You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

EPIC v. DHS (Media Monitoring Services)

EPIC v. DHS, No. 18-1268 (D.D.C. filed May 30, 2018), was a lawsuit to obtain records about—and to block the development of—a Department of Homeland Security system designed to monitor journalists. In April of 2018, the DHS began seeking a contractor to develop "Media Monitoring Services" (MMS), a suite of digital tools that would have continuously tracked and analyzed media coverage and stored large volumes of personally identifiable information about journalists, bloggers, and social media users. The system would have collected and retained personal data such "locations, contact information, employer affiliations, and past coverage."

The DHS's proposed media monitoring tools posed significant risks to privacy and threatened to chill the exercise of press freedoms. Within days of the agency's announcement, EPIC filed a Freedom of Information Act request seeking the Privacy Impact Assessment that the DHS was required by law to produce before developing any monitoring tools. When the agency failed to process EPIC's request, EPIC filed suit on May 30, 2018. In response to EPIC's lawsuit, the DHS admitted that it had not, in fact, conducted a Privacy Impact Assessment. The DHS also disclosed records to EPIC showing that the agency bypassed its own privacy officials and ignored the privacy and First Amendment threats posed by the Media Monitoring Services program.

On July 11, 2019, the DHS acknowledged that it had suspended the Media Monitoring Services program as a result of EPIC's case. As part of a settlement with EPIC, the agency also agreed to complete required Privacy Impact Assessments before collecting personal data in the future.

