Department of Homeland Security Chief Privacy Office and Privacy

Department of Homeland Security Chief Privacy Office and Privacy

Latest News

  • DHS Privacy Complaints Increase in 2013, Many Databases Kept Secret: The Department of Homeland Security Quarterly Report to Congress details programs and databases affecting privacy. According to the agency, DHS received 964 privacy complaints between September 1, 2013 and November 30, 2013. By contrast, DHS received 295 privacy complaints during the same period in 2011. According to the report, most DHS systems complies with Privacy Act notice requirements. However, the report also indicates that the DHS maintains many databases with personally identifiable information that lack required Privacy Act notices. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy. (May. 27, 2014)
  • Homeland Security Seeking Applicants to Join Privacy Board: The Department of Homeland Security has announced that it is seeking applicants for the Data Privacy and Integrity Advisory Committee. The Committee was established to advise the agency on issues related to personally identifiable information, data integrity, and other privacy-related matters. The agency has a mandate from Congress to ensure that its programs “do not erode privacy protections” and to ensure that personal information is “handled in full compliance with fair information practices as set out in the Privacy Act of 1974.” For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy and EPIC: EPIC v. DHS (Suspension of Body Scanner Program). (Jun. 28, 2012)
  • EPIC Asks Ombudsman to Investigate DHS FOIA Practices: EPIC has submitted a letter to the Office of Government Information Services, asking for an investigation into FOIA practices at the Department of Homeland Security. EPIC explained that the federal agency, which includes the TSA and the Bureau of Customs and Border Protection, routinely denies fee waivers in circumstances where the agency knows that the requester properly qualifies. By way of example, EPIC cited a recent FOIA appeal in which the agency wrongly denied a fee waiver request. EPIC said that the practice creates additional work for sophisticated FOIA requesters and may, as a practical matter, prevent other requesters from pursuing important FOIA requests. For more information, see EPIC: DHS Privacy Office and EPIC: Litigation Under the Federal Open Government Laws. (Jun. 4, 2012)
  • DHS Privacy Office Issues Quarterly Report to Congress: The DHS Privacy Office has issued its First Quarter Fiscal Year 2012 Report to Congress. The report details DHS programs and functions that affect privacy, such as privacy impact assessments and system of records notices. The report also summarizes the 295 privacy compliance complaints that DHS has received between September 1, 2011 and November 30, 2011. EPIC has closely followed DHS Privacy Office activities, and has worked to ensure timely release of DHS privacy reports. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy. (Mar. 26, 2012)
  • DHS Privacy Office Releases 2011 Data Mining Report: The Department of Homeland Security has released the 2011 Annual Data Mining Report. The report must include all of the Agency’s current activities that fall within the legislative definition of “data mining.” Among other things, this year’s report references the Agency’s programs to profile individuals entering or leaving the country to determine who should be subject to “additional screening.” A FOIA request by EPIC in 2011 revealed that the FBI’s standard for inclusion on the list is “particularized derogatory information,” which has never been recognized by a court of law. The report also provides information on Secure Flight and Air Cargo Advanced Screening. For more information, see EPIC: FBI Watch List FOIA and EPIC: DHS Privacy Office. (Mar. 5, 2012)
  • Federal Judge Limits Suspicionless Laptop Searches at Borders: A federal judge has ruled against the Department of Homeland Security’s Customs and Border Protection claim that agents could not only search the electronic devices of cross-border travelers without a warrant or even reasonable suspicion, they could also seize the devices indefinitely for more invasive searches. In United States v. Hanson, U.S. District Judge Jeffrey White ruled that “[g]iven the passage of time between the January and February searches and the fact that the February search was not conduct[ed] at the border, or its functional equivalent, the court concludes that the February search . . . must be justified by reasonable suspicion.” Last October, EPIC and 20 other organizations sent a letter to the House Committee on Homeland Security objecting to this practice and other privacy violations. For more information, see EPIC: DHS Privacy Office. (Jun. 11, 2010)
  • Congressional Committee Investigating Privacy Office at Homeland Security, Acknowledges Privacy Coalition Letter: House Homeland Security Committee Chairman Bennie Thompson has responded to the Privacy Coalition letter regarding the Chief Privacy Officer of the Department of Homeland Security. Chairman Thompson said that “the Committee is in the process of reviewing the programs outlined” in the letter, and thanked the Coalition for bringing the issues to the attention of the committee. He further stated that the Committee “will continue to examine the Department’s programs and policies and vigorously address privacy concerns and issues.” For more information, see EPIC DHS Privacy Office and Privacy Coalition. (Nov. 12, 2009)
  • EPIC Pursues DHS Official’s Public Calendar: EPIC has filed a FOIA appeal with the Department of Homeland Security for the calendar of the Chief Privacy Officer. EPIC submitted the original request to find out why the DHS Privacy Officer could not meet with privacy groups in Washington, DC. The agency turned over many pages from the calendar, but the entries were all blacked out. In the appeal, EPIC said the agency has failed to comply with the open government law and also cited the President’s commitment to government transparency concerning the activities of public officials. For more information, see EPIC Open Government. (Sep. 18, 2009)
  • EPIC joined the Privacy Coalition letter sent to the House Committee on Homeland Security urging them to investigate the Department of Homeland Security’s (DHS) Chief Privacy Office. DHS is unrivaled in its authority to develop and deploy new systems of surveillance. The letter cited DHS use of Fusion Center, Whole Body Imaging, funding of CCTV Surveillance, and Suspicionless Electronic Border Searches as examples of where the agency is eroding privacy protections. EPIC Fusion Centers, EPIC Whole Body Imaging, and EPIC CCTV.
  • In a letter to the Chief Privacy Officer of the Department of Homeland Security, EPIC asked when the annual privacy report will be made available. The Department is required by law to provide an annual report “on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters.” The last privacy report was published in July 2008. EPIC has previously sent similar letters to the Department, reminding the agency of its legal obligation to inform the public about its activities. For more information, see EPIC’s Privacy Report Held Hostage page.


