EPIC v. DHS (Election Cybersecurity)
- Contrary to DHS Policy and Prior Statements, ICE Seeks NC State Voter Data: Immigration and Customs Enforcement has demanded that North Carolina provide over 18 million voter records from the past eight years. The subpoena is outside the Department of Homeland Security authority and goes against testimony by DHS Secretary Kirstjen Nielsen, who told Congress this year that DHS’s role is limited to voluntary requests for assistance from the states. Nielsen also wrote, in records obtained through an EPIC FOIA request, that associating the DHS with voter data collection “could disrupt critical efforts” to work with state officials on election cybersecurity. EPIC has long fought to ensure voter privacy and recently forced the defunct Presidential Election Commission to delete millions of state voter records unlawfully obtained. (Sep. 6, 2018)
- EPIC Urges DHS To Abandon Privacy Act Exemptions for New Biometric Database: In comments to the Department of Homeland Security, EPIC urged the agency to withdraw proposed Privacy Act exemptions that would reduce privacy safeguards in the federal government. The Immigration Biometric and Background Check database will contain personal data on U.S. and non-U.S. citizens. DHS has proposed to exempt the database from several Privacy Act protections, including ensuring that records are accurate, timely, and complete. DHS also claims numerous “routine uses” that allow the agency to disseminate the data to law enforcement and intelligence agencies. EPIC has urged strict compliance with Privacy Act obligations and warned that inaccurate, insecure, and overbroad government databases threaten both privacy and national security. (Aug. 31, 2018) More top news »
- EPIC Pursues Privacy Impact Assessments for Proposed DHS Biometric Database » (Jun. 18, 2018) EPIC has submitted an urgent Freedom of Information Act request to the Department of Homeland Security seeking the Privacy Impact Assessment for the "Homeland Advanced Recognition Technology," a proposed system that will integrate biometric identifiers across the federal government. HART would replace IDENT, which now contains biometric records on over 220 million unique individuals. In 2015 a breach at the Office of Personnel Management compromised 22 m records, including 5 m digitized fingerprints. It appears that Homeland Security failed to complete the Privacy Assessment prior to launching HART. By law, a federal agency is required to conduct a Privacy Impact Assessment before procuring information technology that stores personally identifiable information. In EPIC v. Presidential Election Commission, EPIC challenged the failure of the Commission to undertake a Privacy Impact Assessment prior to the collection of state voter data. The Commission was shuttered earlier this year.
- Senators Urge DHS to Address Concerns Over Facial Recognition at Airports; Conduct Public Rule-Making » (May. 11, 2018) In a letter to DHS Secretary Kirstjen Nielson, Senators Edward Markey (D-MA) and Mike Lee (R-UT) urged the agency to promptly conduct a public rulemaking on the agency's biometric exit program prior to any expansion of the program. The program, currently implemented in nine U.S. airports, requires travelers on departing international flights to submit to facial recognition identification. The Senators requested that DHS determine the accuracy of the technique and the procedures for collecting passenger data. EPIC is currently pursuing documents about the biometric exit program, but documents EPIC obtained about a related program that tested iris and facial recognition scanning at the border revealed that the technology did not perform operational matching at a "satisfactory" level. An earlier EPIC lawsuit against the DHS led to the removal of backscatter x-ray devices — "body scanners" — at US airports.
- EPIC FOIA: EPIC Sues DHS for Drone Reports » (Mar. 9, 2018) EPIC has filed a Freedom of Information Act lawsuit against the Department of Homeland Security to obtain the public release of information about the use of drones for domestic surveillance. EPIC cited a Presidential Memorandum that required all federal agencies to prepare public reports on drone deployment. EPIC's lawsuit charges that the DHS has failed to make these reports public. In a previous lawsuit against the DHS, EPIC obtained records which revealed that DHS drones had the capability to intercept electronic communications and identity humans at a distance. EPIC has also brought a lawsuit against the FAA to establish drone privacy regulations in the United States.
- EPIC Presses Department of Defense on Privacy of Cyber Threat Information » (Feb. 27, 2018) In a statement to Congress in advance of a hearing on the Department of Defense's cyber operations, EPIC urged lawmakers to consider the privacy impact of cyber policies. The Cybersecurity Information Sharing Act of 2015 allowed the federal government to obtain cyber threat information from the private sector—much of which concerns the activities of individual Internet users—without privacy safeguards. EPIC urged Congress to ask Michael Rogers, the Commander of U.S. Cyber Command, about the steps the Defense Department will take to reduce privacy risks. EPIC previously sued the federal government for information regarding a Department of Homeland Security program that allowed the NSA to monitor the Internet traffic of defense contractors.
- Nominee for DHS Secretary Favors Less Wall, More Surveillance Tech at Border » (Nov. 9, 2017) Today Congress considered the nomination of Kirstjen M. Nielsen as Secretary at the Department of Homeland Security. Ms. Nielsen opposes a border wall but suggested an expansion of border surveillance. "Technology, as you know, plays a key part, and we can't forget it," she said. EPIC is pursuing a FOIA request regarding the use of DHS drones for border surveillance. Earlier EPIC cases - including EPIC v. DHS which led to the removal of x-ray body scanners in US airports - revealed that technologies for border surveillance invariably impact the privacy rights of Americans. Ms. Nielsen views on the use of DACA applicant data for enforcement remains unclear. EPIC recently warned that 800,000 DACA applicants face privacy risks as a result of the decision to end the Deferred Action for Childhood Arrivals.
- EPIC Opposes DHS Plan for Social Media Surveillance » (Oct. 19, 2017) In comments to the Department of Homeland Security, EPIC opposed a plan to add social media information to the official files of all immigrants. EPIC said the DHS proposal threatens First Amendment rights, risked abuse, and would disproportionately impact minority groups. A coalition of organizations also submitted comments to express concern about the proposal. EPIC previously opposed a Customs and Border Protection proposal to collect social media identifiers from visa applicants. In a FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government. EPIC is currently pursuing a FOIA request about a revised DHS plan to require disclosure of social media passwords before allowing entry into the country.
- EPIC Sues Department of Homeland Security for Release of Russian Interference Records » (Oct. 4, 2017) EPIC has filed a Freedom of Information Act lawsuit against the Department of Homeland Security to obtain records related to Russian interference in the 2016 U.S. Presidential Election. Earlier this year, the DHS has designated state election systems as critical infrastructure and published a Joint Analysis Report acknowledging Russian interference with U.S. election systems. However, DHS has not provided any significant new information to the American public about the extent of the Russian interference. EPIC now seeks disclosure of the agency's "research, integration, analysis" related to the scope of Russian interference. EPIC's FOIA lawsuit follows H.Res. 235, a bill sponsored by Rep. Thompson (D-MS) that would have directed the DHS to provide this information to Congress, but was blocked by the House Homeland Security Committee. EPIC has filed several FOIA lawsuits to determine the scope of Russian interference. The cases include: EPIC v. FBI (Russian Hacking), EPIC v. ODNI (Russian Hacking), and EPIC v. IRS (Donald Trump's Tax Records).
- EPIC v. IRS: District Court Rules IRS May Withhold Trump Tax Records » (Aug. 18, 2017) A federal court in Washington, DC has ruled that the IRS may withhold President Trump's tax records sought by EPIC under the Freedom of Information Act. EPIC had argued that the IRS has the authority to release the records to correct numerous misstatements of fact concerning the President's financial ties to Russia. The President, for example, tweeted: "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING!" However, the Court ruled that “until President Trump or Congress authorizes release of the tax returns, EPIC (and the rest of the American public) will remain in the dark." EPIC v. IRS is one of three leading open government cases concerning Russian interference with the 2016 Presidential election. In EPIC v. ODNI, EPIC is seeking the release of the complete report on the scope of the attack. In EPIC v. FBI, EPIC is seeking information about the FBI’s response to the attack. EPIC will continue to pursue the release of President’s Trump’s tax records and related evidence of financial relations with the Russian government.
