DHS Report to Congress Details Privacy Measures in Social Media, Drone, Video Game Initiatives
The Department of Homeland Security outlined the ways in which it says it maintained the privacy of individuals in the course of its investigations and research between Sept. 1 and Nov. 30 of last year. The details came in a report to Congress dated March 31 but made public Monday (http://1.usa.gov/Zi4le4). The quarterly report is required under Section 803 of the 9/11 Commission Act and was sent to the chairmen, vice chairmen and ranking members of the Senate committees on Homeland Security, Judiciary and Intelligence and the House committees on Homeland Security, Oversight, Judiciary and Intelligence.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
DHS received a total of 610 privacy complaints in the three months covered by the report, the department wrote. Of those complaints, five were related to “issues concerning process and procedure, such as consent, or appropriate notice at the time of collection,” one was related to “issues concerning appropriate access and/or correction of PII [personally identifiable information], and appropriate redress of such issues,” and 604 were concerning “issues related to general privacy concerns, and concerns not related to transparency or redress."
In a report dated April 1 and also made public Monday, DHS outlined how it uses information that is publicly available via social media channels in its Publicly Available Social Media Monitoring and Situational Awareness Initiative (http://1.usa.gov/14Zs9M7). The initiative “identifies and monitors only information needed to provide situational awareness and establish a common operating picture” and uses only “publicly available search engines, content aggregators, and site-specific search tools to find items of potential interest to DHS,” the report said. The report outlines mitigating measures DHS has taken to protect privacy in the collection of this publicly available information, including the creation of an “automated logging mechanism to account for searches conducted to identify relevant reports,” which “provides further assurance that” the initiative “is not creating profiles of individuals or searching its reports using PII."
The 13 programs that underwent privacy impact assessments included the Gaming System Monitoring and Analysis Project, which analyzes data extracted from used gaming consoles. The Naval Postgraduate School, which is doing the research, “restricts its purchasing of used gaming consoles to systems that have been sold or disposed of by their previous owners outside the United States,” making it less likely that data related to individuals in the U.S. is included. Additionally, “NPS researchers and NPS contractors protect the information using access control technologies and generally do not attempt to identify any individuals whose information may reside inside the data carrying devices,” the report said.
The Small Unmanned Aircraft Systems (SUAS) project led by DHS’s Science and Technology Directorate also underwent a privacy impact assessment, according to the report. The vehicles collect images, which are stored “under password protection,” and the project “immediately deletes any images that unintentionally captured private citizens or property during the course of the testing,” the report said. To address the privacy concerns that will evolve with the changing technology, DHS has created a working group for the SUAS project, the report said; the working group will document privacy risks, policies and best practices as well as develop a white paper addressing “further privacy analysis and recommendations that can be used as best practices or foundational principles for other federal, state, and local government users, as well as non-government users."
The Transportation Security Administration’s Performance and Results Information System underwent an assessment as it “maintains [personally identifiable information] on individuals, including witnesses involved in security incidents or regulatory enforcement activities” and “creates and maintains a list of individuals who, based upon their involvement in security incidents of sufficient severity or frequency, are disqualified from receiving expedited screening.”