DHS Removes CBP Privacy Officers Over ‘Illegal’ Orders Dispute
▼ Summary
– The US Department of Homeland Security reassigned multiple top Customs and Border Protection privacy officials after they objected to new orders to mislabel compliance records as legally privileged “drafts.”
– DHS leadership ordered this policy change to block the release of Privacy Threshold Analyses (PTAs) under the Freedom of Information Act, following the lawful disclosure of a PTA for a secretive facial recognition app called Mobile Fortify.
– The released PTA revealed that the Mobile Fortify app would capture faces and fingerprints without consent, inevitably include US citizens, and store all images for up to 15 years.
– A former government attorney and critics assert the secrecy policy is illegal, arguing there is no legal basis for categorically withholding these completed compliance forms.
– Internal DHS emails confirm the policy change, directly contradicting a DHS spokesperson’s public denial that such a policy exists.
The Department of Homeland Security has reassigned several senior privacy officials within Customs and Border Protection following internal disputes over new directives to restrict public access to key compliance documents. This move raises significant concerns about transparency and the legal handling of records related to surveillance technologies used at the border. Sources familiar with the matter indicate the officials were removed after objecting to orders they considered legally unsound, which instructed them to mislabel official privacy assessments to prevent their release under the Freedom of Information Act.
Since January, DHS leadership has transferred two of the top officials tasked with ensuring CBP’s technologies adhere to federal privacy statutes. These individuals include the agency’s principal privacy officer and one of its two privacy branch chiefs. Additionally, the director of CBP’s FOIA office was removed from his position last month. The sources providing this information requested anonymity due to fears of retaliation from the government.
The reassignments stem from a policy shift ordered by the DHS Privacy Office in December. That directive mandated that routine privacy compliance forms be treated as legally privileged documents. It further instructed staff to label finalized privacy assessments as “drafts,” a classification that would exempt them from disclosure under federal records law. This policy was reportedly enacted after a CBP FOIA officer lawfully released a redacted privacy assessment last fall, an action that drew sharp criticism from DHS political leadership.
The released document was a Privacy Threshold Analysis (PTA) for a previously undisclosed facial recognition application called Mobile Fortify. PTAs are standard questionnaires that outline how new government systems collect and use personal data. They also document whether privacy officers have approved a system or determined it requires a more thorough legal review. The Mobile Fortify PTA revealed that DHS acknowledged the app would capture faces and fingerprints without consent, would inevitably photograph U.S. citizens and lawful permanent residents, and would store every image for up to 15 years, regardless of whether a match was found.
By labeling such a completed and signed form a “draft,” the agency could attempt to withhold it using a FOIA exception meant for “advisory opinions” and “recommendations.” The privacy officials who were reassigned reportedly argued this tactic was legally incoherent, as a finalized compliance document cannot logically be considered both signed and a draft simultaneously.
Legal experts have condemned the policy. “This policy change is illegal,” stated Ginger Quintero-McCall, an attorney with the Free Information Group and a former supervisory information law attorney at FEMA. “There is nothing in the FOIA statute, or any other statute, that allows the agency to categorically withhold Privacy Threshold Analyses.” Quintero-McCall, who says she witnessed retaliation firsthand before leaving government service last year, added that she would not be surprised to learn employees were reassigned for objecting to an “illegal policy of secrecy.”
A DHS spokesperson denied the allegations, stating, “Any allegation that DHS adopted a policy making Privacy Threshold Analyses exempt from the Freedom of Information Act is FALSE.” However, internal agency communications contradict this denial. An email from the DHS Privacy Office on December 3 announced a “major change,” requiring all future PTAs to carry a disclaimer marking them as exempt from public release. The disclaimer asserts the documents are “draft,” “pre-decisional,” “deliberative,” and subject to privileges, warning that unauthorized disclosure could result in penalties.
Historically, CBP privacy officers did not have final sign-off authority for privacy reviews; that responsibility resided with a headquarters official reporting to the department’s chief privacy officer. The current chief privacy officer, Roman Jankowski, delegated that authority downward upon taking office, a shift reported earlier this year. This decentralization placed the reassigned officials in direct positions of accountability, ultimately leading to the conflict over the new secrecy rules.
(Source: Wired)
