DHS Trying to Make New Terrorist “Watchlist Service” Exempt from Privacy Act

U.S. Attorney General Eric Holder (L) and Homeland Security (DHS) Secretary Janet Napolitano hold a joint news conference at the Justice Department in Washington August 3, 2011. REUTERS/Yuri Gripas

Privacy groups challenge proposal expanding access to terrorist watch list (Government Executive):

The Homeland Security Department’s plan to centralize and expand in-house access to the FBI’s database of suspected terrorists has prompted a letter of protest from a coalition of Washington privacy organizations.

In public comments submitted Aug. 5, a coalition led by the Electronic Privacy Information Center challenged a proposed rule under which Homeland Security would duplicate an existing system of records to create the DHS Watchlist Service. It will contain individuals’ names, dates and places of birth, biometric and photographic data, passport information, driver’s license information and “other available identifying particulars.”

Homeland Security during the past year has been reviewing the eight-year-old terrorist screening database used at airports and is preparing, as set out in the July 6 proposal, to widen employee access to a mirror copy of the records created by the FBI and Justice Department “in order to automate and simplify the current method for transmitting” the data to DHS component agencies including the Transportation Security Administration. TSA uses the terrorist watch list for the Secure Flight program, which allows it to instantly check passenger names that airlines were given by ticket purchasers against a consistent national watch list of suspected terrorists.

David Heyman, assistant Homeland Security secretary for policy, told the Senate Homeland Security and Governmental Affairs Committee in July that DHS had identified screening gaps during a review of the terrorism suspect database. Hence the department “has transitioned the Secure Flight program to use all terrorist watch list records containing a full name and a full date of birth and designates matches to those records as selectees subject to enhanced physical screening prior to boarding a flight,” Heyman said.

“Notice of Proposed Rulemaking” DHS-2011-0060 EPIC Comments (epic.org):

DHS seeks “routine use” exemptions from the agency’s Privacy Act obligations regarding its disclosures of individuals’ personal information. Congress has ordered all executive agencies to disclose, upon any data subject’s request, an accurate accounting of “the date, nature, and purpose of each disclosure of a record [regarding that data subject] to any person or to another agency.” Congress has also mandated that agencies “inform any person or other agency about any correction or notation of dispute made by the agency [about the accuracy of a data subject’s records].” DHS seeks to circumvent these requirements, arguing that compliance could “reveal investigative interest” on the part of DHS. The agency alleges that such a revelation would “present a serious impediment to law enforcement efforts and/or efforts to preserve national security.” But DHS proffers no evidence for this claim.

Vague national security and law enforcement concerns vindicate neither the government’s secretive collection of personal information nor subsequent disclosures through WLS between agencies and government personnel. Without specific justifications linked to the WLS program, the agency is not authorized to evade the meaningful safeguards Congress designed to ensure accuracy and legality of government recordkeeping. The Senate Report from 1974 emphasizes that “it is fundamental to the implementation of any privacy legislation that no system of personal information be operated or maintained in secret by a Federal agency.

76 FR 39315 Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-030 Use of the Terrorist Screening Database System of Records (federalregister.gov):

The Department of Homeland Security is giving concurrent notice of a newly established system of records pursuant to the Privacy Act of 1974 for the “Department of Homeland Security/ALL—030 Use of the Terrorist Screening Database System of Records” and this proposed rulemaking. In this proposed rulemaking, the Department proposes to exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil, and administrative enforcement requirements.

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Homeland Security (DHS) proposes to establish a new system of records titled, “DHS/ALL—030 Use of the Terrorist Screening Database (TSDB) System of Records.” DHS is maintaining a mirror copy of the Department of Justice (DOJ)/Federal Bureau of Investigation (FBI)—019 Terrorist Screening Records System of Records (August 22, 2007, 72 FR 47073) in order to automate and simplify the current method for transmitting the TSDB to DHS and its components.

Homeland Security Presidential Directive 6 (HSPD-6), issued in September 2003, called for the establishment and use of a single consolidated watchlist to improve the identification, screening, and tracking of known or suspected terrorists and their supporters. The FBI/TSC maintains and distributes the TSDB as the U.S. government’s consolidated terrorist watchlist. DHS and the FBI/TSC, working together, have developed the DHS Watchlist Service (WLS) in order to automate and simplify the current method for transmitting TSDB records from the FBI/TSC to DHS and its components.

The WLS will allow the FBI/TSC and DHS to move away from a manual and cumbersome process of data transmission and management to an automated and centralized process. The WLS will replace multiple data feeds from the FBI/TSC to DHS and its components, as documented by information sharing agreements, with a single feed from the FBI/TSC to DHS and its components. The WLS is a system to system secure connection with no direct user interface.

