EPIC joined the Privacy Coalition letter sent to the House Committee on Homeland Security urging them to investigate the Department of Homeland Security’s (DHS) Chief Privacy Office. DHS is unrivaled in its authority to develop and deploy new systems of surveillance. The letter cited DHS use of Fusion Center, Whole Body Imaging, funding of CCTV Surveillance, and Suspicionless Electronic Border Searches as examples of where the agency is eroding privacy protections.
The Coalition’s letter argues, in part:
The primary statutory duty of the Chief Privacy Officer is to assure “that the use of technologies sustain, and do not erode, privacy protections.”5 The CPO has not done so, focusing instead almost exclusively on the fourth statutory duty, conducting a “privacy impact assessment”6 on each Department action. The structure of the annual report reveals the Office’s confusion of these two duties, to the detriment of the former. The report notes that the Office “is divided into two major functional units: Privacy Compliance; and Departmental Disclosure and FOIA.”7 The report claims that the Compliance Group “manages statutory and policy-based responsibilities by working with each component and program throughout the Department to ensure that privacy considerations are addressed when implementing a program, technology, or policy.”8 This description should encompass the fulfillment of the statutory responsibility to prevent erosion of privacy. Yet the section of the annual report entitled “Compliance” barely discusses ways in which the Office has done so; it focuses almost entirely on the conducting of assessments.9 In fact, the “Privacy Compliance Process” graphic describes the process as containing Review, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), and if necessary, a System of Records Notice (SORN), followed by a repetition of the cycle after three years for programs still in force.10