COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER. to the DEPARTMENT OF HOMELAND SECURITY

Similar documents
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE DEPARTMENT OF HOMELAND SECURITY. [Docket No. DHS ]

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER. to the DEPARTMENT OF HOMELAND SECURITY

Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border

DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Docket No. TSA

Arrival and Departure Information System Information Sharing Update

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER. to the DEPARTMENT OF HOMELAND SECURITY

Comments on Border Crossing Information System of Records Notice 73 Fed. Reg Docket No. DHS

COMMENTS OF THE ELECTRONIC FRONTIER FOUNDATION

DEPARTMENT OF HOMELAND SECURITY United States Customs and Border Protection. Docket No. DH Notice of Privacy Act System of Records

DHS Biometrics Strategic Framework

DEPARTMENT OF HOMELAND SECURITY Border and Transportation Directorate

MEMORANDUM OF UNDERSTANDING ON TERRORIST WATCHLIST REDRESS PROCEDURES

Case 1:17-cv Document 1 Filed 07/19/17 Page 1 of 15 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

I. ICE Must Ensure the Accuracy and Safety of Commercial Databases It Uses

Privacy Impact Assessment. April 25, 2006

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER U.S. CUSTOMS AND BORDER PROTECTION DEPARTMENT OF HOMELAND SECURITY

Comments of EPIC 1 Department of Interior

The Identity Project

The listed organizations submit these comments in opposition to the above referenced SORN and Privacy Act exemption notice.

Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border

Recent Privacy Developments in the United States, Particularly with Respect to Travelers Using Air Transport

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER. to the DEPARTMENT OF HOMELAND SECURITY U.S. CUSTOMS AND BORDER PROTECTION

Case 3:19-cv SK Document 1 Filed 01/17/19 Page 1 of 11

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER. to the DEPARTMENT OF HOMELAND SECURITY

REDMOND MUNICIPAL AIRPORT INITIAL ID APPLICATION AOA ID

8 USC 1365b. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE DEPARTMENT OF HOMELAND SECURITY. [Docket No. DHS ] February 27, 2012

Refugee Security Screening

(October 3, 2017). Dear Chairman Grassley and Ranking Member Feinstein:

August 25, Comments on Non-Federal Entity Data System (NEDS) System of Records Notice (SORN) [73 Fed. Reg ] Docket No.

a. Suspend or discontinue user access to the information;

Privacy Act of 1974: A Basic Overview. Purpose of the Act. Congress goals. ASAP Conference: Arlington, VA Monday, July 27, 2015, 9:30-10:45am

GAO HOMELAND SECURITY. Key US-VISIT Components at Varying Stages of Completion, but Integrated and Reliable Schedule Needed

BEFORE THE DEPARTMENT OF HOMELAND SECURITY WASHINGTON, D.C.

Potentially Ineligible Individuals Have Been Granted U.S. Citizenship Because of Incomplete Fingerprint Records

U.S. Citizenship and Immigration Services Transformation

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER. to the DEPARTMENT OF HOMELAND SECURITY U.S. CUSTOMS AND BORDER PROTECTION

SUMMARY: This final rule adopts the notice of proposed rulemaking (NPRM) we

Case 1:14-cv KMW Document 24 Entered on FLSD Docket 04/10/2015 Page 1 of 9

ST. CLOUD REGIONAL AIRPORT FINGERPRINTING AND BADGE APPLICATION

GENERAL AVIATION ACCESS APPLICATION

ST. CLOUD REGIONAL AIRPORT FINGERPRINTING AND BADGE APPLICATION

Fraud Detection and National Security Data System (FDNS-DS)

GAO. VISA SECURITY Additional Actions Needed to Strengthen Overstay Enforcement and Address Risks in the Visa Process

To schedule an Application Processing Appointment

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

Achieving Interoperability

A REPORT CONCERNING PASSENGER NAME RECORD INFORMATION DERIVED FROM FLIGHTS BETWEEN THE U.S. AND THE EUROPEAN UNION

GAO REGISTERED SEX OFFENDERS. Sharing More Information Will Enable Federal Agencies to Improve Notifications of Sex Offenders International Travel

a GAO GAO BORDER SECURITY Additional Actions Needed to Eliminate Weaknesses in the Visa Revocation Process

Docket No. DHS Chemical Facility Anti-Terrorism Standards (CFATS) Risk-Based Performance Standards Guidance Version 2.


COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER

DEPARTMENT OF HOMELAND SECURITY. 8 CFR Parts 204 and 216. CIS No ; DHS Docket No. USCIS RIN 1615-AC11

PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD. Recommendations Assessment Report

Interstate Commission for Adult Offender Supervision

Risk-Based Performance Standards Guidance Chemical Facility Anti-Terrorism Standards. May 2009

Fact Sheet: Electronic System for Travel Authorization (ESTA)

AIRPORT SECURITY IDENTIFICATION BADGE APPLICATION

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER. to the DEPARTMENT OF HOMELAND SECURITY DATA PRIVACY AND INTEGRITY ADVISORY COMMITTEE

The Five Problems With CAPPS II: Why the Airline Passenger Profiling Proposal Should Be Abandoned

Case 1:11-cv BAH Document 16-1 Filed 01/23/12 Page 1 of 11 UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

I. PARTIES AUTHORITIES

DEPARTMENT OF HOMELAND SECURITY BUREAU OF CUSTOMS AND BORDER PROTECTION. 8 CFR PARTS 212, 214, 231 and 233 (CBP DEC ) RIN 1515-AD36

EUROPEAN PARLIAMENT COMMITTEE ON CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS

FOIA Exemptions 6 & 7C Personal Privacy Exemptions

What is US-VISIT? United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Biometric Services

The Legal Workforce Act 1 Section-by-Section

ORLANDO SANFORD INTERNATIONAL AIRPORT AIRPORT ID BADGE APPLICATION

Frequently Asked Questions: Electronic System for Travel Authorization (ESTA)

BORDER SECURITY AND IMMIGRATION. Initial Executive Order Actions and Resource Implications

ARTICLE 29 Data Protection Working Party

DEPARTMENT OF HOMELAND SECURITY CUSTOMS AND BORDER PROTECTION. 8 CFR Part 212 RIN 1651-AA97 USCBP

PRIVACY, CIVIL LIBERTIES, AND CIVIL RIGHTS POLICY JULY 2014 REVISION

Frequently Asked Questions about PNR data and the proposed EU-US agreement on US government access to PNR data from the EU

1. What sort of passenger information will be transferred to US authorities?

Privacy Act of 1974; Department of Homeland Security, U.S. Customs and Border

Page 1 of 10. Before the PRIVACY OFFICE DEPARTMENT OF HOMELAND SECURITY. Washington, DC ) ) ) ) ) ) ) ) )

EPIC seeks records related to alternative screening procedures in CBP s biometric entry/exit program. 1

BOSTON MARATHON BOMBINGS

ST. CLOUD REGIONAL AIRPORT FINGERPRINTING AND BADGE APPLICATION

A Basic Overview of The Privacy Act of 1974

Privacy Act; System of Records: Legal Case Management Records, State- to amend an existing system of records, Legal Case Management Records,

FOIA Exemptions 6 & 7C Personal Privacy Exemptions

ROCHESTER INTERNATIONAL AIRPORT FINGERPRINTING AND BADGE APPLICATION

A GUIDE TO TEMPORARY PROTECTED STATUS FOR SYRIAN NATIONALS

ICE. I.C.E. Under D.H.S. Customs and INS Investigations DRO

*The following steps must be completed BEFORE a badging application will be accepted.

Application for Airport AOA Identification Media

SPECIAL INSPECTOR GENERAL FOR AFGHANISTAN RECONSTRUCTION CHIEF FOIA OFFICER REPORT FISCAL YEAR 2010

No IN THE UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT. EDWARD TUFFLY, AKA Bud Tuffly, Plaintiff-Appellant,

Privacy Impact Assessment Update for the. E-Verify RIDE. DHS/USCIS/PIA-030(b) May 6, 2011

Safe Harbor Procedures for Employers Who Receive a No-Match Letter: Clarification; Final Regulatory Flexibility Analysis

[ P] Exemption from Transportation Worker Identification Credential (TWIC) Expiration Provisions for Certain Individuals Who Hold a Valid TWIC

ST. CLOUD REGIONAL AIRPORT FINGERPRINTING AND BADGE APPLICATION

January 14, Re: S. 1600, Judicial Redress Act of Dear Chairman Grassley and Senator Leahy:

Case 1:12-cv Document 1 Filed 06/11/12 Page 1 of 17 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA. Plaintiff, Civil No.