On November 25, 2002, the Homeland Security Act of 2002, H.R. 5005 became Public Law 107-296.[text][pdf] The Act established the Department of Homeland Security (DHS) as the 15th Cabinet level agency within the United States Federal government. The head of each of these agencies (most are designated as “Secretaries”) is appointed by the President and then must be confirmed by the U.S. Senate.

No federal agency has greater budget authority to develop systems of surveillance directed toward the American public than the Department of Homeland Security. Among the provisions of the law establishing DHS is the statutory language that creates the DHS’ Chief Privacy Office. The Chief Privacy Office is led by the first statutorily required Privacy Officer at any federal agency.

Statutory Authority of the DHS Chief Privacy Office

As set out in the DHS Act and amended by the 9/11 Commission Act of 2007, the statutory responsibilities of the Chief Privacy Officer include the following:

(1) assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information;
(2) assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974;
(3) evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;
(4) conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected;
(5) coordinating with the Officer for Civil Rights and Civil Liberties to ensure that;

(A) programs, policies, and procedures involving civil rights, civil liberties, and privacy considerations are addressed in an integrated and comprehensive manner; and
(B) Congress receives appropriate reports on such programs, policies, and procedures; and

(6) preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters.

To help the DHS Chief Privacy Officer achieve these goals, Congress granted considerable investigative authority, including access to nearly all documentation relating to Department programs, the power to conduct investigations into any program or operation, the power to take sworn affidavits, and the power to issue subpoenas with the approval of the Secretary of Homeland Security.

