FC: Peter Swire on "Homeland Security Act": No privacy safeguards

From: Declan McCullagh (declanat_private)
Date: Thu Jun 27 2002 - 09:45:17 PDT

  • Next message: Declan McCullagh: "FC: Analysis of Paul Trummel's case and Judge Doerty's opinion"

    I just spoke to Peter on the phone. He tells me the hearing was cancelled 
    in a few minutes ago since the White House (OMB and OPM) was not ready to 
    show up. The bill in question:
    http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.05005:
    
    -Declan
    
    ---
    
    Date: Thu, 27 Jun 2002 11:39:33 -0400
    From: Peter Swire <pswireat_private>
    To: declanat_private
    Subject: Swire testimony on Homeland Security, Privacy, FOIA, etc.
    
    Declan:
    
    Attached is testimony I will present on Friday to a House Judiciary
    Subcommittee.  The testimony gives a detailed critique of the Administation's
    Homeland Security proposal, especially on issues of privacy, Freedom of
    Information, and cybersecurity.
    
    Best,
    
    Peter
    
    Prof. Peter P. Swire, Ohio State University
    Visiting, George Washington Law School, 2001-02
    Former Chief Counselor for Privacy, U.S. Office
        of Management & Budget
    (301) 213-9587, www.osu.edu/units/law/swire.htm
    
    ---
    
    Written Statement of Professor Peter P. Swire
    Moritz College of Law of the Ohio State University
    Submitted to the Subcommittee on Commercial and Administrative Law
    of the House Committee on the Judiciary
    June 28, 2002
    "Administrative Law, Adjudicatory Issues, and Privacy Ramifications of 
    Creating the Department of Homeland Security"
    
    
    Introduction
    
    Chairman Barr, Congressman Watt, and other distinguished members of the 
    Committee on the Judiciary, it is an honor and a serious responsibility to 
    be asked to testify today on the topic of "Administrative Law, Adjudicatory 
    Issues, and Privacy Ramifications of Creating the Department of Homeland 
    Security."  I share the views of many Americans that it is vital to take 
    new measures to protect against terrorism, including by improving the 
    security of our critical infrastructures and other computer 
    systems.  Indeed, a major focus of my recent academic research has been in 
    the area of improving computer security in networked systems.  In the time 
    available to testify today, however, I will focus on my concerns with the 
    recent Administration proposal of the Homeland Security Act of 2002, 
    introduced as H.R. 5005.  I also look forward to responding to any 
    questions you may have where I can be of assistance.
    
    Background of the witness.
    
    I am Professor of Law at the Moritz College of Law of the Ohio State 
    University.  I reside in the Washington, D.C. area and head the new summer 
    program of the law school.  As a professor, I teach courses on privacy, the 
    law of cyberspace, and other subjects, and serve as the editor of the 
    Cyberspace Law Abstracts.  My web page is at 
    www.osu.edu/units/law/swire.htm, and many of my writings are available 
    there.  My e-mail is swire.1at_private, and phone at (240) 994-4142.
    
    Relevant to today's topic, I am currently researching privacy and 
    technology issues for the Liberty and Security Initiative of the 
    Constitution Project.  This Initiative is a bipartisan effort of prominent 
    citizens who are seeking ways to achieve both security and civil liberties 
    in the wake of the events of September 11.  I also act as a consultant to 
    the law firm of Morrison & Foerster, primarily on issues of medical 
    privacy.  In my testimony today I am reflecting solely my personal views, 
    and I have not been paid in any way to prepare this testimony.
    
     From March, 1999 until January, 2001 I served as the Clinton 
    Administration's Chief Counselor for Privacy, in the U.S. Office of 
    Management and Budget.  This position was in OMB's Office of Information 
    and Regulatory Affairs ("OIRA"), which has long had important 
    responsibilities under the Privacy Act, the various computer security 
    statutes, and for federal information policy more generally.  Relevant to 
    today's topic, I played a lead role in coordinating federal agency 
    practices with respect to privacy and personal information.  I served on 
    the White House E-Commerce Working Group, worked extensively on critical 
    infrastructure issues including the Federal Intrusion Detection Network 
    (FIDNet), and worked more generally at the intersection of computer 
    security and privacy issues.  In 2000 I chaired a White House Working Group 
    on how to update wiretap and surveillance laws for the Internet age.
    
