National Applications Office Certification Review
Gao ID: GAO-09-105R November 6, 2008Since the 1960s, classified satellite information collected by intelligence agencies has been used, from time to time, by federal civilian agencies and other non-intelligence entities for civil, scientific, and environmental purposes (such as mapping, disaster relief, and environmental research). These uses have historically been coordinated by the Civil Applications Committee (CAC) led by the U.S. Geological Survey, a component of the Department of the Interior. Following the events of September 11, 2001, attention has turned to information sharing as a key element in developing comprehensive and practical approaches to defending against potential terrorist attacks. Having information on threats, vulnerabilities, and incidents can help an agency better understand the risks and determine what preventive measures should be implemented. The ability to share such terrorism-related information can also unify the efforts of federal, state, and local government agencies, as well as the private sector in preventing or minimizing terrorist attacks. Exchanging terrorism-related information continues to be a significant challenge for federal, state, and local governments--one that we recognize is not easily addressed. Accordingly, since January 2005, we have designated information sharing for homeland security a high-risk area. Citing a growing need to use classified satellite information for civil or domestic purposes, in 2005, an independent study group reviewed the future role of the CAC and concluded that although the civil domestic users were well supported through the CAC, homeland security and law enforcement users lacked a coherent, organized, and focused process to access classified satellite information. In 2007, the Office of the Director of National Intelligence designated the Department of Homeland Security (DHS) as the executive agency and home of a newly created National Applications Office (NAO), whose mission would be to process requests for classified satellite information from, among others, nontraditional users of intelligence for civil, homeland security, and law enforcement purposes. DHS established a process whereby potential requesters for classified satellite information annually submit memorandums generally describing the information they plan to ask for, followed by a more detailed review of each actual request to ensure legal compliance. The Consolidated Appropriations Act, 2008, prohibited funds from being made available to commence operations of the NAO until the Secretary of Homeland Security certified that the program complies with all existing laws, including all applicable privacy and civil liberties standards, and that certification was reviewed by GAO. On April 9, 2008, in a letter to Members of Congress, the Secretary of the Department of Homeland Security certified that the NAO complies with all existing laws, including all applicable privacy and civil liberties standards. The Secretary also provided a charter for the office, privacy and civil liberties impact assessments, and NAO standard operating procedures. Our objectives were to determine the extent to which DHS justified its certification that the NAO complies with (1) all applicable laws, (2) privacy standards, and (3) civil liberties standards.
Although the department has established procedures for legal review, it has not yet fully addressed all outstanding issues regarding how the planned operations of the NAO, as described in the department's certification documents, are to comply with legal requirements. Specifically, DHS has not resolved legal and policy issues associated with NAO support for law enforcement. The NAO charter states that requests for law enforcement domain uses (i.e., activities relating to enforcing criminal or civil laws or investigating violations thereof) will not be accepted by the NAO until interagency agreement is reached on unresolved legal and policy issues. An independent study group had determined that the legality of using satellite imagery of domestic subjects for law enforcement purposes raised difficult issues that had not been fully settled. Work has begun to address these issues, and the department now plans to recertify the NAO's compliance with all laws before accepting requests related to law enforcement. Recertification following the resolution of legal and policy concerns will be an important element in providing assurance that NAO operations are in compliance with all applicable laws. The DHS Privacy Office worked with NAO program officials to define privacy protections for the program and prepared a privacy assessment that discussed high-level privacy protections. Further, DHS has recently taken additional steps to justify its certification of compliance with privacy standards. The NAO civil liberties impact assessment identified a number of areas of potential concern regarding civil rights and civil liberties. Although the NAO program office addressed several of these issues--such as the need to develop and conduct training on civil liberties issues--the department has not indicated how the NAO would address other significant issues, including the potential for improper use or retention of intelligence information by customers and the potential for overly broad annual memorandums about customers' planned uses, which may facilitate the acceptance of requests that should be rejected.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Gregory C. Wilshusen Team: Government Accountability Office: Information Technology Phone: (202) 512-6408GAO-09-105R, National Applications Office Certification Review
This is the accessible text file for GAO report number GAO-09-105R
entitled 'National Applications Office Certification Review' which was
released on November 6, 2008.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
November 6, 2008:
Congressional Committees:
Subject: National Applications Office Certification Review:
Since the 1960s, classified satellite information collected by
intelligence agencies[Footnote 1] has been used, from time to time, by
federal civilian agencies and other non-intelligence entities for
civil, scientific, and environmental purposes (such as mapping,
disaster relief, and environmental research). These uses have
historically been coordinated by the Civil Applications Committee (CAC)
led by the U.S. Geological Survey, a component of the Department of the
Interior.
Following the events of September 11, 2001, attention has turned to
information sharing as a key element in developing comprehensive and
practical approaches to defending against potential terrorist attacks.
Having information on threats, vulnerabilities, and incidents can help
an agency better understand the risks and determine what preventive
measures should be implemented. The ability to share such terrorism-
related information can also unify the efforts of federal, state, and
local government agencies, as well as the private sector in preventing
or minimizing terrorist attacks. Exchanging terrorism-related
information continues to be a significant challenge for federal, state,
and local governments--one that we recognize is not easily addressed.
Accordingly, since January 2005, we have designated information sharing
for homeland security a high-risk area.[Footnote 2]
Citing a growing need to use classified satellite information for civil
or domestic purposes, in 2005, an independent study group reviewed the
future role of the CAC and concluded that although the civil domestic
users were well supported through the CAC, homeland security and law
enforcement users lacked a coherent, organized, and focused process to
access classified satellite information.[Footnote 3]
In 2007, the Office of the Director of National Intelligence designated
the Department of Homeland Security (DHS) as the executive agency and
home of a newly created National Applications Office (NAO), whose
mission would be to process requests for classified satellite
information from, among others, nontraditional users of intelligence
for civil, homeland security, and law enforcement purposes. DHS
established a process whereby potential requesters for classified
satellite information annually submit memorandums generally describing
the information they plan to ask for, followed by a more detailed
review of each actual request to ensure legal compliance.
The Consolidated Appropriations Act, 2008, prohibited funds from being
made available to commence operations of the NAO until the Secretary of
Homeland Security certified that the program complies with all existing
laws, including all applicable privacy and civil liberties standards,
and that certification was reviewed by GAO.
On April 9, 2008, in a letter to Members of Congress, the Secretary of
the Department of Homeland Security certified that the NAO complies
with all existing laws, including all applicable privacy and civil
liberties standards. The Secretary also provided a charter for the
office, privacy and civil liberties impact assessments, and NAO
standard operating procedures.
