Privacy Report Held Hostage
- Department of Homeland Security Releases 2012 Privacy Report: The Department of Homeland Security released the 2012 Privacy Office Annual Report to Congress. The report describes a social media monitoring policy, and privacy training for fusion centers personnel. According to the report, the TSA has still failed to adopt privacy safeguards for whole body image devices. The report is silent on several new DHS-funded initiatives, including the Future Attribute Screening Technology, a Minority-Report like proposal for "pre-crime" detection. The report also notes the expansion of the National Counterterrorism Center's five-year retention policy for records on U.S. Persons that do not contain terrorism information. The Chief Privacy Officer of the DHS is required by law to ensure that new agency programs do not diminish privacy in the United States. For more information, see EPIC: Privacy Report Held Hostage. (Sep. 20, 2012)
- Senate Confirms Four Members of the Privacy Civil Liberties Oversight Board: The Senate voted late Thursday to confirm four nominees to the Privacy and Civil Liberties Oversight Board before its summer recess. The Board was created by Congress in 2004, at the recommendation of the 9/11 Commission, to advise the President and other senior executive branch officials and ensure that privacy and civil liberties are protected as laws, regulations, and executive branch policies are implemented. It was reconstituted as an independent agency in 2007, but since then Congress has failed to confirm all five members of the board. After yesterday's confirmations the Board can "do work," but it cannot hire staff until the Senate confirms its Chairman. For more information, see EPIC: Privacy Oversight and EPIC: The Sui Generis Privacy Agency. (Aug. 3, 2012)
- Congressional Committee Investigating Privacy Office at Homeland Security, Acknowledges Privacy Coalition Letter: House Homeland Security Committee Chairman Bennie Thompson has responded to the Privacy Coalition letter regarding the Chief Privacy Officer of the Department of Homeland Security. Chairman Thompson said that "the Committee is in the process of reviewing the programs outlined" in the letter, and thanked the Coalition for bringing the issues to the attention of the committee. He further stated that the Committee "will continue to examine the Department's programs and policies and vigorously address privacy concerns and issues." For more information, see EPIC DHS Privacy Office and Privacy Coalition. (Nov. 12, 2009)
- EPIC Reminds Homeland Security Agency to Publish Privacy Report: In a letter to the Chief Privacy Officer of the Department of Homeland Security, EPIC asked when the annual privacy report will be made available. The Department is required by law to provide an annual report "on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters." The last privacy report was published in July 2008. EPIC has previously sent similar letters to the Department, reminding the agency of its legal obligation to inform the public about its activities. For more information, see EPIC’s Privacy Report Held Hostage page. (Sep. 22, 2009)
- Homeland Security Agency Finally Releases Annual Privacy Report. The Department of Homeland Security has just published the 2007 Annual Privacy Report, several months after it was due. Under the Homeland Security Act of 2002, the Chief Privacy Officer must prepare "a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters." The first report (April 2003 to June 2004), was published in February 2005. The second report (July 2004 to July 2006) was published in December 2006. EPIC has urged the timely publication of the Annual Reports so that the Congress and the public can meaningfully evaluate the impact of the Department's programs on privacy. For more information, see EPIC's letter on the Homeland Security Privacy Report. (Feb. 4, 2008)
- EPIC Reminds Homeland Security Department to Publish Annual Privacy Report In a letter to the Chief Privacy Officer of the Department of Homeland Security, EPIC asked when the DHS privacy report will be made available. The Department is required by law to provide an annual report to Congress "on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters." The last report, which covered the period April 2003 to June 2004, was published in February 2005. The DHS Inspector General has routinely submitted semiannual reports to Congress on a timely basis. (Sept. 26, 2006)
EPIC is calling on the Chief Privacy Officer of the Department of Homeland Security to release its overdue annual report to Congress. Though an annual report is required by law, the Privacy Office has not issued one since February of last year, and that one covered events only up through June of 2004.
- assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information;
- assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974;
- evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;
- conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected; and
- preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters.