    General Comments on the Homeland Security Act of 2002.
    
    	I have studied the Homeland Security Act of 2002, H.R. 5005 as proposed by 
    the Administration, and offer two metaphors for what I have found.
    
    	First, the truck metaphor.  I believe the proposal is all accelerator when 
    it comes to information sharing, but with no brakes.  The bill puts the 
    pedal down when it comes to spreading around sensitive personal information 
    in hopes of reducing terrorism.  But the bill has essentially no safeguards 
    that put on the brakes -- either to prevent harm to individuals or to stop 
    a power grab by an unaccountable anti-terror agency.  For a vehicle as big 
    as the new Homeland Security Department, nonstop acceleration and no brakes 
    may lead to a mighty big crash in the future.
    
    	Second, the haystack metaphor.  I share the concern, expressed in this 
    Committee recently, that the new information sharing proposals are like 
    piling more hay on top of an already enormous haystack.  All that new hay 
    makes it that much harder to find the needle.  Better analysis of existing 
    data is likely the key to success here, and the Congress should probe hard 
    to learn whether adding new piles of information and reshuffling the 
    bureaucratic boxes will really add to the quality of the analysis.
    
    	Taking the haystack image a bit further, the extra-big piles of hay are 
    likely to get old and dried-up sitting in those government storage 
    facilities.  When a drought or dry season comes around, as it inevitably 
    will, the fires will be far worse than otherwise.  Lots and lots of 
    Americans may get burned if there is careless storage or handling of all 
    that additional hay.  The unprecedented collection and dissemination of 
    personal information about Americans puts us at new risk when there is next 
    a drought of self-control or common sense in the Department of Homeland 
    Security.
    
    	The Department's Skewed Incentives and Lack of Institutional Safeguards.
    
    	Moving from metaphors to the usual language of Washington policy debates, 
    my central point today concerns the skewed incentives of the new Department 
    when it comes to information gathering and sharing.  Having served in the 
    federal government, I am acutely aware that where one sits often determines 
    where one stands.  For instance, the CIA thinks that intelligence 
    information is paramount, the FBI stresses effective law enforcement above 
    all other values, and the Commerce Department instinctively understands the 
    effects of a policy proposal on business.  For employees of the new 
    Homeland Security Department, a simple look at the name of their department 
    will tell them all they need to know about how their success or failure 
    will be measured.  Why would any rational person in the Department fall on 
    their sword to protect privacy, civil liberties, commerce, the rights of 
    immigrants, or any other value except for anti-terrorism?  All of the 
    incentives are to place anti-terrorism efforts at the pinnacle.  And  that 
    mandate will continue for many years, until a future Congress one day takes 
    up the arduous task of reorganization.
    
    	A related, key point is the lack of institutional safeguards to keep the 
    instincts of the new Department in check.  In my specific comments below, I 
    suggest a number of ways to create institutional safeguards both within the 
    Department and in other parts of the federal government.  At this point in 
    the testimony, I highlight two proposals.  First, a senior official should 
    be appointed within the Executive Office of the President to coordinate 
    policymaking on privacy issues, including as they relate to homeland 
    security.  Second, a Chief Privacy Officer should be included among the 
    statutory offices in the new Homeland Security Department, alongside the 
    Chief Financial Officer and Chief Information Officer.
    