List of DHS Chief Privacy Officers

Nuala O’Connor Kelly: April 16, 2003-September 30, 2005
Maureen Cooney: Acting Chief Privacy Officer October 1, 2005-July 2006
Hugo Teufel, III: July 21, 2006-January 20, 2009
John W. Kropf: Acting Chief Privacy Officer January 20, 2009-March 9, 2009
Mary Ellen Callahan: March 9, 2009-August 1, 2012
Jonathan Cantor:Acting Chief Privacy Officer August 2012-Present

Problems with the Chief Privacy Office

The Chief Privacy Office has not done the work that Congress set out for it to do. Instead, it has focused almost exclusively on the fourth statutory duty, conducting a privacy impact assessment for each Department action. The annual reports of the Chief Privacy office note that the Office is divided into two major functional units: Privacy Compliance; and Departmental Disclosure and FOIA. The structure of the annual report reveals the Office’s confusion of these two duties, to the detriment of the former. The Chief Privacy Office has focused almost exclusively on the publication of Privacy Impact Assessments of privacy invasive DHS technology acquisitions rather than as a check on activity that negatively impacts privacy.

The following is a brief list of examples, programs undertaken by the Department of Homeland Security since its start during the Bush Administration, which the Chief Privacy Office has allowed to go forward:

In each of the above cases, the Privacy Office has failed in its statutory duty to assure that the use of technologies does not erode privacy protections relating to use, collection, and disclosure of personal information. It has written Privacy Impact Assessments, but these Assessments have no force, no meaningful effect on the Department’s activities.

Fusion Centers and the Information Sharing Environment

The principal role of the fusion center is to compile, analyze, and disseminate criminal/terrorist information and intelligence and other information (including, but not limited to, threat, public safety, law enforcement, public health, social services, and public works) to support efforts to anticipate, identify, prevent, and/or monitor criminal/terrorist activity, with specific reference to welfare fraud. This criminal information and intelligence should be both strategic (i.e., designed to provide general guidance of patterns and trends) and tactical (i.e., focused on a specific criminal event).

Fusion centers would not be limited to accessing information only held by local, state, and federal law enforcement or criminal justice information databases, but would extend to privacy sector businesses as well as other publicly held systems of records.

A Congressional Research Service Report on Fusion Centers outlined several fundamental problems with the Guidance on Fusion Center development: first, adherence is voluntary, second, the philosophy outlined is generic and does not translate theory into practice, and third, they are oriented toward the mechanics of Fusion Center establishment. The majority of regional Fusion Centers are concentrated in large urban areas. The jurisdictions of these centers are also covered by state Fusion Centers, but there is a question regarding how overlapping jurisdictions are managed.

The CRS Report on Fusion Centers also point out that there is no single legal authority that govern the operation of Fusion Centers.

The Department of Homeland Security set out an objective to create by 2008 a network of fusion centers as a unique law enforcement and threat information resource that could facilitate across jurisdictions and functions supported by multidisciplinary teams dispersed throughout a national network of information hives.

In December, 2008, the Privacy Office finally released its Privacy Impact Assessment (PIA) for the Fusion Center project. The PIA identifies seven risks to privacy presented by the program, then examines these issues and explains the mitigation strategies for those risks . . . . Where necessary, the Privacy Office offers recommendations on how DHS (and individual fusion centers) can take additional action to further enhance the privacy interests of the citizens they are charged with protecting. These mitigation strategies are not solutions, however, and they do not prevent the fusion center program from eroding citizens privacy.

For instance, the PIA emphasizes that fusion centers are encouraged to publish their privacy compliance documentation, including an individualized PIA; establish a privacy committee to interact with their local privacy advocacy communities; and to listen to and address concerns whenever possible. When addressing the important principle of use limitation, the PIA notes only that [t]he sharing occurs within the general confines of a nexus to terrorism and protecting the homeland. The PIA solution to ambiguous lines of authority, rules, and oversight is to assume that training will mitigate this concern. The most encouraging part of the Fusion Center PIA is the Office’s commitment to revisit the question as the program develops.

