Terrorist watch listDHS's new terrorist database rankles privacy groups

Published 15 August 2011

A new DHS plan to create its own version of the FBI’s terrorist watch list that is exempt from the Privacy Act has privacy groups concerned; under the proposed plan, DHS would create the Watchlist Service which would bring the FBI’s suspected terrorist list in-house and expand on it

DHS plans a Privacy Act-exempt watch list // Source: dariknews.bg

A new DHS plan to create its own version of the FBI’s terrorist watch list that is exempt from the Privacy Act has privacy groups concerned.

Under the proposed plan, DHS would create the Watchlist Service which would bring the FBI’s suspected terrorist list in-house and expand on it. The list would contain names, dates of birth, biometric data, photos, passport information, driver’s licenses, and other critical information. The goal, according to DHS’s 6 July proposal, is to increase employee access to the FBI and Justice Department’s list “in order to automate and simplify the current method for transmitting” the data to DHS component agencies including the Transportation Security Administration (TSA).”

TSA currently uses the watch list for its Secure Flight program, which is aimed at preventing suspected terrorists from boarding planes by allowing the agency to instantly check ticketed airline passengers’ names against the database.

Testifying before the Senate Homeland Security and Governmental Affairs Committee in July, David Heyman, the assistant Homeland Security secretary for policy, explained that DHS had identified screening gaps in its review of the suspected terrorist database.

To address these security gaps, DHS “has transitioned the Secure Flight program to use all terrorist watch list records containing a full name and a full date of birth and designates matches to those records as selectees subject to enhanced physical screening prior to boarding a flight,” he said.

What concerns privacy advocates though, is a particular provision in DHS’s proposal that states the department will “exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil and administrative enforcement requirements.”

The proposed provision has led privacy advocates like the Electronic Privacy Information Center, the American Library Association’s Washington office, the Bill of Rights Defense Committee, and the Center for Financial Privacy and Human Rights to issue a joint letter to DHS demanding that the department reconsider its proposal.

The groups’ main concern is that these exemptions would remove critical safe guards put in place to protect the rights of citizens. Their letter stated, “secretive government lists without any meaningful safeguards present a very real risk of ‘mission creep,’ in which a system is pressed into unintended or unauthorized uses. Under this proposal, the agency would have the right to maintain and rely upon information it does not know to be accurate, relevant, timely, or complete without recourse — the right to subject citizens to arbitrary decisions.”

The letter also noted that the 1974 Privacy Act “requires DHS to notify subjects of government surveillance in addition to providing a meaningful opportunity to correct information that could negatively affect them.”

To help protect privacy while also allowing DHS to perform its duty, the groups recommended narrower exemptions.

Rather than claiming blanket exemptions, the DHS could promulgate rules that would require notification only after an active investigation had been concluded, or with sensitive information, such as the identity of confidential informants, redacted prior to release,” the letter argued. “Given the centrality of individual rights to notice, access and correction, DHS should withdraw its proposed exemptions and narrow the grounds on which it purports to avoid its obligations under the Privacy Act.”

In response to the letter, Chris Ortman, a spokesman for DHS, said, “the introduction of the Watchlist Service is a positive step for privacy.”

In the past, checks against the terrorist screening database “were done via CD-ROM and involved multiple copies — a process that was vulnerable to inefficiencies, delays and inaccurate information,” he said.

Ortman went on to say that the new system “streamlines the process throughout the department, and guarantees that DHS components have the most up-to-date information, improving speed and efficiency, reducing the possibility for misidentification and other errors, and in compliance with the Fair Information Practice Principles laid out in the Privacy Act.”

 

In contrast, Gavin Baker, a federal information policy analyst at OMBWatch, argued in a blog post that “DHS’ approach twists the purpose of the Privacy Act exemptions almost beyond recognition. Exemptions should be limited to the time when they’re needed, and no longer. But the proposed exemptions would never expire, even if the subjects in the database aren’t under active investigation. This isn’t necessary to protect the integrity of investigations, and it invites abuses.”

Baker went on to say that the proposal would allow DHS to “to waive the exemptions ‘on a case-by-case basis.’”

“While this may sound like a reasonable approach, it would radically undermine the right to know,” he wrote.