Our objectives were to determine the extent to which DHS justified its
certification that the NAO complies with (1) all applicable laws, (2)
privacy standards, and (3) civil liberties standards.
To assess DHS's certification of compliance with all applicable laws,
we reviewed the certification documents to determine the extent to
which DHS evaluated and addressed laws applicable to NAO operations. We
interviewed agency officials from the NAO program office and the DHS
Office of General Counsel to identify all available analysis conducted
on applicable laws and to determine the extent to which mechanisms for
ensuring compliance had been established.
To assess DHS's certification of compliance with privacy standards, we
reviewed two versions of the privacy impact assessment developed for
the program (one completed in connection with the April 2008
certification and a revised version developed in July 2008 in response
to discussions with us) and interviewed officials from the program
office and the DHS Privacy Office. In addition, we analyzed the system-
of-records notices identified within the certification documentation
and by DHS to determine whether they provided public notice regarding
NAO's planned operations and potential use of personal information.
To assess DHS's certification of NAO compliance with civil liberties
standards, we reviewed the civil liberties impact assessment to
identify concerns raised about civil liberties and recommendations made
to address them. We also interviewed officials from the program office
and the DHS Office of Civil Rights and Civil Liberties to determine the
extent to which DHS had instituted measures to address the concerns
raised by the impact assessment:
We conducted this performance audit in the Washington, D.C., area from
April 2008 to September 2008 in accordance with generally accepted
government auditing standards. Those standards require that we plan and
perform the audit to obtain sufficient, appropriate evidence to provide
a reasonable basis for our findings and conclusions based on our audit
objectives. We believe that the evidence obtained provides a reasonable
basis for our findings and conclusions based on our audit objectives.
On September 15, 2008, we provided the staff of cognizant committees
with sensitive but unclassified briefing slides on the results of this
review. Subsequently, we coordinated with DHS officials to review the
sensitivity of the slides and determine what contents could be publicly
released. This report summarizes the results of our review, provides
the public version of the slides, and officially transmits our
recommendations to the Secretary of Homeland Security. The slides,
including details on our scope and methodology, are reprinted in
enclosure I.
DHS Has Not Fully Justified Its Certification That the NAO Complies
with Applicable Laws:
Although the department has established procedures for legal review, it
has not yet fully addressed all outstanding issues regarding how the
planned operations of the NAO, as described in the department's
certification documents, are to comply with legal requirements.
Specifically, DHS has not resolved legal and policy issues associated
with NAO support for law enforcement. The NAO charter states that
requests for law enforcement domain uses (i.e., activities relating to
enforcing criminal or civil laws or investigating violations thereof)
will not be accepted by the NAO until interagency agreement is reached
on unresolved legal and policy issues. An independent study group had
determined that the legality of using satellite imagery of domestic
subjects for law enforcement purposes raised difficult issues that had
not been fully settled. Work has begun to address these issues, and the
department now plans to recertify the NAO's compliance with all laws
before accepting requests related to law enforcement. Recertification
following the resolution of legal and policy concerns will be an
important element in providing assurance that NAO operations are in
compliance with all applicable laws.
In addition, DHS has taken steps to develop a legal review procedure
for classified satellite information requests but has not yet fully
established management controls to ensure that it will be effective.
DHS has developed a multistage process for reviewing potential requests
to address any legal or policy concerns. This process represents a
reasonable approach for ensuring that decisions are reviewed on a case-
by-case basis, to the extent that law enforcement requests are not
accepted. However, the NAO charter leaves it unclear what types of
requests will be initially rejected as being in the law enforcement
domain and what types will be accepted as homeland security requests,
because the distinctions between the two domains are not clear.
Further, other important details have not yet been fully addressed. The
process for developing and approving annual memorandums, which set
expectations about planned customer uses of NAO data, has not yet been
established for all categories of classified satellite information. In
addition, procedures for monitoring the legal review process to ensure
that it is making appropriate determinations about the legality of
requests have not yet been established. Without clarifying these
details of the planned legal review process, DHS will have limited
assurance that the process is effective at ensuring compliance with
applicable laws.
DHS Has Taken Steps to Justify Its Certification of Compliance with
Privacy Standards:
The DHS Privacy Office worked with NAO program officials to define
privacy protections for the program and prepared a privacy assessment
that discussed high-level privacy protections. Further, DHS has
recently taken additional steps to justify its certification of
compliance with privacy standards.
Specifically, DHS originally did not fulfill agency requirements to
identify privacy risks and control mechanisms but recently has taken
steps to do so. At the time of NAO certification, DHS did not fully
explain how the office would comply with widely accepted privacy
standards, such as the need for personally identifiable information to
be accurate, secure, and used only for limited purposes. Specifically,
the NAO's original privacy assessment did not identify or analyze the
risks that NAO operations might not meet these standards, nor did it
specify measures to mitigate such risks. In response to discussions
with us regarding these shortcomings, the Privacy Office developed a
revised assessment that represented a substantial improvement in
identifying privacy risks and mitigating controls to address them, such
as providing appropriate oversight and building a process to identify
and correct inaccurate information. However, differences between the
review procedures outlined in the revised privacy impact assessment and
those in the standard operating procedures raise questions about
whether the specifics of the NAO's privacy protection controls have
been clearly established.
In addition, the public notices cited by DHS did not provide a public
explanation of the privacy protections associated with planned NAO
operations. One key privacy standard requires that the public be
notified about the existence of systems containing personal information
and the privacy protections associated with them. However, publicly
available privacy notices (called system-of-records notices under the
Privacy Act of 1974) cited by DHS as applying to the NAO did not
provide information specifically about the NAO, its planned uses of
personal information, or the privacy protections that are to be
established. In response to discussions with us regarding this lack of
public notice, DHS updated NAO information on the department's public
Web site to reflect the relationship between the NAO and the applicable
system-of-records notice. The updated information better informs the
public about how personal information is to be processed, analyzed, and
distributed by the NAO.
DHS Identified Civil Liberties Concerns Associated with NAO Operations
but Has Not Yet Fully Addressed Them:
The NAO civil liberties impact assessment identified a number of areas
of potential concern regarding civil rights and civil liberties.
Although the NAO program office addressed several of these issues--such
as the need to develop and conduct training on civil liberties issues-
-the department has not indicated how the NAO would address other
significant issues, including the potential for improper use or
retention of intelligence information by customers and the potential
for overly broad annual memorandums about customers' planned uses,
which may facilitate the acceptance of requests that should be
rejected.
