CommunityEmpty Wheel

Did Chertoff EVER Use the DHS privacy review process?

Before we crown Michael Chertoff Attorney General, I recommend we pull him before some oversight committee and ask him if he ever used Department of Homeland Security’s Privacy Office to review planned domestic surveillance activities before they’re used to collect data on American citizens. CSM reports that DHS is suspending a massive data-mining program because it has already started using live data without ever putting the program through a privacy review.

From late 2004 until mid-2006, a little-known data-mining computersystem developed by the US Department of Homeland Security to huntterrorists, weapons of mass destruction, and biological weapons siftedthrough Americans’ personal data with little regard for federal privacylaws.

Now the $42 million cutting-edge system, designed to process trillions of pieces of data, has been halted and could be canceled pending data-privacy reviews, according to a newly released report to Congress by the DHS’s own internal watchdog.

[snip]

It failed to incorporate federal privacy laws into its system design.From its earliest days, the system’s pilot programs used "live data,including personally identifiable information, from multiple sources inattempts to identify potential terrorist activity," but without takingsteps required by federal law and DHS’s own internal guidelines to keepthat data from being misused, the DHS Office of Inspector General (OIG)said in a June report to Congress, which was made public Aug. 13.

[snip]

DHS’s delay in addressing data privacy appears to be due to confusion and miscommunication about privacy requirements by ADVISE program managers and DHS’s privacy office, amid the rush to get a system running, the OIG says.

Forexample, ADVISE program managers told OIG investigators they didn’trealize privacy assessments were required for a system still indevelopment. At that stage, the system was just a processing toolwithout data, they argued – a view agreed to by the DHS privacy office.

Indeed, the privacy office mentions the ADVISEsystem only once, in a footnote, in its mandatory report last summer toCongress on data-mining activities. Until the "ADVISE tool" had dataattached to it, it was not a data-mining program needing privacyreview, the office reported.

Unknown to the privacy office, the ADVISE pilot programs had been operational and using personal data for about 18 months before the privacy office made that report to Congress, the OIG found.

And in a letter to Michael Chertoff complaining that he hadn’t been informed of DHS’ plans to use military spy satellites to monitor the US, Congressman Bennie Thompson noted that Chertoff had never subjected the satellite plan to a privacy review.

Previous post

From The Department of Bad Ideas

Next post

Wilkes' Creditors Don't Get to See His Financial Statements, Either

emptywheel

emptywheel

30 Comments