DHS and its components are authorized to access TSDB records via the WLS pursuant to the terms of information sharing agreements with FBI/TSC. DHS is publishing this SORN and has published privacy impact assessments to provide additional transparency into how DHS has implemented WLS. DHS will review and update this SORN no less then biennially as new DHS systems come online with the WLS and are approved consistent with the terms of agreements with FBI/TSC. There are five DHS systems that currently receive TSDB data directly from the FBI/TSC and will use the WLS. These systems have existing SORNs that cover the use of the TSDB:

(1) Transportation Security Administration (TSA), Office of Transportation Threat Assessment and Credentialing: DHS/TSA—002 Transportation Security Threat Assessment System (May 19, 2010, 75 FR 28046);

(2) TSA, Secure Flight Program: DHS/TSA—019 Secure Flight Records System (November 9, 2007, 72 FR 63711);

(3) U.S. Customs and Border Protection (CBP), Passenger Systems Program Office for inclusion in TECS: DHS/CBP—011 TECS System (December 19, 2008 73 FR 77778);

(4) U.S. Visitor and Immigration Status Indicator Technology (US-VISIT) Program for inclusion into the DHS Enterprise Biometrics Service (IDENT): DHS/USVISIT—0012 DHS Automated Biometric Identification System (June 5, 2007, 72 FR 31080); and

In addition, two DHS components will receive TSDB data via the WLS in the form of a computer readable extract. The components’ use of the TSDB data is covered by existing SORNs:

(1) Office of Intelligence and Analysis (I): DHS/IA-001 Enterprise Records System, (May 15, 2008 73 FR 28128), and

(2) U.S. Immigration and Customs Enforcement (ICE): DHS/ICE-009 External Investigations, (January 5, 2010 75 FR 404).

Information stored in the WLS will be shared back with the FBI/TSC in order to ensure that DHS and the FBI/TSC can reconcile any differences in the database and ensure DHS has the most up-to-date and accurate version of TSDB records. All other sharing will be conducted pursuant to the programmatic system of records notices and privacy impact assessments discussed in this SORN.

DHS is planning future enhancements to the WLS that will provide for a central mechanism to receive information from DHS components when they encounter a potential match to the TSDB and send this information to the FBI/TSC. DHS will update this SORN to reflect such enhancements to the WLS, as part of its biennial reviews of this SORN once that capability is implemented.

DHS is publishing this SORN to cover the Department’s use of the TSDB in order to provider greater transparency to the process.

Concurrent with the publication of this SORN, DHS is issuing a Notice of Proposed Rulemaking to exempt this system from specific sections of the Privacy Act.


II. Privacy Act


The Privacy Act embodies fair information practice principles in a statutory framework governing the means by which the U.S. Government collects, maintains, uses, and disseminates personally identifiable information. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass U.S. citizens and lawful permanent residents. As a matter of policy, DHS extends administrative Privacy Act protections to all individuals where systems of records maintain information on U.S. citizens, lawful permanent residents, and visitors.

The Privacy Act allows government agencies to exempt certain records from the access and amendment provisions. If an agency claims an exemption, however, it must issue a Notice of Proposed Rulemaking to make clear to the public the reasons why a particular exemption is claimed.

DHS is claiming exemptions from certain requirements of the Privacy Act for DHS/ALL—030 Use of the Terrorist Screening Database System of Records. Some information in DHS/ALL—030 Use of the Terrorist Screening Database System of Records relates to official DHS national security and law enforcement activities. These exemptions are needed to protect information relating to DHS activities from disclosure to subjects or others related to these activities. Specifically, the exemptions are required to preclude subjects of these activities from frustrating these processes. Disclosure of information to the subject of the inquiry could also permit the subject to avoid detection or apprehension. In addition, as a recipient of a mirror copy of the TSDB, which is maintained by the FBI/TSC, DHS is carrying forward the exemptions taken by the DOJ/FBI—019 Terrorist Screening Records System of Records (August 22, 2007, 72 FR 47073) in order to prevent these records from improper disclosure. The exemptions proposed here are standard law enforcement and national security exemptions exercised by a large number of federal law enforcement and intelligence agencies. In appropriate circumstances, where compliance would not appear to interfere with or adversely affect the law enforcement purposes of this system and the overall law enforcement process, the applicable exemptions may be waived on a case by case basis.

A notice of system of records for DHS/ALL—030 Use of Terrorist Screening Database System of Records is also published in this issue of the Federal Register.

Share this: