On May 29, 2015, EPIC submitted a FOIA request to the United States Coast Guard (USCG) for records related to the Nationwide Automatic Identification System (NAIS). NAIS is a surveillance network that collects and processes information about vessels in coastal and territorial waters. Transceivers located near 58 U.S. ports and 11 U.S. costal areas (see a partial list) gather information from vessels equipped with the Automatic Identification System (AIS), a ship-to-ship collision avoidance system used worldwide.
A ship equipped with AIS broadcasts a regular stream of voiceless data, including the vessel’s name, course, speed, classification, call sign, registration number, and Maritime Mobile Service Identity. Most vessels over 65 feet that operate in U.S. waters are required to carry AIS, and owners of smaller craft can also opt to use it.
Once NAIS transceivers receive AIS data from a vessel, that information is stored, processed, and transmitted to the USCG and other agencies and entities. The system currently receives about 92 million AIS messages a day from 12,700 unique vessels.
NAIS relied mostly on existing infrastructure when it was first rolled out in 2006, but working with Northrop Grumman, the USCG has set up permanent transceivers capable of collecting data from out to 50 nautical miles. Using satellite data, the USCG intends to expand coverage out to 2,000 nautical miles.
NAIS is advertised as a tool to “improve[e] maritime security, marine and navigational safety, search and rescue, and environmental protection services.” However, the system also poses a significant threat to privacy.
The USCG has said, for example, that information collected through NAIS is “combined with other government intelligence and surveillance information to form a holistic, over-arching view of maritime traffic.” What this practice entails is not fully known. The USCG has not divulged the specific agencies and entities to which it discloses real-time data, nor has it explained how such data is stored, analyzed, or combined with other intelligence.
The USCG has also indicated that NAIS data is used to “detect anomalies, monitor suspicious vessels, and pinpoint the location of potential threats.” This raises questions as to how anomalies, suspicious vessels, and potential threats are identified; who makes such identifications; and what effect these designations carry.
On March 28, 2016, after successfully obtaining nearly 2,500 pages of documents on NAIS, EPIC settled its FOIA case against the Coast Guard and the DHS. All NAIS documents obtained by EPIC can be found below under “Freedom of Information Act Documents.”
EPIC opposes government databases of personal data that fail to comply with federal privacy laws. The Privacy Act of 1974 requires all federal agencies that maintain a system of records to publish the details of such record systems in the Federal Register. The publication must describe the intended uses of the system, the policies and practices governing the records, and the procedures agencies must follow to give individuals access to their records. The E-Government Act of 2002 requires agencies to perform Privacy Impact Assessments (“PIA”). PIAs are required when “developing or procuring information technology that collects, maintains, or disseminates information that is in an identifiable form” or “initiating a new collection of information” that contains identifiable information. The USCG and DHS have not published a Systems of Record Notice (“SORN”), as required by the Privacy Act of 1974, or Privacy Impact Assessments (“PIA”), required by the E-Government Act of 2002, regarding the NAIS.
The boating community is also alarmed about the NAIS program. Ralph Naranjo, a widelyregarded mariner, author, and former Vanderstar Chair at the U.S. Naval Academy, expresseddismay that “a sailor’s Good Samaritan effort to share location data will automatically enroll them in a data bank that tracks all of their movements.” In comments to the USCG regarding the agency’s dissemination of NAIS data, BoatU.S., “the nation’s largest organization of recreational boaters,” said that NAIS “raises questions as to who might wish to use [the] data and to what end,” and urged the agency to “narrowly confine the use of [the] data for safety and homeland security purposes.”
EPIC also has a strong interest in domestic surveillance. In 2013, EPIC sought—and later obtained—records revealing many of the capabilities of JLENS, a blimp-based U.S. Army surveillance system set to be deployed over Washington, DC. Also in 2013, EPIC testified before the Texas State Assembly on a privacy bill for telephone location data. EPIC’s testimony discussed GPS tracking and the need for clear rules governing location surveillance that satisfy Fourth Amendment standards, as well as the importance of public reporting and accountability.
EPIC has a particular interest in the impact of new surveillance technologies that have the capacity to enable warrantless, pervasive mass surveillance of the public by law enforcement agents. Justice Sonia Sotomayor addressed pervasive government surveillance of the sort performed with NAIS in a concurring opinion in U.S. v. Jones. Justice Sotomayor agreed with Justice Alito’s conclusion that “at the very least, ‘longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.'” Justice Sotomayor went even further, noting that “cases involving even short-term monitoring … require particular attention” because the “Government can store such records and efficiently mine them for information years into the future …. GPS monitoring is cheap … proceeds surreptitiously, [and] it evades the ordinary checks that constrain abusive law enforcement practices: ‘limited police resources and community hostility.'” Justice Sotomayor expressed concerns that the Government’s use of such technology might chill “associational and expressive freedoms,” and that it may be inappropriate to entrust “to the Executive, in the absence of any oversight from a coordinate branch, a tool so amenable to misuse.” Finally, Justice Sotomayor addressed the most pressing issue threatening Fourth Amendment protections: the third party doctrine, which states that “an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.” Justice Sotomayor noted that “[t]his approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”
Legal Documents (EPIC v. USCG et al., Case No. 15-1527)
- EPIC’s Complaint (Sept. 18, 2015)
On May 29, 2015, EPIC submitted a FOIA request seeking:
- All technical specifications, progress reports, and statements of work associated with the NAIS contract between the Department of Homeland Security/USCG and Northrop Grumman;
- All USCG policies and procedures for the collection, storage, analysis, use, retention, and deletion of data obtained through NAIS;
- All policies and procedures concerning the sharing of real-time NAIS data with other agencies, governments, non-governmental entities, and individuals;
- All records detailing the agencies, governments, non-governmental entities, and individuals with whom real-time data has been disclosed and how often it has been disclosed with them; and
- All civil rights & civil liberties impact assessments of NAIS, whether prepared by the Office for Civil Rights and Civil Liberties or another unit.
- EPIC’s FOIA Request to the U.S. Coast Guard (May 29, 2015)
- EPIC’s FOIA Appeal to the U.S. Coast Guard (July 7, 2015)
- Documents Produced
- First Production (received Oct. 30, 2016)
- Privacy Impact Assessments (received Jan. 25, 2016)
- Third and Final Production (received Feb. 5, 2016)
Privacy Act Documents
- System of Records Notice, Maritime Awareness Global Network (MAGNET), 73 FR 28143 (May 15, 2008).
- Final Rule for Privacy Act Exemptions, 73 FR 56924 (September 30, 2008).