In a July 2008 letter to the DHS Undersecretary of Intelligence and
Analysis, the acting NAO program director outlined plans to address
several issues raised by the assessment. However, specific measures
have not yet been developed to address the potential for improper use
or retention of information provided by the NAO and the potential for
impermissible requests to be accepted as a result of a reliance on
broad annual memorandums as justifications. Certifying the readiness of
the NAO without fully addressing the concerns outlined within the
assessment--including establishing internal controls for mitigating
identified risks--provides only limited assurance that the office is in
compliance with civil liberties standards and will take appropriate
measures to protect civil liberties.
Recommendations for Executive Action:
To ensure that the NAO is in compliance with applicable laws, including
privacy and civil liberties standards, we recommend that the Secretary
of Homeland Security more fully justify the department's certification
by taking the following actions:
1. Given that the NAO is to operate before law enforcement issues are
resolved and operations are recertified, establish clear definitions
for law enforcement and homeland security requests to better ensure
that law enforcement requests will not be accepted until legal and
policy issues are resolved.
2. Direct the NAO to address remaining issues about its processes and
procedures, including:
* defining procedures for developing and approving annual memorandums
for all categories of classified satellite information,
* establishing procedures for monitoring the legal review process to
ensure it is achieving its objectives,
* ensuring that specific privacy controls outlined in the revised
privacy assessment are clearly established in NAO standard operating
procedures, and:
* establishing specific procedures to fully address issues raised
within the civil liberties impact assessment: the potential for
improper use or retention of information provided by the NAO and the
potential for impermissible requests to be accepted as a result of a
reliance on broad annual memorandums as justifications.
Comments from the Department of Homeland Security and Our Evaluation:
In responding to our request for comments on a draft of this letter,
the NAO program director stated that the comments provided by DHS in
September 2008 regarding our briefing slides were to be considered the
department's official response to our certification review.
In those written comments, (reprinted in enclosure II) the DHS Deputy
Undersecretary for Mission Integration described steps that DHS has
taken or plans to take to address our recommendations. Regarding our
first recommendation, the Deputy Undersecretary stated that the
definitions for law enforcement and homeland security requests outlined
in the charter were sufficiently clear for the NAO to operate in an
effective and lawful manner. However, we believe that clearer
definitions are essential to ensuring that law enforcement requests are
effectively and consistently excluded from consideration by the NAO.
The Secretary's certification of compliance depends critically on the
assertion that requests for law enforcement domain uses will not be
accepted by the NAO until interagency agreement is reached on
unresolved legal and policy issues. Without clearer definitions that
unambiguously distinguish the law enforcement and homeland security
domains, the NAO runs the risk that requests may be accepted without a
complete analysis of how the NAO will ensure compliance with applicable
laws.
Regarding our second recommendation, the Deputy Undersecretary
highlighted steps the agency is taking to update its processes and
procedures, including updating its internal procedures to address civil
liberties issues and focusing resources on training NAO staff and
customers, particularly with respect to the collection, use, and
retention of personally identifiable information. We agree that these
steps, once completed, should provide DHS with better assurance that
NAO's processes and procedures are effective in ensuring the program's
compliance with applicable laws, privacy and civil liberties standards.
We are sending copies of this report to interested congressional
committees, the Secretary of Homeland Security, and other interested
parties. We will also make copies available to others upon request. In
addition, this product will be available at no charge on the GAO Web
site at [hyperlink, http://www.gao.gov].
If you or your staff have any questions concerning this report, please
contact me at (202) 512-6253 or willemssenj@gao.gov. Contact points for
our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. Key contributions to this report were
made by Linda Koontz, Director, Information Management Issues; John de
Ferrari, Assistant Director; Matthew Grote; Nick Marinos; Lee
McCracken; and David Plocher.
Signed by:
Joel Willemssen:
Managing Director, Information Technology:
Enclosure:
List of Congressional Committees:
The Honorable Robert C. Byrd:
Chairman:
The Honorable Thad Cochran:
Ranking Member:
Subcommittee on Homeland Security:
Committee on Appropriations:
United States Senate:
The Honorable Joseph I. Lieberman:
Chairman:
The Honorable Susan M. Collins:
Ranking Member:
Committee on Homeland Security and Governmental Affairs: United States
Senate:
The Honorable Daniel K. Akaka:
Chairman:
Subcommittee on Oversight of Government Management, the Federal
Workforce, and the District of Columbia: Committee on Homeland Security
and Governmental Affairs: United States Senate:
The Honorable John D. Rockefeller IV: Chairman:
The Honorable Christopher S. Bond:
Vice Chairman:
Select Committee on Intelligence:
United States Senate:
The Honorable David E. Price:
Chairman:
The Honorable Harold Rogers:
Ranking Member:
Subcommittee on Homeland Security:
Committee on Appropriations:
House of Representatives:
The Honorable Bennie G. Thompson:
Chairman:
The Honorable Peter T. King:
Ranking Member:
Committee on Homeland Security:
House of Representatives:
The Honorable Silvestre Reyes:
Chairman:
The Honorable Peter Hoekstra:
Ranking Member:
Permanent Select Committee on Intelligence: House of Representatives:
[End of section]
Enclosure I: Public Version of September 15, 2008, Briefing to
Congressional Staff:
National Applications Office:
Certification of Compliance With Legal, Privacy, and Civil Liberties
Standards Needs to Be More Fully Justified Briefing for Congressional
Staff:
September 15, 2008:
Contents:
Introduction:
Objectives, Scope, and Methodology:
Results in Brief:
Background:
Compliance With Applicable Legal, Privacy, and Civil Liberties:
Standards Needs to Be More Fully Justified:
* DHS has not fully justified its certification of compliance with
applicable laws;
* DHS has taken steps to justify its certification of compliance with
privacy standards;
* DHS identified civil liberties concerns associated with NAO
operations but has not fully addressed them; Conclusions:
Recommendations:
Agency Comments and Our Evaluation:
Introduction:
Since the 1960s, classified satellite information collected by
intelligence agencies[Footnote 4] has been used, from time to time, by
federal civilian agencies and other non-intelligence entities for
civil, scientific, and environmental purposes (such as mapping,
disaster relief, and environmental research). These uses have
historically been coordinated by the Civil Applications Committee (CAC)
led by the U.S. Geological Survey (USGS), a component of the Department
of the Interior.
Following the events of September 11, 2001, attention has turned to
information sharing as a key element in developing comprehensive and
practical approaches to defending against potential terrorist attacks.
Having information on threats, vulnerabilities, and incidents can help
n agency better understand the risks and determine what preventative
measures should be implemented. The ability to share such terrorism-
related information can also unify the efforts of federal, state, and
local government agencies, as well as the private sector in preventing
or minimizing terrorist attacks.