- EPIC Urges DHS To Abandon Privacy Act Exemptions for ICE Database » (Jun. 8, 2017) In comments to the Department of Homeland Security, EPIC urged the agency to withdraw proposed Privacy Act exemptions. The FALCON database contains detailed personal information on ICE and CBP employees, and individuals associated with ICE investigations including victims and witnesses. For this government database, DHS has proposed to exempt itself from several Privacy Act protections including ensuring that the records are accurate, timely, and complete. EPIC has consistently warned against inaccurate, insecure, and overbroad government databases. The FBI recently postponed an "Insider Threat" database that also lacked adequate Privacy Act safeguards.
- EPIC, Coalition Urge DHS Secretary to Reject Social Media Password Requirement » (Apr. 18, 2017) EPIC has joined the Fly Don't Spy! campaign to urge DHS Secretary Kelly to reject plans to require to hand over passwords to the federal government. Such a requirement would undermine privacy and human rights, chill freedom of speech and association, and create greater security risks for travelers. Earlier this year, Secretary Kelly testified before Congress about collecting social media passwords. In response, EPIC immediately filed a Freedom of Information Act request regarding all DHS plans to use individuals' internet and social media information to vet potential entrants to the U.S.
- Following Congress, EPIC Seeks Public Release of DHS Records on Russian Interference » (Mar. 31, 2017) EPIC has submitted an urgent Freedom of Information Act request for DHS's review of the Russian Interference with the presidential election. The EPIC FOIA request follows House Resolution 235, sponsored by Rep. Bennie Thompson (D-MS), which would direct the Secretary of Homeland Security to transmit DHS's documents related to Russian interference to the House of Representative. EPIC is now pursuing public release of the same records, and has notified Chairman Jason Chaffetz (R-UT) and Ranking Member Cummings (D-MD), of the House Oversight Committee of the pending FOIA request. Earlier this week, EPIC argued "the public has the right to know" about the extent of Russian interference with the 2016 election.
- EPIC Submits FOIA Request Seeking Documents on Airline Electronics Ban » (Mar. 22, 2017) EPIC has submitted a Freedom of Information Act request to the TSA seeking information on the recently announced ban on electronics on flights bound for the United States. The ban applies to ten airports in eight majority Muslim countries. EPIC is seeking documents related to the reasons for implementing the ban as well as documentation on TSA policies and procedures for searching electronics in checked luggage. EPIC regularly submits FOIA requests to government agencies and is also seeking information on eye scans conducted at US airports on US travelers. In EPIC v. DHS, EPIC is challenging the TSA's efforts to mandate airport body scanners.
- EPIC Obtains Documents About DHS Immigration Enforcement Priorities » (Feb. 23, 2017) As a result of a Freedom of Information Act request, EPIC has obtained over 650 pages about DHS's immigration enforcement priorities. The documents detail the "Priorities Enforcement Program," a controversial program that relied on biometric data collection for immigration enforcement. EPIC recently submitted two new urgent FOIA requests to DHS, the first about DHS plans to step up social media monitoring and a second to reveal the agency's compliance with recent immigration court orders. This week, EPIC also prevailed in a FOIA lawsuit for public release of privacy assessments the FBI is required to prepare.
- Coalition Urges UN to Investigate US Social Media Monitoring » (Feb. 16, 2017) A coalition of human rights groups is urging the UN to investigate reports that the US is demanding entrants provide access to their cell phones and social media accounts. "These practices persist in violation of the United States human rights treaty obligations and your action is needed to hold the government accountable," the group stated in a letter to the the UN High Commissioner on Human rights and other UN offices. EPIC recently submitted an urgent request for disclosure of DHS plans to step up social media monitoring, and previously prevailed in a lawsuit against the agency to reveal records of its monitoring programs. EPIC's Privacy Law Sourcebook 2016, available in the EPIC bookstore, provides an overview of privacy frameworks around the world and tracks emerging privacy challenges.
- Senators Calls for Answers from Secretary Kelly on Privacy Act Exclusion » (Feb. 9, 2017) In a letter to DHS Secretary Kelly, Senator Markey (D-MA) and five other Senators pressed DHS about the impact of an Executive Order limiting federal Privacy Act protections. "These Privacy Act exclusions could have a devastating impact on immigrant communities and would be inconsistent with the commitments made when the government collected much of this information," the Senators contended. The Senators also called on Secretary Kelly to explain the Order's impact on international commitments that permit U.S. firms to obtain access to the data of European consumers. EPIC is participating in Data Protection Commissioner v. Facebook, a case which follows a landmark decision that found insufficient legal protections for the transfer of European consumer data to the United States.
- EPIC Pursues FOIA Requests at DHS Concerning Aerial Surveillance, Social Media Monitoring, and ID Theft » (Feb. 8, 2017) EPIC has submitted an urgent FOIA request to the Department of Homeland Security about aerial surveillance, social media monitoring and ID theft following statements made by DHS Secretary John Kelly in a Congressional hearing on Homeland Security. The Secretary described plans to expand the use of "aerostats" (surveillance blimps) and monitoring of social media. The Secretary also stated that he has been a victim of data breach. The EPIC FOIA request follows earlier cases brought by EPIC which revealed efforts by the DHS to expand aerial surveillance within the United States, develop techniques for "pre-crime" detection, interrupt Internet service, as well as the impermissible monitoring of social media services and news organizations.
- EPIC FOIA: EPIC Seeks Information About Immigration Executive Order » (Feb. 3, 2017) EPIC has filed an urgent FOIA request with the Department for Homeland Security for further information about a DHS press release on "Compliance With Court Orders And The President's Executive Order." The DHS Press Release follows an Executive Order on entry to the United States and a series of court decisions suspending the Order. EPIC is now seeking details about the DHS's activities, including communications with other agencies, communications with airlines, and legal memos supporting the agency's actions. The Inspector General of DHS also announced an investigation to review "allegations of individual misconduct on the part of DHS personnel." EPIC cited both an "urgency to inform the public" and "exceptional media interest" in questions about the "government's integrity" in support of the request for expedited processing. EPIC will continue to press the DHS for prompt release of the documents sought. More information about EPIC's FOIA work is available on the FOIA Case page.
- EPIC Seeks Public Release of Secret Directive on Cybersecurity » (Jan. 28, 2017) EPIC has filed an urgent FOIA request with the DHS, the Department of Justice, and the NSA, seeking the expedited release of NSPD-1. The National Security Presidential Directive sets out procedures for cybersecurity "policy coordination, guidance, dispute resolution, and periodic in-progress review." EPIC has previously litigated, and successfully obtained, NSPD-54, a Presidential Directive concerning the NSA's authority to conduct surveillance within the United States.
- Government Breaches Continue, Hacker Compromises more than 130,000 Navy Records » (Nov. 29, 2016) In the latest government data breach, the Navy reported that a hacker gathered the personal data of more than 130,000 current and former sailors from a laptop that belonged to a government contractor. Government security vulnerabilities are on the rise. In 2015, the records of more than 21 million federal workers, friends and family members were breached. In 2016, EPIC urged candidates for office to focus on "data protection." EPIC has warned that inaccurate, insecure, and overbroad government databases pose a risks to the safety of Americans. Earlier this year, EPIC urged the Dept. of Defense and Dept. of Homeland Security to drop proposals to expand government databases that lacked adequate privacy safeguards.