    	Based on my two years as essentially the Chief Privacy Officer for the 
    federal government, (perhaps not surprisingly) I believe that having an 
    official tasked with privacy protection offers significant benefits.  The 
    goal is emphatically not to have privacy trump all other values.  Instead, 
    the goal is to help ensure that issues of proper handling of personal 
    information are well vetted in the decisionmaking process.  Many of the 
    worst surveillance proposals occur when no one in the process has 
    rigorously considered the potential negative effects of a proposal that 
    also offers some advantages.  If everyone in the process is concerned, for 
    instance, with short-term gains to homeland security, then who will air the 
    long-term concerns about erosion of civil liberties?  Who will make sure 
    that the process considers alternatives that are effective on the security 
    side while also respecting privacy and other values?  To take one example, 
    there is little or no evidence in H.R. 5005 itself that privacy values were 
    even discussed among the drafters.  If privacy had been discussed, then 
    there were numerous places where clarifying language, of the sort I propose 
    below, might easily have been included.
    
    	With the Office of Management and Budget testifying here today, I hope 
    they will not take it amiss if I suggest that OMB, and especially its 
    Office of Information and Regulatory Affairs, is likely the single best 
    place to house this sort of privacy official.  OMB has long had 
    responsibility for overseeing agency compliance with the Privacy Act.  Its 
    responsibility for the clearance of agency Congressional testimony and 
    other statements gives OMB important leverage in ensuring that 
    single-mission agencies, such as Homeland Defense, make policy while 
    considering a broader range of concerns.  OMB  also has, in my experience, 
    an exceptionally dedicated and capable group of civil servants.  For these 
    reasons and others, I believe OMB can play a constructive role going 
    forward in checking the runaway tendencies of the Department of Homeland 
    Security.  Privacy and other values can be considered better in the OMB 
    setting, where there is longstanding experience in balancing competing 
    concerns.  OMB's role in the budget process and its oversight of agency 
    regulations also mean that agencies will resist some of the temptation to 
    advance their pet causes without regard to other concerns.
    
    One particular reform to consider is whether proposed Homeland Security 
    changes in data flows within the federal government or especially outside 
    of the federal government should be subjected to cost/benefit requirements 
    along the lines of Executive Order 12, 291 (issued by President Reagan) and 
    Executive Order 12,866 (issued by President Clinton).  The current 
    Administration has insisted on rigorous cost/benefit analysis of other 
    federal agency proposed actions, and we deserve to hear the 
    Administration's views on whether this sort of careful analysis should be 
    skipped for issues of Homeland Security.  Aspects of such analysis would 
    presumably include the direct economic burdens created by new Homeland 
    Security initiatives, as well as the burdens placed on privacy, civil 
    liberties, and other values of an open society.
    
    	Commission on Privacy and Personal Freedom
    
    	The last comprehensive review of privacy issues at the federal level was 
    conducted in the mid-1970s, resulting in passage of the Privacy Act and the 
    creation of the Privacy Protection Study Commission, which issued its 
    report in 1977.  The President or the Congress should create a new 
    Commission on Privacy and Personal Freedom to review privacy issues in the 
    context of homeland security and new information technologies and recommend 
    changes in law and policy.  I have previously had my doubts about the 
    usefulness of proposals to create privacy study commissions, in part due to 
    my perception that such commissions could be used as an excuse to delay 
    implementation of effective privacy protections.  In light of the events of 
    September 11, however, and the pressing issues those events have posed for 
    homeland security, surveillance, and privacy, I believe this sort of study 
    commission is now appropriate.
    
    	Administrative Law and Rule of Law Concerns
    
    	Before turning to some specific textual concerns with H.R. 5005, permit me 
    to comment briefly on some administrative law aspects of the proposal.  I 
    am concerned that this major reorganization would reduce the effectiveness 
    of the legislation that Congress has enacted over time to specify how the 
    various agencies should carry out their functions.  Even if we assume that 
    officials in the new Department wish to follow every Congressional 
    enactment to the letter, there will inevitably be some play in the joints 
    as the officials seek to make old language work in new settings.  The scope 
    of agency discretion is likely to increase as a result of the reorganization.
    
    	The reorganization thus poses risks to the effectiveness of existing 
    legislation and of judicial review to assure the rule of law within the new 
    Department.  For instance, the famous Chevron case requires judges to give 
    deference to any agency that adopts any "permissible" interpretation of a 
    statute.  Because all current statutes will need to be interpreted in the 
    context of the changed circumstances of a new agency, and because H.R. 5005 
    treats anti-terrorism to be the "primary" mission of the Department, a 
    logical consequence is that judges will find a broader range of 
    anti-terrorist action to be "permissible" under the circumstances.  Further 
    study may be needed of the savings provision in Section 804(d) to determine 
    whether there are textual changes that would reduce the risk to the 
    effectiveness of existing statutes and judicial review.
    
    Some Lessons from Current Research into Homeland Security and Privacy.
    
    	Current research for the Liberty and Security Initiative of the 
    Constitution Project sheds light on possible pitfalls from the current 
    version of the Homeland Security Act of 2002.
    
    	One of my efforts with the Constitution Project has been to study the way 
    that wiretap laws operate at the state level.  I have learned, to my 
    surprise, that a majority of all domestic wiretaps take place under state 
    law, under orders signed by state judges.  A  study released this spring 
    also found that the number of state wiretaps has jumped a startling 50 
    percent in the past year alone.  A preliminary survey of state wiretap 
    laws, along with proposals to amend those laws, is now available at the web 
    page of the Constitution Project, www.constitutionproject.org.  A 
    substantially more detailed 50-state survey will be available there 
    shortly.  This topic of state wiretap laws is important in its own right, 
    and it helps us consider how to achieve both security and privacy when 
    USA-PATRIOT Act provisions sunset in 2005.
    
    For the topic of homeland security, the study of state wiretap laws 
    indicates the crucial importance of institutional checks and balances 
    within a surveillance and security process.  The states vary widely in 
    whether they have any institutional mechanisms to assure a high quality in 
    wiretap orders.  The standards for a judge issuing a wiretap order are the 
    same for federal and state wiretaps under the Electronic Communications 
    Privacy Act.  At the federal level, we have a history of scrutiny of 
    wiretap orders by the Congress, the press, and civil liberties groups and 
    we have had institutional protections such as approval by senior Justice 
    Department officials and significant training required of the agents and 
    prosecutors who seek such wiretaps.  This set of institutional safeguards 
    has often been much less developed, however, at the state level.  Proposals 
    to amend state wiretap laws should seek effective ways to build 
    institutional checks and balances into the surveillance process.  Effective 
    institutional checks, beginning but not ending with strong Congressional 
    oversight, will be needed as well for the new Department of Homeland Security.
    
    Another ongoing topic for the Constitution Project concerns national ID 
    proposals and the history of why the federal government has repeatedly 
    decided not to create such an identification system.  My current view is 
    that our lack of a national ID card today is due partly to popular 
    sentiment (which has opposed such cards) and partly due to a political 
    dynamic where the proponents faced a heavy burden in creating such a 
    system.  My preliminary view is that creation of a Department of Homeland 
    Security would change the political dynamic.  The new Department will be 
    under strong internal and external pressure to adopt new biometric and 
    other identification systems.  The heavy burden may thus shift to those who 
    are skeptical of a new national identification system.  If the large and 
    powerful new Department puts its muscle behind such a system, who inside or 
    outside of the federal government will be similarly well organized to 
    oppose it?
    
    My research to date on the history of national ID proposals thus suggests 
    that opposition to such proposals may be a reason to oppose or be more 
    cautious in support of the new Department of Homeland Security.  The 
    Congress may wish to consider ways to reduce this concern, such as by 
    stating that no funds shall be spent to create or advocate for a national 
    identification system.
    
    Comments on Specific Sections of the Homeland Security Act of 2002, H.R. 5005.
    