DHS Biometric Screening

CRS Report for Congress

T. F. GREEN AIRPORT (PVD) - SECURITY BADGE APPLICATION SIGNATORY: (PRINT NAME ONLY APPROVED SIGNATORY ON FILE CAN SIGN APPLICATION)

Transcription:

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to the DEPARTMENT OF HOMELAND SECURITY Privacy Act of 1974; Implementation of Exemptions; Department of Homeland Security/ALL-030 Use of the System of Records Notice of Proposed Rulemaking [Docket No. DHS-2016-0001] Privacy Act of 1974; Implementation of Exemptions; Department of Homeland Security/ALL-030 Use of the System of Records Notice of Privacy Act System of Records [Docket No. DHS-2016- By a System of Records Notice ( SORN ) published on January 22, 2016, the Department of Homeland Security ( DHS ) proposes to update and reissue a current Department-wide system of records titled, Department of Homeland Security(DHS)/ALL-030 Use of the (TSDB) System of 1

Records. 1 Additionally, by a Notice of Proposed Rulemaking ( NPRM ) published on January 22, 2016, DHS proposes to exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements. 2 DHS maintains a synchronized copy of the Department of Justice s ( DOJ ) Federal Bureau of Investigation ( FBI ) Terrorist Screening Records System of Records 3 via a mechanism called DHS Watchlist Service ( WLS ) that disseminates the feed to DHS components. 4 The FBI s Terrorist Screening Center ( TSC ) maintains the TSDB as the U.S. Government s consolidated watchlist system. 5 DHS and its authorized components access TSDB records via the WLS pursuant to memoranda of understanding with FBI/TSC, and DHS maintains a synchronized, mirror copy of the TSDB. 6 According to the agency, DHS currently has six systems that are authorized to receive TSDB data directly from FBI/TSC via the Watchlist Services, and with this updated notice, DHS proposes to add two new systems, Customs and Border Protection ( CBP ) Automated Targeting System ( ATS ) and U.S. Citizenship and Immigration Services ( USCIS ) Fraud Detection and National Security ( FDNS ) Directorate, to the Watchlist Service. 7 1 Notice of Privacy Act System of Records, 81 Fed. Reg. 3811 (proposed Jan. 22, 2016), available at https://www.gpo.gov/fdsys/pkg/fr-2016-01-22/pdf/2016-01167.pdf; [hereinafter TSDB SORN]. 2 Notice of Proposed Rulemaking, 81 Fed. Reg. 3,748 (proposed Jan. 22, 2016), available at https://www.gpo.gov/fdsys/pkg/fr-2016-01-22/pdf/2016-01169.pdf; [hereinafter TSDB NPRM]. 3 72 FR 47,073, August 22, 2007. 4 TSDB NPRM at 3,748. 5 Homeland Security Presidential Directive 6 (HSPD-6), September 2003. 6 TSDB SORN at 3,812. 7 Id. at 3,811. 2

DHS clarified that the current category of individuals include[s] relatives, associates, or others closely connected with a known or suspected terrorist who are excludable from the United States based on these relationships by virtue of sec. 212(a)(3)(B) of the Immigration and Nationality Act, as amended, and do not otherwise satisfy the requirements for inclusion in the TSDB. 8 DHS also proposes adding two new categories of individuals to include: (1) Individuals who were officially detained during military operations, but not as enemy prisoners of war, and who have been identified as possibly posing a threat to national security, and who do not otherwise satisfy the requirements for inclusion in the TSDB ( military detainees )... ; and (2) individuals who may pose a threat to national security because they are (a) known or suspected to be or have been engaged in conduct constituting, in aid of, or related to transnational organized crime, thereby posing a possible threat to national security, and (b) do not otherwise satisfy the requirements for inclusion in the TSDB ( transnational organized crime actors ).... 9 In 2011, the Electronic Privacy Information Center ( EPIC ) and a coalition of 17 privacy, consumer rights, and civil liberties organizations urged DHS to suspend the very system of records that DHS plans to expand with this notice. 10 The coalition argued that a full review of the privacy, security, and legal implications of the database including compliance with the federal Privacy Act should be conducted prior to moving forward with the database. 11 In response to the Coalition comments, DHS removed two proposed 8 Id. 9 Id. 10 EPIC et al., Comments on Docket Nos. DHS-2011-0060 and DHS-2011-0061: Concerning Use of the System of Records (Aug. 5, 2011), available at https://epic.org/apa/comments/epic-dhs-tsd-comments.pdf. 11 EPIC et al., Comments on Docket Nos. DHS-2011-0060 and DHS-2011-0061: Concerning Use of the System of Records (Aug. 5, 2011), available at https://epic.org/apa/comments/epic-dhs-tsd-comments.pdf. 3

