The Department of Homeland Security’s (DHS) data mining systems need additional oversight, review and evaluation to protect privacy rights, ensure transparency to the public and enable effective counterterrorism efforts, stated the General Accountability Office (GAO) in a report released last week.
Of six component agency data mining systems evaluated, “none performed all of the key activities associated with an effective evaluation framework…Only one program office performed most of the activities related to obtaining executive review and approval,” said the report. “Until such reforms are in place, DHS and its component agencies may not be able to ensure that critical data mining systems used in support of counterterrorism are both effective and that they protect personal privacy.”
Representatives Donna Edwards of Maryland and Brad Miller of North Carolina, members of the House Science, Space and Technology Committee found some of GAO’s findings on DHS’ privacy violations “disturbing,” they stated in a in an Oct. 7 press release.
“It is alarming that DHS needed GAO to point out that the agency’s data mining program has been violating its own privacy protocols for more than three years by sharing sensitive personal information with local, state, and federal officials,” said Edwards.
The representatives cited DHS’ sharing of certain information from the Immigration and Customs Enforcement Pattern Analysis and Information Collection (ICEPIC) program with state and local law enforcement agencies without review or approval by DHS’s privacy office, violating the department’s Privacy Impact Assessment (PIA) protocol.
“The intelligence community has to stop using the legitimate need for some secrecy in counter-terrorism to hide from oversight, and Congress needs to get over our ‘gee-whiz’ attitude when we deal with the intelligence community,” said Miller.
Jim Crumpacker, director of the GAO liaison office at DHS, stated in a letter commenting on the report that the agency concurred with all of GAO’s recommendations and is taking steps to address the issues.
As a result of GAO’s findings the DHS chief privacy officer has begun an investigation into the ICEPIC program and will now include an unclassified abstract of PIAs in an annex to its annual report to Congress that lists those that have been “either redacted in part or withheld from publication” due to national security considerations. DHS also will make those restricted PIAs available to Congress for review.
Crumpacker also noted that GAO’s definition of data mining was broader than the one used by the agency, which is based on the definition provided in the Federal Agency Data Mining Reporting Act of 2007. Additionally, he noted that two of the evaluated programs, version 1.0 of the Citizenship and Immigration Data Repository (CIDR) and Analytical Framework for Intelligence (AFI), are still under development and thus have not yet been reviewed for the issues cited by GAO.