New DHS Privacy Officer Gets Mostly Positive Response from Activists
President Barack Obama added another online advertising lawyer to his administration Thursday with the appointment of Mary Ellen Callahan as chief privacy officer of the Department of Homeland Security. Views of Callahan’s leadership of the first industry group to tackle Internet privacy in commerce varied among the activists we surveyed from visionary or detrimental to the development of the federal privacy framework.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
We couldn’t reach Callahan to ask how her background may influence her leadership of the Privacy Office, which has had an uneasy relationship with privacy activists on matters such as DHS’s use of data brokers (WID March 12/08 p5). Activists agreed that DHS is a different creature from the Internet advertising industry. They said making the federal government supportive of privacy will pose a significant challenge to Callahan’s abilities to build coalitions.
Callahan represented the MPAA and Online Publishers Association in FTC rulemakings on the CAN-SPAM law and Children’s Online Privacy Protection Act, according to her law firm biography, and she helped draft self-regulatory privacy standards for health Web sites. She’s vice chairman of the American Bar Association’s Privacy and Information Security Committee.
Callahan co-chaired the Online Privacy Alliance, formed in the late 1990s after FTC Commissioner Christine Varney returned to private practice. Varney is a familiar figure in online privacy policy circles who was recently named antitrust chief in the Justice Department (WID Jan 23 p6). She worked with Callahan at the Hogan & Hartson law firm. They brought together “everyone in the industry” to hammer out online privacy rules before Congress got involved, said Tim Lordan, the executive director of the Internet Education Foundation. The resulting rules on third- party enforcement of privacy policies and guidelines for publishers using ad networks were the “cornerstone” of all privacy policies, he said. The alliance also worked with the Network Advertising Initiative to create rules for the new field of behavioral targeting, Lordan said. The guidelines she helped write were “really forward-looking.”
It’s not clear which companies were involved in the alliance after its founding. Lordan pointed us to a list from Varney’s 1998 congressional testimony, right after the alliance’s founding, that included roughly 50 companies and groups. A later list available on the alliance’s Wikipedia entry listed about 30 of them, including Apple, AT&T, Verizon, DoubleClick, eBay, Microsoft, Time Warner, WhenU, Zango, U.S. Chamber, the Business Software Alliance, TRUSTe, MPAA, ITAA and several advertiser groups. Activists said the alliance folded in the past two years.
Callahan was “constantly encouraging them to stay up to date” with the “evolving nature of the Internet,” and she encouraged the industry to again update policies a few years ago, before the FTC’s behavioral targeting workshops and rulemaking, Lordan said. “She was heralding what I would say now is coming to pass.”
“Mary Ellen is a knowledgeable and accomplished attorney,” Ari Schwartz, the chief operating officer of the Center for Democracy & Technology, said by e-mail. “I don’t really consider her (or Christine) to be a representative of the online ad industry.” The Future of Privacy Forum, which formed late last year, said Callahan has “the critical combination of privacy savvy, common sense and backbone needed to help craft the balance between the war on terror and respect for the privacy and personal dignity of individuals.” It also called her a “great listener who will be able to ensure that voices of both law enforcement and civil libertarians are heard and respected.”
The alliance that Callahan led was founded to “head off real privacy laws” that the Electronic Privacy Information Center was pushing for Congress to enact in the late 1990s, said Marc Rotenberg, the group’s executive director. “OPA and others said it wasn’t necessary. Then ID theft and security breaches skyrocketed.”
The structure of DHS, and the role of the Privacy Office, is the most pressing matter, activists said. “It’s a genuinely difficult job. Most people have no idea how much authority DHS has or how extensive its data collection is,” Rotenberg said. “The CPO has to be able to push back hard to shut down bad projects … I just don’t know if she'll be up to the job.” Tim Sparapani, senior legislative counsel for the ACLU, said his group doesn’t comment on appointees. But “unless the privacy officer has the ear of the secretary or the general counsel [of DHS], or is willing to push back when bad ideas … are pushed forward, the Privacy Office can’t play the role it needs to protect public privacy,” he said. The chief privacy officer’s attitude should be “'let’s go back to the drawing board,'” not try to get around the “structural” problems of DHS. Dealing with federal agencies is more difficult than with business, Lordan said. But “Mary Ellen is really affable,” he said. “It’s hard not to like her.”