Privacy Act exemptions. 12 As described below, however, the database continues to raise substantial privacy risks. Pursuant to DHS s notices, EPIC submits these comments to urge the agency to: (1) adhere to Congress s intent to maintain transparent and secure government recordkeeping systems; (2) provide individuals judicially enforceable rights of notice, access, and correction; (3) conform to a revised SORN and NPRM that includes requirements for the agency to respect individuals rights to control their information in possession of federal agencies, as the Privacy Act requires; and (4) premise its technological and security approach on decentralization. I. Introduction EPIC is a public interest research center in Washington, D.C. EPIC was established in 1994 to focus public attention on emerging privacy and related human rights issues, and to protect privacy, the First Amendment, and constitutional values. EPIC has previously commented on DHS s use of the and traveler screening databases that collect large amounts of personal information. EPIC opposes the agency s practice of largely exempting itself from the obligations of the Privacy Act. In 2007, EPIC urged the DHS to curtail the revised Automated Targeting System, a federal screening system that creates secret, terrorist ratings on tens of millions of 12 Privacy Act of 1974; Implementation of Exemptions; Department of Homeland Security/ALL- 030 Use of the System of Records, 76 Fed. Reg. 81,787, 81,788 (final rule Dec. 29, 2011). 4

American citizens. 13 In 2007, EPIC also led a coalition of 29 organizations and 16 privacy and technology experts that detailed significant privacy and security risks in ATS. 14 In February 2007, EPIC explained that TSA s internal quality assurance procedures were not working, and urged the agency to fully apply Privacy Act requirements of notice, access, and correction to DHS s new traveler redress program, Traveler Redress Inquiry Program ( TRIP ), and its underlying watchlist system. 15 In May 2006, EPIC recommended that CBP substantially narrow the Privacy Act exemptions prior to the revision and expansion of the Global Enrollment System, a database full of individuals biometric and biographic data, which would be used to determine individual eligibility for the Trusted Traveler program. 16 In December 2005, EPIC detailed privacy and security flaws in the Registered Traveler program and recommended DHS suspend the passenger-prescreening program. 17 13 EPIC, Comments on Docket Nos. DHS-2007-0042 and DHS-2007-0043 Concerning the Automated Targeting System (Sept. 5, 2007), available at http://www.epic.org/privacy/travel/ats/epic_090507.pdf. 14 Thirty Orgs. & 16 Privacy & Tech. Experts, Comments on Dockets No. DH6-2006-0060: Notice of Privacy Act System of Records (Dec. 4, 2006), available at http://epic.org/privacy/pdf/ats_comments.pdf. 15 EPIC, Comments on Docket Nos. DHS-2007-0003: Implementation of Exemptions; Redress and Response Records System (Feb. 20, 2007), available at http://www.epic.org/privacy/airtravel/profiling/trip_022007.pdf. 16 EPIC, Comments on Docket No. DHS-2005-0053: Notice of Revision and Expansion of Privacy Act System of Records (May 22, 2006), available at http://www.epic.org/privacy/airtravel/ges052206.pdf. 17 EPIC, Comments on Docket Nos. TSA-2004-19166 and TSA-2004-17982: Notice to Alter Two Existing Systems of Records; Request for Comments (Dec. 8, 2005), available at http://www.epic.org/privacy/airtravel/profiling/rt120805.pdf. 5

II. The Contains Sensitive, Personal Information on Individuals Currently, DHS states that the following categories of individuals are covered by the Department of Homeland Security (DHS)/ALL-030 Use of the Terrorist Screening Database (TSDB) System of Records : Individuals known or suspected to be or have been engaged in conduct constituting, in preparation for, in aid of, or related to terrorism ( known or suspected terrorists ). DHS proposes to add the following categories of individuals: Individuals who are foreign nationals or lawful permanent resident aliens and who are excludable from the United States based on their familial relationship, association, or connection with a known or suspected terrorist as described in Section 212(a)(3)(B) of the Immigration and Nationality Act of 1952 ( INA exceptions ); Individuals who were officially detained during military operations, but not as Enemy Prisoners of War, and who have been identified to pose an actual or possible threat to national security ( military detainees ); and Individuals known or suspected to be or have been engaged in conduct constituting, in aid of, or related to transnational organized crime, thereby posing a possible threat to national security ( transnational organized crime actors. ) 18 Currently, the database contains the following categories of records: Identifying information, such as name, date of birth, place of birth, biometrics, photographs, passport and/or drivers license information, and other available identifying particulars used to compare the identity of an individual being screened with a known or suspected terrorist, including audit records containing this information; For known or suspected terrorists, in addition to the categories of records listed above, references to and/or information from other government law enforcement and intelligence databases, or other relevant databases that may contain terrorism information. DHS proposes to revise the database to include: 18 TSDB SORN at 3,813. 6

