Privacy Impact Assessment for the Watchlist Service
- 22 pages
- July 14, 2010
The Department of Homeland Security (DHS) currently uses the Terrorist Screening Database (TSDB), a consolidated database maintained by the Department of Justice Federal Bureau of Investigation Terrorist Screening Center (TSC) of identifying information about those known or reasonably suspected of being involved in terrorist activity in order to facilitate DHS mission-related functions, such counterterrorism, law enforcement, border security, and inspection activities. DHS and TSC are improving the current method of transmitting TSDB data from TSC to DHS. Through a new service called the “DHS Watchlist Service” (WLS), TSC and DHS will automate and simplify the current manual process. TSC remains the authoritative source of watchlist data and will provide DHS with near real-time synchronization of the TSDB. DHS will ensure that each DHS component system receives only those TSDB records which they are authorized to use under the WLS Memorandum of Understanding and authorized under existing regulations and privacy compliance documentation between TSC and DHS (WLS MOU) and any amendments or modifications thereto. DHS conducted this privacy impact assessment (PIA) because the WLS will maintain a synchronized copy of the TSDB, which contains personally identifiable information (PII), and disseminate it to authorized DHS components.
DHS Users of WLS
All respective PIAs and System of Records Notices (SORNs) document the authorized set of data elements provided to each component screening programs (see Appendix A) that use the TSDB. There are four anticipated DHS component systems slated for the receipt of the bulk data updates from the TSDB through the DHS WLS Data Broker service. The DHS component systems that will receive data updates from the TSC through the DHS WLS Data Broker are managed by the following program offices: (1) the Transportation Security Administration (TSA)Office of Transportation Threat Assessment and Credentialing at TSA; (2) TSA Secure Flight Program; (3) the U.S. Customs and Border Protection (CBP) Passenger Systems Program Office for inclusion in TECS; and (4) the U.S. Visitor and Immigration Status Indicator Technology (US-VISIT) program for inclusion into the DHS Automated Biometric Identification System (IDENT). If DHS systems are added to receive TSC data, DHS will notify TSC and this PIA and accompanying SORN will be updated accordingly.
1.1 What information is collected, used, disseminated, or maintained in the system?
Terrorist Watchlist information is sent to DHS using the Terrorist Watchlist Person Data Exchange Standard (TWPDES) terrorist information sharing extensible markup language (XML) standard that conforms to the National Information Exchange Model (NIEM). The TWPDES messages will provide biographical and biometric data of known or suspected terrorists for the purposes of national security. Information collected includes: name, date of birth, place of birth, biometric and photographic data, passport and/or driver’s license information, and other available identifying particulars used to compare the identity of an individual being screened with a known or suspected terrorist.
In addition, WLS will maintain unique identifiers showing the components it has disseminated the information to in order to maintain an audit log.
In centralizing the receipt of the TSDB, there is a risk that one component could receive more information than it is entitled to under the MOU. This risk is mitigated by the inclusion of administrative access controls and improved oversight of the distribution of the TSDB. Administrative controls include background investigations, secure logins, annual privacy training, security training, etc. for individuals accessing data, and audits. See section 8.1.
WLS will produce and maintain auditing information which will track messages received from the TSC and delivered to DHS components. WLS will provide this information to the TSC to compare and verify data to ensure the accuracy of WLS data. Only administrators have direct access to WLS data. All administrators have successfully completed the DHS Privacy Awareness course and are subject to an annual refresher. All data is transmitted through an encrypted network that is Federal Information Processing Standard (FIPS 140-2) compliant. WLS will further secure the information to DHS component systems using the National Institute of Standards and Technology (NIST) approved transport layer data encryption.