The Department of Homeland Security is working on a new centralized security database, and privacy groups are none too pleased.
DHS is proposing to combine several databases used to identify and screen potential security threats into one central system called the Watchlist Service. The new service, DHS said, will help it and the FBI “move away from a manual and cumbersome process of data transmission and management to an automated and centralized process.”
Privacy groups aren’t objecting to what DHS is collecting, but to what it’s not disclosing.
DHS is asserting ten exemptions from the 1974 Privacy Act, which was enacted by Congress to restrict the amount of personal information federal agencies could collect, and to require agencies to be transparent in their collection practices.
The Electronic Privacy Information Center (EPIC), along with 17 other privacy and consumer advocacy groups, filed a comment with the DHS on August 5 disputing its exemptions, and requesting suspension of the Watchlist Service pending a full review.
The new DHS Watchlist Service will include a duplicate of the FBI’s Terrorist Screening Database. It will also combine four different DHS record systems, including IDENT, which is managed by the US-VISIT Program; the Treasury Enforcement Communication System, which is managed by U.S. Customs and Border Protection; the Transportation Security Threat Assessment System, managed by the Transportation Security Administration (TSA); and TSA’s Secure Flight Records.
The records will contain names, dates and places of birth, biometric and photographic data, passport information, driver’s license information, and “other available identifying particulars.” (RELATED: DHS: Majority of ‘Anonymous’ little more than script kiddies)
Among the exemptions claimed by DHS for its Watchlist Service are:
- The obligation only to maintain records about individuals when “relevant and necessary” for a government agency to accomplish an authorized purpose.
- The obligation to submit to civil remedies and criminal penalties for agency violations of the Privacy Act.
- The right for individuals to request and gain access to government records about the individuals, and to review the records and have copies made.
- The right for subjects of government records to request an “accurate accounting of the date, nature, and purpose of each disclosure” of those records.
- The right to notify government agencies and personnel about corrections to government records pertaining to the individuals.
- The right to request amendments to such government records that the individual believes are not accurate, relevant, timely or complete; and also to a prompt government response either complying with the request or providing the individual reasons for the government’s refusal to comply.
DHS claimed security interests and “routine use” as reasons for exempting information. The agency said disclosing this information could “present a serious impediment to law enforcement efforts and/or efforts to preserve national security.”
DHS also cited “unreasonable administrative burden” as the justification for exempting corrections to its records. It “does not control the accuracy of the information” within this system of records, DHS claims.
Those justifications didn’t fly with EPIC and other privacy groups.
“Vague national security and law enforcement concerns vindicate neither the government’s secretive collection of personal information nor subsequent disclosures through WLS between agencies and government personnel,” the groups wrote in their comment. “Without specific justifications linked to the WLS program, the agency is not authorized to evade the meaningful safeguards Congress designed to ensure accuracy and legality of government recordkeeping.”
Conor Kennedy, EPIC’s appellate advocacy fellow, said his group is concerned with the very idea of a centralized database.
“In general, the more that you centralize any system of records, that’s going to have a detrimental effect on privacy,” Kennedy said. “The ideal way to protect privacy is to maintain information in several decentralized databases.”
And there are problems with the FBI watchlist to begin with. A 2009 report by the Inspector General of the Department of Justice found that, besides poor procedures for adding people, the FBI was also slow in removing people from the list.
On average, nearly two months passed between when a person was cleared and when his or her name was removed from the list. “In one instance,” the report read, “we identified a former subject who remained watchlisted for nearly 5 years after the case had been closed.”
The American Civil Liberties Union estimated at one point that there were more than one million people on the FBI watchlist.
The Department of Homeland Security did not return requests for comment.