Citing a growing need to use classified satellite information for civil
or domestic purposes, in 2005, an independent study group reviewed the
future role of the CAC and concluded that although the civil domestic
users were well supported through the CAC, homeland security and law
enforcement users lacked a coherent, organized, and focused process to
access classified satellite information.
In 2007, the Office of the Director of National Intelligence (ODNI)
designated the Department of Homeland Security (DHS) as the executive
agency and home of a newly created National Applications Office (NAO),
whose mission would be to process requests for classified satellite
information from, among others, non-traditional users of intelligence
for civil, homeland security, and law enforcement purposes. DHS
established a process whereby potential requesters for classified
satellite information annually submit memorandums generally describing
the information they plan to ask for, followed by a more detailed
review of each actual request, to ensure legal compliance.
The Consolidated Appropriations Act, 2008, prohibited funds from being
made available to commence operations of the NAO until the Secretary of
Homeland Security certified that the program complies with all existing
laws, including all applicable privacy and civil liberties standards,
and that certification was reviewed by GAO.
Objectives:
On April 9, 2008, in a letter to members of Congress, the Secretary of
the Department of Homeland Security certified that NAO complies with
all existing laws, including all applicable privacy and civil liberties
standards. The Secretary also provided a charter for the office,
privacy and civil liberties impact assessments, and NAO standard
operating procedures.
Our objectives were to determine the extent to which DHS justified its
certification that the NAO complies with (1) all applicable laws, (2)
privacy standards, and (3) civil liberties standards.
Scope and Methodology:
To assess DHS certification of compliance with all applicable laws, we
reviewed the certification documents to determine the extent to which
DHS evaluated and addressed laws applicable to NAO operations.
Specifically, we reviewed DHS‘ assessment of applicable laws such as
the Posse Comitatus Act”which generally prohibits the use of U.S.
military personnel to enforce civilian laws, unless otherwise
authorized by law”and the 4th Amendment to the Constitution, which
guards against unreasonable searches and seizures. We also reviewed
related executive branch directives, including Executive Order 12333,
which limits how federal agencies in the intelligence community collect
information concerning U.S. persons.[Footnote 5] We interviewed agency
officials from the NAO program office and the DHS Office of General
Counsel to identify all available analysis conducted on applicable laws
and to determine the extent to which mechanisms for ensuring compliance
had been established.
To assess DHS certification of compliance with privacy standards, we
reviewed two versions of the privacy impact assessment developed for
the program (one completed in connection with the April 2008
certification and a revised version developed in July 2008 in response
to discussions with us) and interviewed officials from the program
office and the DHS Privacy Office. To identify DHS privacy
responsibilities, we reviewed the Privacy Act of 1974, Homeland
Security Act of 2002, and E-Government Act of 2002. We compared the
original and revised NAO privacy impact assessments with DHS privacy
impact assessment guidance as well as the Fair Information Practices, a
widely accepted set of standards for protecting the privacy and
security of personal information. In addition, we analyzed the system-
of-records notices identified within the certification documentation
and by DHS to determine whether they provided public notice regarding
the NAO‘s planned operations and potential use of personal information.
To assess DHS certification of NAO compliance with civil liberties
standards, we reviewed the civil liberties impact assessment (CLIA) to
identify concerns raised about civil liberties and recommendations made
to address them. We compared the content of the CLIA to a set of
standard civil liberties assessment criteria developed by DHS for
analyzing a program‘s potential civil liberties impact, including
questions about the impact on particular groups or individuals, such as
racial or ethnic groups; the impact on the influence of government in
its relationship with private citizens; and whether alternatives and
safeguards have been considered to address potential concerns. We also
interviewed officials from the program office and the DHS Office of
Civil Rights and Civil Liberties to determine the extent to which DHS
had instituted measures to address the concerns raised by the CLIA.
We interviewed officials at the USGS and National Geospatial-
Intelligence Agency (NGA) to obtain information on how requests for
information from classified satellites are currently processed for
federal civilian agencies. This information pertained to compliance
with applicable laws as well as privacy and civil liberties standards.
We conducted this performance audit in the Washington, D.C., area from
April 2008 to September 2008 in accordance with generally accepted
government auditing standards. Those standards require that we plan and
perform the audit to obtain sufficient, appropriate evidence to provide
a reasonable basis for our findings and conclusions based on our audit
objectives. We believe that the evidence obtained provides a reasonable
basis for our findings and conclusions based on our audit objectives.
Results in Brief:
DHS has not fully justified its certification that the NAO complies
with applicable laws.
Although the department has established procedures for legal review, it
has not yet fully addressed all outstanding issues regarding how the
planned operations of the NAO, as described in the department‘s
certification documents, are to comply with legal requirements.
Specifically:
DHS has not resolved legal and policy issues associated with NAO
support for law enforcement. The NAO charter states that requests for
law enforcement domain uses (i.e., activities relating to enforcing
criminal or civil laws or investigating violations thereof) will not be
accepted by the NAO until interagency agreement is reached on
unresolved legal and policy issues. The Independent Study Group had
determined that the legality of using satellite imagery of domestic
subjects for law enforcement purposes raised difficult issues that had
not been fully settled. Work has begun to address these issues, and the
department now plans to re-certify the NAO‘s compliance with all laws
before accepting requests related to law enforcement. Recertification
following the resolution of legal and policy concerns will be an
important element in providing assurance that NAO operations are in
compliance with all applicable laws.
DHS has taken steps to develop a legal review procedure for classified
satellite information requests but has not yet fully established
management controls to ensure that it will be effective. DHS has
developed a multi-stage process for reviewing potential requests to
address any legal or policy concerns. This process represents a
reasonable approach for ensuring that decisions are reviewed on a case-
by-case basis, to the extent that law enforcement requests are not
accepted. However, the NAO charter leaves it unclear what types of
requests will be initially rejected as being in the law enforcement
domain and what types will be accepted as homeland security requests,
because the distinctions between the two domains are not clear.
In addition, other important details have not yet been fully addressed.
The process for developing and approving annual memorandums, which set
expectations about planned customer uses of NAO data, has not yet been
established for all categories of classified satellite information. In
addition, procedures for monitoring the legal review process to ensure
it is making appropriate determinations about the legality of requests
have not yet been established. Without clarifying these details of the
planned legal review process, DHS will have limited assurance that the
process is effective at ensuring compliance with applicable laws.
DHS has taken steps to justify its certification of compliance with
privacy standards.
The DHS Privacy Office worked with NAO program officials to define
privacy protections for the program and prepared a privacy assessment
that discussed high-level privacy protections. Further, DHS has
recently taken additional steps to justify its certification of
compliance with privacy standards.