- DHS Releases Revised FOIA Regulations, Agrees and Disagrees with EPIC's Suggestions » (Nov. 23, 2016) The Department of Homeland Security has released revised Freedom of Information Act regulations. EPIC submitted extensive comments on the proposed changes to the agency's open government practices. The DHS agreed to make some changes, recommended by EPIC, that should improve the processing of FOIA requests. The agency maintained a broad definition of "educational institutions" so that individual researchers will be able to access government records at minimal cost, and clarified steps that could be taken to delay "administrative closure," a controversial agency practice. The agency disagreed with EPIC about agency referrals, the definition of "commercial interest," and the routine release of public information to general public.
- Report: Facial Recognition is Expansive, Unregulated; Coalition Calls for DOJ Review » (Oct. 18, 2016) EPIC and a coalition of civil liberties organizations urged the Justice Department to review the disparate impact of facial recognition. The letter follows a report on law enforcement use of the technology. The report builds on work pursued by EPIC and others. Freedom of Information Act documents obtained by EPIC showed that the DHS system lacked privacy safeguards, the FBI accepts a 20% error rate for its Next Generation Identification system and has agreements to run facial recognition searches on DMV databases. In 2012, EPIC urged the Federal Trade Commission to suspend the use of facial recognition techniques pending the establishment of legal safeguards. And the 2009 Madrid Privacy Declaration, authored by NGOs and privacy experts, calls for a moratorium on the face scanning technology.
- EPIC Opposes DHS Plan to Collect Social Media Identifiers » (Sep. 30, 2016) In comments to the Department of Homeland Security, EPIC urged the agency to drop a plan to review the social media accounts of people seeking to visit the U.S. EPIC argued that the proposal threatens important First Amendment rights, risked abuse, and would disproportionately impact against minority groups. Documents obtained by EPIC in 2011 in a Freedom of Information Act lawsuit revealed that the DHS gathered social media comments to identify individuals, including US citizens, critical of the agency and the government. A 2012 Congressional hearing, based on the documents obtained by EPIC, revealed bipartisan opposition to the original DHS social media monitoring program.
- EPIC Opposes DHS Plan to Collect Social Media Identifiers » (Aug. 23, 2016) In comments to the Department of Homeland Security, EPIC urged the agency to drop a plan to review the social media accounts of people seeking to visit the U.S. EPIC argued that the proposal threatens important First Amendment rights, risked abuse, and would disproportionately impact against minority groups. Documents obtained by EPIC in 2011 in a Freedom of Information Act lawsuit revealed that the DHS gathered social media comments to identify individuals, including US citizens, critical of the agency and the government. A 2012 Congressional hearing, based on the documents obtained by EPIC, revealed bipartisan opposition to the original DHS social media monitoring program.
- FOIA Ombudsman Releases First Part of "Still Interested" Report » (Apr. 27, 2016) In response to a letter from EPIC and open government advocates, the FOIA ombudsman has issued the first part of a report on the use of "still interested" letters by federal agencies. The DHS and other agencies have sent these letters to prematurely terminate FOIA requests. In 2014, an EPIC-led coalition urged the Office of Government Information Services to investigate the pervasive use of such letters. In today's report, OGIS found that there is no "guidance or standard for reporting requests that agencies close" through "still interested" letters, and that it does not yet understand the impact such letters have on FOIA requesters.
- TSA Releases New Body Scanner Document to EPIC » (Apr. 25, 2016) In response to an EPIC FOIA request, the Transportation Security Administration has released a document describing the technical capabilities of the airport body scanners. EPIC previously obtained documents from TSA revealing that body scanners can record, store, and transmit digital strip search images of airline passengers. Last month, the TSA issued a regulation on airport body scanners, nearly five years after a federal appeals court ordered the agency to "promptly” undertake a rule making. In 2011, EPIC successfully challenged the TSA's unlawful deployment of airport body scanners. Despite public comments that overwhelmingly favor less invasive security screenings, the TSA plans to use invasive body scanners at US airports. The TSA also said it may mandate airport body scanners, even though the agency previously told the D.C. Circuit that the body scanner program was optional and the federal appeals court upheld the program, relying on the agency’s statements.
- DHS, Federal Agencies Publish 2016 FOIA Reports » (Apr. 6, 2016) Most federal agencies, including the Department of Homeland Security, have now published the 2016 FOIA Reports. These annual reports, required by former Attorney General Holder's 2009 FOIA Memo, describe each agency's compliance with the FOIA, including steps to taken to improve processing and promote openness. The federal FOIA ombudsman is currently investigating the practices of six DHS component agencies in response to a 2015 letter from EPIC and open government advocates. EPIC and other have recently urged the President to support bipartisan legislation aimed at improving the FOIA.
- EPIC Recommends Greater Accountability for Government Screening Database » (Feb. 23, 2016) EPIC submitted comments to DHS urging the agency to improve transparency and privacy protections for the controversial Terrorist Screening Database that is used for Watchlist programs, such as the No Fly List, containing information that is often inaccurate and incomplete. The agency solicited comments on a proposal to remove Privacy Act safeguards while simultaneously expanding data collection and distributing data more widely across the DHS. EPIC and many other organization opposed the establishment of the Screening Database and called for the suspension pending a full review of the privacy and security implications. EPIC has testified before Congress about the risks of the Watchlist program.
- EPIC Opposes Sea Traveller Surveillance Program » (Jan. 4, 2016) In comments to the DHS, EPIC criticized a proposal to collect detailed records on people traveling by boat. The DHS is planning to track people arriving and departing the United States by sea, including between ports within the United States. However, DHS will ignore Privacy Act protections, and make the data collected routinely available to private companies and foreign governments. The proposal, explained EPIC, would "create a massive government database of detailed personal information that lacks accountability." EPIC has opposed other boat surveillance programs. And a FOIA case pursued by EPIC about a controversial boater tracking program revealed that the DHS fuses tracking data with other intelligence data to develop detailed profiles on boaters.
- DHS and State Department Pushing for Increased Social Media Monitoring » (Dec. 16, 2015) According to reports and statements from former Homeland Security officials, the DHS has initiated three "pilot programs" to analyze social media posts during the visa review process. Prior to 2014, a DHS policy prohibited social media monitoring by immigration officials. EPIC successfully obtained documents in 2012 detailing the DHS social media monitoring policies, including instructions to analysts to monitor criticism of the agency. EPIC also submitted a letter to congressional leaders, outlining how DHS officials misrepresented their policies in a Homeland Security Committee hearing. EPIC wrote that the DHS' monitoring program should be suspended, as it exceeds the agency's statutory authority and chills First Amendment activity.
- EPIC Sues Coast Guard, DHS for Information on Boater Tracking Program » (Sep. 20, 2015) EPIC has sued the U.S. Coast Guard and the Department of Homeland Security to obtain information on a federal government program to track and record the location of boaters. According to EPIC, the DHS intends to transfer the data from the Nationwide Automatic Identification System to federal and state agencies, as well as foreign governments. "The NAIS program exceeds the stated purpose of marine safety and constitutes an ongoing risk to the privacy and civil liberties of mariners across the United States," wrote EPIC in the FOIA lawsuit. The boating community has expressed concern over the tracking program. A previous FOIA request from EPIC to the agency went unanswered. Press Release - EPIC v. CG, DHS, No, 15-1527.
- Following EPIC Complaint, FOIA Ombudsman Announces Investigation of Practices at DHS » (Aug. 28, 2015) The federal FOIA ombudsman has informed EPIC that it is investigating the FOIA practices of six DHS component agencies. In 2014, EPIC and a dozen open government organizations urged the Office of Government Information Services to investigate the impermissible closures of FOIA requests. Through "still interested" letters, some federal agencies notify FOIA requesters that unprocessed requests will be closed by the agency if there is no further communication. EPIC and the open government groups object to the practice and reminded OGIS that "no provision in the [FOIA] allows for administrative closures." An earlier EPIC letter to OGIS led to a reduction of fee payments for FOIA requesters.
- Federal Court: DHS Failed to Justify Withholdings in Defense Contractor Monitoring FOIA Case » (Aug. 5, 2015) In EPIC v. DHS, a federal district court ruled that the Department of Homeland Security failed to justify withholding documents subject to the Freedom of Information Act. EPIC sued DHS to compel the disclosure of records relating to a cybersecurity program designed to monitor traffic flowing through ISPs to a select number of defense contractors. The court concluded that the agency's argument relied on "a weak assumption," but will allow the agency to submit a revised justification for withholding the records. EPIC previously won a five-year legal battle to release NSPD-54, the foundational legal document for U.S. cybersecurity policies.
- Court Orders Government to Respond to EPIC's Petition in Case Over Cell Phone Shutdown Policy » (Apr. 3, 2015) The federal appeals court in Washington, DC, has ordered DHS to respond to EPIC's petition to reconsider a recent decision allowing the federal agency to withhold the criteria for shutdown of cell phone networks. EPIC sued the DHS for the policy following a 2011 San Francisco BART incident, when government officials shut down cell phone service during a peaceful protest. EPIC argued that the recent decision would "create an untethered national security exemption for law enforcement agencies," and is contrary to other court decisions and the intent of Congress. The appeals court has determined that the government must respond to EPIC's petition.
- EPIC Continues Pursuit of Network Shutdown Policy » (Mar. 27, 2015) Today EPIC filed a Petition in the federals appeal court in Washington, D.C., seeking review of a recent opinion allowing DHS to withhold the criteria to shutdown cell phone networks. EPIC sued the agency for the shutdown policy following a 2011 San Francisco BART incident, where government officials shut down cell phone service during a peaceful protest. In its Petition, EPIC argued that the recent decision would "create an untethered national security exemption for law enforcement agencies," and is contrary to other court decisions and the intent of Congress.
- In EPIC v. DHS, DC Circuit Backs Agency Secrecy on "Internet Kill Switch" » (Feb. 10, 2015) The federal court of appeals based in Washington, DC has ruled that the Department of Homeland Security may withhold from the public a secret procedure for shutting down cell phone service. EPIC pursued the DHS policy after government officials in San Francisco disabled cell phone service during a peaceful protest in 2011. EPIC sued DHS when the agency failed to release the criteria for network shutdowns. A federal judge ruled in EPIC's favor. On appeal, the D.C. Circuit held for the DHS but said that the agency might still be required to disclose some portions of the protocol.
- EPIC v. NSA: EPIC Obtains Presidential Directive for Cybersecurity » (Jun. 6, 2014) After almost five years, EPIC has obtained National Security Presidential Directive 54. The previously classified Presidential Directive contains the full text of the Comprehensive National Cybersecurity Initiative and "establishes United States policy, strategy, guidelines, and implementation actions to secure cyberspace." This Directive, which is the foundational legal document for all cybersecurity policies in the United States, evidences government efforts to enlist private sector companies, more broadly monitor Internet activity, and develop offensive cybersecurity capability. EPIC first sought public release of NSPD-54 with a Freedom of Information Act request, submitted to NSA in June 2009. After the agency failed to disclose the document, EPIC filed suit. When a federal district court ruled in 2013 that the Presidential Directive was not subject to the Freedom of Information Act, EPIC then filed an appeal with the DC Circuit Court of Appeals. The document has now been disclosed to EPIC. The case is EPIC v. NSA, a Freedom of Information Act lawsuit in D.C. Circuit Court. EPIC has several related FOIA cases with the NSA pending in federal court. For more information see EPIC - EPIC v. NSA (Cybersecurity Authority).
- DHS Privacy Complaints Increase in 2013, Many Databases Kept Secret » (May. 27, 2014) The Department of Homeland Security Quarterly Report to Congress details programs and databases affecting privacy. According to the agency, DHS received 964 privacy complaints between September 1, 2013 and November 30, 2013. By contrast, DHS received 295 privacy complaints during the same period in 2011. According to the report, most DHS systems complies with Privacy Act notice requirements. However, the report also indicates that the DHS maintains many databases with personally identifiable information that lack required Privacy Act notices. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy.
- EPIC Objects to Secret Profiling of Air Travelers » (Oct. 10, 2013) EPIC has submitted comments to the Department of Homeland Security, objecting to the agency's plan to secretly profile U.S. air travelers and remove Privacy Act safeguards. The DHS proposed to exempt TSA PreCheck from the federal privacy law. The PreCheck database contains detailed personal information, including name, birthdate, biometric information, Social Security Number, and financial information. The TSA plans to release applicant data to federal, state, tribal, local, territorial agencies and foreign governments. However, the TSA proposes to remove the rights of PreCheck applications concerning notification, access, and correction. The agency also intends to keep secret the basis for approving PreCheck applicants. EPIC described the substantial privacy and security risks of Precheck, urged the DHS to narrow the Privacy Act exemptions, and recommended that the DHS withdraw routine use disclosures. For more information, see EPIC: Secure Flight, EPIC: Passenger Profiling, and EPIC: Air Travel Privacy.
- EPIC Opposes DHS Biometric Collection » (Jun. 21, 2013) EPIC has submitted comments to the Department of Homeland Security, staunchly opposing the agency's border biometric collection, facilitated through the Office of Biometric Identity Management program. Since at least 2004, DHS has collected fingerprint and facial photos from individuals entering the United States. DHS then disseminates this information to DHS agency components, other federal agencies, and "federal, state, and local law enforcement agencies," and the "federal intelligence community." Currently, at least 30,000 individuals from federal, state, and local governments access the data contained obtained by DHS's biometric collection program. DHS shares this biometric data with foreign governments, including Canada, Australia, and the United Kingdom. In its comments, EPIC urged the agency to cease collecting biometric information without proper privacy safeguards in place. Should the agency continue to collect this sensitive information, EPIC recommends that DHS: (1) impose strict information security safeguards on its biometric information collection and limit its dissemination of biometric information; (2) conduct a comprehensive privacy impact assessment on the biometric collection program; (3) grant individuals Privacy Act rights before collecting additional biometric information; and (4) adhere to international privacy standards. For more information, see EPIC: US-VISIT and EPIC: Biometric Identifiers.
- EPIC Succeeds in Fight Against Protective Order in FOIA Case » (Jan. 9, 2013) A federal judge has vacated provisions in a prior order that would have limited the ability of FOIA requesters to disseminate information to the public. EPIC filed a Freedom of Information Act lawsuit against the Department of Homeland Security after the agency failed to respond to a request for documents about a plan to monitor internet traffic. In arguments before the court, the Department of Justice contended that EPIC should agree to a protective order that would prevent EPIC from disclosing documents obtained in the case. EPIC challenged this argument, stating that it was contrary to FOIA law and that the use of protective orders in FOIA cases would make it more difficult for the public to obtain information about government activities. Judge Kessler agreed with EPIC and discarded the protective order requirement. She also chastised the agency for its repeated delays in processing EPIC's FOIA request. The case is EPIC v. DHS, 12-333. For more information see: EPIC v. DHS - Defense Contractor Monitoring.