Despite the clear mandate from Congress, the Chief Privacy Officer has delivered only one annual report since its creation in April 2003. That report covered activities by the Department through June 2004 and it was released in February 2005. The 112-page report covers the first year of the Department's operation, including studies and evaluations the privacy office undertook as well as evaluations of the entire Department's compliance with the Privacy Act and other laws.
In September of 2005, Chief Privacy Officer Nuala O'Connor Kelly said she hoped the next annual privacy report would be released in the following quarter. At the same meeting she announced that she was leaving the office. Maureen Cooney became acting Chief Privacy Officer, and she left the government in July of 2006, without having delivered the annual report. Hugo Teufel, III, was appointed to be the next Chief Privacy Officer on July 21, 2006.
On September 26, 2006, EPIC sent a letter to Teufel asking when the overdue privacy report will be published. To date, EPIC has not received a response to its inquiry, and the Privacy Office has not published its report. Notably, the DHS Inspector General regularly has filed its reports with Congress.
EPIC has recently published an article discussing the DHS Chief Privacy Officer, the President's Civil Liberties and Privacy Oversight Board, and the Civil Liberties Protection Officer of the Office of the National Intelligence Director. The article makes specific recommendations for how each office might be more effective. In almost all instances, more transparency, regular reporting, frequent public consultation, and great independence are necessary. The article concludes that "in the absence of effective oversight within federal agencies for the new powers created after September 11," the effective checks and balances are likely to be the courts and the Congress. Since the DHS Chief Privacy Officer's power to require changes to DHS policies is unclear, his annual report to Congress is essential for meaningful oversight of the Department.
In the latest appropriations bill for DHS, Congress said that the only person allowed to alter or delay the annual report is the Chief Privacy Officer, but President Bush in his signing statement accompanying that bill said that he would interpret that provision to be consistent with the theory of the "unitary Executive Branch," effectively reserving for the President the power to direct changes to the report.
The constitutionality and force of Presidential signing statements are still a matter of debate, though, and the White House regularly issues the statements when signing bills. When the President signs bills that contain provisions directing or restricting actions of members of the Executive Branch, the President usually issues a signing statement saying that the provisions will be interpreted as consistent with the theory of the unitary Executive Branch so that the President retains control. These statements have not been tested in court, but Congress has grown increasingly concerned with the President offering his interpretation of legislation written by Congress. When Senator McCain's amendment outlawing cruel, inhuman, or degrading treatment of detainees was signed, the President issued a signing statement saying that he would construe the law as consistent with his power as Commander-in-Chief and his duty to protect the country. Some observers saw that statement as undermining the purpose of the bill. Senator Specter earlier this year introduced a bill that would have prevented courts from using the signing statements in statutory interpretation and would have allowed Congressmen to intervene in court cases in which the interpretation of a statute was an issue.
- DHS spokesman says the annual report should be made public in about a week. Bush Balks at Criteria for FEMA Director, The Washington Post, October 7, 2006.
- Bush asserts right to edit Homeland Security privacy reports. Associated Press, October 5, 2006.
- Homeland Security hires new privacy chief, CNet News.com, July 21, 2006.
- Department of Homland Security Annual Privacy Report (February 4, 2008)
- Letter from EPIC to Hugo Teufel, III, Chief Privacy Officer, Deparment of Homeland Security (September 26, 2006)
- Rotenberg, Marc, "The Sui Generis Privacy Agency: How the United States Institutionalized Privacy Oversight After 9-11" (September 28, 2006)
- Department of Homeland Security Privacy Office, Report to Congress: April 2003 - June 2004 (2005)
Department of Homeland Security Privacy Office Reports
- Privacy Matters: The DHS Privacy Office Quarterly Newsletter
- Freedom of Information Act Reports
- Report Assessing the Impact of the Automatic Selectee and No Fly Lists, April 27, 2006
- Report to the Public on Events Surrounding jetBlue Data Transfer, February 20, 2004
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
by Ryan Calo, A. Michael Froomkin,