    	Section 101(b)(1), anti-terrorism as the "primary" mission of the 
    Department.  The current text says that the Department's "primary" mission 
    will be duties connected to preventing, minimizing the damage from, and 
    assisting in the recovery from terrorist attacks.  One problem with this 
    formulation is that it necessarily makes "secondary" all the other 
    functions of the agency components that are transferred into the new 
    Department.  As one notable example, administration of the entire enormous 
    body of immigration laws is secondary under this statute to the activities 
    of the INS with respect to terrorism.  Similarly, the many domestic 
    responsibilities of FEMA will now all be subordinated, according to this 
    statute, to FEMA's terrorism-related activities.  In the event of floods, 
    hurricanes, fires, and the rest, any FEMA activities related to terrorism 
    will be stated by statute to be more important than saving Americans' lives 
    and property threatened by these other sorts of disasters.  The new 
    Department would contain a wide range of important government functions, 
    from the Coast Guard to the Customs Service to many others.  The proposed 
    reorganization will likely result in less leadership focus, and likely less 
    effective implementation, of the non-terrorism goals in these areas.  This 
    concern about less effective government is made worse by the 
    Administration's claim that no additional spending will be needed to fund 
    the Department.  Having watched the budget process from up close during my 
    time at OMB, I find this claim disingenuous at best.
    
    	Turning to privacy as another example, the protection of Americans' 
    privacy and other civil liberties appears to be made secondary, according 
    to this statute, to all anti-terrorism efforts.  This hierarchy of values, 
    with terrorism more important than all the other missions of the Department 
    and all the other values implicated by the Department's ongoing activities, 
    is made a permanent part of the statutory charter of the 
    Department.  Future Secretaries of the Department may feel constrained to 
    treat these "secondary" activities and values in a "secondary" way 
    according to the Congressional intent as reflected in the text of Section 
    101(b)(1).
    
    	My recommendation is thus to rewrite Section 101 to make clear that 
    anti-terrorist activities are a mission of the Department.  The 
    "primary"/"secondary" language, however, should be deleted.  This amendment 
    would avoid a threat to the rule of law, where future Secretaries of the 
    Department might appeal to the "primary" mission of the Department to trump 
    contrary missions as created by other statutes, such as in the areas of 
    immigration, emergency preparedness, and privacy.
    
    	Section 103, Other Officers.  The current text specifies the creation by 
    statute of various officers, including a Chief Financial Officer and a 
    Chief Information Officer.  Due to the special responsibilities of this 
    Department, I believe the statute should also require creation of the 
    office of Chief Privacy Officer.  This step would not take the place of 
    effective inter-agency oversight by OMB or some other part of the Executive 
    Office of the President.  Having a Chief Privacy Officer, however, would 
    help create a better vetting process within the Department.  Proponents of 
    new surveillance plans and data sharing would more consistently have to 
    explain both the benefits of their proposals and why their proposals cannot 
    be carried out in ways that are more consistent with privacy and similar 
    values.  Creation of the Chief Privacy Officer position by statute would 
    also increase the likely effectiveness of Congressional oversight of the 
    Homeland Security Department on privacy and related issues.  It would be 
    more difficult for the Department to bury these concerns many layers deep 
    in the bureaucracy, and the Chief Privacy Officer would be available to 
    testify before the oversight committees.
    
    	Section 201, Under Secretary for Information Analysis and Infrastructure 
    Protection.  The current text defines seven responsibilities of the Under 
    Secretary for Information Analysis and Infrastructure Protection.  I have 
    myself worked extensively on infrastructure protection issues, as a 
    government official, as a private citizen, and as an academic researcher on 
    encryption, firewall, and other topics.  I agree wholeheartedly that the 
    United States government and the private sector must continue to strive 
    mightily to improve all aspects of infrastructure protection and computer 
    security.
    
    	With that said, the current statutory text addresses only a fraction of 
    the crucial issues that the new Under Secretary should consider.  The 
    current text essentially focuses on assessing and correcting the 
    vulnerabilities of the critical infrastructure and increasing information 
    flow among those involved in computer security.  Entirely absent is any 
    discussion of the many other values at stake in the construction of the 
    information infrastructure.  For instance, there is no concern stated for 
    educational or commercial benefits that result from the Internet or other 
    information technologies.  There is no mention of the importance of 
    protecting individual privacy in the exchange of all this 
    information.  There is no mention of the values of government 
    accountability, the Freedom of Information Act, or the many other ways that 
    well-designed information structures can enhance an open society and the 
    preservation of civil liberties.
    