DHS originally did not fulfill agency requirements to identify privacy
risks and control mechanisms but recently has taken steps to do so. At
the time of NAO certification, DHS did not fully explain how the office
would comply with widely accepted privacy standards, such as the need
for personally identifiable information to be accurate, secure, and
used only for limited purposes. Specifically, NAO‘s original privacy
assessment did not identify or analyze the risks that NAO operations
might not meet these standards, nor did it specify measures to mitigate
such risks. In response to discussions with us regarding these
shortcomings, the Privacy Office developed a revised assessment that
represents a substantial improvement in identifying privacy risks and
mitigating controls to address them, such as providing appropriate
oversight and building a process to identify and correct inaccurate
information. However, differences between the review procedures
outlined in the revised PIA and those in the standard operating
procedures raise questions about whether the specifics of NAO‘s privacy
protection controls have been clearly established.
The system-of-records notices cited by DHS do not provide a public
explanation of the privacy protections associated with planned NAO
operations. One key privacy standard requires that the public be
notified about the existence of systems containing personal information
and the privacy protections associated with them. However, publicly
available privacy notices (called system-of-records notices under the
Privacy Act of 1974) cited by DHS as applying to NAO do not provide
information specifically about the NAO, its planned uses of personal
information, or the privacy protections that are to be established. In
response to discussions with us regarding this lack of public notice,
DHS updated NAO information on the department‘s public Web site to
reflect the relationship between the NAO and the applicable system-of-
records notice. The updated information better informs the public about
how personal information is to be processed, analyzed, and distributed
by the NAO.
DHS identified civil liberties concerns associated with NAO operations
but has not yet fully addressed them.
The Department's assessment of the civil liberties impact of NAO
operations identified a number of areas of potential concern regarding
civil rights and civil liberties. Although the NAO program office
addressed several of these issues”such as the need to develop and
conduct training on civil liberties issues”the department has not
indicated how NAO would address other significant issues, including the
potential for improper use or retention of intelligence information by
customers, and the potential for overly broad, annual memorandums about
customers‘ planned uses that may facilitate the acceptance of requests
that should be rejected.
In a July 2008 letter to the DHS Undersecretary of Intelligence and
Analysis, the acting NAO program director outlined plans to address
several issues raised by the assessment. However, specific measures
have not yet been developed to address the potential for improper use
or retention of information provided by NAO and the potential for
impermissible requests to be accepted as a result of a reliance on
broad annual memorandums as justifications.
Certifying the readiness of the NAO without fully addressing the
concerns outlined within the assessment”including establishing internal
controls for mitigating identified risks”does not provide assurance
that the office is in compliance with civil liberties standards and
will take appropriate measures to protect civil liberties.
Without fully justifying its certification, DHS lacks assurance that
NAO operations will comply with applicable laws and privacy and civil
liberties standards. To help ensure that NAO is in compliance with such
laws and standards, we recommend that the Secretary of Homeland
Security more fully justify the department's certification by:
1. establishing clear definitions for law enforcement and homeland
security requests to better ensure that law enforcement requests will
not be accepted until legal and policy issues are resolved, and:
2. directing NAO to address remaining issues regarding its processes
and procedures, including:
* defining procedures for developing and approving annual memorandums
in all categories,
* establishing procedures for monitoring the legal review process,
* ensuring that privacy controls outlined in the revised privacy impact
assessment are clearly established in standard operating procedures,
and:
* establishing specific procedures to fully address issues raised by
the civil liberties impact assessment.
In written comments provided on a draft of this briefing, the DHS
Deputy Undersecretary for Mission Integration described steps that DHS
has taken or plans to take to address our recommendations. Regarding
our first recommendation, the Deputy Undersecretary stated that the
definitions for law enforcement and homeland security requests outlined
in the charter were sufficiently clear for the NAO to operate in an
effective and lawful manner. However, we believe that clearer
definitions are essential to ensuring that law enforcement requests are
effectively and consistently excluded from consideration by the NAO.
The Secretary‘s certification of compliance depends critically on the
assertion that requests for law enforcement domain uses will not be
accepted by the NAO until interagency agreement is reached on
unresolved legal and policy issues. Without clearer definitions that
unambiguously distinguish the law enforcement and homeland security
domains, the NAO runs the risk that requests may be accepted without a
complete analysis of how the NAO will ensure compliance with applicable
laws.
Regarding our second recommendation, the Deputy Undersecretary
highlighted steps the agency is taking to update its processes and
procedures, including updating its internal procedures to address civil
liberties issues and focusing resources on training NAO staff and
customers, particularly with respect to the collection, use, and
retention of personally identifiable information. We agree that these
steps, once completed, should provide DHS with better assurance that
NAO‘s processes and procedures are effective in ensuring the program‘s
compliance with applicable laws, privacy and civil liberties standards.
Background:
Sharing of Classified Satellite Information for Domestic Purposes Since
the 1960‘s, federal civilian agencies have used classified satellite
information for civil, scientific, and environmental purposes. In 1975,
the U.S. President‘s Commission on Central Intelligence Agency
Activities within the United States recommended that an interagency
committee of federal civil agencies be established to oversee the use
of classified satellites for imaging domestic areas and to allay
concerns about improper or illegal uses of such imaging capabilities.
In response to the Commission‘s recommendations, the Civil Applications
Committee (CAC) was established in 1976 to serve as a mechanism for
reviewing and prioritizing the needs of civilian agencies for
classified satellite information.
In response to the events of September 11, 2001, information sharing
has been identified as a key element in developing comprehensive and
practical approaches to defending against potential terrorist attacks.
Having information on threats, vulnerabilities, and incidents can help
an agency better understand the risks and determine what preventative
measures should be implemented. The ability to share such terrorism-
related information can also unify the efforts of federal, state, and
local government agencies, as well as the private sector in preventing
or minimizing terrorist attacks. Exchanging terrorism-related
information continues to be a significant challenge for federal, state,
and local governments”one that we recognize is not easily addressed.
Accordingly, since January 2005, we have designated information sharing
for homeland security a high-risk area.[Footnote 6]
Background:
The Role of the Civil Applications Committee:
The mission of the CAC has been to facilitate the appropriate civil
uses of data collected by classified government satellites. Led by the
U.S. Geological Survey (USGS), the CAC includes representatives from
the Departments of Agriculture, Commerce, Health and Human Services,
Homeland Security (DHS), the Interior, and Transportation; the U.S.
Army Corps of Engineers; the Environmental Protection Agency; the
Federal Emergency Management Agency; the National Science Foundation;
the U.S. Coast Guard; and the National Aeronautics and Space
Administration.