- President Issues Secret Cybersecurity Directive, EPIC Seeks Public Release » (Nov. 14, 2012) Following a Washington Post report of a new cyber security directive, EPIC has filed a Freedom of Information Act request for the release of Presidential Policy Directive 20. The Directive is believed to expand cyber security authority for the National Security Agency. EPIC is pursuing several FOIA cases, including the release of NSPD-54, an earlier Directive that gave NSA authority to conduct surveillance within the United States. EPIC has also sought public release of the technical arrangement between the NSA and Google that was adopted in January 2010. Federal law prevents the National Security Agency, a component of the Department of Defense, from conducting operations within the United States. For more information, see EPIC: Cybersecurity Privacy Practical Implications, EPIC: EPIC v. NSA - Cybersecurity Authority, and EPIC v. NSA: Google / NSA Relationship.
- DHS Privacy Review Fails to Address DHS Monitoring of Online Dissent » (Nov. 9, 2012) The Department of Homeland Security released a Privacy Compliance Review which found that the DHS social media monitoring program complied the DHS's own privacy requirements. Documents obtained by EPIC through a FOIA lawsuit revealed that DHS is monitoring social networks and media organizations for criticism of the agency. Congress held a Hearing earlier this year to determine why DHS is tracking political statements on Twitter and social networks. EPIC's lawsuit against DHS is ongoing. For more information, see EPIC: EPIC v. Department of Homeland Security: Media Monitoring.
- Department of Homeland Security Releases 2012 Privacy Report » (Sep. 20, 2012) The Department of Homeland Security released the 2012 Privacy Office Annual Report to Congress. The report describes a social media monitoring policy, and privacy training for fusion centers personnel. According to the report, the TSA has still failed to adopt privacy safeguards for whole body image devices. The report is silent on several new DHS-funded initiatives, including the Future Attribute Screening Technology, a Minority-Report like proposal for "pre-crime" detection. The report also notes the expansion of the National Counterterrorism Center's five-year retention policy for records on U.S. Persons that do not contain terrorism information. The Chief Privacy Officer of the DHS is required by law to ensure that new agency programs do not diminish privacy in the United States. For more information, see EPIC: Privacy Report Held Hostage.
- Department of Homeland Security Limits E-Verify Data and Disclosures » (Aug. 9, 2012) The Department of Homeland Security has issued a Privacy Act system of records notice for the E-Verify Program. E-Verify is a government records system that informs employers about the citizenship status of current and prospective employees. The database contains detailed personal information including names, dates of birth, Social Security numbers, and citizenship status for all individuals subject to review. This Privacy Act notice minimizes the information that the agency will collect, and also limits the agency's ability to disclose personal information to outside entities. Last year EPIC, along with a coalition of privacy, consumer rights, and civil rights organizations, encouraged DHS to strengthen privacy and security safeguards for E-Verify. For more information, see EPIC: E-Verify and Privacy.
- Homeland Security Seeking Applicants to Join Privacy Board » (Jun. 28, 2012) The Department of Homeland Security has announced that it is seeking applicants for the Data Privacy and Integrity Advisory Committee. The Committee was established to advise the agency on issues related to personally identifiable information, data integrity, and other privacy-related matters. The agency has a mandate from Congress to ensure that its programs "do not erode privacy protections" and to ensure that personal information is "handled in full compliance with fair information practices as set out in the Privacy Act of 1974." For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy and EPIC: EPIC v. DHS (Suspension of Body Scanner Program).
- Homeland Security Seeks to Expand "Risk-Based" Profiles » (Jun. 6, 2012) The Department of Homeland Security has proposed to exempt its "Automated Targeting System" from certain Privacy Act provisions. The Automated Targeting System creates "risk-based" profiles of individuals traveling to, from, and throughout the United States. The profile contains a plethora of personal data, including, nationality, race, occupation, and biometrics. The System accesses and "ingests" this information from many sources, including government databases and commercial data aggregators. The DHS issued a Privacy Impact Assessment, which describes some of the privacy risks, including unauthorized access. In detailed comments to DHS in 2007, EPIC opposed the use of "risk-based" profiles. For more information, see EPIC: Automated Targeting System.
- EPIC Asks Ombudsman to Investigate DHS FOIA Practices » (Jun. 4, 2012) EPIC has submitted a letter to the Office of Government Information Services, asking for an investigation into FOIA practices at the Department of Homeland Security. EPIC explained that the federal agency, which includes the TSA and the Bureau of Customs and Border Protection, routinely denies fee waivers in circumstances where the agency knows that the requester properly qualifies. By way of example, EPIC cited a recent FOIA appeal in which the agency wrongly denied a fee waiver request. EPIC said that the practice creates additional work for sophisticated FOIA requesters and may, as a practical matter, prevent other requesters from pursuing important FOIA requests. For more information, see EPIC: DHS Privacy Office and EPIC: Litigation Under the Federal Open Government Laws.
- Department of Homeland Security Expands Use of Watch Lists for "Known Traveler" Program » (Apr. 23, 2012) The Department of Homeland Security has published a Privacy Impact Assessment Update for Secure Flight, a DHS program that compares airline passenger records with various watch lists. The assessment describes the agency's plans to expand the Known Traveler program so as to expedite airline screening for certain categories of individuals. The DHS also intends to incorporate into Secure Flight the Automated Targeting System, a controversial program that allows the government to assign a risk assessment number to individual travelers. That number provides the basis for further screening. In 2007, EPIC urged DHS to either suspend the Automated Targeting System or to fully apply all Privacy Act safeguards to any individual subject to ATS. In 2010, EPIC advocated for stronger privacy protections of DHS trusted traveler programs that compare passenger names against watch lists. For more information, see EPIC: Secure Flight and EPIC: Automated Targeting Systems.
- DHS Privacy Office Issues Quarterly Report to Congress » (Mar. 26, 2012) The DHS Privacy Office has issued its First Quarter Fiscal Year 2012 Report to Congress. The report details DHS programs and functions that affect privacy, such as privacy impact assessments and system of records notices. The report also summarizes the 295 privacy compliance complaints that DHS has received between September 1, 2011 and November 30, 2011. EPIC has closely followed DHS Privacy Office activities, and has worked to ensure timely release of DHS privacy reports. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy.
- House and Senate Call for Investigation on Airport Body Scanner Radiation Risks » (Mar. 15, 2012) Both the House and the Senate introduced bills last month that would require the Department of Homeland Security "to contract with an independent laboratory to study the health effects of backscatter x-ray machines used at airline checkpoints operated by the Transportation Security Administration," and to provide improved notice of the health effects to airline passengers. The bills focus on the health effects of those screened by the backscatter x-ray machines, including frequent air travelers, flight crews, and individuals with greater sensitivity to radiation, such as children, pregnant women, the elderly, and cancer patients. In 2010, EPIC filed a Freedom of Information Act lawsuit asking a court to force the Department of Homeland Security to disclose documents about radiation testing results and agency fact sheets on radiation risks. For more information, see EPIC: EPIC v. DHS - Full Body Scanner Radiation Risks.
- EPIC Publishes 2012 FOIA Gallery » (Mar. 12, 2012) In celebration of Sunshine Week, EPIC published the EPIC FOIA Gallery: 2012. The gallery highlights key documents obtained by EPIC in the past year, including the Federal Bureau of Investigation's watch list guidelines, records of the Department of Homeland Security's social media monitoring program, Google's first Privacy Compliance Report, records detailing the government's FAST scanning program, records of the FBI's surveillance of Wikileaks supporters, and DHS records detailing the use of body scanners at the U.S. border. EPIC regularly files Freedom of Information Act requests and pursues lawsuits to force disclosure of critical documents that impact privacy. EPIC also publishes the authoritative FOIA litigation manual. For more, see EPIC Open Government and EPIC Bookstore: FOIA.