Top News

  • EPIC, Coalition Urge DHS to End Broad, Unwarranted Surveillance Programs: In a letter to the Secretary of Homeland Security, EPIC and a Coalition of privacy, civil rights, and civil liberties organizations demanded the Department of Homeland Security (DHS) end some of the agency’s more pervasive surveillance programs. The coalition called for DHS to end its practice of purchasing sensitive data (e.g. cellphone location and utility information) from third-party vendors and cease the collection of social media identifiers. The coalition also urged DHS to implement a moratorium on the use of face recognition for immigration enforcement. In previous comments to DHS, EPIC opposed DHS collecting social media identifiers and called for DHS to suspend the use of facial recognition. (Sep. 16, 2021)
  • Biden Administration Abandons DHS Plans to Expand Biometric Collection: According to a news report, the Biden Administration plans to rescind a proposed rule to massively expand the collection of biometric information from immigrants. The rule, proposed towards the end of the Trump Administration, would have granted the Department of Homeland Security broad authority to collect biometric data from immigrants and their families and associates. The rule would have enabled the collecting of palm prints, iris images, voiceprints, DNA, and images for facial recognition regardless of age. In comments to the Department of Homeland Security, EPIC opposed the rule and urged the agency to rescind the proposed rule. EPIC argued that DHS']s broad authorization to collect biometrics was incompatible with the Department's Fair Information Practice Principle. EPIC also specifically called on the agency to suspend the use of facial recognition technology. Last year, EPIC, joined by over 40 organizations called for the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government. (May. 11, 2021)
    • More top news »
  • Government Ends the Use of Data from Unaccompanied Children for Deportation » (Mar. 12, 2021)
    In a joint statement by the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), the agencies terminated a 2018 agreement that previously formalized the practice of using information obtained from unaccompanied migrant children to deport relatives and other potential sponsors. EPIC previously urged HHS to abandon the practice of sending this data to DHS when the agency proposed a rule in 2018 to formalize the policy. EPIC argued the proposed rule conflicted with a Privacy Impact Assessment and undermine the welfare of unaccompanied children. EPIC also joined over 100 other groups to call for an end of the practice, stating that DHS has "taken a process designed to protect children and made it into a tool that uses them to find and deport their families." EPIC has previously warned Congress about the misuse of immigrant data by DHS.
  • EPIC Scrutinizes DHS "Insider Threat" Database » (Apr. 9, 2020)
    In detailed comments, EPIC criticized the DHS's proposed "Insider Threat" database that would give the agency vast amounts of personal data. EPIC urged DHS to limit the scope of data collection and to drop proposed Privacy Act exemptions that would diminish the agency's responsibilities for the data gathered. Citing the surge in data breaches, EPIC warned that DHS data practices pose a risk to federal employees. EPIC previously recommended privacy protections in background checks and warned against inaccurate, insecure, and overbroad government databases.
  • House Votes to Ban Foreign-made Drones at DHS » (Feb. 11, 2020)
    The House passed H.R. 4357, which bans the use or purchase of foreign-made drones by the Department of Homeland Security. Last month, the Interior Department banned the use of foreign-made drones for non-emergency operations. The US government actions respond to growing concern that Chinese-made drones collect sensitive information in the United States. In 2012, EPIC and more than 100 experts petitioned the FAA to establish a rule to limit drones surveillance, but the agency failed to act. In recent comments to the FAA, EPIC warned the agency that regulating drone surveillance was essential to privacy and security. Last year, EPIC's Marc Rotenberg and Len Kennedy cited the FAA's failure to develop appropriate regulations in a commentary for the New York Times, and also warned that China's surveillance model requires "comprehensive privacy legislation to safeguard the personal data of Americans."
  • EPIC to Congress: FOIA Critical to Homeland Security Oversight » (Oct. 18, 2019)
    EPIC has told a House committee that the Freedom of Information Act is critical to keep the Department of Homeland Security accountable. The House Homeland Security Committee held a hearing this week on "The Public’s Right to Know: FOIA at the Department of Homeland Security.” EPIC has brought many FOIA cases against the DHS, including those concerning backscatter x-ray devices in airports, a DHS program to track journalists, and the CBP biometric entry-exit system. In 2011, EPIC urged Congress to end the agency’s political review of FOIA requests. In 2012, EPIC led an effort to reform the DHS treatment of fee wavers. And in 2016, the DHS revised FOIA regulations, reflecting several of EPIC’s recommendations. In comments this week, EPIC observed that DHS’s FOIA processing does not compare favorably with other federal agencies. EPIC recommended that DHS improve the processing of FOIA requests and respond to appeal authorities. EPIC wrote that continued oversight of the DHS is critical. "No federal agency has greater budget authority to develop systems of surveillance directed towards U.S. residents,” EPIC said.
  • Congress to Consider Moratorium on Facial Recognition » (Aug. 22, 2019)
    POLITICO reports that House leaders will consider a moratorium on funding facial recognition following a House Oversight Committee hearing on DHS facial recognition programs. Prior to the hearing, EPIC briefed members of the House committee about the entry-exit program at US airports. Air travelers have reported that it is difficult to opt-out and the agency has still not conducted a required rulemaking. Last month, EPIC led a coalition of over 35 organizations urging Congress to halt the use of face recognition on the general public. In a statement in April to the House Appropriations Committee, EPIC recommended that Congress halt the funding for the facial recognition program at TSA, also within the DHS. After a Buzzfeed story featured documents obtained by EPIC about plans to expand facial recognition at airports, Senators Ed Markey (D-MA) and Mike Lee (R-UT) called for the suspension of the program.
  • Facing EPIC Lawsuit, DHS Suspends Media Monitoring Program » (Jul. 11, 2019)
    As the result of an EPIC lawsuit, the Department of Homeland Security has suspended a controversial effort to track journalists, news outlets, and social media accounts. The "Media Monitoring Services" platform would have included an "unlimited" database of personal information from journalists and media influencers, including location data, contact information, employer affiliations, and past content. EPIC filed suit last year to block the program, arguing that the DHS had failed to complete required Privacy Impact Assessments. In a settlement with EPIC, the agency acknowledged that it was not using the proposed system and agreed to complete required Privacy Impact Assessments before collecting personal data in the future. EPIC also obtained records showing that the DHS ignored the harms that media monitoring would have caused to privacy and press freedoms.
  • EPIC, Coalition Call for Suspension of Face Recognition by DHS » (Jul. 9, 2019)
    EPIC and over 35 organizations have urged Congress to halt the use of face recognition technology on the general public. The letter states that face recognition technology poses serious risks to privacy and civil liberties, threatens immigrants, broadly impacts American citizens, and has been implemented without proper safeguards or explicit Congressional approval. At a hearing this week, the House Homeland Security Committee will examinee face recognition technology. Documents previously obtained by EPIC under the FOIA, and featured at Buzzfeed, revealed flaws in facial recognition at airports. Bias is also a significant problem with the identification technique. EPIC highlighted these problems in comments to the agency and previously recommended a suspension of facial recognition at US airports.
  • EPIC Recommends Border Agency Adopt Universal Guidelines for Artificial Intelligence » (Apr. 11, 2019)
    In comments to Customs and Border Protection, EPIC recommended the adoption of the Universal Guidelines for Artificial Intelligence for a new boded controls system, the "21st Century Customs Framework." EPIC , stressed the need for transparency, accountability, and fairness in automated decisionmaking. EPIC explained “Although CBP claims that risk scores are only used on cargo,” the "impact falls on individuals.” EPIC previously submitted comments to the agency regarding the Automated Targeting System and the Intelligence Records System. Through FOIA, EPIC has also obtained information on the agency’s data systems, including the Analytical Framework for Intelligence, which assigns “risk assessments” to travelers, including U.S. citizens.
  • EPIC Investigates the Transfer of Personal Data from DHS to Census Bureau » (Mar. 8, 2019)
    EPIC has submitted urgent Freedom of Information Act requests to the Department of Homeland Security (USCIS and the Office of Immigration Statistics) and the Census Bureau for records about the planned transfer of personal data from DHS to the Census Bureau. After a federal judge in California ruled that adding a citizenship question to the 2020 Census was unconstitutional, the AP reported that DHS would disclose to the Census Bureau personal data, including names, addresses, birth dates, Social Security numbers, and alien registration numbers. The Census Bureau confirmed that the agency was preparing an agreement with DHS to “receive administrative records.” In EPIC v. Commerce, EPIC alleges that the Bureau failed to conduct and publish required privacy impact assessments before making an uninformed decision to collect citizenship data. EPIC is seeking an injunction from the D.C. Circuit, which will hear arguments in the case in May. EPIC's appeal is EPIC v. Commerce, No. 19-5031 (D.C. Cir.).
  • DHS Privacy Advisory Committee Finalizes Facial Recognition Report » (Mar. 6, 2019)
    The DHS Privacy Advisory Committee issued final recommendations on facial recognition use at the border. The report examined transparency, data minimization, data quality and integrity, and accountability and auditing. The report said entrants to the U.S. need notice of their rights and how to exercise those rights. The final recommendations differed only slightly from the draft recommendations. In response to EPIC's comments, the final report included recommendations for increased reporting and research of facial recognition accuracy. However, the DHS report failed to address the lack of legal authorization for the facial recognition program or establish that the program is necessary for national security.
  • EPIC Makes Final Arguments for Injunction Blocking Citizenship Question » (Feb. 6, 2019)
    EPIC has filed a reply brief in EPIC v. Commerce urging a federal court to block the Census Bureau from adding a citizenship question to the 2020 Census. EPIC alleges that the Census Bureau failed to complete privacy impact assessments, required by law, before it abruptly added the citizenship question last year. Secretary Ross has already suggested that the census data would be used for law enforcement purposes. "Congress expected that the Bureau would conduct a comprehensive privacy review early in the process, not as the census forms were heading to the printer or delivered to the post office," EPIC told the court. A federal court in New York recently blocked the citizenship question, but the Census Bureau has appealed that decision. EPIC filed an amicus brief in the New York case and has long advocated for robust protections for census data. EPIC has also filed numerous successful lawsuits to require privacy impact assessments, including EPIC's lawsuit that led a now-defunct Presidential Commission to delete state voter data it unlawfully obtained.
  • EPIC to DHS Privacy Advisory Committee: End Facial Recognition » (Dec. 6, 2018)
    In response to a public notice by the Data Privacy and Integrity Advisory Committee, EPIC submitted comments urging the CBP to halt implementation of the biometric border program. EPIC stressed the need for federal regulation to safeguard privacy and prevent the misuse of facial recognition technology. EPIC called for a public rulemaking for the federal entry/exit program. EPIC also criticized the Committee's draft recommendations for facial recognition. EPIC said that the transfer of personal data from the State Department to the CBP was unlawful and that the opt-opt procedures were ignored in practice. Documents EPIC previously obtained in a FOIA lawsuit against CBP revealed that facial scanning did not perform operational matching at a "satisfactory" level.
  • Contrary to DHS Policy and Prior Statements, ICE Seeks NC State Voter Data » (Sep. 6, 2018)
    Immigration and Customs Enforcement has demanded that North Carolina provide over 18 million voter records from the past eight years. The subpoena is outside the Department of Homeland Security authority and goes against testimony by DHS Secretary Kirstjen Nielsen, who told Congress this year that DHS’s role is limited to voluntary requests for assistance from the states. Nielsen also wrote, in records obtained through an EPIC FOIA request, that associating the DHS with voter data collection “could disrupt critical efforts” to work with state officials on election cybersecurity. EPIC has long fought to ensure voter privacy and recently forced the defunct Presidential Election Commission to delete millions of state voter records unlawfully obtained.
  • EPIC Urges DHS To Abandon Privacy Act Exemptions for New Biometric Database » (Aug. 31, 2018)