Identifying biographic information, such as name, date of birth, place of birth, passport and/or driver's license information, and other available identifying particulars used to compare the identity of an individual being screened with a subject in the TSDB; Biometric information, such as photographs, fingerprints, or iris images, and associated biographic and contextual information; References to or information from other government law enforcement and intelligence databases, or other relevant databases that may contain terrorism or national security information, such as unique identification numbers used in other systems; Information collected and compiled to maintain an audit trail of the activity of authorized users of WLS information systems; and System-generated information, including metadata, archived records and record histories from WLS. 19 DHS states that the agency is currently planning future enhancements to the Watchlist Services that will streamline the process by which DHS relays potential watchlist matches to the FBI. 20 Any future enhancements relaying potential watchlist matches may compromise personal privacy, as the TSDB has routinely threatened individual privacy. Since EPIC s previous TSDB comments, government watchlist problems continue to persist. The government s Watchlisting Guidance document, dated March 2013, was made public in 2014. 21 The guidance document provides the rules for inclusion in the TSDB and the many watchlists maintained by that database setting a low bar of reasonable suspicion for inclusion on watchlists. 22 The document indicates that concrete facts are not required for the government to label an individual a terrorist, stating, Although irrefutable evidence or concrete facts are not necessary, to be 19 Id. 20 TSDB SORN at 3,813. 21 National Counterterrorism Center, March 2013 Watchlisting Guidance, available at https://theintercept.com/document/2014/07/23/march-2013-watchlisting-guidance/. 22 Id. at 33. 7

reasonable, suspicion should be as clear and as fully developed as circumstances permit. 23 There are exceptions to the low reasonable suspicion standard. Immediate family members of suspected terrorists can be watchlisted without suspicion. 24 Similarly, certain associates with a defined relationship to the suspected terrorist can be placed on a watchlist without suspicions. 25 The consequence is that innocent individuals and his/her immediate family members could be subject to secret government dragnets. Once on a watchlist, it is nearly impossible to be removed. 26 The DHS does not inform people that they are in the agency s TSDB. The only recourse for an individual who thinks s/he might incorrectly be placed in the TSDB is through the DHS Traveler Redress Inquiry Program ( TRIP ), in which a TRIP applicant submits a request to the TSA for an administrative appeals process. The TSA then conducts an internal review and based on that review, the Terrorist Screening Center will make a final agency decision. In September 2014, the GAO reported that despite the DHS s stated guidelines that it will provide a final agency decision on the appeal within 60 days of the receipt of the appeal, the average total processing time for the appeals process for fiscal years 2011 through 2013 was 276 days. 27 Until their appeals are cleared, passengers may be denied boarding, delayed, or subject to intrusive enhanced security procedures. A 2012 GAO 23 Id. at 34. 24 Id. at 43. 25 Id. at 44-45. 26 See Ibrahim v. Dep't of Homeland Sec., 669 F.3d 983 (9th Cir. 2012). 27 Government Accountability Office, Secure Flight: TSA Could Take Additional Steps to Strengthen Privacy Oversight Mechanisms 24 (Sept. 2014). 8