    	In response, supporters of the current text might say "that's not my 
    Department." The bill concerns the Department of Homeland Security, and the 
    concerns about education, commerce, privacy, government accountability, and 
    civil liberties should simply be handled elsewhere in the government.  I 
    respond, however, that the Department centrally tasked with "a 
    comprehensive national plan" for information infrastructure should clearly 
    be tasked to include those other issues and values in the process.
    
    	My recommendation is to rewrite Section 201 to take explicit account of 
    these and similar values in defining the mission of the Under Secretary for 
    Information Analysis and Infrastructure Protection.  Consideration of the 
    values mentioned here should be included explicitly within the definition 
    of the Under Secretary's responsibilities.  The Under Secretary might also 
    be tasked, for instance, to consult with the other relevant agencies 
    (Commerce, Education, Justice, etc.) when making plans for critical 
    infrastructure and information sharing.   The new language should not 
    reduce the existing responsibilities of other agencies to take action in 
    these areas.  As the Committee looks for language that achieves these 
    goals, one helpful source would be the National Plan for infrastructure 
    protection released in early 2000.  That Plan was prepared under the 
    supervision of Dick Clarke, who now leads the Bush Administration's 
    cyber-security efforts.  In both the Plan's overview and in its chapter on 
    privacy and civil liberties, there is extensive discussion of the ways that 
    multiple values should be considered in decisions about how to construct 
    the Internet of the future and the nation's critical infrastructures more 
    generally.
    
    Section 203, Access to Information.  The current text, in Section 203(3), 
    states that "the Secretary shall ensure that any material received pursuant 
    to this section is protected from unauthorized disclosure and handled and 
    used only for the performance of official duties."  The text also discusses 
    the importance of protecting intelligence sources and sensitive law 
    enforcement information.
    
    	At first read, it might appear that the language about "unauthorized 
    disclosure" and "performance of official duties" might offer protections 
    for individual privacy, by limiting the ways that data in the hands of the 
    Department might be used.  Upon a closer read, however, protections are 
    almost entirely lacking.  First, the limit on "unauthorized disclosure" 
    does nothing to limit "authorized disclosure."  Because the bill in general 
    places few or no limits on authorized disclosure, the Department in the 
    future would be essentially free to authorize almost any information 
    sharing.  Second, the requirement that data be used "for the performance of 
    official duties" is similarly weak.  Persons working in the Department, 
    seeking in some way to fight terrorism, could justify almost any use or 
    disclosure of information as part of the performance of official 
    duties.  For example, releasing data to a state or local official might in 
    some way help detect a terrorist, justifying almost any release of 
    data.  Third, the bill provides no apparent remedy or enforcement action if 
    releases are made beyond those permitted under Section 203(3).  Fourth, as 
    discussed elsewhere in this testimony, the Department is currently proposed 
    in a form where essentially all the incentives are in the direction of 
    sharing sensitive personal information widely, in hopes that the sharing 
    may incrementally help detect or prevent terrorist action.  These 
    incentives are likely to push in the direction of greater "authorized" use 
    over time.
    
    	Taking these factors together, Section 203(3) becomes a recipe for 
    essentially unrestricted sharing of sensitive personal information, with no 
    apparent incentives to limit such sharing and no remedies if the sharing 
    goes too far.  My recommendation is that language be added to the text that 
    says that the Secretary "shall ensure that any material received pursuant 
    to this section be used or disclosed in order to minimize the risk to harm 
    to individuals from inappropriate use or disclosure of personally 
    identified information."
    