    In comments to the Department of Homeland Security, EPIC urged the agency to withdraw proposed Privacy Act exemptions that would reduce privacy safeguards in the federal government. The Immigration Biometric and Background Check database will contain personal data on U.S. and non-U.S. citizens. DHS has proposed to exempt the database from several Privacy Act protections, including ensuring that records are accurate, timely, and complete. DHS also claims numerous “routine uses” that allow the agency to disseminate the data to law enforcement and intelligence agencies. EPIC has urged strict compliance with Privacy Act obligations and warned that inaccurate, insecure, and overbroad government databases threaten both privacy and national security.
  • EPIC Pursues Privacy Impact Assessments for Proposed DHS Biometric Database » (Jun. 18, 2018)
    EPIC has submitted an urgent Freedom of Information Act request to the Department of Homeland Security seeking the Privacy Impact Assessment for the "Homeland Advanced Recognition Technology," a proposed system that will integrate biometric identifiers across the federal government. HART would replace IDENT, which now contains biometric records on over 220 million unique individuals. In 2015 a breach at the Office of Personnel Management compromised 22 m records, including 5 m digitized fingerprints. It appears that Homeland Security failed to complete the Privacy Assessment prior to launching HART. By law, a federal agency is required to conduct a Privacy Impact Assessment before procuring information technology that stores personally identifiable information. In EPIC v. Presidential Election Commission, EPIC challenged the failure of the Commission to undertake a Privacy Impact Assessment prior to the collection of state voter data. The Commission was shuttered earlier this year.
  • EPIC Sues to Obtain Privacy Impact Assessment for DHS Journalist Database » (May. 31, 2018)
    EPIC has filed a Freedom of Information Act lawsuit to obtain a Privacy Impact Assessment for "Media Monitoring Services," a controversial new database proposed by the Department of Homeland Security. In April, the DHS announced a system to track journalists and "media influencers" and to monitor hundreds of thousands of news outlets and social media accounts. Although the system is designed to monitor journalists, the federal agency failed to conduct a Privacy Impact Assessment as required by law. EPIC submitted a request for Assessment but the agency did not respond. EPIC has successfully obtained several Privacy Impact Assessments, including a related media tracking system (EPIC v. DHS) and for facial recognition technology (EPIC v. FBI). In EPIC v. Presidential Election Commission, EPIC challenged the Commission's failure to publish a Privacy Impact Assessment prior to collection of state voter data.
  • Senators Urge DHS to Address Concerns Over Facial Recognition at Airports; Conduct Public Rule-Making » (May. 11, 2018)
    In a letter to DHS Secretary Kirstjen Nielson, Senators Edward Markey (D-MA) and Mike Lee (R-UT) urged the agency to promptly conduct a public rulemaking on the agency's biometric exit program prior to any expansion of the program. The program, currently implemented in nine U.S. airports, requires travelers on departing international flights to submit to facial recognition identification. The Senators requested that DHS determine the accuracy of the technique and the procedures for collecting passenger data. EPIC is currently pursuing documents about the biometric exit program, but documents EPIC obtained about a related program that tested iris and facial recognition scanning at the border revealed that the technology did not perform operational matching at a "satisfactory" level. An earlier EPIC lawsuit against the DHS led to the removal of backscatter x-ray devices — "body scanners" — at US airports.
  • EPIC Pursues Privacy Impact Assessments for DHS Database of Journalists » (Apr. 13, 2018)
    EPIC has submitted a Freedom of Information Act request to the Department of Homeland Security seeking Privacy Impact Assessments and other records related to the solicitation for "media monitoring services." The DHS posted a solicitation to compile a database of journalists and "media influencers," including bloggers and social media influencers. The DHS is seeking to identify journalists based on their beat, publication, contact information, and articles published. Agency officials plan to search lists and analyze news coverage. By law, a federal agency is required to conduct a Privacy Impact Assessment before procuring information technology that contains personally identifiable information. In a prior FOIA lawsuit, EPIC obtained Privacy Impact Assessments from the FBI that were not publicly available. And in EPIC v. Presidential Election Commission, EPIC challenged the failure of the Commission to undertake a Privacy Impact Assessment prior to the collection of state voter data. The Commission was shuttered earlier this year.
  • EPIC FOIA: EPIC Sues DHS for Drone Reports » (Mar. 9, 2018)
    EPIC has filed a Freedom of Information Act lawsuit against the Department of Homeland Security to obtain the public release of information about the use of drones for domestic surveillance. EPIC cited a Presidential Memorandum that required all federal agencies to prepare public reports on drone deployment. EPIC's lawsuit charges that the DHS has failed to make these reports public. In a previous lawsuit against the DHS, EPIC obtained records which revealed that DHS drones had the capability to intercept electronic communications and identity humans at a distance. EPIC has also brought a lawsuit against the FAA to establish drone privacy regulations in the United States.
  • EPIC Presses Department of Defense on Privacy of Cyber Threat Information » (Feb. 27, 2018)
    In a statement to Congress in advance of a hearing on the Department of Defense's cyber operations, EPIC urged lawmakers to consider the privacy impact of cyber policies. The Cybersecurity Information Sharing Act of 2015 allowed the federal government to obtain cyber threat information from the private sector—much of which concerns the activities of individual Internet users—without privacy safeguards. EPIC urged Congress to ask Michael Rogers, the Commander of U.S. Cyber Command, about the steps the Defense Department will take to reduce privacy risks. EPIC previously sued the federal government for information regarding a Department of Homeland Security program that allowed the NSA to monitor the Internet traffic of defense contractors.
  • BREAKING: Facing EPIC Lawsuit, Presidential Election Commission Disbands » (Jan. 3, 2018)
    The Presidential Election Commission, which unlawfully sought to collect state voter data on hundreds of millions of Americans, was disbanded Wednesday by President Trump. The Commission had faced an ongoing lawsuit by EPIC over its failure to conduct and publish a Privacy Impact Assessment before collecting personal data, as required by law. EPIC’s lawsuit led the Commission to suspend the collection of voter data last year, discontinue the use of an unsafe computer server, and delete voter information that was unlawfully obtained. Many states and over 150 members of Congress opposed the Commission’s efforts to collect state voter data. In a statement, the President said that he had asked the Department of Homeland Security “to determine next courses of action.” EPIC has a pending Freedom of Information Act request to the DHS for records concerning the federal government’s collection of personal data on voters. EPIC’s case against the Commission, which remains open, is EPIC v. Commission, No. 17-1320 (D.D.C.) & 17-5171 (D.C. Cir.).
  • Nominee for DHS Secretary Favors Less Wall, More Surveillance Tech at Border » (Nov. 9, 2017)
    Today Congress considered the nomination of Kirstjen M. Nielsen as Secretary at the Department of Homeland Security. Ms. Nielsen opposes a border wall but suggested an expansion of border surveillance. "Technology, as you know, plays a key part, and we can't forget it," she said. EPIC is pursuing a FOIA request regarding the use of DHS drones for border surveillance. Earlier EPIC cases - including EPIC v. DHS which led to the removal of x-ray body scanners in US airports - revealed that technologies for border surveillance invariably impact the privacy rights of Americans. Ms. Nielsen views on the use of DACA applicant data for enforcement remains unclear. EPIC recently warned that 800,000 DACA applicants face privacy risks as a result of the decision to end the Deferred Action for Childhood Arrivals.
  • EPIC Opposes DHS Plan for Social Media Surveillance » (Oct. 19, 2017)
    In comments to the Department of Homeland Security, EPIC opposed a plan to add social media information to the official files of all immigrants. EPIC said the DHS proposal threatens First Amendment rights, risked abuse, and would disproportionately impact minority groups. A coalition of organizations also submitted comments to express concern about the proposal. EPIC previously opposed a Customs and Border Protection proposal to collect social media identifiers from visa applicants. In a FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government. EPIC is currently pursuing a FOIA request about a revised DHS plan to require disclosure of social media passwords before allowing entry into the country.
  • EPIC Sues Department of Homeland Security for Release of Russian Interference Records » (Oct. 4, 2017)
    EPIC has filed a Freedom of Information Act lawsuit against the Department of Homeland Security to obtain records related to Russian interference in the 2016 U.S. Presidential Election. Earlier this year, the DHS has designated state election systems as critical infrastructure and published a Joint Analysis Report acknowledging Russian interference with U.S. election systems. However, DHS has not provided any significant new information to the American public about the extent of the Russian interference. EPIC now seeks disclosure of the agency's "research, integration, analysis" related to the scope of Russian interference. EPIC's FOIA lawsuit follows H.Res. 235, a bill sponsored by Rep. Thompson (D-MS) that would have directed the DHS to provide this information to Congress, but was blocked by the House Homeland Security Committee. EPIC has filed several FOIA lawsuits to determine the scope of Russian interference. The cases include: EPIC v. FBI (Russian Hacking), EPIC v. ODNI (Russian Hacking), and EPIC v. IRS (Donald Trump's Tax Records).
  • EPIC Raises Questions About FBI Surveillance Programs » (Jul. 14, 2017)
    In a statement to Congress, EPIC told members of the Senate Judiciary Committee to press the nominee for FBI Director, Christopher Wray, on his views of FBI databases and domestic surveillance programs. EPIC again expressed concern about the size and scope of the FBI's Next Generation Identification system which stores personal and biometric information on millions of individuals. EPIC also expressed concern over the FBI's failure to issue timely privacy impact assessments, lack of transparency on drone use, and plans to monitor social media. EPIC urged the Committee to obtain the nominee's views on these matters and to ensure his commitment to protect privacy and ensure transparency at the FBI.
  • EPIC Urges DHS To Abandon Privacy Act Exemptions for ICE Database » (Jun. 8, 2017)
    In comments to the Department of Homeland Security, EPIC urged the agency to withdraw proposed Privacy Act exemptions. The FALCON database contains detailed personal information on ICE and CBP employees, and individuals associated with ICE investigations including victims and witnesses. For this government database, DHS has proposed to exempt itself from several Privacy Act protections including ensuring that the records are accurate, timely, and complete. EPIC has consistently warned against inaccurate, insecure, and overbroad government databases. The FBI recently postponed an "Insider Threat" database that also lacked adequate Privacy Act safeguards.
  • EPIC, Coalition Urge DHS Secretary to Reject Social Media Password Requirement » (Apr. 18, 2017)
    EPIC has joined the Fly Don't Spy! campaign to urge DHS Secretary Kelly to reject plans to require to hand over passwords to the federal government. Such a requirement would undermine privacy and human rights, chill freedom of speech and association, and create greater security risks for travelers. Earlier this year, Secretary Kelly testified before Congress about collecting social media passwords. In response, EPIC immediately filed a Freedom of Information Act request regarding all DHS plans to use individuals' internet and social media information to vet potential entrants to the U.S.
  • EPIC Recommends Scrutiny of DEA Surveillance Programs » (Apr. 4, 2017)
    In a letter to the House Judiciary Committee for an oversight hearing, EPIC highlighted civil liberties problems with DEA programs. In 2014, EPIC sued the DEA for information about the agency's Hemisphere program, a massive telephone record database. More recently, EPIC prevailed in a FOIA lawsuit that revealed the DEA's failure to conduct privacy assessments required by law, for the agency's license plate scanning program. In the letter EPIC urged the Committee to investigate the Hemisphere program and determine whether the agency will complete privacy impact statements for agency programs as required by law.
  • Following Congress, EPIC Seeks Public Release of DHS Records on Russian Interference » (Mar. 31, 2017)
    EPIC has submitted an urgent Freedom of Information Act request for DHS's review of the Russian Interference with the presidential election. The EPIC FOIA request follows House Resolution 235, sponsored by Rep. Bennie Thompson (D-MS), which would direct the Secretary of Homeland Security to transmit DHS's documents related to Russian interference to the House of Representative. EPIC is now pursuing public release of the same records, and has notified Chairman Jason Chaffetz (R-UT) and Ranking Member Cummings (D-MD), of the House Oversight Committee of the pending FOIA request. Earlier this week, EPIC argued "the public has the right to know" about the extent of Russian interference with the 2016 election.
  • EPIC Submits FOIA Request Seeking Documents on Airline Electronics Ban » (Mar. 22, 2017)
    EPIC has submitted a Freedom of Information Act request to the TSA seeking information on the recently announced ban on electronics on flights bound for the United States. The ban applies to ten airports in eight majority Muslim countries. EPIC is seeking documents related to the reasons for implementing the ban as well as documentation on TSA policies and procedures for searching electronics in checked luggage. EPIC regularly submits FOIA requests to government agencies and is also seeking information on eye scans conducted at US airports on US travelers. In EPIC v. DHS, EPIC is challenging the TSA's efforts to mandate airport body scanners.
  • EPIC Publishes 2017 FOIA Gallery » (Mar. 10, 2017)
    In celebration of Sunshine Week, a national recognition of public access to information, EPIC has unveiled the 2017 FOIA Gallery. Since 2001, EPIC has released annual highlights of EPIC's most significant open government cases. In 2016, EPIC obtained records detailing a Customs and Border Protection data mining program used to build "risk" profiles on travelers, unveiled two years' worth of statistical data showing the FBI's growing biometric identification program, and revealed the DEA's failure to conduct legally mandated privacy assessments in EPIC v. DEA. In the latest FOIA Gallery, EPIC also highlights two new FOIA lawsuits to uncover details of the Russian interference in the 2016 election case concerning electronic surveillance report, and the launch of EPIC's new course teaching the basics of the federal FOIA.
  • DOJ Report on FOIA Compliance: EPIC #2 in 2016 for Fee Awards » (Mar. 9, 2017)
    The Justice Department's Office of Information Policy has released the 2016 Freedom of Information Act Litigation and Compliance Report. The report describes the DOJ's efforts in 2016 to ensure compliance with the open government law across the federal government, from issuing policy guidance to holding FOIA trainings. The agency also issued a list of FOIA cases where a court decision was rendered in 2016 and the amount of fees awarded by the court. EPIC tied for second (with the ACLU), behind the Public Employees for Environmental Responsibility, as the most successful FOIA litigator in the country, receiving court-ordered fee awards in three cases in 2016. In 2017, EPIC has already prevailed in a FOIA case against the FBI for public release of the agency's privacy assessments. Fees are anticipated in that case. For more information about EPIC's open government work, visit: https://epic.org/open_gov/.
  • EPIC FOIA: EPIC Seeks Information about Airport Eye Scans of U.S. Travelers » (Mar. 2, 2017)
    EPIC has filed an urgent FOIA request with U.S. Customs and Border Protection for details of eye scans conducted on U.S. citizens traveling internationally. The CBP has long been testing biometric identification of travelers, including U.S. citizens, and a recent report indicates U.S. citizens were subject to eye scans before traveling abroad. EPIC seeks public disclosure of the details of CBP policies for scanning U.S. citizen irises and retinas upon entry or exit to the U.S. EPIC makes frequent use of the Freedom of Information Act. As the result of a FOIA lawsuit, EPIC recently obtained several memorandum of understanding regarding the transfer of biometric identifiers between the FBI and DOD. Last month, EPIC also prevailed in EPIC v. FBI, a FOIA lawsuit public release of the FBI's privacy assessments.
  • EPIC, Coalition Back Improved Government Transparency » (Feb. 24, 2017)
    In comments to Office of Government Information Services, EPIC and a coalition of open government groups urged greater transparency for dispute resolutions. The coalition wrote that a proposed rule "would impose restrictive confidentiality requirements." The coalition proposed revisions that "do not place restrictive confidentiality requirements on requesters" who use dispute resolution services. EPIC routinely advocates on behalf of open government and transparency. Earlier this month, EPIC and a coalition called on the Office of Management and Budget to preserve public access to online government information. EPIC also recently prevailed in EPIC v. FBI, a Freedom of Information Act lawsuit for public release of the FBI's privacy assessments.
  • EPIC Obtains Documents About DHS Immigration Enforcement Priorities » (Feb. 23, 2017)
    As a result of a Freedom of Information Act request, EPIC has obtained over 650 pages about DHS's immigration enforcement priorities. The documents detail the "Priorities Enforcement Program," a controversial program that relied on biometric data collection for immigration enforcement. EPIC recently submitted two new urgent FOIA requests to DHS, the first about DHS plans to step up social media monitoring and a second to reveal the agency's compliance with recent immigration court orders. This week, EPIC also prevailed in a FOIA lawsuit for public release of privacy assessments the FBI is required to prepare.
  • EPIC Prevails in FOIA Lawsuit for FBI Privacy Assessments » (Feb. 21, 2017)
    EPIC has prevailed in EPIC v. FBI, a case involving a Freedom of Information Act request for privacy assessments the FBI is required to prepare. EPIC sued the Federal Bureau of Investigation after the agency failed to respond to EPIC's FOIA request for the assessments. EPIC subsequently challenged the adequacy of the agency's search for responsive documents and the FBI's claim that record could be withheld pursuant to "Exemption 7(E)," which concerns law enforcement "techniques and procedures." Today, the federal judge concluded that "the FBI neither adequately described its search nor properly justified its withholdings of information under FOIA exemption 7(E)." The Court ordered the FBI to supplement the record to address the inadequacy of the agency's search and the basis for the Exemption 7(E) claims.
  • Coalition Urges UN to Investigate US Social Media Monitoring » (Feb. 16, 2017)
    A coalition of human rights groups is urging the UN to investigate reports that the US is demanding entrants provide access to their cell phones and social media accounts. "These practices persist in violation of the United States human rights treaty obligations and your action is needed to hold the government accountable," the group stated in a letter to the the UN High Commissioner on Human rights and other UN offices. EPIC recently submitted an urgent request for disclosure of DHS plans to step up social media monitoring, and previously prevailed in a lawsuit against the agency to reveal records of its monitoring programs. EPIC's Privacy Law Sourcebook 2016, available in the EPIC bookstore, provides an overview of privacy frameworks around the world and tracks emerging privacy challenges.
  • Senators Calls for Answers from Secretary Kelly on Privacy Act Exclusion » (Feb. 9, 2017)
    In a letter to DHS Secretary Kelly, Senator Markey (D-MA) and five other Senators pressed DHS about the impact of an Executive Order limiting federal Privacy Act protections. "These Privacy Act exclusions could have a devastating impact on immigrant communities and would be inconsistent with the commitments made when the government collected much of this information," the Senators contended. The Senators also called on Secretary Kelly to explain the Order's impact on international commitments that permit U.S. firms to obtain access to the data of European consumers. EPIC is participating in Data Protection Commissioner v. Facebook, a case which follows a landmark decision that found insufficient legal protections for the transfer of European consumer data to the United States.
  • EPIC Pursues FOIA Requests at DHS Concerning Aerial Surveillance, Social Media Monitoring, and ID Theft » (Feb. 8, 2017)
    EPIC has submitted an urgent FOIA request to the Department of Homeland Security about aerial surveillance, social media monitoring and ID theft following statements made by DHS Secretary John Kelly in a Congressional hearing on Homeland Security. The Secretary described plans to expand the use of "aerostats" (surveillance blimps) and monitoring of social media. The Secretary also stated that he has been a victim of data breach. The EPIC FOIA request follows earlier cases brought by EPIC which revealed efforts by the DHS to expand aerial surveillance within the United States, develop techniques for "pre-crime" detection, interrupt Internet service, as well as the impermissible monitoring of social media services and news organizations.
  • EPIC FOIA: EPIC Seeks Information About Immigration Executive Order » (Feb. 3, 2017)
    EPIC has filed an urgent FOIA request with the Department for Homeland Security for further information about a DHS press release on "Compliance With Court Orders And The President's Executive Order." The DHS Press Release follows an Executive Order on entry to the United States and a series of court decisions suspending the Order. EPIC is now seeking details about the DHS's activities, including communications with other agencies, communications with airlines, and legal memos supporting the agency's actions. The Inspector General of DHS also announced an investigation to review "allegations of individual misconduct on the part of DHS personnel." EPIC cited both an "urgency to inform the public" and "exceptional media interest" in questions about the "government's integrity" in support of the request for expedited processing. EPIC will continue to press the DHS for prompt release of the documents sought. More information about EPIC's FOIA work is available on the FOIA Case page.
  • EPIC Seeks Public Release of Secret Directive on Cybersecurity » (Jan. 28, 2017)
    EPIC has filed an urgent FOIA request with the DHS, the Department of Justice, and the NSA, seeking the expedited release of NSPD-1. The National Security Presidential Directive sets out procedures for cybersecurity "policy coordination, guidance, dispute resolution, and periodic in-progress review." EPIC has previously litigated, and successfully obtained, NSPD-54, a Presidential Directive concerning the NSA's authority to conduct surveillance within the United States.
  • Government Breaches Continue, Hacker Compromises more than 130,000 Navy Records » (Nov. 29, 2016)
    In the latest government data breach, the Navy reported that a hacker gathered the personal data of more than 130,000 current and former sailors from a laptop that belonged to a government contractor. Government security vulnerabilities are on the rise. In 2015, the records of more than 21 million federal workers, friends and family members were breached. In 2016, EPIC urged candidates for office to focus on "data protection." EPIC has warned that inaccurate, insecure, and overbroad government databases pose a risks to the safety of Americans. Earlier this year, EPIC urged the Dept. of Defense and Dept. of Homeland Security to drop proposals to expand government databases that lacked adequate privacy safeguards.
  • DHS Releases Revised FOIA Regulations, Agrees and Disagrees with EPIC's Suggestions » (Nov. 23, 2016)
    The Department of Homeland Security has released revised Freedom of Information Act regulations. EPIC submitted extensive comments on the proposed changes to the agency's open government practices. The DHS agreed to make some changes, recommended by EPIC, that should improve the processing of FOIA requests. The agency maintained a broad definition of "educational institutions" so that individual researchers will be able to access government records at minimal cost, and clarified steps that could be taken to delay "administrative closure," a controversial agency practice. The agency disagreed with EPIC about agency referrals, the definition of "commercial interest," and the routine release of public information to general public.
  • EPIC FOIA Lawsuit Reveals Failure to Conduct Privacy Assessments for DEA Surveillance Programs » (Nov. 7, 2016)
    In response to an EPIC FOIA lawsuit, EPIC has learned that the Drug Enforcement Administration never completed privacy impact assessments for the agency's massive license plate reader program, a telecommunications records database, and other systems of public surveillance. Despite a federal judge instructing the agency to search for records in response to the FOIA lawsuit, the DEA failed to produce the privacy assessments required by law. The outcome of EPIC v. DEA raises questions about the privacy review of the agency systems funded by Congress. EPIC is currently litigating a similar lawsuit against the FBI.
  • Report: Facial Recognition is Expansive, Unregulated; Coalition Calls for DOJ Review » (Oct. 18, 2016)
    EPIC and a coalition of civil liberties organizations urged the Justice Department to review the disparate impact of facial recognition. The letter follows a report on law enforcement use of the technology. The report builds on work pursued by EPIC and others. Freedom of Information Act documents obtained by EPIC showed that the DHS system lacked privacy safeguards, the FBI accepts a 20% error rate for its Next Generation Identification system and has agreements to run facial recognition searches on DMV databases. In 2012, EPIC urged the Federal Trade Commission to suspend the use of facial recognition techniques pending the establishment of legal safeguards. And the 2009 Madrid Privacy Declaration, authored by NGOs and privacy experts, calls for a moratorium on the face scanning technology.
  • EPIC Opposes DHS Plan to Collect Social Media Identifiers » (Sep. 30, 2016)
    In comments to the Department of Homeland Security, EPIC urged the agency to drop a plan to review the social media accounts of people seeking to visit the U.S. EPIC argued that the proposal threatens important First Amendment rights, risked abuse, and would disproportionately impact against minority groups. Documents obtained by EPIC in 2011 in a Freedom of Information Act lawsuit revealed that the DHS gathered social media comments to identify individuals, including US citizens, critical of the agency and the government. A 2012 Congressional hearing, based on the documents obtained by EPIC, revealed bipartisan opposition to the original DHS social media monitoring program. 
  • EPIC Opposes DHS Plan to Collect Social Media Identifiers » (Aug. 23, 2016)