Merely writing the PIA does not provide this necessary oversight. Neither does encouraging fusion centers to take certain actions without mandating those actions as conditions of receiving funding. The Department of Homeland Security has the ability to require that fusion centers participating in the program satisfy privacy requirements like those recommended in the PIA. To fulfill the statutory mission of assuring that new programs do not erode citizens privacy, the Chief Privacy Officer is obligated to restrict the implementation of such programs. As such, while the Office has promised to revisit the question of Fusion Center privacy, in the meantime the individual centers are moving forward with little oversight and no privacy requirements.

Whole Body Imaging

Airport security has undergone significant changes since the terrorist attacks of Sept. 11, 2001. Recently, the Transportation Security Administration (TSA) announced a proposal to purchase and deploy new passenger imaging technology – called “whole body imaging,” “body scanners,” and “advanced imaging technology – to screen air travelers at all airports. Security experts have described these machines, which show detailed images of a person’s naked body, as equivalent to a virtual strip search for all air travelers. The image resolution of the technology is high, so the picture of the body presented to screeners is detailed enough to show genitalia. These images are not necessarily temporary – the machines have the capability to store, record, and transfer detailed, three-dimensional images of individuals. This proposal, along with the agency’s controversial plan to profile air travelers, shows extraordinary disregard for the privacy rights of air travelers.

In April 2009, the TSA announced that body scanners would replace metal detectors at airport security checkpoints. This was a marked departure from the earlier promises by the agency that the technology would only be used for secondary screening of air travel passengers. In response to a statement from the Privacy Coalition, a nonpartisan coalition of consumer, civil liberties, educational, family, library, labor, and technology organizations, the TSA issued a statement of its own, promising that the agency would “continue to listen to the public, and . . . constantly look for ways to improve [its] outreach and education.” Rather than take the opportunity to review privacy concerns, the agency has chosen to address the issue only as a matter of outreach and education.

The PIA for the pilot program, issued during the annual reporting period, is similarly directed towards education. It focuses almost entirely on separation between the agent viewing the image and the person being scanned, as well as on constant reassurance that the ability to save images will be disabled. It also focuses on the fact that the whole body imaging will be an option for travelers.

Perhaps most troubling about the body scanner program is its almost complete absence from the CPO’s 2009 annual report. It is mentioned only twice: once in passing as a topic of an outreach briefing, and again in a list of security programs undertaken by TSA in a discussion of component programs. This second mention highlights the same features of the program described in the PIA, but does not discuss the April 2009 policy change. With that announcement, the scope of whole body imaging dramatically increased. Surely the report should have noted this change and its effects. This omission is compounded by the fact that a July 2009 update to the body scanner PIA also fails to mention the April 2009 expansion of the body scanner program. Given multiple opportunities, the Privacy Office has neglected to address significant privacy issues associated with an expanded body scanner program.

Closed-Circuit Television (CCTV) Surveillance

In December 2007, the Privacy Office conducted a workshop “CCTV: Developing Privacy Best Practices” during which privacy experts testified on the expectation of privacy in public spaces. The resulting report summarized the various panels and presented some useful recommendations; however, it is not clear from either the activities of the Department or the 2009 Annual Report whether the recommendations have been implemented in any way.

The 2007 workshop had several conclusions for CCTV privacy best practices. It strongly recommended that localities implementing CCTV provide cost-benefit analysis of the decision to employ CCTV; opportunities for community involvement in the process; and, most importantly, written policies addressing privacy and civil liberties concerns, including, at minimum, the following:

1. Definition of appropriate use;
2. Access rights for those whose images are identified;
3. Security controls governing the use;
4. Appropriate limits on the location of cameras;
5. Monitoring for inappropriate uses;
6. Retention policies;
7. Adequate training of personnel with access to the systems; and
8. Internal and external auditing.

The report concluded by noting that all of the Workshop panelists cited the importance of public support within the community for the use of cameras and that they strongly supported drafting and implementing policies to protect privacy and civil liberties before undertaking CCTV programs.

