Homeland Security defends privacy review of visitor tracking system
A Homeland Security Department official on Friday deflected an accusation that the department violated the law by failing to assess how a new immigration tracking system would impact personal privacy.
The department is not only complying with the law, but doing more than it is legally required to do, said DHS Chief Privacy Officer Nuala O'Connor Kelly.
On Thursday, Sen. Joseph Lieberman, D-Conn., sent Homeland Security Secretary Tom Ridge a letter saying the department violated the law by failing to complete a privacy impact assessment before developing and purchasing new technology for the U.S. Visitor and Immigrant Status Indicator Technology (US VISIT) project, which is slated to be up and running at 115 airports on Jan. 5.
"The E-Government Act of 2002 requires federal agencies to conduct and publish privacy impact assessments (PIAs) before developing or procuring information technology that will collect or store personal information electronically," wrote Lieberman, who is the ranking member of the Senate Governmental Affairs Committee. "It has come to my attention that in the past year the Department of Homeland Security has developed and procured new biometric technologies for the US VISIT system without having completed a PIA, as required by law."
Kelly said Lieberman misunderstood the current status of the program. She said Homeland Security is not developing or purchasing any new technology or equipment for the first phase of the VISIT project, which goes into effect Jan. 5. Instead, the department is using existing technology, some of which dates back to 1994.
"We didn't violate the law," she said.
O'Connor Kelly said a draft PIA is under review and will be approved and made public by the end of the year. She said she wants the PIA done before the first phase of the project begins, even though the department is not legally required to have it. She added that the PIA will be updated for the next phases of the project and as new technology and equipment is procured.
In his letter, Lieberman acknowledged that DHS has a draft PIA, but said it is his understanding that the department developed new biometric systems soon after it unveiled plans for VISIT last April, and new equipment for the system has been purchased and sent to airports around the country.
Lieberman urged DHS to complete the privacy assessment for VISIT as soon as possible, and comply with the privacy law in all future information technology projects. However, he stopped short of calling for a halt to the VISIT program.
"We are not calling for an end or abatement of the program," a committee spokeswoman said Friday. "It's an important security measure but there is also a law that needs to be complied with."
The new system will collect fingerprints and photographs from millions of visitors entering and exiting the United States every year. Such biometric identifiers will be used to verify visitors' identities and compare them to lists of suspected or known terrorists. DHS released a request for proposals last week to find a lead contractor for the program, which could be worth up to $10 billion.
Federal law requires an automated entry and exit system be implemented at airports and seaports by the end of this month. Additionally, the system must be implemented at the 50 most highly trafficked land ports of entry by December 2004, and all ports of entry by December 2005.
On Nov. 24, House Government Reform Committee Chairman Tom Davis, R-Va., asked Ridge and Secretary of State Colin Powell to provide information on the US VISIT project, specifically about coordination efforts and access to information compiled through the system.