FBI Exempts Massive Database from Privacy Act Protections
Excerpted from : EPIC Alert, Volume 19.19
October 12, 2012
Beginning October 9, the Federal Bureau of Investigation has exempted the records contained in the FBI Data Warehouse System from the notification, access, and amendment provisions of the Privacy Act of 1974. For the past decade, EPIC has cautioned federal agencies about the risks of maintaining electronic information databases for the purposes of monitoring, tracking, and profiling targets. Such databases are normally unlawful under the Privacy Act, which governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals maintained in systems of records by federal agencies. However, the Privacy Act contains exceptions and exemptions for data that is being used for law enforcement and counterterrorism activities. In testimony before DHS earlier this year, EPIC explained that these exemptions weaken the impact of the Privacy Act, rendering the massive databases vulnerable to unauthorized access and abuse.
The FBI Data Warehouse System ingests vast quantities of "Personally Identifiable Information" from various government agencies. The database contains information on a surprisingly broad category of individuals, including, according to the FBI's Federal Register posting, "subjects, suspects, victims, witnesses, complainants, informants, sources, bystanders, law enforcement personnel, intelligence personnel, other responders, administrative personnel, consultants, relatives, and associates who may be relevant to the investigation or intelligence operation; individuals who are identified in open source information or commercial databases, or who are associated, related, or have a nexus to the FBI's missions; individuals whose information is collected and maintained for information system user auditing and security purposes." The database also stores and catalogs such data as targets' race, birthdate, biometric information, social security numbers, and financial data.
In July 2012, the FBI published a notice in The Federal Register about the Data Warehouse System, in which the agency proposed to exempt the Data Warehouse from certain provisions of the Privacy Act "in order to avoid interference with the national security and criminal law enforcement functions and responsibilities of the FBI." After receiving one public comment, the FBI posted notice of the final rule on October 2; the exemption took effect one week later.
Earlier in 2012, EPIC voiced opposition to the Automated Targeting System, or ATS, another massive government database that DHS exempted from Privacy Act provisions. EPIC's comments to DHS addressed the substantial privacy and security issues raised by the database, and urged DHS to cease retaining personal information on US citizens in its database. EPIC observed that exempting the ATS from the Privacy Act's protections only served to "increase the secrecy of the database," allowing the DHS to "circumvent the intent of the Privacy Act" through a lack of accountability.
Federal Register: Final Rule on FBI Data Warehouse (Oct. 9, 2012)
Federal Register: Notice of FBI Proposed Rulemaking (Jul. 10, 2012)
EPIC: The Privacy Act of 1974
EPIC: Comments to DHS on Automated Targeting System (Jun. 21, 2012)
EPIC: Domestic Surveillance
EPIC: FBI Watchlist
EPIC: Automated Targeting System
http://epic.org/privacy/travel/ats/---
http://www.epic.org/alert/epic_alert_19.19.html
No comments:
Post a Comment