    In comments to the Department of Homeland Security, EPIC urged the agency to drop a plan to review the social media accounts of people seeking to visit the U.S. EPIC argued that the proposal threatens important First Amendment rights, risked abuse, and would disproportionately impact against minority groups. Documents obtained by EPIC in 2011 in a Freedom of Information Act lawsuit revealed that the DHS gathered social media comments to identify individuals, including US citizens, critical of the agency and the government. A 2012 Congressional hearing, based on the documents obtained by EPIC, revealed bipartisan opposition to the original DHS social media monitoring program.
  • FOIA Ombudsman Releases First Part of "Still Interested" Report » (Apr. 27, 2016)
    In response to a letter from EPIC and open government advocates, the FOIA ombudsman has issued the first part of a report on the use of "still interested" letters by federal agencies. The DHS and other agencies have sent these letters to prematurely terminate FOIA requests. In 2014, an EPIC-led coalition urged the Office of Government Information Services to investigate the pervasive use of such letters. In today's report, OGIS found that there is no "guidance or standard for reporting requests that agencies close" through "still interested" letters, and that it does not yet understand the impact such letters have on FOIA requesters.
  • TSA Releases New Body Scanner Document to EPIC » (Apr. 25, 2016)
    In response to an EPIC FOIA request, the Transportation Security Administration has released a document describing the technical capabilities of the airport body scanners. EPIC previously obtained documents from TSA revealing that body scanners can record, store, and transmit digital strip search images of airline passengers. Last month, the TSA issued a regulation on airport body scanners, nearly five years after a federal appeals court ordered the agency to "promptly” undertake a rule making. In 2011, EPIC successfully challenged the TSA's unlawful deployment of airport body scanners. Despite public comments that overwhelmingly favor less invasive security screenings, the TSA plans to use invasive body scanners at US airports. The TSA also said it may mandate airport body scanners, even though the agency previously told the D.C. Circuit that the body scanner program was optional and the federal appeals court upheld the program, relying on the agency’s statements.
  • DHS, Federal Agencies Publish 2016 FOIA Reports » (Apr. 6, 2016)
    Most federal agencies, including the Department of Homeland Security, have now published the 2016 FOIA Reports. These annual reports, required by former Attorney General Holder's 2009 FOIA Memo, describe each agency's compliance with the FOIA, including steps to taken to improve processing and promote openness. The federal FOIA ombudsman is currently investigating the practices of six DHS component agencies in response to a 2015 letter from EPIC and open government advocates. EPIC and other have recently urged the President to support bipartisan legislation aimed at improving the FOIA.
  • EPIC Recommends Greater Accountability for Government Screening Database » (Feb. 23, 2016)
    EPIC submitted comments to DHS urging the agency to improve transparency and privacy protections for the controversial Terrorist Screening Database that is used for Watchlist programs, such as the No Fly List, containing information that is often inaccurate and incomplete. The agency solicited comments on a proposal to remove Privacy Act safeguards while simultaneously expanding data collection and distributing data more widely across the DHS. EPIC and many other organization opposed the establishment of the Screening Database and called for the suspension pending a full review of the privacy and security implications. EPIC has testified before Congress about the risks of the Watchlist program.
  • EPIC Opposes Sea Traveller Surveillance Program » (Jan. 4, 2016)
    In comments to the DHS, EPIC criticized a proposal to collect detailed records on people traveling by boat. The DHS is planning to track people arriving and departing the United States by sea, including between ports within the United States. However, DHS will ignore Privacy Act protections, and make the data collected routinely available to private companies and foreign governments. The proposal, explained EPIC, would "create a massive government database of detailed personal information that lacks accountability." EPIC has opposed other boat surveillance programs. And a FOIA case pursued by EPIC about a controversial boater tracking program revealed that the DHS fuses tracking data with other intelligence data to develop detailed profiles on boaters.
  • DHS and State Department Pushing for Increased Social Media Monitoring » (Dec. 16, 2015)
    According to reports and statements from former Homeland Security officials, the DHS has initiated three "pilot programs" to analyze social media posts during the visa review process. Prior to 2014, a DHS policy prohibited social media monitoring by immigration officials. EPIC successfully obtained documents in 2012 detailing the DHS social media monitoring policies, including instructions to analysts to monitor criticism of the agency. EPIC also submitted a letter to congressional leaders, outlining how DHS officials misrepresented their policies in a Homeland Security Committee hearing. EPIC wrote that the DHS' monitoring program should be suspended, as it exceeds the agency's statutory authority and chills First Amendment activity.
  • EPIC Sues Coast Guard, DHS for Information on Boater Tracking Program » (Sep. 20, 2015)
    EPIC has sued the U.S. Coast Guard and the Department of Homeland Security to obtain information on a federal government program to track and record the location of boaters. According to EPIC, the DHS intends to transfer the data from the Nationwide Automatic Identification System to federal and state agencies, as well as foreign governments. "The NAIS program exceeds the stated purpose of marine safety and constitutes an ongoing risk to the privacy and civil liberties of mariners across the United States," wrote EPIC in the FOIA lawsuit. The boating community has expressed concern over the tracking program. A previous FOIA request from EPIC to the agency went unanswered. Press Release - EPIC v. CG, DHS, No, 15-1527.
  • Following EPIC Complaint, FOIA Ombudsman Announces Investigation of Practices at DHS » (Aug. 28, 2015)
    The federal FOIA ombudsman has informed EPIC that it is investigating the FOIA practices of six DHS component agencies. In 2014, EPIC and a dozen open government organizations urged the Office of Government Information Services to investigate the impermissible closures of FOIA requests. Through "still interested" letters, some federal agencies notify FOIA requesters that unprocessed requests will be closed by the agency if there is no further communication. EPIC and the open government groups object to the practice and reminded OGIS that "no provision in the [FOIA] allows for administrative closures." An earlier EPIC letter to OGIS led to a reduction of fee payments for FOIA requesters.
  • Federal Court: DHS Failed to Justify Withholdings in Defense Contractor Monitoring FOIA Case » (Aug. 5, 2015)
    In EPIC v. DHS, a federal district court ruled that the Department of Homeland Security failed to justify withholding documents subject to the Freedom of Information Act. EPIC sued DHS to compel the disclosure of records relating to a cybersecurity program designed to monitor traffic flowing through ISPs to a select number of defense contractors. The court concluded that the agency's argument relied on "a weak assumption," but will allow the agency to submit a revised justification for withholding the records. EPIC previously won a five-year legal battle to release NSPD-54, the foundational legal document for U.S. cybersecurity policies.
  • EPIC Sues Drug Enforcement Administration For Release of Privacy Assessments » (May. 1, 2015)
    EPIC has filed a Freedom of Information Act lawsuit to obtain details about the Drug Enforcement Administration’s surveillance programs. The agency is required to publish privacy impact assessments for its data collection programs. However, the agency has failed to make available privacy impact assessments for many of its programs, including the massive cell phone metadata program "Hemisphere" and a nationwide license plate reader program. EPIC has a related lawsuit against the Federal Bureau of Investigation for that agency’s privacy impact assessments for several programs including "Next Generation Identification."
  • Court Orders Government to Respond to EPIC's Petition in Case Over Cell Phone Shutdown Policy » (Apr. 3, 2015)
    The federal appeals court in Washington, DC, has ordered DHS to respond to EPIC's petition to reconsider a recent decision allowing the federal agency to withhold the criteria for shutdown of cell phone networks. EPIC sued the DHS for the policy following a 2011 San Francisco BART incident, when government officials shut down cell phone service during a peaceful protest. EPIC argued that the recent decision would "create an untethered national security exemption for law enforcement agencies," and is contrary to other court decisions and the intent of Congress. The appeals court has determined that the government must respond to EPIC's petition.
  • EPIC Continues Pursuit of Network Shutdown Policy » (Mar. 27, 2015)
    Today EPIC filed a Petition in the federals appeal court in Washington, D.C., seeking review of a recent opinion allowing DHS to withhold the criteria to shutdown cell phone networks. EPIC sued the agency for the shutdown policy following a 2011 San Francisco BART incident, where government officials shut down cell phone service during a peaceful protest. In its Petition, EPIC argued that the recent decision would "create an untethered national security exemption for law enforcement agencies," and is contrary to other court decisions and the intent of Congress.
  • In EPIC v. DHS, DC Circuit Backs Agency Secrecy on "Internet Kill Switch" » (Feb. 10, 2015)
    The federal court of appeals based in Washington, DC has ruled that the Department of Homeland Security may withhold from the public a secret procedure for shutting down cell phone service. EPIC pursued the DHS policy after government officials in San Francisco disabled cell phone service during a peaceful protest in 2011. EPIC sued DHS when the agency failed to release the criteria for network shutdowns. A federal judge ruled in EPIC's favor. On appeal, the D.C. Circuit held for the DHS but said that the agency might still be required to disclose some portions of the protocol.
  • DHS Privacy Complaints Increase in 2013, Many Databases Kept Secret » (May. 27, 2014)
    The Department of Homeland Security Quarterly Report to Congress details programs and databases affecting privacy. According to the agency, DHS received 964 privacy complaints between September 1, 2013 and November 30, 2013. By contrast, DHS received 295 privacy complaints during the same period in 2011. According to the report, most DHS systems complies with Privacy Act notice requirements. However, the report also indicates that the DHS maintains many databases with personally identifiable information that lack required Privacy Act notices. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy.
  • EPIC Objects to Secret Profiling of Air Travelers » (Oct. 10, 2013)
    EPIC has submitted comments to the Department of Homeland Security, objecting to the agency's plan to secretly profile U.S. air travelers and remove Privacy Act safeguards. The DHS proposed to exempt TSA PreCheck from the federal privacy law. The PreCheck database contains detailed personal information, including name, birthdate, biometric information, Social Security Number, and financial information. The TSA plans to release applicant data to federal, state, tribal, local, territorial agencies and foreign governments. However, the TSA proposes to remove the rights of PreCheck applications concerning notification, access, and correction. The agency also intends to keep secret the basis for approving PreCheck applicants. EPIC described the substantial privacy and security risks of Precheck, urged the DHS to narrow the Privacy Act exemptions, and recommended that the DHS withdraw routine use disclosures. For more information, see EPIC: Secure Flight, EPIC: Passenger Profiling, and EPIC: Air Travel Privacy.
  • EPIC Opposes DHS Biometric Collection » (Jun. 21, 2013)
    EPIC has submitted comments to the Department of Homeland Security, staunchly opposing the agency's border biometric collection, facilitated through the Office of Biometric Identity Management program. Since at least 2004, DHS has collected fingerprint and facial photos from individuals entering the United States. DHS then disseminates this information to DHS agency components, other federal agencies, and "federal, state, and local law enforcement agencies," and the "federal intelligence community." Currently, at least 30,000 individuals from federal, state, and local governments access the data contained obtained by DHS's biometric collection program. DHS shares this biometric data with foreign governments, including Canada, Australia, and the United Kingdom. In its comments, EPIC urged the agency to cease collecting biometric information without proper privacy safeguards in place. Should the agency continue to collect this sensitive information, EPIC recommends that DHS: (1) impose strict information security safeguards on its biometric information collection and limit its dissemination of biometric information; (2) conduct a comprehensive privacy impact assessment on the biometric collection program; (3) grant individuals Privacy Act rights before collecting additional biometric information; and (4) adhere to international privacy standards. For more information, see EPIC: US-VISIT and EPIC: Biometric Identifiers.
  • EPIC Succeeds in Fight Against Protective Order in FOIA Case » (Jan. 9, 2013)
