• Categories

  • Archives

    « Home

    Homeland Security Privacy Office Issues Annual Report

    The Department of Homeland Security’s Privacy Office has issued its annual report (3.1 MB pdf). DHS explains that eleven elements contribute to its “Culture of Privacy.” 1. Collaboration 2. Redress 3. Transparency 4. Compliance Management 5. Policy 6. Organization 7. FIPPS (Fair Information Practice Principles) 8. Operational Effectiveness 9. Privacy Incidents Management 10. Internal Education and Awareness 11. Public Education

    Though it is my job to keep track of privacy issues, especially ones related to the government, I am not able to catch every important development as it occurs. So the report is helpful in highlighting programs, reports or issues that I might have missed. For example, I didn’t know the office had issued a privacy impact assessment (pdf) on the use of camera surveillance (also called CCTV) in a DHS research program.

    The DHS Privacy Office has developed a CCTV PIA template that asks targeted questions associated with the development and deployment of CCTV technologies. This PIA, which was first used in July 2007 with the Secure Border Initiative (SBInet), was used with an S&T research project titled “Reality Mobile Kentucky Project” during this reporting period. The Reality Mobile Kentucky Project is an S&T research and development effort that seeks to test the operational effectiveness and efficiency of streaming video for law enforcement applications. S&T conducted the PIA because the project requires the Kentucky State Police to capture images of individuals during the field test in accordance with their law enforcement authorities, standard operating procedures, and applicable state and local laws.

    Also, the report gave details about Homeland Security searches of electronic devices (laptops, mobile phones, cameras, etc.) at the borders. A privacy impact assessment on this practice will be released in “the next reporting year.”

    CBP and ICE may conduct border searches of electronic devices as part of CBP’s mission to interdict and ICE’s mission to investigate violations of federal law at and related to U.S. borders. CBP Officers and ICE Special Agents conduct border searches of electronic devices to determine whether a violation of U.S. law has occurred. These searches have been an integral part of CBP’s and ICE’s border security and law enforcement missions since the inception of their predecessor agencies the U.S. Immigration and Naturalization Service and the U.S. Customs Service. In an effort to provide greater transparency, DHS Headquarters, the DHS Privacy Office, CBP, and ICE have undertaken a PIA that assesses the program in light of the FIPPs to discuss the relative rarity of these searches and the safeguards in place to protect the privacy of travelers subject to such a search. The PIA will be issued during the next reporting year.

    To place the practice in perspective, between October 1, 2008 and May 5, 2009, CBP encountered more than 144.4 million travelers at U.S. ports of entry. Of these travelers, approximately 3.1 million (2.2% of the 144.4 million travelers) were referred to secondary inspection; however, CBP only conducted 1,947 searches of electronic media during this time period. A “search” in this regard may be as simple as turning on the device to ensure it is what it purports to be. Detailed information on these searches is only available for those performed on laptops. Of the total number of searches of electronic media, only 696 (0.022% of the 3.1 million travelers referred to secondary inspection) were performed on laptops, which does not necessarily involve an in-depth search of the device. Of the 696 travelers subject to laptop inspection, officers conducted in-depth searches of 40 laptops.

    The report discusses privacy issues for various programs, as well as advisory committees DHS has worked with and reports about privacy that have been issued. It also notes strides it has taken in issues such as reducing backlogs in processing Freedom of Information Act requests. There has also been “mandatory and supplemental privacy training” in compliance, security, intelligence and analysis, among other types of training.

    The office notes it has released guidelines (pdf) for safeguarding “sensitive personally identifiable information” that it retains or uses. In it, the instructions for protecting sensitive PII follow the Fair Information Practices and OECD Guidelines. The office also released guidance on privacy policy and implementation of the Fair Information Practices, which are the basis of numerous privacy frameworks.

    Leave a Reply