Background:
According to its charter, the CAC‘s responsibilities include, among
other things:
* assisting in ensuring the effective application of classified
satellite information to support the appropriate worldwide production,
analysis, and research programs of federal civil agencies;
* facilitating the use of such data to derive basic information for
civil applications, including mapping, disaster assessments, monitoring
environmental changes, and for deriving other information to support
national policies and objectives; and:
* overseeing federal civil agencies‘ requests for the collection of
classified satellite information to ensure the constitutional and other
legal rights of U.S. persons are not violated and that such requests
and the use of such data are consistent with the authorities and
responsibilities of the agencies and are in accordance with authorized
programs.
Background:
Independent Study Group:
Citing a growing need for domestic uses of information collected by
intelligence agencies, in May 2005, the Office of the Director of
National Intelligence (ODNI) and USGS chartered an Independent Study
Group to conduct a review of the future role of the CAC for the
facilitation, management, and oversight of classified satellite
information for civil or domestic use.[Footnote 7] The group, composed
of former senior government and military officials and consultants,
concluded in its report (known as the Blue Ribbon Study) that although
civil users were well supported through the CAC, homeland security and
law enforcement users lacked a coherent, organized, and focused process
to access classified satellite information.[Footnote 8] Further, the
report stated that most of these users did not understand how
classified satellite information could be applied to support their
missions and functions and, likewise, that intelligence agencies lacked
a comprehensive understanding of the needs of those users.
Background:
National Applications Office:
As a result of its findings, the study group recommended the
establishment of a domestic applications program to provide a focal
point and act as a facilitator between intelligence agencies and their
potential customers, such as homeland security and law enforcement
users. The study group recommended that the office be informed by
working groups from three domestic user domains: civil, homeland
security, and law enforcement, and be modeled after the operations of
the CAC. The group also recommended that the establishment of the
office be informed by a comprehensive review of legal and policy
issues.
Responding to the study group‘s recommendations, ODNI began planning
the National Applications Office (NAO) in September 2006 and, in May
2007, designated DHS as its executive agent. Following the August 2007
DHS publication of the NAO‘s mission, a congressional hearing was held
in September 2007 to examine the privacy and civil liberties
implications of using classified satellite information for domestic
purposes.
The Consolidated Appropriations Act, 2008, prohibited funds provided in
the act from being available to commence NAO operations until the
Secretary of DHS certified that the program complies with all existing
laws, including all applicable privacy and civil liberties standards,
and that certification was reviewed by GAO.
Background:
NAO Certification:
On April 9, 2008, in a letter to members of Congress, the DHS Secretary
certified that the NAO, as described in its charter and standard
operating procedures, complies with all existing laws, including all
applicable privacy and civil liberties standards. The Secretary also
provided the following supporting documentation:
* The NAO Charter – The charter defines the mission of the NAO and the
responsibility of its members. The charter was approved in February
2008 by the Attorney General, Director of National Intelligence,
Secretary of the Interior, Secretary of Homeland Security, and
Secretary of Defense.
* A Privacy Impact Assessment (PIA) –The PIA was reviewed and approved
by the DHS Privacy Office, which is responsible for ensuring PIAs are
conducted to identify specific privacy risks and controls needed to
mitigate those risks.[Footnote 9] The PIA describes how the NAO plans
to address the Fair Information Practices”a set of widely-accepted
principles for protecting the privacy and security of personal
information that include such things as limiting the collection and use
of such information and ensuring that it is accurate for its intended
purpose. The PIA concludes that privacy risks have been minimized by
the institution of multi-layered protection mechanisms involving
personnel management, IT system security, and business processes.
* A Civil Liberties Impact Assessment (CLIA) – The DHS Civil Rights and
Civil Liberties Office conducts these assessments to help ensure that
civil liberties are considered as the department develops or implements
laws, regulations, policies, procedures, and guidelines related to
efforts to protect the nation against terrorism.[Footnote 10] The NAO
CLIA discusses potential civil liberties impacts, identifies safeguards
in place, and makes recommendations for additional measures. It
concludes that due to the nature of the NAO mission, rigorous oversight
of the office, and existing safeguards, the NAO is unlikely to impact
on individuals‘ civil liberties in a substantial way.
* Standard Operating Procedures – These procedures cover the required
steps involved in the submission, approval, and processing of
information requests in support of civil, homeland security, and law
enforcement purposes when such requests are submitted through the NAO.
Background:
NAO User Domains:
According to its charter, the mission of the NAO is to serve as an
independent advocate for the use of, and facilitate access to,
classified satellite information by, among others, non- traditional
users of intelligence in the following three domains:
Civil Applications includes entities involved with domestic and
international research, analysis, and operations designed to support
the assessment and management of environmental issues and natural
resources, evaluating socioeconomic conditions, producing maps and
charts, and assessment, preparation and response to disasters.
Homeland Security includes those government agencies and activities
involved in the prevention and mitigation of, preparation for, response
to, and recovery from natural or man-made disasters, including
terrorism, and other threats to the homeland.
Law Enforcement includes government law enforcement entities when they
are seeking to enforce criminal or civil laws or investigate violations
thereof.
Background:
NAO Functions:
For each of the three domains, NAO‘s function is to:
* review, coordinate and advocate for requests from government entities
for classified satellite information (agencies may also directly
contact the intelligence community for access to intelligence
capabilities);
* advocate future technology needs to the intelligence community;
* educate potential users about intelligence capabilities and how and
when they might be leveraged to support their needs within the existing
policy and legal frameworks;
* if necessary, analyze data received from providers to meet the needs
of the requesters; and:
* promote information sharing through the effective and efficient use
of intelligence capabilities.
In carrying out these functions, NAO‘s goal is to:
* protect privacy, civil rights, and civil liberties;
* lawfully and appropriately use intelligence capabilities; and:
* protect the confidentiality of the sources and methods used to
collect the information.
Background:
Information Categories:
Three categories of classified satellite information are to be provided
through the NAO:[Footnote 11]
Geospatial intelligence (GEOINT) – GEOINT is defined as ’the
exploitation and analysis of imagery and geospatial information to
describe, assess, and visually depict physical features and
geographically referenced activities on the Earth. Geospatial
intelligence consists of imagery, imagery intelligence, and geospatial
information.“
Measurement and signature intelligence (MASINT) – MASINT is defined as
intelligence ’derived from measurements of physical phenomena intrinsic
to an object or event.“ These phenomena can include the following
types: ’electro-optical, infrared, laser, spectral, radar,
polarimetric, high-power or unintentional radio frequency emanations,
geophysical, chemical, biological, radiological, or nuclear.“
Electronic intelligence (ELINT) – ELINT is defined as ’technical and
geolocation intelligence derived from non-communications
electromagnetic radiations emanating from other than nuclear etonations
or radioactive sources. It does not include oral or written
communications.“ Thus, ELINT could include intelligence based on
signals from machines, such as computers, but not telephone
conversations or other communications between individuals.
Background:
Information Categories:
In addition, according to the charter, NAO may provide open source
intelligence information, derived from publicly available information
that anyone can lawfully obtain by request, purchase, or observation.
For example, DHS officials stated that certain requests might be most
easily filled with publicly available mapping imagery.
Background:
NAO Acceptance Process:
According to its charter NAO will not accept any requests that fall
within the law enforcement domain when it begins operations.[Footnote
12] Such requests will not be accepted until legal and policy issues
are resolved. For all other requests, NAO acceptance of requests for
classified satellite information relies on a two-phased process:
Filing of annual memorandums:
As a first phase, potential requesters (i.e., agencies within the civil
and homeland security domains) are to annually submit memorandums that
generally describe the information they plan to request and its
intended use.
Processing of individual requests:
In the second phase of the process, NAO has defined a six-step review
procedure for individual information requests.
DHS Certification of Compliance with Applicable Laws:
DHS has not resolved legal and policy issues associated with NAO
support for law enforcement operations.
The NAO is intended to support law enforcement as a key element of its
mission. Its charter states that the office is to be an advocate for
the use of intelligence community capabilities by civil, homeland
security, and law enforcement communities, and DHS officials have said
that the NAO will eventually process law enforcement requests. Further,
the Independent Study Group, which was an impetus to the creation of
the NAO, cites assistance to law enforcement as a major reason to
establish the NAO.
The Independent Study Group determined that the legality of using
satellite imagery of domestic subjects for law enforcement purposes was
a difficult issue that had not been fully settled. For example, it
stated that no case regarding the use of military, civil, or commercial
satellites has been brought to court. The study group also stated that
appropriate safeguards were needed to ensure that classified satellite
information would be used lawfully and with full consideration of the
rights of U.S. persons.
The NAO certification documents include discussions of the
applicability of certain laws, such as the 4th Amendment to the
Constitution, and executive branch directives, such as Executive Order
12333”which limits how federal agencies in the intelligence community
collect information concerning U.S. persons. For example, the CLIA
includes a discussion of the Posse Comitatus Act, which generally
prohibits the use of U.S. military personnel to enforce civilian (civil
or criminal) laws, unless otherwise authorized by law. The CLIA
concludes that there is little likelihood that NAO activities will
raise Posse Comitatus Act issues.
However, DHS analysis of these laws did not resolve the legal issues of
using intelligence community capabilities for law enforcement purposes.
For example, regarding the 4th Amendment to the Constitution, which
guards against unreasonable searches and seizures, the CLIA notes that
NAO‘s involvement in law enforcement uses ’remains under consideration
and thus its ultimate contours are not known at this time.“ The
document states that the Civil Rights and Civil Liberties Office will
update its assessment and assist in constructing polices and procedures
for law enforcement use. This indicates that, with respect to issues
related to law enforcement, NAO certification is not yet complete.
DHS Certification of Compliance with Applicable Laws DHS certification
recognizes that law enforcement issues have not been resolved and, in
response, states that law enforcement requests will not be accepted
until such issues are resolved. The NAO charter established a Policy
and Legal Working Group to develop responses to the legal and policy
concerns. The group plans to conduct analyses and make recommendations
regarding potential changes in policy and law regarding permissible
access to classified satellite information for law enforcement
purposes. At the time of our review, the working group had begun its
work but had yet to complete its analysis or make recommendations.
According to the acting NAO director, it was an agency priority to
begin operations at the NAO as soon as possible and thus a decision was
reached to set unresolved law enforcement issues aside and proceed with
certification of legal compliance for the rest of the NAO‘s planned
operations.
In responding to our questions regarding law enforcement issues, the
DHS Deputy Undersecretary for Mission Integration, who oversees NAO,
stated that the agency will provide an additional certification before
the law enforcement domain becomes operational. Recertification
following the resolution of legal and policy concerns will be an
important element in providing assurance that NAO operations are in
compliance with all applicable laws.
DHS Certification of Compliance with Applicable Laws DHS took steps to
develop a legal review procedure for requests but has not yet
established sufficient management controls to ensure that it will be
effective.
The DHS Secretary‘s certification letter states that NAO‘s charter and
standard operating procedures were carefully crafted to ensure
compliance with all applicable laws. The charter also states that a
primary function of the office will be to ensure that its procedures
are in accordance with laws, policies, and procedures that protect
privacy, civil rights, and civil liberties.
Given the need to ensure compliance with all laws, it is important that
NAO establish management controls to ensure that only requests that
meet established criteria are accepted. According to government
standards, management controls (or internal controls) are the policies,
procedures, techniques, and mechanisms that help ensure that
management‘s directives are carried out.[Footnote 13] Management
controls can include a wide range of diverse activities, such as
approvals and authorizations, which vary depending on agency missions,
organization, complexity and other factors, and should be clearly
documented in agency directives, policies, and other guidance. Further,
processes need to be established to monitor management controls on a
regular basis to ensure they are achieving their objectives.
As its management control to ensure compliance with applicable laws,
DHS developed a multi-stage legal review process for all requests
submitted to NAO. According to the charter and standard operating
procedures, assurance that information requests are consistent with
applicable laws and official policy will occur through the review of
requests by the NAO staff, the legal staff of the relevant collecting
agencies, and, as appropriate, other federal agencies. As previously
described, this will involve interagency review when ’special uses,“
such as the use of U.S. person data or law enforcement functions, are
being requested, as well as review by the DHS Secretary or Deputy
Secretary of uses that involve novel or significant homeland security
uses, or where the use of a new technology has 4th Amendment
implications.
This process represents a reasonable approach for ensuring that
decisions are reviewed on a case-by-case basis to the extent that law
enforcement requests are not accepted, which is a critical element of
the process. As the Office for Civil Rights and Civil Liberties has
pointed out in the CLIA, the impact on NAO operations of 4th Amendment
and other law enforcement issues cannot yet be evaluated because ’the
ultimate contours [of NAO support for the Law Enforcement Domain] are
not known at this time.“
However, NAO has not established clear definitions of the homeland
security and law enforcement domains to guide decisions by NAO and
other agency officials and to ensure that law enforcement requests are
not accepted.
As previously discussed, the NAO charter describes three civilian
customer domains that could use intelligence capabilities in support of
their missions”civil applications, homeland security, and law
enforcement. Homeland security includes those government agencies and
activities involved in the prevention and mitigation of, preparation
for, response to, and recovery from natural or man-made disasters,
including terrorism and other threats to the homeland. Law enforcement
includes law enforcement entities when they are seeking to enforce
criminal or civil laws or investigate violations thereof. However, the
charter further states that when law enforcement entities are ’not so
focused,“ their activities may fall within the homeland security
domain.
