008 intrusion into military computer systems. Malicious code placed on a thumb drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military’s Central Command and propagated itself across a number of domains.

The Post article says that Lynn “puts the Homeland Security Department on notice that although it has the ‘lead’ in protecting the dot.gov and dot.com domains, the Pentagon — which includes the ultra-secret National Security Agency — should support efforts to protect critical industry networks.”

The failure of the military to protect its own systems creates an argument for it to have preeminence in protecting private computer infrastructure? Perhaps the Department of Homeland Security will reveal how badly it has been hacked in order to regain the upper hand in the battle to protect us.

Last week, the Electronic Privacy Information Center released a petition from a group it spearheaded, asking the Department of Homeland Security to suspend deployment of whole-body imaging (aka “strip-search machines”) at airports.

The petition is a thorough attack on the utility of the machines, the process (or lack of process) by which DHS has moved forward on deployment, and the suitability of the privacy protections the agency has claimed for the machines and computers that display denuded images of air travelers.

The petition sets up a variety of legal challenges to the use of the machines and the process DHS has used in deploying them.

Whole-body imaging was in retreat in the latter part of last year when an amendment to severely limit their use passed the House of Representatives. The December 25 terror attempt, in which a quantity of explosives was smuggled aboard a U.S.-bound airplane in a passenger’s underpants, gave the upper hand to the strip-search machines. But the DHS has moved forward precipitously with detection technology before, wasting millions of dollars. It may be doing so again.

My current assessment remains that strip-search machines provide a small margin of security at a very high risk to privacy. TSA efforts to control privacy risks have been welcome, though they may not be enough. The public may rationally judge that the security gained is not worth the privacy lost.

Wouldn’t it be nice if decisions about security were handled in a voluntary rather than a coercive environment? With airlines providing choice to consumers about security and privacy trade-offs? As it is, with government-run airline security, all will have to abide by the choices of the group that “wins” the debate.

In a classic example of the 5:00 Friday news drop, the Department of Homeland Security has announced that it is extending the REAL ID compliance deadline. Forty-six of 56 jurisdictions, it reports, were not able to implement even the interim measures it proposed requiring by December 31st when it last extended the deadline in May of 2008.

The DHS statement insists that a full compliance deadline on May 10, 2011 remains in effect. What that really means is that there will be another false crisis as that deadline approaches, and the DHS will extend the deadline yet again.

The better alternative is to repeal the national ID law and the worthless, expensive pseudo-security it represents. It is not to revive REAL ID under its alternative name “PASS ID.”

A large group of privacy advocacy groups and individuals sent a letter to the leadership of the House Homeland Security Committee today, suggesting that the role of Chief Privacy Officer at the Department of Homeland Security should be scrapped.

The DHS CPO has shown an extraordinary disregard for the statutory obligations of her office and the privacy interests of Americans. Outreach is certainly important, but the job of Chief Privacy Officer is not to provide public relations for the Department of Homeland Security. The job as defined in the statute is to protect the privacy of American citizens, through investigation and oversight. If an internal office cannot achieve this, then the situation calls for an independent office that can truly evaluate these programs and make recommendations in the best interests of the American public.

The current CPO, Mary Ellen Callahan, has not been on the job long enough to lay all these concerns at her feet, but the substance of the complaint is valid. Does the Privacy Office actually help protect privacy, or has it, over years, favored the paperwork function over privacy protection, falling into the role of apologist for DHS programs?

I serve on the DHS Privacy Committee, which advises the CPO. The views stated here, of course, are my own.

I wrote on Privacilla in 2001: “As a management matter, government privacy officers may become antagonistic to the agencies with whom they deal, and lose effectiveness, or they may be captured by agencies and become professional apologists for government erosion of privacy.”

And when I joined the committee four years later, I expressed my concern with the potential for co-option, saying in a Privacilla press release: “I have asked friends and family members to beat me up if I change or mute my advocacy for privacy, civil liberties, and freedom.”