    A federal judge has vacated provisions in a prior order that would have limited the ability of FOIA requesters to disseminate information to the public. EPIC filed a Freedom of Information Act lawsuit against the Department of Homeland Security after the agency failed to respond to a request for documents about a plan to monitor internet traffic. In arguments before the court, the Department of Justice contended that EPIC should agree to a protective order that would prevent EPIC from disclosing documents obtained in the case. EPIC challenged this argument, stating that it was contrary to FOIA law and that the use of protective orders in FOIA cases would make it more difficult for the public to obtain information about government activities. Judge Kessler agreed with EPIC and discarded the protective order requirement. She also chastised the agency for its repeated delays in processing EPIC's FOIA request. The case is EPIC v. DHS, 12-333. For more information see: EPIC v. DHS - Defense Contractor Monitoring.
  • DHS Privacy Review Fails to Address DHS Monitoring of Online Dissent » (Nov. 9, 2012)
    The Department of Homeland Security released a Privacy Compliance Review which found that the DHS social media monitoring program complied the DHS's own privacy requirements. Documents obtained by EPIC through a FOIA lawsuit revealed that DHS is monitoring social networks and media organizations for criticism of the agency. Congress held a Hearing earlier this year to determine why DHS is tracking political statements on Twitter and social networks. EPIC's lawsuit against DHS is ongoing. For more information, see EPIC: EPIC v. Department of Homeland Security: Media Monitoring.
  • Department of Homeland Security Releases 2012 Privacy Report » (Sep. 20, 2012)
    The Department of Homeland Security released the 2012 Privacy Office Annual Report to Congress. The report describes a social media monitoring policy, and privacy training for fusion centers personnel. According to the report, the TSA has still failed to adopt privacy safeguards for whole body image devices. The report is silent on several new DHS-funded initiatives, including the Future Attribute Screening Technology, a Minority-Report like proposal for "pre-crime" detection. The report also notes the expansion of the National Counterterrorism Center's five-year retention policy for records on U.S. Persons that do not contain terrorism information. The Chief Privacy Officer of the DHS is required by law to ensure that new agency programs do not diminish privacy in the United States. For more information, see EPIC: Privacy Report Held Hostage.
  • Department of Homeland Security Limits E-Verify Data and Disclosures » (Aug. 9, 2012)
    The Department of Homeland Security has issued a Privacy Act system of records notice for the E-Verify Program. E-Verify is a government records system that informs employers about the citizenship status of current and prospective employees. The database contains detailed personal information including names, dates of birth, Social Security numbers, and citizenship status for all individuals subject to review. This Privacy Act notice minimizes the information that the agency will collect, and also limits the agency's ability to disclose personal information to outside entities. Last year EPIC, along with a coalition of privacy, consumer rights, and civil rights organizations, encouraged DHS to strengthen privacy and security safeguards for E-Verify. For more information, see EPIC: E-Verify and Privacy.
  • Homeland Security Seeking Applicants to Join Privacy Board » (Jun. 28, 2012)
    The Department of Homeland Security has announced that it is seeking applicants for the Data Privacy and Integrity Advisory Committee. The Committee was established to advise the agency on issues related to personally identifiable information, data integrity, and other privacy-related matters. The agency has a mandate from Congress to ensure that its programs "do not erode privacy protections" and to ensure that personal information is "handled in full compliance with fair information practices as set out in the Privacy Act of 1974." For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy and EPIC: EPIC v. DHS (Suspension of Body Scanner Program).
  • Homeland Security Seeks to Expand "Risk-Based" Profiles » (Jun. 6, 2012)
    The Department of Homeland Security has proposed to exempt its "Automated Targeting System" from certain Privacy Act provisions. The Automated Targeting System creates "risk-based" profiles of individuals traveling to, from, and throughout the United States. The profile contains a plethora of personal data, including, nationality, race, occupation, and biometrics. The System accesses and "ingests" this information from many sources, including government databases and commercial data aggregators. The DHS issued a Privacy Impact Assessment, which describes some of the privacy risks, including unauthorized access. In detailed comments to DHS in 2007, EPIC opposed the use of "risk-based" profiles. For more information, see EPIC: Automated Targeting System.
  • EPIC Asks Ombudsman to Investigate DHS FOIA Practices » (Jun. 4, 2012)
    EPIC has submitted a letter to the Office of Government Information Services, asking for an investigation into FOIA practices at the Department of Homeland Security. EPIC explained that the federal agency, which includes the TSA and the Bureau of Customs and Border Protection, routinely denies fee waivers in circumstances where the agency knows that the requester properly qualifies. By way of example, EPIC cited a recent FOIA appeal in which the agency wrongly denied a fee waiver request. EPIC said that the practice creates additional work for sophisticated FOIA requesters and may, as a practical matter, prevent other requesters from pursuing important FOIA requests. For more information, see EPIC: DHS Privacy Office and EPIC: Litigation Under the Federal Open Government Laws.
  • Department of Homeland Security Expands Use of Watch Lists for "Known Traveler" Program » (Apr. 23, 2012)
    The Department of Homeland Security has published a Privacy Impact Assessment Update for Secure Flight, a DHS program that compares airline passenger records with various watch lists. The assessment describes the agency's plans to expand the Known Traveler program so as to expedite airline screening for certain categories of individuals. The DHS also intends to incorporate into Secure Flight the Automated Targeting System, a controversial program that allows the government to assign a risk assessment number to individual travelers. That number provides the basis for further screening. In 2007, EPIC urged DHS to either suspend the Automated Targeting System or to fully apply all Privacy Act safeguards to any individual subject to ATS. In 2010, EPIC advocated for stronger privacy protections of DHS trusted traveler programs that compare passenger names against watch lists. For more information, see EPIC: Secure Flight and EPIC: Automated Targeting Systems.
  • DHS Privacy Office Issues Quarterly Report to Congress » (Mar. 26, 2012)
    The DHS Privacy Office has issued its First Quarter Fiscal Year 2012 Report to Congress. The report details DHS programs and functions that affect privacy, such as privacy impact assessments and system of records notices. The report also summarizes the 295 privacy compliance complaints that DHS has received between September 1, 2011 and November 30, 2011. EPIC has closely followed DHS Privacy Office activities, and has worked to ensure timely release of DHS privacy reports. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy.
  • House and Senate Call for Investigation on Airport Body Scanner Radiation Risks » (Mar. 15, 2012)
    Both the House and the Senate introduced bills last month that would require the Department of Homeland Security "to contract with an independent laboratory to study the health effects of backscatter x-ray machines used at airline checkpoints operated by the Transportation Security Administration," and to provide improved notice of the health effects to airline passengers. The bills focus on the health effects of those screened by the backscatter x-ray machines, including frequent air travelers, flight crews, and individuals with greater sensitivity to radiation, such as children, pregnant women, the elderly, and cancer patients. In 2010, EPIC filed a Freedom of Information Act lawsuit asking a court to force the Department of Homeland Security to disclose documents about radiation testing results and agency fact sheets on radiation risks. For more information, see EPIC: EPIC v. DHS - Full Body Scanner Radiation Risks.
  • EPIC Publishes 2012 FOIA Gallery » (Mar. 12, 2012)
    In celebration of Sunshine Week, EPIC published the EPIC FOIA Gallery: 2012. The gallery highlights key documents obtained by EPIC in the past year, including the Federal Bureau of Investigation's watch list guidelines, records of the Department of Homeland Security's social media monitoring program, Google's first Privacy Compliance Report, records detailing the government's FAST scanning program, records of the FBI's surveillance of Wikileaks supporters, and DHS records detailing the use of body scanners at the U.S. border. EPIC regularly files Freedom of Information Act requests and pursues lawsuits to force disclosure of critical documents that impact privacy. EPIC also publishes the authoritative FOIA litigation manual. For more, see EPIC Open Government and EPIC Bookstore: FOIA.
  • Video, Blog Post Raise New Questions About Airport Body Scanners » (Mar. 9, 2012)
    A popular video "How To Get Anything Through TSA Nude Body Scanners" show that it is easy to bypass airport body scanners by hiding materials perpendicular to the plane of the scanning devices. The video also notes that traditional metal detectors, now being removed from US airports, would routinely alert to the presence of metallic objects. Still more interesting may be the recent blog post by a 25-year FBI agent, expert in aviation security, who writes that the "TSA has never foiled a terrorist plot or stopped an attack on an airliner" and that "the entire TSA paradigm is flawed." In a federal lawsuit, EPIC challenged the TSA airport scanner program, calling it "invasive, unlawful, and ineffective." For more information, see EPIC v. DHS (Suspension of body scanners).
  • DHS Privacy Office Releases 2011 Data Mining Report » (Mar. 5, 2012)
    The Department of Homeland Security has released the 2011 Annual Data Mining Report. The report must include all of the Agency's current activities that fall within the legislative definition of "data mining." Among other things, this year's report references the Agency's programs to profile individuals entering or leaving the country to determine who should be subject to "additional screening." A FOIA request by EPIC in 2011 revealed that the FBI's standard for inclusion on the list is "particularized derogatory information," which has never been recognized by a court of law. The report also provides information on Secure Flight and Air Cargo Advanced Screening. For more information, see EPIC: FBI Watch List FOIA and EPIC: DHS Privacy Office.
  • EPIC Obtains New Documents on DHS Media Monitoring, Urges Congress to Suspend Program » (Feb. 23, 2012)
    EPIC has submitted a letter to Congress following a hearing on DHS monitoring of social networks and media organizations. In the letter, EPIC highlights new documents obtained as a result of a FOIA lawsuit and points out to inconsistencies in DHS' testimony about the program. Though DHS testified that it does not monitor for public reaction to government proposals, the documents obtained by EPIC indicate that the DHS analysts are specifically instructed to look for criticism of the agency and then to redirect reports that would otherwise be circulated to other agencies. EPIC wrote that the DHS' monitoring program should be suspended, as it exceeds the agency's statutory authority and chills First Amendment activity. For more information, see EPIC: EPIC v. DHS: Media Monitoring.
  • 2013 Federal Budget Limits Body Scanners, But Expands Domestic Surveillance » (Feb. 20, 2012)
    According to White House budget documents and the Congressional Testimony of Secretary Napolitano, DHS will not purchase any new airport body scanners in 2013. However, the agency will expand a wide range of programs for monitoring and tracking individuals within the United States. This includes the development of biometric identification techniques for programs such as Secure Communities. DHS will also seek funding for "Einstein 3," a network intrusion detection program that enables surveillance of private networks. EPIC has urged the DHS to comply with the requirements of the federal Privacy Act, and is currently pursuing several Freedom of Information Act lawsuits against the agency. For more information see, EPIC - Body Scanners and Radiation Risks, EPIC - E-Verify, EPIC - Secure Communities, EPIC - Fusion Centers, EPIC - Drones, EPIC - Cybersecurity, EPIC - Secure Flight.
  • EPIC Asks Congress to Suspend DHS Social Network Monitoring Program » (Feb. 15, 2012)
    In a Statement for the Record, EPIC has asked the House Committee on Homeland Security to suspend a DHS program that has permitted the agency to gather comments critical of the agency and the government by monitoring social networks and media organizations. The hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy" was called after EPIC obtained nearly 300 pages of documents detailing the Department of Homeland Security's activities. The documents, obtained as a result of EPIC's Freedom of Information Act lawsuit, include instructions from the DHS to General Dynamics to monitor media reports that "reflect adversely" on the agency or the federal government. For more information see: EPIC v. Department of Homeland Security: Media Monitoring.
  • Congress to Hold Hearing on Department of Homeland Security Social Network Monitoring » (Feb. 6, 2012)
    On February 16, 2012, the House Committee on Homeland Security will hold a hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy." The hearing was called after EPIC obtained nearly 300 pages of documents, as a result of a Freedom of Information Act lawsuit, detailing the Department of Homeland Security's monitoring of social networks and media organizations. The documents included guidelines from DHS instructing General Dynamics to monitor for media reports that "reflect adversely" on the agency or the federal government. For more information see: EPIC v. Department of Homeland Security: Media Monitoring.