Nevertheless, even though the report is now almost two years old, the Department of Homeland Security has failed to turn its recommendations into actual practices. Meanwhile, the Department continues to issue grants for CCTV development. The DHS grant application, which localities must complete in order to apply for funding for such projects, would be an excellent place to require policies of the type recommended by the report. Instead, it makes no mention of any such policies, either as requirements or even as recommendations.

The Chief Privacy Office Annual Report July 2008-July 2009 touts the 2007 CCTV workshop, but makes no statement at all about implementing its recommendations, or planning to do so in the future. As such, there is no indication that the Chief Privacy Officer has taken any action to prevent the erosion of privacy through the use of CCTV. This failure to act is especially grievous because the results of the 2007 workshop demonstrate a clear path that the Office could follow to implement safeguards. Instead the workshop report has languished for almost two years, while the Department has proceeded ahead with the CCTV program, funding programs in many localities and airports across the country.

Suspicionless Electronic Border Searches

Agents of U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE) have claimed broad power to search the person and personal belongings of anyone crossing the border into the United States without suspicion of wrongdoing. In recent years this rationale has been extended to searching travelers’ electronic devices. The Privacy Office briefly mentioned this issue in its 2009 annual report and published a full fledged Privacy Impact Assessment on this issue was published in August 2009.

The PIA lists two privacy concerns surrounding the suspicionless border search program. The first, whether the search is lawful, the PIA quickly dismisses, simply noting that “the legal foundation for border searches of any object at the border, regardless of its type, capacity, or format, is well-established.” The PIA states that “[t]he second and more central privacy concern is the sheer volume and range of types of information available on electronic devices as opposed to a more traditional briefcase or backpack.” The PIA acknowledges, quite correctly, that, “[w]here someone may not feel that the inspection of a briefcase would raise significant privacy concerns because the volume of information to be searched is not great, that same person may feel that a search of their laptop increases the possibility of privacy risks due to the vast amount of information potentially available on electronic devices.”

Yet, after acknowledging these increased risks and the ways in which electronic searches may not fall under the same analysis as that used in physical searches, the report does little to mitigate those risks. In fact, the stated intent of the Assessment is not to reduce or prevent the erosion of privacy, but “to enhance public understanding of the authorities, policies, procedures, and privacy controls related to these searches.” As with the TSA’s whole body imaging letter, the rest of the PIA reads like an outreach tool, an opportunity for the agencies themselves to explain to the public why they have the right to invade privacy so extensively. It describes in some form the limitations that exist on the agencies ability to share the data, but makes almost no prospective conclusions about ways that privacy invasions could be reduced or eliminated.

The Annual Report’s treatment of the issue focuses primarily on the relative rarity of these searches when compared to the number of travelers crossing America’s border each year. Indeed, the cited numbers do show that the searches are relatively rare. Nevertheless, the agency refuses to release any guidelines for future searches, and refuses to even release retrospective descriptions of what motivated the rare searches that have already taken place. This does little to assuage fears that CBP and ICE retain the substantial power to invade travelers’ privacy for no reason and with no recourse.

Exemptions to the Privacy Act of 1974

The Office also certifies the Department’s requests for exemptions to its obligations under the Privacy Act of 1974. Since the Department’s founding, the Department and its component agencies have implemented a ridiculous number of exemptions for itself under the Privacy Act. These exemptions have the practical effect of limiting the privacy rights of Americans that would otherwise be enforced under the Privacy Act. For each of these exemptions, the Chief Privacy Officer had the opportunity to reject the request, but instead authorized the exemption. In many cases, the CPO’s signature appears in the proposed or final rulemaking.

Other component agencies within DHS such as the Transportation Security Administration (TSA provides information on its own Web site) and Federal Emergency Management Agency have also sought Privacy Act exemptions for their work.

DHS has also expressed support for a new National ID proposal called PASS ID.

Annual Chief Privacy Office Reports


News Articles