Lack of info feeds public outcries about privacy, experts say

Federal agencies need to do a better job of informing the public about measures taken to protect their sensitive and private information, current and former government officials say.

A lack of information can lead to trouble, said several experts, speaking at the CTO Forum held by the Government Electronics and Information Technology Association.

In some cases, agencies have been forced to end programs -- such as data mining or surveillance projects -- because of public outcry that stemmed from misperceptions that might have been better addressed with better information.

“When we don’t get the kind of meaningful public debate, decisions get based on inadequate knowledge and the public gets in an uproar on things based on incorrect information,” said Linda Millis, director of the National Security Program at the nonprofit Markle Foundation.

Millis, who previously held senior positions at the National Security Agency, was speaking from experience. During her time there, NSA handled a lot of personal information as part of surveillance programs, but that data was protected, she said. However, agency officials could do little to quell public disapproval because they could not disclose information about those security controls.

Robert Bach, a professor for the Center for Homeland Defense and Security at the Naval Postgraduate School, said part of the problem is that agencies do not know how to explain the security technology involved in terms the public can understand.

In other cases, though, the problem is not misperception or missing information, but bad security.

One example is the Homeland Security Department's Multistate Anti-Terrorism Information Exchange Program, which was cancelled while still in its test phase because the DHS privacy office found the controls were not adequate, according to a December 2006 report.

Such problems put information security in a bad light, Bach said. “[The public] builds expectations of effectiveness that we can’t yet meet, it worries them if there are errors, and it motivates them to want to correct their own data,” he said.