- Video, Blog Post Raise New Questions About Airport Body Scanners » (Mar. 9, 2012) A popular video "How To Get Anything Through TSA Nude Body Scanners" show that it is easy to bypass airport body scanners by hiding materials perpendicular to the plane of the scanning devices. The video also notes that traditional metal detectors, now being removed from US airports, would routinely alert to the presence of metallic objects. Still more interesting may be the recent blog post by a 25-year FBI agent, expert in aviation security, who writes that the "TSA has never foiled a terrorist plot or stopped an attack on an airliner" and that "the entire TSA paradigm is flawed." In a federal lawsuit, EPIC challenged the TSA airport scanner program, calling it "invasive, unlawful, and ineffective." For more information, see EPIC v. DHS (Suspension of body scanners).
- DHS Privacy Office Releases 2011 Data Mining Report » (Mar. 5, 2012) The Department of Homeland Security has released the 2011 Annual Data Mining Report. The report must include all of the Agency's current activities that fall within the legislative definition of "data mining." Among other things, this year's report references the Agency's programs to profile individuals entering or leaving the country to determine who should be subject to "additional screening." A FOIA request by EPIC in 2011 revealed that the FBI's standard for inclusion on the list is "particularized derogatory information," which has never been recognized by a court of law. The report also provides information on Secure Flight and Air Cargo Advanced Screening. For more information, see EPIC: FBI Watch List FOIA and EPIC: DHS Privacy Office.
- EPIC Obtains New Documents on DHS Media Monitoring, Urges Congress to Suspend Program » (Feb. 23, 2012) EPIC has submitted a letter to Congress following a hearing on DHS monitoring of social networks and media organizations. In the letter, EPIC highlights new documents obtained as a result of a FOIA lawsuit and points out to inconsistencies in DHS' testimony about the program. Though DHS testified that it does not monitor for public reaction to government proposals, the documents obtained by EPIC indicate that the DHS analysts are specifically instructed to look for criticism of the agency and then to redirect reports that would otherwise be circulated to other agencies. EPIC wrote that the DHS' monitoring program should be suspended, as it exceeds the agency's statutory authority and chills First Amendment activity. For more information, see EPIC: EPIC v. DHS: Media Monitoring.
- 2013 Federal Budget Limits Body Scanners, But Expands Domestic Surveillance » (Feb. 20, 2012) According to White House budget documents and the Congressional Testimony of Secretary Napolitano, DHS will not purchase any new airport body scanners in 2013. However, the agency will expand a wide range of programs for monitoring and tracking individuals within the United States. This includes the development of biometric identification techniques for programs such as Secure Communities. DHS will also seek funding for "Einstein 3," a network intrusion detection program that enables surveillance of private networks. EPIC has urged the DHS to comply with the requirements of the federal Privacy Act, and is currently pursuing several Freedom of Information Act lawsuits against the agency. For more information see, EPIC - Body Scanners and Radiation Risks, EPIC - E-Verify, EPIC - Secure Communities, EPIC - Fusion Centers, EPIC - Drones, EPIC - Cybersecurity, EPIC - Secure Flight.
- EPIC Asks Congress to Suspend DHS Social Network Monitoring Program » (Feb. 15, 2012) In a Statement for the Record, EPIC has asked the House Committee on Homeland Security to suspend a DHS program that has permitted the agency to gather comments critical of the agency and the government by monitoring social networks and media organizations. The hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy" was called after EPIC obtained nearly 300 pages of documents detailing the Department of Homeland Security's activities. The documents, obtained as a result of EPIC's Freedom of Information Act lawsuit, include instructions from the DHS to General Dynamics to monitor media reports that "reflect adversely" on the agency or the federal government. For more information see: EPIC v. Department of Homeland Security: Media Monitoring.
- Congress to Hold Hearing on Department of Homeland Security Social Network Monitoring » (Feb. 6, 2012) On February 16, 2012, the House Committee on Homeland Security will hold a hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy." The hearing was called after EPIC obtained nearly 300 pages of documents, as a result of a Freedom of Information Act lawsuit, detailing the Department of Homeland Security's monitoring of social networks and media organizations. The documents included guidelines from DHS instructing General Dynamics to monitor for media reports that "reflect adversely" on the agency or the federal government. For more information see: EPIC v. Department of Homeland Security: Media Monitoring.
- EPIC - FOIA Documents Reveal Homeland Security is Monitoring Political Dissent » (Jan. 13, 2012) As the result of EPIC v. DHS, a Freedom of Information Act lawsuit, EPIC has obtained nearly thee hundred pages of documents detailing a Department of Homeland Security's surveillance program. The documents include contracts and statements of work with General Dynamics for 24/7 media and social network monitoring and periodic reports to DHS. The documents reveal that the agency is tracking media stories that "reflect adversely" on DHS or the U.S. government. One tracking report -- "Residents Voice Opposition Over Possible Plan to Bring Guantanamo Detainees to Local Prison-Standish MI" -- summarizes dissent on blogs and social networking cites, quoting commenters. EPIC sent a request for these documents in April 2004 and filed suit against the agency in December. For more information, see EPIC: EPIC v. Department of Homeland Security: Media Monitoring.
- DHS Memo Reveals Plan to Impose "Secure Communities" on All States » (Jan. 10, 2012) According to a draft memo, the Department of Homeland Security intends to require that all states comply with the agency's "Secure Communities" program by 2013. Secure communities is a controversial deportation program that relies on extensive data collection and biometric identification. Several states, including Illinois, New York and Massachusetts, objected to the federal program, citing mismanagement, and refused to participate. Previously, the DHS maintained that the program would be voluntary. For more, see EPIC: Secure Communities.
- EPIC Warns DHS: Plan to Release Personal Data Held by Agency is Unlawful » (Dec. 22, 2011) EPIC has submitted comments to the Department of Homeland Security, objecting to the agency's plan to disclose internal agency records to former DHS employees, third party employers, and foreign and international agencies. DHS plans to disclose criminal conviction records, employee records, and foreclosures, about a broad category of individuals, including members of the public, individuals who file administrative complaints with DHS, and even individuals who are named parties in cases "in which DHS believes it will or may become involved." All of this information is protected under the federal Privacy Act, but the DHS proposes to invoke the "routine use" exemption to allow disclosure. EPIC said the plan would "undermine privacy safeguards set out in the Privacy Act and would unnecessarily increase privacy risks for individuals whose records are maintained by the federal government." EPIC also noted that the agency has failed to allow sufficient time to meaningfully consider public comment on the plan. For more information, see EPIC: the Privacy Act of 1974.
- EPIC Sues DHS Over Covert Surveillance of Facebook and Twitter » (Dec. 20, 2011) EPIC has filed a Freedom of information Act lawsuit against the Department of Homeland Security to force disclosure of the details of the agency's social network monitoring program. In news reports and a Federal Register notice, the DHS has stated that it will routinely monitor the public postings of users on Twitter and Facebook. The agency plans to create fictitious user accounts and scan posts of users for key terms. User data will be stored for five years and shared with other government agencies.The legal authority for the DHS program remains unclear. EPIC filed the lawsuit after the DHS failed to reply to an April 2011 FOIA request. For more information, see EPIC: Social Networking Privacy.