  • EPIC - FOIA Documents Reveal Homeland Security is Monitoring Political Dissent » (Jan. 13, 2012)
    As the result of EPIC v. DHS, a Freedom of Information Act lawsuit, EPIC has obtained nearly thee hundred pages of documents detailing a Department of Homeland Security's surveillance program. The documents include contracts and statements of work with General Dynamics for 24/7 media and social network monitoring and periodic reports to DHS. The documents reveal that the agency is tracking media stories that "reflect adversely" on DHS or the U.S. government. One tracking report -- "Residents Voice Opposition Over Possible Plan to Bring Guantanamo Detainees to Local Prison-Standish MI" -- summarizes dissent on blogs and social networking cites, quoting commenters. EPIC sent a request for these documents in April 2004 and filed suit against the agency in December. For more information, see EPIC: EPIC v. Department of Homeland Security: Media Monitoring.
  • DHS Memo Reveals Plan to Impose "Secure Communities" on All States » (Jan. 10, 2012)
    According to a draft memo, the Department of Homeland Security intends to require that all states comply with the agency's "Secure Communities" program by 2013. Secure communities is a controversial deportation program that relies on extensive data collection and biometric identification. Several states, including Illinois, New York and Massachusetts, objected to the federal program, citing mismanagement, and refused to participate. Previously, the DHS maintained that the program would be voluntary. For more, see EPIC: Secure Communities.
  • EPIC Warns DHS: Plan to Release Personal Data Held by Agency is Unlawful » (Dec. 22, 2011)
    EPIC has submitted comments to the Department of Homeland Security, objecting to the agency's plan to disclose internal agency records to former DHS employees, third party employers, and foreign and international agencies. DHS plans to disclose criminal conviction records, employee records, and foreclosures, about a broad category of individuals, including members of the public, individuals who file administrative complaints with DHS, and even individuals who are named parties in cases "in which DHS believes it will or may become involved." All of this information is protected under the federal Privacy Act, but the DHS proposes to invoke the "routine use" exemption to allow disclosure. EPIC said the plan would "undermine privacy safeguards set out in the Privacy Act and would unnecessarily increase privacy risks for individuals whose records are maintained by the federal government." EPIC also noted that the agency has failed to allow sufficient time to meaningfully consider public comment on the plan. For more information, see EPIC: the Privacy Act of 1974.
  • EPIC Sues DHS Over Covert Surveillance of Facebook and Twitter » (Dec. 20, 2011)
    EPIC has filed a Freedom of information Act lawsuit against the Department of Homeland Security to force disclosure of the details of the agency's social network monitoring program. In news reports and a Federal Register notice, the DHS has stated that it will routinely monitor the public postings of users on Twitter and Facebook. The agency plans to create fictitious user accounts and scan posts of users for key terms. User data will be stored for five years and shared with other government agencies.The legal authority for the DHS program remains unclear. EPIC filed the lawsuit after the DHS failed to reply to an April 2011 FOIA request. For more information, see EPIC: Social Networking Privacy.
  • EPIC to DHS: Proposed Expansion of "Routine Use" Exception is Unlawful » (Nov. 30, 2011)
    In comments to the Department of Homeland Security regarding a proposal to expand the Privacy Act "routine use" exemption, EPIC has said that the agency is exceeding its legal authority. The DHS is seeking to disclose information about current and former government employees, including members of the US Secret Service, for the the development of "civil, administrative, or background investigation." The information includes names, social security numbers, addresses, and dates of birth. The "routine use" exemption allows federal agencies to disclose personal information in their possession in certain, narrow circumstances, not for open-ended investigations. EPIC stated that the change would "undermine privacy safeguards set out in the Privacy Act and would unnecessarily increase privacy risks for individuals whose records are maintained by the federal government." For more information, see EPIC: the Privacy Act of 1974.
  • Congressional Watchdog: DHS Data Mining Programs Pose Risk to Privacy » (Oct. 11, 2011)
    The Government Accountability Office has performed a detailed evaluation of data mining practices at the Department of Homeland Security. According to the report, privacy protections and transparency are vital to data mining operation, however the Department's practices did not "adequately ensure the protection of privacy-related information." in 2009, EPIC called for an investigation of the Department's Privacy Office and said that the Chief Privacy Officer was not complying with the statutory requirements to protect privacy. For more information, see EPIC: Department of Homeland Security Chief Privacy Office and Privacy.
  • Documents Obtained by EPIC Reveal Government's "Minority Report" Scanning Program » (Oct. 7, 2011)
    Through a Freedom of Information Act request, EPIC has obtained documents from the Department of Homeland Security about a secretive "pre-crime" detection program. The "Future Attribute Screening Technology" (FAST) Program gathers "physiological measurements" from subjects, including heart rate, breathing patterns, and thermal activity, to determine "malintent." According to the documents obtained by EPIC, the agency is considering the use of the device at conventions and sporting events, and has already conducted field testing. CNET first reported on the EPIC FOIA request. For more information, see: EPIC: Future Attribute Screening Technology Project.
  • DHS Privacy Office Releases 2010 Annual Report » (Sep. 24, 2010)
    The Department of Homeland Security has released the Privacy Office 2010 Annual Report. The Agency's Chief Privacy Officer must prepare an annual report to Congress that details activities of the Department that affect privacy, including complaints of privacy violations, and DHS compliance with the Privacy Act of 1974. This year’s report details the establishment of privacy officers within each component of the Agency. The report also provides updates on Fusion Centers, Cybersecurity, and Cloud Computing activities of the agency. For more information, see EPIC: DHS Privacy Office.
  • DHS Announces Dramatic Expansion of Airport Body Scanner Program » (Jul. 21, 2010)
    On July 20, 2010, the Department of Homeland Security announced a substantial change in the deployment of body scanners in US airports. According to the DHS Secretary, the devices, which had once been part of a pilot program for seconary screening, will now be deployed in 28 additional airports. The devices are designed to capture and store photographic images of naked air travelers. EPIC has filed an emergency motion in federal court, urging the suspension of the program and citing violations of several federal statutes and the Fourth Amendment. Public opposition to the program is also growing. For more information, see EPIC v. DHS (Body scanners) and EPIC Body Scanners.
  • Federal Judge Limits Suspicionless Laptop Searches at Borders » (Jun. 11, 2010)
    A federal judge has ruled against the Department of Homeland Security's Customs and Border Protection claim that agents could not only search the electronic devices of cross-border travelers without a warrant or even reasonable suspicion, they could also seize the devices indefinitely for more invasive searches. In United States v. Hanson, U.S. District Judge Jeffrey White ruled that "[g]iven the passage of time between the January and February searches and the fact that the February search was not conduct[ed] at the border, or its functional equivalent, the court concludes that the February search . . . must be justified by reasonable suspicion." Last October, EPIC and 20 other organizations sent a letter to the House Committee on Homeland Security objecting to this practice and other privacy violations. For more information, see EPIC: DHS Privacy Office.
  • Federal Budget Announced for Fiscal Year 2011, Surveillance Projects Scrutinized » (Feb. 3, 2010)
    The Office of Management and Budget has released the federal budget for fiscal year 2011. The budget proposes funding for several new surveillance initiatives, including over $700 million to the Department of Homeland Security for "Passenger Aviation Security". The Department would like to purchase 500 body scanner machines for U.S. airports, bringing the projected total number of machines to 1,000 at a cost of over $200 million by the end of 2011. The new budget also includes several hundred million dollars for the Department of Justice's national security programs, which were recently the subject of a critical Inspector-General's report for improper use of authority. For more information, see EPIC DHS and Privacy, EPIC Domestic Surveillance, EPIC Air Travel Privacy, and EPIC Whole Body Imaging.
  • Homeland Security Releases Annual FOIA Report » (Feb. 1, 2010)
    The Department of Homeland Security has released the 2009 Freedom of Information Act Report. The report shows that the Department processed over 160,000 requests in the past year, with 27,182 requests remaining pending. Of the requests processed, 11% were granted in full, 60% were classified as "partial grants/partial denials," and the remaining 29% were denied in full. The overwhelming majority of backlogged requests and appeals are pending at the Customs and Immigration Service. For denied requests with processed appeals, nearly 30% were fully reversed on appeal, and another 32% were reversed in part. EPIC currently has two FOIA cases pending against the Department relating to its use of Body Scanner machines. For more information, see EPIC v. DHS, EPIC FOIA Litigation Docket.
  • Congressional Committee Investigating Privacy Office at Homeland Security, Acknowledges Privacy Coalition Letter » (Nov. 12, 2009)
    House Homeland Security Committee Chairman Bennie Thompson has responded to the Privacy Coalition letter regarding the Chief Privacy Officer of the Department of Homeland Security. Chairman Thompson said that "the Committee is in the process of reviewing the programs outlined" in the letter, and thanked the Coalition for bringing the issues to the attention of the committee. He further stated that the Committee "will continue to examine the Department's programs and policies and vigorously address privacy concerns and issues." For more information, see EPIC DHS Privacy Office and Privacy Coalition.
  • EPIC Reminds Homeland Security Agency to Publish Privacy Report » (Sep. 22, 2009)
    In a letter to the Chief Privacy Officer of the Department of Homeland Security, EPIC asked when the annual privacy report will be made available. The Department is required by law to provide an annual report "on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters." The last privacy report was published in July 2008. EPIC has previously sent similar letters to the Department, reminding the agency of its legal obligation to inform the public about its activities. For more information, see EPIC’s Privacy Report Held Hostage page.
  • EPIC Pursues DHS Official's Public Calendar » (Sep. 18, 2009)
    EPIC has filed a FOIA appeal with the Department of Homeland Security for the calendar of the Chief Privacy Officer. EPIC submitted the original request to find out why the DHS Privacy Officer could not meet with privacy groups in Washington, DC. The agency turned over many pages from the calendar, but the entries were all blacked out. In the appeal, EPIC said the agency has failed to comply with the open government law and also cited the President's commitment to government transparency concerning the activities of public officials. For more information, see EPIC Open Government.
  • Senate Judiciary Committee Considers National Biometric Identification System » (Jul. 22, 2009)
    Senator Schumer (D-NY) is proposing a new system to track all US workers to determine employment eligibility. The plan for the employment verifiability system involves the collection of biometric information. The Department of Homeland Security would approve or disapprove individuals for employment. Automated biometric identification systems raise questions about the scalability, reliability, accuracy, and security of the data collected. See EPIC Biometric Identification.
  • Workshop: Government 2.0: Privacy and Best Practices » (Jun. 22, 2009)
    Lillie Coney EPIC Associate Director DHS Data Privacy and Integrity Advisory Committee June 22-23, 2009
  • DHS Seeks Nominations to the Agency's Data Privacy and Integrity Advisory Committee » (May. 5, 2009)
    The Department of Homeland Security is seeking applications for appointments to the agency's Data Privacy and Integrity Advisory Committee. The committee provides advice at the request of the Secretary of DHS and the agency's Chief Privacy Officer on privacy related matters. The agency is seeking to fill two terms that would expire in January 2012, and January 2013. Applications for the positions must be received by the agency on or before June 8, 2009. For more information, see: EPIC's Web page Spotlight on Surveillance.
  • Homeland Security Secretary Proposes Increase in Spending for Domestic Surveillance Programs » (Feb. 27, 2009)
    Homeland Security Secretary Janet Napolitano testified before the House Committees on Homeland Security, and said that DHS plans to connect governmental databases containing personal information, expand the government's employment tracking system, promote passenger screening, use e-passports, employ watchlists and utilize contactless identity verification cards. EPIC has opposed Fusion Centers, the E-Verify program and the use of Backscatter X-Ray devices. EPIC has also objected to the use of RFIDs in passports, in Air Travel and in driver's licences.

