EPIC gives Obama administration mediocre privacy grades

So far, progress on privacy has been disappointing, EPIC says

The Electronic Privacy Information Center gave the Obama Administration mediocre grades in its second annual privacy report card, which it released this week.

The report is based on an analysis by EPIC's advisory board of the administration's efforts to foster better privacy practices in cyberspace, and around consumer data and health care data. The report also assessed the administration's records on civil liberties.

Overall, EPIC gave the administration B's for its privacy efforts in cyberspace and in protecting health care data, a C for consumer data protection efforts and a D on civil liberties.

The scores are lower than those handed out by EPIC last year and reflect the disappointing record the administration has had on privacy in its second year in office, said Mark Rotenberg, executive director of EPIC.

"Our bottom-line assessment is that with respect to privacy, things are getting worse," Rotenberg said.

The White House did not immediately respond to a request for comment.

Last year was the first time that EPIC released a privacy report card; the grades then reflected considerable optimism about the new administration's commitment to privacy and civil liberties issues, Rotenberg said. However a year down the road, little has changed in key areas, he maintained.

On the civil liberties front, for instance, there were high expectations that changes would be made to many programs, including the Patriot Act, the Fusion Centers that were created for sharing intelligence information between local and federal agencies, no-fly lists and the Real-ID national identification program. All of those were programs inherited from the Bush administration, and a year ago it was too early to assess what impact the new administration would have on them, he said.

The fact that little has changed a year later is surprising given the early expectations, Rotenberg said. The Obama administration's failure so far to set up an advisory board for monitoring key issues such as the airport full-body scanner program is troubling, he noted. So too is its relative inaction around controversial programs such as the Patriot Act and the Fusion Center initiative, he said.

Rotenberg also criticized what he claimed has been the Federal Trade Commission's less than aggressive approach in dealing with serious consumer privacy issues stemming from the use of technologies such as Facebook and Google's Buzz and Street View.

Latanya Sweeney, professor of computer science, technology and policy at Carnegie Mellon University and a member of EPIC's advisory board, said the Obama administration has failed to live up to early expectations for better privacy protections for health care data.

Obama's Health Information Technology for Economic and Clinical Health (HITECH) Act, which passed last year as part of the stimulus bill, contained several provisions for better patient privacy, Sweeney said. However, many of those controls have been diluted in the actual implementation of the policy, she said.

HITECH is being implemented in a manner that offers health care entities plenty of financial incentives for implementing electronic health systems and using them in a meaningful way. However, there are no incentives at all for improved privacy protections for health care data, she said. That could pose a major problem as more health care records are converted, used and shared electronically, she said.

"I view this as a failure of the administration to deliver on the privacy promises provided in the [HITECH] bill," she said. "They have lost an opportunity to use incentives to foster better privacy," Sweeney said.

Not everyone was so critical, though. Pablo Molina, CIO and associate vice president of information technology at Georgetown University and a member of EPIC's advisory board, gave a thumbs-up to the administration's efforts in cyberspace, in particular, and on other fronts as well.

Obama's appointment of Howard Schmidt as White House cybersecurity coordinator was a major step forward, Molina said. Since taking the job, Schmidt has been actively engaging with privacy and civil rights groups such as EPIC, the Electronic Frontier Foundation and the Center for Democracy and Technology to try to understand and address privacy concerns, he said.

Molina also said that the FTC has done a reasonably good job on consumer privacy issues. But he too expressed concern over the apparent slowness by the FTC to respond to Facebook privacy concerns and to those that have been raised about Google.

Plans by the Department of Homeland Security to collaborate with the Department of Defense on cybersecurity issues also need to be monitored, he said. There needs to be transparency and oversight considering that the National Security Agency will have an expanded role in domestic cyber matters, he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Copyright © 2010 IDG Communications, Inc.

Shop Tech Products at Amazon