    	Because this sort of language will not in itself create remedies or change 
    the incentive structure facing the Department, additional steps are likely 
    warranted to assure careful handling of sensitive personal 
    information.  One approach to create accountability is given by H.R. 4561, 
    the "Federal Agency Protection of Privacy Act," which has been introduced 
    by Chairman Barr and supported by the Ranking Member Representative Watt, 
    as well as by a considerable number of other Members of Congress. I support 
    the use of privacy impact assessments, which are the central provision of 
    H.R. 4561, and hope that they will become standard practice within a 
    Department of Homeland Security and in other settings where there is 
    significant use or disclosure of personally identifiable information.
    
    	Other parts of this testimony discuss ways to create accountability for 
    the handling of personally identifiable information through actions by the 
    Office of Management and Budget.  This role for OMB might be spelled out in 
    Section 203 or elsewhere in the bill.
    
    	Section 204, Information Voluntarily Provided.  Section 204 of the bill 
    states that "information provided voluntarily by non-Federal entities or 
    individuals that relates to infrastructure vulnerabilities or other 
    vulnerabilities to terrorism and is or has been in the possession of the 
    Department shall not be subject to section 552 of title 5, United States 
    Code."  This provision would create an enormous and unjustified exception 
    to the Freedom of Information Act (FOIA), and should be deleted from the bill.
    
    	The question of how, if at all, to craft a FOIA exception for critical 
    infrastructure protection information has been the subject of heated debate 
    for the past several years.  I worked on this issue while serving in OMB, 
    and have followed the debate in the time since.  The text of Section 204 
    reads like the fantasy of one fringe of the debate  the fringe most 
    dedicated to limiting disclosure of information to the public.  For 
    instance, information that would clearly be open to the public through FOIA 
    requests to other Federal agencies would be hidden away if the Department 
    happened to receive it.  The secrecy would be permanent.  There are no 
    procedural limits or review procedures for whether the benefits of 
    releasing the data outweigh the risks.  The text uses the "relates to" 
    language that is familiar from other statutes as the broadest possible 
    legislative language; for instance, the same "relates to" language in ERISA 
    is the reason that Congress has been considering the Patients Bill of 
    Rights as a way to stop a large exemption from judicial review and due 
    process.  And so on.
    
    	The text of Section 204 is troubling not only because its substance is so 
    extreme compared to the extensive debate that has already occurred on this 
    topic, in both Houses of Congress.  It is troubling as well because of the 
    apparently slipshod manner in which such an important topic was inserted 
    into the Homeland Security bill.  Inclusion of this extreme text, without 
    any of the nuance that many federal offices have gained during previous 
    rounds of discussions on the issues, suggests one of two 
    possibilities:  Either the text was inserted without the benefit of 
    learning from the experts in the Executive Branch on the subject, or else 
    those with expertise were simply overruled by the drafters.  It would be 
    useful to learn, for instance, what role the OMB Office of Information and 
    Regulatory Affairs, the Commerce Department Critical Infrastructure 
    Assurance Office, and the FOIA office in the Department of Justice played 
    in the vetting of this most amazing legislative language.
    
    	My recommendation is that Section 204 be deleted in its entirety.
    
    Conclusion.
    
    	In conclusion, I thank the Committee for the opportunity to testify and 
    present my views on these issues.  Today, less than a year after the 
    horrific events at the World Trade Center and the Pentagon, there is likely 
    no issue on the national agenda more important than deciding how we will 
    change practices within our borders to assure both security and the other 
    important values that define our Nation.  As an academic who has studied 
    the history of government institutions, I wonder whether the War on 
    Terrorism will be as defining a mission ten, twenty, or thirty years from 
    now, when the Department of Homeland Security will quite possibly still be 
    governed by the charter that Congress enacts this year.  You are writing 
    the charter for an agency with unprecedented powers to keep watch on every 
    American, powers that will endure long after this election cycle is 
    forgotten.  I commend this Committee for its careful attention to the 
    issues in the hearing today, and I welcome any questions you may have.
    
    
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    -------------------------------------------------------------------------
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Thu Jun 27 2002 - 15:10:16 PDT