Background

Media Monitoring Services

On April 3, 2018, the Department of Homeland Security published a solicitation for “media monitoring services” (MMS). The agency sought a contractor to provide "traditional and social media monitoring and communications solutions,” including “media comparison tools, design and rebranding tools, communication tools, and the ability to identify top media influencers.”

The DHS's Statement of Work for the project called for three primary media monitoring capabilities. First, the agency sought the ability to “track online, print, broadcast, cable, radio, trade and industry publications, local sources, national/international outlets, traditional news sources, and social media.” This would have included the capacity to monitor over “290,000 global news sources” in over “100 languages” and to “create unlimited data tracking, statistical breakdown, and graphical analysis on any coverage on an ad-hoc basis.”

Second, the DHS sought “Media Intelligence and Benchmarking Dashboard Platform” to conduct “real-time monitoring” and analysis of media coverage. This platform would have enabled DHS to “analyze the media coverage in terms of content, volume, sentiment, geographical spread, top publications, media channels, reach, [advertising value equivalency], top posters, influencers, languages, momentum, [and] circulation.” The platform would have included the ability to “build media lists based on beat, location, outlet type/size, and journalist role.” The DHS also sought the development of a mobile app and email alerts to monitor media coverage.

Third, the DHS sought the creation of an internal “media influencer database,” which would collect and retain the locations, contact information, employer affiliations, and past coverage of untold numbers of “journalists, editors, correspondents, social media influencers, bloggers, etc.” The database would have been searchable in multiple languages by “keywords, concepts, [and] Boolean search terms.”

The DHS’s announcement that it was developing a suite of media monitoring tools drew widespread criticism due the threat the project posed to privacy and press freedoms. Michelle Fabio, writing in Forbes, warned that the DHS’s planned use of MMS was “enough to cause nightmares of constitutional proportions, particularly as the freedom of the press is under attack worldwide.”

The DHS's Obligations Under the E-Government Act

Under Section 208 of the E-Government Act of 2002, any agency that "develop[s] or procur[es] information technology that collects, maintains, or disseminates information that is in an identifiable form" is required to complete a Privacy Impact Assessment (PIA) before doing so. Specifically, the agency must "(i) conduct a privacy impact assessment; (ii) ensure the review of the privacy impact assessment by the Chief Information Officer, or equivalent official, as determined by the head of the agency; and (iii) if practicable, after completion of the review under clause (ii), make the privacy impact assessment publicly available through the website of the agency, publication in the Federal Register, or other means."

A Privacy Impact Assessment must be "commensurate with the size of the information system being assessed, the sensitivity of information that is in an identifiable form in that system, and the risk of harm from unauthorized release of that information." The PIA must specifically address "(I) what information is to be collected; (II) why the information is being collected; (III) the intended use of the agency of the information; (IV) with whom the information will be shared; (V) what notice or opportunities for consent would be provided to individuals regarding what information is collected and how that information is shared; [and] (VI) how the information will be secured."

The DHS’s media monitoring tools would have collected and stored personally identifiable information from individuals referred to in the media coverage tracked by the DHS. The DHS’s media influencer database would have also included personally identifiable information about journalists, bloggers, and social media users. Because the DHS began “developing or procuring information technology that collects, maintains, or disseminates information that is in an identifiable form” and “a new collection of information that . . . includes [] information in an identifiable form permitting the physical or online contacting of a specific individual,” the agency was required to conduct and publish an applicable PIA in advance.

The DHS's Failure to Publish a Privacy Impact Assessment

On April 13, 2018, EPIC submitted a Freedom of Information Act (FOIA) request to the DHS seeking:

1. The required Privacy Impact Assessment conducted for the April 3, 2018 solicitation for “Media Monitoring Services,”

2. Any associated agency records including but not limited to policy guidelines, memoranda, email communications, and Privacy Threshold Analysis related to “Media Monitoring Services," and

3. All awarded contracts for “Media Monitoring Services.”

On May 30, 2018—after the agency had unlawfully failed to fulfill EPIC's FOIA request within the time allowed by law—EPIC filed suit in the U.S. District Court for the District of Columbia. EPIC explained that the DHS had violated both the FOIA and the E-Government Act by neglecting to disclose a Privacy Impact Assessment and related records. On July 11, 2018, the DHS responded to EPIC's complaint and acknowledged that the agency had failed to complete any PIA related to Media Monitoring Services. On October 11, 2018, the DHS disclosed 73 pages of records (some partially redacted) to EPIC while asserting that 157 other pages were exempt from disclosure in full.

On July 11, 2019, the DHS acknowledged that it had suspended the Media Monitoring Services program as a result of EPIC's case. As part of a settlement with EPIC, the agency also agreed to complete required Privacy Impact Assessments before collecting personal data in the future.

EPIC's Interest

EPIC has long highlighted the obligation of federal agencies to conduct and publish a Privacy Impact Assessment before any new collection of personal data, and EPIC has brought numerous successful cases seeking the release of PIAs. In EPIC v. DHS, No. 11-2261 (D.D.C. filed Dec. 20, 2011), EPIC obtained a PIA and related records concerning a prior effort by the DHS to track social media users and journalists. In EPIC v. FBI, No. 14-1311 (D.D.C. filed Aug. 1, 2014), EPIC obtained unpublished PIAs from the Federal Bureau of Investigation concerning facial recognition technology. And in EPIC v. DEA, No. 15-667 (D.D.C. filed May 1, 2015), EPIC learned that the Drug Enforcement Administration had failed to produce PIAs for the agency’s license plate reader program, a telecommunications records database, and other systems of public surveillance.

More recently, in EPIC v. Presidential Advisory Commission on Election Integrity, No. 17-1320 (D.D.C. filed July 3, 2017), EPIC challenged the failure of the Presidential Advisory Commission on Election Integrity to undertake and publish a PIA prior to the collection of state voter data. EPIC’s suit led the now-defunct Commission to suspend its data collection and delete voter information that had been illegally obtained.

FOIA Documents

On October 11, 2018, the DHS disclosed 73 pages of records to EPIC (many of them partially redacted) concerning Media Monitoring Services. The records revealed that the DHS bypassed the agency's own privacy officials in developing MMS and ignored the threats that the system posed to privacy and press freedoms.

For example, despite the agency's obligation to conduct a Privacy Impact Assessment before developing a system that collects personal data, top DHS privacy officials appeared unaware that a media monitoring project was being launched. On April 6, 2018, a senior privacy official at the DHS's National Protection and Programs Directorate (NPPD) wrote to other agency personnel about the MMS program. Although the DHS had published the MMS Statement of Work three days earlier, the privacy official seemed unsure if that document was even authentic:

I wanted to make you both aware that I've seen a few news organizations (Forbes and Bloomberg) carrying a story claiming DHS is compiling a database of journalists and media influencers in what appears to be an NPPD Statement of Work (SOW) posted on FedBizOps.gov.

On April 9, 2018—six days after the agency published the Statement of Work—an official from the central DHS Privacy Office expressed similar surprise about the existence of the MMS program:

Per the article below, we noticed that NPPD has put out a Statement of Work to gather and monitor the public activities of media professionals and influencers. PRIV found this interesting given the work the OPS NOC Media Monitoring Capability does & the privacy perimeters within which they work. Could you shed some light on this topic?

Meanwhile, the Director of the DHS Office of Legislative Affairs had to write to other senior agency officials to confirm whether press accounts of the program were accurate.

The records obtained by EPIC also show that Rep. Bennie G. Thompson (D–MS) wrote to the agency to express grave concerns about the MMS program and the agency's poor handling of public opposition:

As you may be aware, the RFI [for Media Monitoring Services] has raised a great deal of concern among some journalists and the public. Unfortunately instead of assuaging that concern with information, DHS' press secretary maligned those asking questions about the RF1 as "tin foil hat-wearing, black helicopter conspiracy theorists," which was inappropriate and unhelpful. Indeed, DHS' response only exacerbated the concerns of those troubled by the RFI, including myself.

While there may be a legitimate purpose for certain media monitoring services, to date the Department has failed to provide one. Moreover, it has not provided specific information about how media monitoring services will advance its mission and how it will protect data about journalists and other media influencers from misuse or falling into the wrong hands.

Tyler Q. Houlton, the DHS spokesman referenced in Rep. Thompson's letter, published a defensive op-ed in USA Today in support of the MMS program. In the records obtained by EPIC, Houlton dismissed USA Today as "the coloring book of newspapers" and stated that the paper "wouldn't be able to handle" any "in-depth operational arguments."

The DHS asserted that another 157 pages of records responsive to EPIC's request were exempt from disclosure under the FOIA.

Legal Documents

EPIC v. DHS, No. 1:18-cv-01268-KBJ (D.D.C. filed May 30, 2018)

Other Documents

News

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security