Analysis tool exempt from some privacy laws
People whose biographic or biometric data is being analyzed by a new Immigration and Customs Enforcement (ICE) data system will not automatically be granted access to their records or be able to review them for accuracy as usually permitted by federal privacy protection laws.
The Homeland Security Department has decided to exempt the Immigration and Customs Enforcement Pattern Analysis and Information Collection System (ICEPIC) -- which contains data culled from numerous DHS databases -- from several Privacy Act provisions that allow individuals to access their records. DHS, ICE’s parent organization, said in a final rule for the system published today in the Federal Register that the exemptions were necessary because of “criminal, civil, and administrative enforcement requirements."
Although ICEPIC is exempt from normal record access procedures, individuals can request access from ICE, which will review requests on a case-by-case basis, according to DHS.
The information contained by ICEPIC can include names, dates of birth, phone numbers, addresses, nationalities, fingerprints, photographs, a person's immigration history and alien registration information, according to DHS. Agents and analysts can also use commercial databases to verify or resolve any gaps in ICEPIC data.
Officials say ICEPIC allows ICE agents and analysts to look for “nonobvious relationship patterns” between individuals and organizations that indicate violations of immigration and customs laws and possible terrorist threats. They argue that disclosing records contained in the system could compromise ongoing investigations.
Specifically, the final rule provides exemptions from Privacy Act provisions for federal systems of records that require agencies to make available information to a person about searches and disclosures of his or her records and provide people with an opportunity to correct inaccuracies.
DHS said ICEPIC does not collect information directly from individuals but rather through other systems of records related to immigration and law enforcement. Some of the systems ICEPIC analyzes include the Treasury Enforcement Communications System, the Student and Exchange Visitor Information System, the National Security Entry Exit Registration System, the U.S. Visitor and Immigrant Status Indicator Technology program and immigration benefit application review systems.
That information is then used to create analytical reports that officials say will assist in analysis of leads and intelligence reports. The analytic reports, but not raw data, are shared with other DHS components, federal, state, local and foreign law enforcement agencies on a need to know basis.
A DHS privacy impact study released in January states that the system does not delineate the significance of relationships identified by the system but rather identifies possible connections that warrant further investigation by a human agent. In addition, the document states that ICEPIC does not verify the accuracy of the data contained in the system, leaving that to agents and analysts.
Audit trails will be used to track user activities and protect against unauthorized access, according to the privacy impact assessment. ICE will also provide privacy training for users of the system.
Ben Bain is a reporter for Federal Computer Week.