Defense to test privacy training tool

The Defense Department next week will begin testing a CD-ROM designed to outline the guidelines that govern data collection and dissemination and teach intelligence personnel how to comply with privacy statutes.

The 45-minute training program illustrates how defense intelligence personnel should deal with potentially private information collected about U.S. citizens, said George Lotz II, assistant to the secretary of defense for intelligence oversight.

Training is the key to ensuring privacy guidelines are met, said Lotz, speaking at a July 22 meeting of the Technology and Privacy Advisory Committee. The committee is an external oversight board established in February by DOD to ensure that the Terrorism Information Awareness program moves forward with proper regard for constitutional laws and existing privacy policies

"The safety net here is the user," he said. "The best protection against violations is training personnel in defense intelligence oversight rules."

Originally called Total Information Awareness, TIA is designed to help national security analysts track and stop terrorist attacks by spotting patterns in credit card and travel records, biometric authentication technologies, intelligence data and automated virtual data repositories. But the project, developed by the Defense Advanced Research Projects Agency, is under heavy criticism by privacy advocates.

Lotz's office began reviewing the information awareness program last December because of the public outcry. "To date, that review found no information that TIA was being used to violate the rights of U.S. persons," Lotz said Tuesday.

The review will continue throughout the life of the program, Lotz said, adding that his real involvement with it will come when and if the information awareness software tools are used by defense intelligence agencies.

Vahan Moushegian, director of the privacy office for DOD, said high-level authority should be received before collecting information using TIA.

"Only information that is minimally necessary to accomplish that mission [should be collected], no more," Moushegian said, adding that a felony charge should be the punishment for abusing the system.

Once officials approve use of the information awareness program, confidentiality through audits — and penalties for abuse — should already be established, Moushegian said.