report found that there was no agency responsible and accountable for routinely conducting government-wide assessments of how agencies are using the watchlist to make screening or vetting decisions and related outcomes or the overall impact screening or vetting programs are having on agency resources and the traveling public. 28 Despite the high risk of error in the database, the documented cases of innocent people ending up in the database, DHS proposes to continue to exempt this database containing detailed, sensitive personal information from well-established Privacy Act safeguards. Consistent and broad application of Privacy Act obligations are the best means of ensuring accuracy and reliability of the data used in government databases. 29 III. The Privacy Act Requires DHS to Afford Fundamental Privacy Rights to the Subjects of TSDB Records When it enacted the Privacy Act in 1974, Congress sought to restrict the amount of personal information federal agencies could collect, and it required agencies to be transparent in their information practices. 30 Congress found that the privacy of an individual is directly affected by the collection, maintenance, use, and dissemination of personal information by Federal agencies, and recognized that the right to privacy is a personal and fundamental right protected by the Constitution of the United States. 31 In 2004, the Supreme Court underscored the importance of the Privacy Act s restrictions upon agency use of personal data to protect privacy interests, noting that: 28 GAO, Terrorist Watchlist: Routinely Assessing Impacts of Agency Actions since the December 25, 2009, Attempted Attack Could Help Inform Future Efforts, 26 (May 2012), available at http://www.gao.gov/assets/600/591312.pdf. 29 The Privacy Act of 1974, Pub. L. 93-579, 2, 88 Stat. 1896 (Dec. 31, 1974). 30 S. Rep. No. 93-1183 at 1 (1974). 31 Pub L. No. 93-579 (1974). 9

[I]n order to protect the privacy of individuals identified in information systems maintained by Federal agencies, it is necessary... to regulate the collection, maintenance, use, and dissemination of information by such agencies. Privacy Act of 1974, 2(a)(5), 88 Stat. 1896. The Act gives agencies detailed instructions for managing their records and provides for various sorts of civil relief to individuals aggrieved by failures on the Government s part to comply with the requirements. 32 Despite these clear statements of legislative mandate and the ongoing privacy and civil liberties risks posed by watchlists, DHS proposes to reissue Privacy Act exemptions for the agency s copy of the TSDB, while expanding the number of people in the database and adding additional consumers of the information. 33 This would exclude the records from a number of meaningful privacy protections Congress established in the Privacy Act. IV. DHS s Broad Claims of Privacy Act Exemptions Remove any Meaningful Privacy Safeguards for this Vast Database DHS claims numerous Privacy Act exemptions for the TSDB. DHS claims exemption for the records maintained in TSDB from 552a(c)(3)-(4); (d); (e)(1);(e)(2); (e)(3); (e)(4)(g), (H), and (I); (e)(5); (e)(8); (f); and (g). Several of DHS s claimed exemptions would further exacerbate the impact of its proposed expansions to the categories of records in this system of records. For example, DHS exempts itself from 552a(e)(1), which requires agencies to maintain only those records relevant to the agency s statutory mission. The agency exempts itself from 552a(e)(4)(I), which requires agencies to disclose the categories of sources of records in the system. And the agency exempts itself from its Privacy Act 32 Doe v. Chao, 540 U.S. 614, 618 (2004). 33 See TSDB SORN at 3,811; TSDB NPRM at 3,748. 10

duties under to 552a(e)(4)(G) and (H) to allow individuals to access and correct information in its records system. In other words, the DHS claims the authority to collect any information it wants without disclosing where it came from or accounting for its accuracy or acknowledging its existence. DHS attempts to circumvent the intent of the Privacy Act by expanding a massive government database of detailed personal information that lacks accountability. DHS s proposed exemptions from 5 U.S.C. 552a(c)(3), (e)(8), and (g) only serve to increase the secrecy of the database and erode agency accountability. DHS claims that accounting for disclosures, granting individuals access to their records, and implementing notification regulations may put entities on notice that they are being investigated, thereby hindering their investigative efforts. 34 While EPIC recognizes the need to withhold notice during the period of the investigation, individuals should be able to know, after an investigation is completed or made public, the information stored about them in the system. Access to records of a completed investigation, with appropriate redactions to protect the identities of witnesses and informants, would provide individuals and entities with the right to address potential inaccuracies. And because the investigations have already been completed, DHS s law enforcement purposes would not be undermined and DHS could still protect individual privacy rights. The Privacy Act is intended to guard the privacy interests of citizens and lawful permanent residents against government intrusion and to establish accountability for the government s collection and use of personal information. By asserting an exemption that 34 TSDB NPRM at 3,749-50. 11

allows the agency to encroach on an individual s right to know about disclosures of her/his personal information held by the agency, DHS violates the central purpose of the Privacy Act. V. Conclusion and Recommendations For the foregoing reasons, DHS s proposed expansion of the TSDB is contrary to the core purpose of the federal Privacy Act. Accordingly, DHS must narrow the scope of its proposed Privacy Act exemptions. Sincerely, Khaliah Barnes EPIC Associate Director and Administrative Law Counsel Jeramie D. Scott EPIC National Security Counsel Jin Nie EPIC Law Clerk Ajay Sunder EPIC Law Clerk 12

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback