Back in January, Immigration and Customs Enforcement announced that the agency had stopped using commercial telemetry data it purchases from private companies. The practice has been frequently criticized by civil rights groups, who argue that by purchasing phone location data from third parties, the government is effectively circumventing the Fourth Amendment and violating citizens' privacy. claims.
However, ICE said it has not received any new requests for use of commercial telemetry services after December 2022, although the agency has submitted a privacy impact assessment to the Department of Homeland Security's Privacy Office for review. These types of documents are supposed to be made public when a government agency introduces technology that could touch someone's personal information. Once that evaluation is complete, ICE will develop procedures focused on guiding the use of commercial telemetry services.
ICE did not respond to a series of questions posed by FedScoop regarding the PIA, CTD, and draft subcomponents.
The move comes as civil rights activists have repeatedly raised concerns about the use of commercial telemetry data. In this regard, Sens. Ron Wyden, D-Ore., and Rand Paul, R-Kentucky, have proposed the Fourth Amendment Not-for-Sale Act, which would, among other things, limit the government's use of this information. Introduced.
Adam Schwartz, director of privacy litigation at the Electronic Frontier Foundation, previously told FedScoop that the digital rights nonprofit's position is that “the Fourth Amendment does not protect government access to this type of data, considering: “It should be interpreted by the courts to prohibit the purchase of.” To obtain this data directly from an individual or their service provider, a warrant must be obtained. ”
Within DHS, alarm bells are ringing against the use of this data. Last September, the department's Office of Inspector General released a redacted report highlighting failures by subdivisions of the agency to comply with laws and regulations. We have complied with the privacy policy. Specifically, ICE was admonished for using this data without an approved privacy impact assessment. The OIG's Office identified nine contracts covering access to two different databases of this data during the 2019-2020 fiscal year.
ICE seems to have the following We sent mixed messages regarding our approach to telemetry data. The subcomponent initially rejected his OIG's recommendation to stop using this data until it had an approved PIA. At the time, DHS asserted that telemetry data “plays a critical role in ICE's investigative process” and can “fill knowledge gaps and generate investigative leads.” In response to the OIG's report, the agency said ICE is working to finalize the draft Geolocation Services PIA and is taking steps to alleviate privacy risk concerns.
Then, in January, ICE told FedScoop that it was following OIG recommendations and had stopped using telemetry data, but the agency did not provide an update on whether a PIA related to the technology had been approved. The nonprofit journalism outlet NOTUS reported in March that DHS planned to stop purchasing access to this data, citing three of his associates with knowledge of the matter.
ICE has said it is reviewing the PIA with the department's Office of Privacy and has a process focused on the use of this data pending a final decision, as well as a new request for telemetry data since December 2022. The fact that it states that it has not received the. Since 2021, no operational units have received approval to purchase data.
Julie Mao, co-founder and deputy director of Just Futures Law, said: “We are once again asking ourselves how much accountability and oversight DHS can actually provide to ICE, and whether ICE's words and actions can be trusted.'' I'm very concerned about whether we can do it.” A legal organization focused on immigrant rights. “Because not only are they saying they don't want to use CTD, they're also clearly acknowledging that they're going to move forward with using the same data.”
The status of other recommendations made in the OIG report also remains unclear. Customs and Border Protection, for example, was also directed to stop using phone location data until it obtained a privacy impact assessment. CBP told FedScoop that the telemetry data will no longer be needed after the contract expires in fiscal year 2023, following an evaluation of the technology that began with a small group of staff in 2018 under the oversight of the CBP Office of Privacy and Diversity. CBP Office of the Chief Counsel.
The agency also announced that it will terminate contracts for this technology after fiscal year 2023. The contract with the National Targeting Center for Field Operations expires in September, and CBP said it will incorporate the OIG's recommendations if it wants to reuse the data.
However, CBP did not respond to questions regarding the status of its privacy impact assessment regarding past uses of commercial telemetry data. The DHS subcomponent initially said the assessment was expected to be completed at the end of March. His DHS website does not appear to have his PIA on this data.
DHS headquarters did not respond to FedScoop's questions about the status of the agency's overall commercial telemetry data policy, but the agency previously said the policy was expected to be completed at the end of June. The agency told FedScoop that its privacy policy and compliance directives apply to personal information and that it is taking steps to implement recommendations from the OIG as it continues to address recommendations related to this data.
“The Department of Homeland Security (DHS) is committed to protecting individual privacy, civil rights, and civil liberties,” a department spokesperson told FedScoop. “The DHS Privacy Office works with components to embed and enforce privacy safeguards in his DHS systems, technologies, forms, and programs that collect personally identifiable information or that impact privacy.”