- EPIC to DHS: Proposed Expansion of "Routine Use" Exception is Unlawful » (Nov. 30, 2011) In comments to the Department of Homeland Security regarding a proposal to expand the Privacy Act "routine use" exemption, EPIC has said that the agency is exceeding its legal authority. The DHS is seeking to disclose information about current and former government employees, including members of the US Secret Service, for the the development of "civil, administrative, or background investigation." The information includes names, social security numbers, addresses, and dates of birth. The "routine use" exemption allows federal agencies to disclose personal information in their possession in certain, narrow circumstances, not for open-ended investigations. EPIC stated that the change would "undermine privacy safeguards set out in the Privacy Act and would unnecessarily increase privacy risks for individuals whose records are maintained by the federal government." For more information, see EPIC: the Privacy Act of 1974.
- Congressional Watchdog: DHS Data Mining Programs Pose Risk to Privacy » (Oct. 11, 2011) The Government Accountability Office has performed a detailed evaluation of data mining practices at the Department of Homeland Security. According to the report, privacy protections and transparency are vital to data mining operation, however the Department's practices did not "adequately ensure the protection of privacy-related information." in 2009, EPIC called for an investigation of the Department's Privacy Office and said that the Chief Privacy Officer was not complying with the statutory requirements to protect privacy. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy.
- Documents Obtained by EPIC Reveal Government's "Minority Report" Scanning Program » (Oct. 7, 2011) Through a Freedom of Information Act request, EPIC has obtained documents from the Department of Homeland Security about a secretive "pre-crime" detection program. The "Future Attribute Screening Technology" (FAST) Program gathers "physiological measurements" from subjects, including heart rate, breathing patterns, and thermal activity, to determine "malintent." According to the documents obtained by EPIC, the agency is considering the use of the device at conventions and sporting events, and has already conducted field testing. CNET first reported on the EPIC FOIA request. For more information, see: EPIC: Future Attribute Screening Technology Project.
- DHS Privacy Office Releases 2010 Annual Report » (Sep. 24, 2010) The Department of Homeland Security has released the Privacy Office 2010 Annual Report. The Agency's Chief Privacy Officer must prepare an annual report to Congress that details activities of the Department that affect privacy, including complaints of privacy violations, and DHS compliance with the Privacy Act of 1974. This year’s report details the establishment of privacy officers within each component of the Agency. The report also provides updates on Fusion Centers, Cybersecurity, and Cloud Computing activities of the agency. For more information, see EPIC: DHS Privacy Office.
- DHS Announces Dramatic Expansion of Airport Body Scanner Program » (Jul. 21, 2010) On July 20, 2010, the Department of Homeland Security announced a substantial change in the deployment of body scanners in US airports. According to the DHS Secretary, the devices, which had once been part of a pilot program for seconary screening, will now be deployed in 28 additional airports. The devices are designed to capture and store photographic images of naked air travelers. EPIC has filed an emergency motion in federal court, urging the suspension of the program and citing violations of several federal statutes and the Fourth Amendment. Public opposition to the program is also growing. For more information, see EPIC v. DHS (Body scanners) and EPIC Body Scanners.
- Federal Judge Limits Suspicionless Laptop Searches at Borders » (Jun. 11, 2010) A federal judge has ruled against the Department of Homeland Security's Customs and Border Protection claim that agents could not only search the electronic devices of cross-border travelers without a warrant or even reasonable suspicion, they could also seize the devices indefinitely for more invasive searches. In United States v. Hanson, U.S. District Judge Jeffrey White ruled that "[g]iven the passage of time between the January and February searches and the fact that the February search was not conduct[ed] at the border, or its functional equivalent, the court concludes that the February search . . . must be justified by reasonable suspicion." Last October, EPIC and 20 other organizations sent a letter to the House Committee on Homeland Security objecting to this practice and other privacy violations. For more information, see EPIC: DHS Privacy Office.
- Federal Budget Announced for Fiscal Year 2011, Surveillance Projects Scrutinized » (Feb. 3, 2010) The Office of Management and Budget has released the federal budget for fiscal year 2011. The budget proposes funding for several new surveillance initiatives, including over $700 million to the Department of Homeland Security for "Passenger Aviation Security". The Department would like to purchase 500 body scanner machines for U.S. airports, bringing the projected total number of machines to 1,000 at a cost of over $200 million by the end of 2011. The new budget also includes several hundred million dollars for the Department of Justice's national security programs, which were recently the subject of a critical Inspector-General's report for improper use of authority. For more information, see EPIC DHS and Privacy, EPIC Domestic Surveillance, EPIC Air Travel Privacy, and EPIC Whole Body Imaging.
- Homeland Security Releases Annual FOIA Report » (Feb. 1, 2010) The Department of Homeland Security has released the 2009 Freedom of Information Act Report. The report shows that the Department processed over 160,000 requests in the past year, with 27,182 requests remaining pending. Of the requests processed, 11% were granted in full, 60% were classified as "partial grants/partial denials," and the remaining 29% were denied in full. The overwhelming majority of backlogged requests and appeals are pending at the Customs and Immigration Service. For denied requests with processed appeals, nearly 30% were fully reversed on appeal, and another 32% were reversed in part. EPIC currently has two FOIA cases pending against the Department relating to its use of Body Scanner machines. For more information, see EPIC v. DHS, EPIC FOIA Litigation Docket.
- Congressional Committee Investigating Privacy Office at Homeland Security, Acknowledges Privacy Coalition Letter » (Nov. 12, 2009) House Homeland Security Committee Chairman Bennie Thompson has responded to the Privacy Coalition letter regarding the Chief Privacy Officer of the Department of Homeland Security. Chairman Thompson said that "the Committee is in the process of reviewing the programs outlined" in the letter, and thanked the Coalition for bringing the issues to the attention of the committee. He further stated that the Committee "will continue to examine the Department's programs and policies and vigorously address privacy concerns and issues." For more information, see EPIC DHS Privacy Office and Privacy Coalition.
- EPIC Reminds Homeland Security Agency to Publish Privacy Report » (Sep. 22, 2009) In a letter to the Chief Privacy Officer of the Department of Homeland Security, EPIC asked when the annual privacy report will be made available. The Department is required by law to provide an annual report "on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters." The last privacy report was published in July 2008. EPIC has previously sent similar letters to the Department, reminding the agency of its legal obligation to inform the public about its activities. For more information, see EPIC’s Privacy Report Held Hostage page.
- EPIC Pursues DHS Official's Public Calendar » (Sep. 18, 2009) EPIC has filed a FOIA appeal with the Department of Homeland Security for the calendar of the Chief Privacy Officer. EPIC submitted the original request to find out why the DHS Privacy Officer could not meet with privacy groups in Washington, DC. The agency turned over many pages from the calendar, but the entries were all blacked out. In the appeal, EPIC said the agency has failed to comply with the open government law and also cited the President's commitment to government transparency concerning the activities of public officials. For more information, see EPIC Open Government.
- Senate Judiciary Committee Considers National Biometric Identification System » (Jul. 22, 2009) Senator Schumer (D-NY) is proposing a new system to track all US workers to determine employment eligibility. The plan for the employment verifiability system involves the collection of biometric information. The Department of Homeland Security would approve or disapprove individuals for employment. Automated biometric identification systems raise questions about the scalability, reliability, accuracy, and security of the data collected. See EPIC Biometric Identification.
