At the Department of Homeland Security’s Workshop Government 2.0: Privacy and Best Practices this morning, the Federal CIO, Vivek Kundra, spoke about a range of issue regarding the federal government’s use of new technologies. In particular, Kundra strongly emphasized the important message that innovation, privacy and security are not competing values.
Kundra’s main strategy to address these values simultaneously is to bake all of them into the technology early in the process. Part of his solution is to better utilize the procurement process for privacy and security. One questioner asked if this meant strengthening Part 24 of the Federal Acquisition Regulations, which oversees privacy and freedom of information compliance. Kundra said this was part of the discussion. It is interesting to point out that Part 24 only uses the antiquated definitions from the Privacy Act to identify privacy risks and does not specifically require privacy impact assessments. These are issues that CDT is working to address in our E-Privacy Act Amendments Wiki, which is now in its last official week.
Another example that came up in the Q&A was the use of authentication technology. Kundra mentioned that too much authentication was being aimed at “military grade” identity. He urged for a more “progressive credentialling” by which he meant finding a full range of authentication solutions from anonymity to psuedonymity. This is the same principle that CDT calls “proportionality” in our Privacy Principles for Identity.