Privacy groups challenge proposal expanding access to terrorist watch list

The Homeland Security Department's plan to centralize and expand in-house access to the FBI's database of suspected terrorists has prompted a letter of protest from a coalition of Washington privacy organizations.

In public comments submitted Aug. 5, a coalition led by the Electronic Privacy Information Center challenged a proposed rule under which Homeland Security would duplicate an existing system of records to create the DHS Watchlist Service. It will contain individuals' names, dates and places of birth, biometric and photographic data, passport information, driver's license information and "other available identifying particulars."

Homeland Security during the past year has been reviewing the eight-year-old terrorist screening database used at airports and is preparing, as set out in the July 6 proposal, to widen employee access to a mirror copy of the records created by the FBI and Justice Department "in order to automate and simplify the current method for transmitting" the data to DHS component agencies including the Transportation Security Administration. TSA uses the terrorist watch list for the Secure Flight program, which allows it to instantly check passenger names that airlines were given by ticket purchasers against a consistent national watch list of suspected terrorists.

David Heyman, assistant Homeland Security secretary for policy, told the Senate Homeland Security and Governmental Affairs Committee in July that DHS had identified screening gaps during a review of the terrorism suspect database. Hence the department "has transitioned the Secure Flight program to use all terrorist watch list records containing a full name and a full date of birth and designates matches to those records as selectees subject to enhanced physical screening prior to boarding a flight," Heyman said.

Most notably, in the view of the privacy advocates, the proposed rule stated, "The department proposes to exempt portions of the system of records from one or more provisions of the Privacy Act because of criminal, civil and administrative enforcement requirements."

In their joint letter, the groups argued that the new system carried risks both to security and privacy and noted that the 1974 Privacy Act "requires DHS to notify subjects of government surveillance in addition to providing a meaningful opportunity to correct information that could negatively affect them."

The plan is problematic, the letter said, because "secretive government lists without any meaningful safeguards present a very real risk of 'mission creep,' in which a system is pressed into unintended or unauthorized uses. Under this proposal, the agency would have the right to maintain and rely upon information it does not know to be accurate, relevant, timely, or complete without recourse -- the right to subject citizens to arbitrary decisions."

The letter demanded that Homeland Security reconsider and narrow the proposal. "Rather than claiming blanket exemptions, the DHS could promulgate rules that would require notification only after an active investigation had been concluded, or with sensitive information, such as the identity of confidential informants, redacted prior to release," it stated. "Given the centrality of individual rights to notice, access and correction, DHS should withdraw its proposed exemptions and narrow the grounds on which it purports to avoid its obligations under the Privacy Act."

Groups joining with the Electronic Privacy Information Center include the American Library Association's Washington office, the Bill of Rights Defense Committee, the Center for Financial Privacy and Human Rights, the Center for Media and Democracy, Consumer Action, the Consumer Federation of America, the Cyber Privacy Project, the Electronic Frontier Foundation, the Liberty Coalition, OMBWatch,, Patient Privacy Rights, Privacy Activism, the Privacy Journal, Privacy Rights Clearinghouse and the Privacy Rights Now Coalition.

In response, Homeland Security spokesman Chris Ortman told Government Executive "the introduction of the Watchlist Service is a positive step for privacy." Under the previous system, checks against the terrorist screening database "were done via CD-ROM and involved multiple copies -- a process that was vulnerable to inefficiencies, delays and inaccurate information," he said.

The new system "streamlines the process throughout the department, and guarantees that DHS components have the most up-to-date information," Ortman said in an email, "improving speed and efficiency, reducing the possibility for misidentification and other errors, and in compliance with the Fair Information Practice Principles laid out in the Privacy Act." Gavin Baker, federal information policy analyst at OMBWatch, wrote Monday in a blog that "DHS' approach twists the purpose of the Privacy Act exemptions almost beyond recognition. Exemptions should be limited to the time when they're needed, and no longer. But the proposed exemptions would never expire, even if the subjects in the database aren't under active investigation. This isn't necessary to protect the integrity of investigations, and it invites abuses."

Baker noted that the proposal would allow Homeland Security "to waive the exemptions 'on a case-by-case basis.' While this may sound like a reasonable approach," he wrote, "it would radically undermine the right to know."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care


When you download a report, your information may be shared with the underwriters of that document.