- Workshop: Government 2.0: Privacy and Best Practices » (Jun. 22, 2009) Lillie Coney EPIC Associate Director DHS Data Privacy and Integrity Advisory Committee June 22-23, 2009
- DHS Seeks Nominations to the Agency's Data Privacy and Integrity Advisory Committee » (May. 5, 2009) The Department of Homeland Security is seeking applications for appointments to the agency's Data Privacy and Integrity Advisory Committee. The committee provides advice at the request of the Secretary of DHS and the agency's Chief Privacy Officer on privacy related matters. The agency is seeking to fill two terms that would expire in January 2012, and January 2013. Applications for the positions must be received by the agency on or before June 8, 2009. For more information, see: EPIC's Web page Spotlight on Surveillance.
- Homeland Security Secretary Proposes Increase in Spending for Domestic Surveillance Programs » (Feb. 27, 2009) Homeland Security Secretary Janet Napolitano testified before the House Committees on Homeland Security, and said that DHS plans to connect governmental databases containing personal information, expand the government's employment tracking system, promote passenger screening, use e-passports, employ watchlists and utilize contactless identity verification cards. EPIC has opposed Fusion Centers, the E-Verify program and the use of Backscatter X-Ray devices. EPIC has also objected to the use of RFIDs in passports, in Air Travel and in driver's licences.
In Freedom of Information Act lawsuit EPIC v. DHS, EPIC is seeking Department of Homeland Security research, integration, and analysis of the Russian interference in the 2016 presidential election. The U.S. Intelligence Community (“IC”) concluded that Russia carried out a multi-pronged campaign to interfere in the 2016 U.S. Presidential Election to “undermine public faith in the US democratic process,” demonstrating a “significant escalation” in Russian activities. Nine months since the IC report on the interference, few new details of the interference have been made public.
In March 2017, Representative Bennie Thompson (D-MS), Ranking Member of the Committee on Homeland Security, introduced House Resolution 235 directing the Secretary of Homeland Security to transmit the Department of Homeland Security’s research, integration, and analysis related to Russian interference directly to the House. Following Rep. Thompson's proposal, EPIC seeks the same documents under the Freedom of Information Act.
DHS Investigation of the Russian Interference
The mission of DHS is mission to “safeguard the American people, our homeland, and our values,”, and has played a key role in the federal response to the Russian interference. On December 29, 2016, DHS and the Federal Bureau of Investigation published the first public report on the interference — the “Joint Analysis Report,” or JAR. The JAR highlighted and explained techniques used to perpetrate the interference and techniques used to enhance systems defense. Significantly, the JAR formally tied the attack to Russian intelligence services. While “[p]revious JARs have not attributed malicious cyber activity to specific countries or threat actors,” the report stated, this report immediately identified “Russian civilian and military intelligence Services (RIS)” as the actors who “compromise[d] and exploit[ed] networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.” On January 6, 2017, then DHS Secretary Jeh Johnson also announced the designation of election infrastructure as a subsector of the U.S. government’s critical infrastructure. Former DHS Secretary Johnson has since stated that he made the designation after “concerns about the possibility of a cyberattack around our national election grew” following the events of 2016
Since the publication of the JAR and the critical infrastructure designation, DHS’s has continued the Russian interference investigation. But the agency has not provided any significant, new information to the American public. On June 21, 2017, nearly eight months after election day, in an open hearing before the Senate Select Committee on Intelligence, NPPD’s Acting Deputy Under Secretary for Cybersecurity and Communications Jeanette Manfra confirmed for the first time that “election-related systems in 21 states were targeted” by Russian cyber actors during the 2016 election cycle. Nearly half of the United States were targets of Russian activities during the 2016 election cycle. Acting Deputy Under Secretary Manfra did not indicate which states were affected, and, when pressed, would not disclose the states from which data was exfiltrated.
Vice Chair Mark Warner (D-VA) questioned Ms. Manfra during the hearing about whether “at this moment in time there may be a number of state and local election officials that don’t know their states were targeted in 2016.” Senator Rubio (R-FL) urged, “[A]s much of [the systems data] must be made available to the public as possible,” and said to “err on the side of disclosure about our systems so people have full confidence when they go vote.”
Former DHS Secretary Johnson emphasized in written testimony to the House Select Committee on Intelligence on June, 21, 2017, that his “very troubling experience highlights cyber vulnerabilities in our political process, and in our election infrastructure itself. With the experience fresh in our minds and clear in our rear-view mirror, we must resolve to further strengthen our cybersecurity generally, and the cybersecurity around our political/election process specifically.”
On September 13, 2017, Acting Secretary of Homeland Security Elain Duke issued a Binding Operational Directive to Federal Executive Branch departments and agencies to stop using software made by the Russian cybersecurity firm Kaspersky Lab. In a statement DHS said “[t]he risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.
There is a profound and urgent public interest in the release of records in possession of the DHS sought by EPIC, through EPIC v. DHS, concerning the Russian interference with the 2016 Presidential Election. The release of these records is necessary for the public to evaluate DHS’s response to the Russian interference, assess future threats to American democratic institutions, and to ensure the accountability of the federal agency with the legal authority to safeguard the American people against foreign cyber-attacks. EPIC v. DHS is one of a suite of FOIA lawsuits EPIC is pursuing as a part of the EPIC Cybersecurity and Democracy Project. This project focuses on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. EPIC has filed three other Freedom of Information Act lawsuits concerning Russian interference in the 2016 Presidential Election: EPIC v. FBI seeks information about the FBI's response to the attacks, EPIC v. IRS EPIC v. IRS seeks public release of Donald J. Trump’s tax returns, and EPIC v. ODNI seeks release of the complete report on the Russian interference.
- March Production Letter (March 15, 2018)
- April Production Letter (April 16, 2018)
- May Production Letter (May 11, 2018)
- June Production Letter (June 15, 2018)
- July Production Letter (July 16, 2018)
- August Production Letter (August 15, 2018)
- ODNI: Production Letter (August 17, 2018)
U.S. District Court for the District of Columbia (No. 17-2047)
- EPIC: Democracy and Cybersecurity: Preserving Democratic Institutions
- EPIC: Open Government Project
- EPIC: EPIC v. FBI
- EPIC: EPIC v. ODNI
- EPIC: EPIC v. IRS
- Homeland Security and Gov't Affairs Comm. Democratic Staff, Memorandum Highlighting DHS Aid to States to Secure Elections Systems (2017)
- U.S. Department of Homeland Security & Federal Bureau of Investigation, GRIZZLY STEPPE - Russian Malicious Cyber Activity, Joint Analysis Report (2016)
- ODNI Assessing Russian Activities and Intentions in Recent US Elections, Assessment (2017)
- Tim Starks, The Checklist for DHS on Election Security, Politico (Dec. 12, 2017)
- Tal Kopan, Feds Have Eye On Cybersecurity Issues As Voters Go To Polls, CNN (Nov. 7, 2017)
- Maryam Saleh, The U.S. Election System Remains Deeply Vulnerable, But States Would Rather Celebrate Fake Success, The Intercept (Oct. 3, 2017)
- Morgan Chalafant, California: DHS gave 'bad information' on Russian hacking, Hill (Sept. 28, 2017)
- Callum Borchers, What We Know About the 21 States Targeted by Russian Hackers, Wash. Post (Sept. 23, 2017)
- Eric Geller, DHS bars government from using Russia-based Kaspersky software, Politico (Sept. 13, 2017)
- Matt Zapotosky and Karoun Demirjian, Homeland Security official: Russian government actors tried to hack election systems in 21 states, Wash. Post (June 21, 2017)
- Rebecca Shabad, Jeh Johnson says FBI delayed notification of DNC cyberattack, CBS News (June 21, 2017)