The domain definitions are unclear because they describe functions that
could overlap. For example, law enforcement entities would likely be
involved in seeking to enforce homeland security laws, such as the USA
PATRIOT Act or the Intelligence Reform and Terrorism Prevention Act. It
is not clear whether that function would be interpreted as falling
under the homeland security or law enforcement domain, because elements
of both domains are involved.
Likewise many other types of homeland security functions have the
potential to overlap with law enforcement functions, thus leaving it
unclear how they would be categorized. For example, border security
involves closely interrelated law enforcement and homeland security
functions. A request for imagery along the U.S. border might be
interpreted as a law enforcement matter (e.g., surveillance of
suspected criminal activity), in which case it is not to be accepted by
the NAO under the office's initial operating procedures. However,
alternatively, the request might be considered a homeland security
matter (e.g., serving a broader objective of protecting the border). In
that case, the request might be accepted.
This lack of clarity is exacerbated by the fact that while NAO does not
plan to accept law enforcement requests initially, it will accept
requests from federal law enforcement agencies for homeland security
purposes.
DHS officials acknowledged the overlap between the two domains, but
stated that they expect that the review process for requests outlined
in the NAO charter, along with communication between NAO and the
requester, will provide sufficient clarity for distinguishing between
law enforcement and homeland security requests.
However, the review process outlined within the charter relies upon the
domain definitions included in that document. Without clear domain
definitions, DHS cannot be certain that requests related to law
enforcement are being effectively and consistently excluded from
consideration. And because law enforcement issues have not yet been
analyzed and resolved, the NAO therefore runs the risk that requests
may be accepted without a complete analysis of how the NAO will ensure
compliance with applicable laws.
Other important details of how the legal review process is to be
implemented have also not yet been determined. For example,
The process for developing and approving annual memorandums for MASINT
and ELINT has not been delineated. Such procedures are an important
control in assuring that access, retention, and sharing of information
is properly constrained.
Specific processes have not yet been established for monitoring the
legal review process on a regular basis to ensure it is achieving its
objectives. Monitoring the NAO‘s operations will be important to ensure
that planned privacy and civil liberties protections are being
implemented as intended.
NAO officials stated that they are in the process of developing these
procedures. For example, they stated that MASINT and ELINT procedures
will be developed that mirror existing GEOINT procedures. They also
stated that it would be up to the Privacy Office, Civil Rights and
Civil Liberties Office, and Office of the Inspector General to
determine how they will monitor the program to ensure it is achieving
its objectives.
However, officials did not provide milestones for completing procedures
that are in process or state when monitoring procedures will be
developed. Until the procedures are adequately defined, DHS will have
limited assurance that the process is effective at ensuring compliance
with applicable laws.
DHS Certification of Compliance with Privacy Standards:
DHS originally did not fulfill agency requirements to identify privacy
risks and control mechanisms but recently has taken steps to do so.
Under law, Office of Management and Budget guidance, and DHS guidance,
DHS is to conduct privacy impact assessments (PIA) to ensure that the
technology used by DHS sustains and does not erode privacy protections.
Specifically, DHS guidance states that a PIA should be completed for
any program, system technology, or rulemaking that involves personally
identifiable information. The guidance also states that a PIA should
accomplish two goals:
* determine the risks and effects of collecting, maintaining and
disseminating information in identifiable form via an electronic
information system; and:
* evaluate protections and alternative processes for handling
information to mitigate potential privacy risks.
In order to accomplish these goals, PIAs are required to include
’privacy impact analysis“ sections that assess privacy risks and
identify specific steps to be taken to mitigate those risks.
DHS Certification of Compliance with Privacy Standards PIAs can serve
as an analysis of adherence to the Fair Information Practices. These
practices, first proposed in 1973 by a U.S. government advisory
committee, are now widely accepted as principles for protecting the
privacy and security of personal information. The DHS Privacy Office
defines these principles as follows:
* Transparency - DHS should be transparent and provide notice to the
individual regarding its collection, use, dissemination, and
maintenance of personally identifiable information (PII).
* Individual participation - DHS should involve the individual in the
process of using PII. DHS should, to the extent practical, seek
individual consent for the collection, use, dissemination, and
maintenance of PII and should provide mechanisms for appropriate
access, correction, and redress regarding DHS use of PII.
* Purpose specification - DHS should specifically articulate the
authority which permits the collection of PII and specifically
articulate the purpose or purposes for which the PII is intended to be
used.
* Data minimization - DHS should only collect PII that is directly
relevant and necessary to accomplish the specified purpose and only
retain PII for as long as is necessary to fulfill the specified
purpose.
* Use limitation - DHS should use PII solely for the purpose specified
in the notice. Sharing PII outside the department should be for a
purpose compatible with the purpose for which the PII was collected.
* Data quality and integrity - DHS should, to the extent practical,
ensure that PII is accurate, relevant, and timely, within the context
of each use of the information.
* Security - DHS should protect PII (in all forms) through appropriate
security safeguards against risks such as loss, unauthorized access or
use, destruction, modification, or unintended or inappropriate
disclosure.
* Accountability and auditing - DHS should be accountable for complying
with these principles, providing training to all employees and
contractors who use PII, and should audit the actual use of PII to
demonstrate compliance with these principles and all applicable privacy
protection requirements.
The original NAO PIA was divided into sections that correspond to the
Fair Information Practices. For each principle, a planned course of
action was described. For example, the principle of purpose
specification was to be addressed through the use of annual
memorandums, which state requesters‘ intended uses. Based on the
discussions in these sections, the PIA concluded that privacy risks had
been minimized by instituting multi-layered protection mechanisms
involving personnel management, information technology (IT) system
security, and business processes.
The PIA further stated that the NAO did not anticipate routinely
collecting, storing, and disseminating personally identifiable
information and that, in those instances when it did, the information
would be maintained and disseminated in accordance with applicable
laws, regulations, and polices. In discussing the original PIA, DHS
Privacy Office officials noted that NAO‘s adherence to privacy
standards was assured in part because it was expected to be staffed
with individuals who would be trained in privacy protection standards
and who would be required to adhere to authorities such as Executive
Order 12333, which includes limits on the extent and manner in which
information about U.S. persons is collected by intelligence agencies.
In addition, they stated that the NAO‘s planned multi-stage review
process for requests would also help ensure that privacy standards are
met. For example, that review process could include consultation with
the Privacy Office if it is deemed necessary. Because these broad
measures were in place, Privacy Office officials believed that NAO
operations would meet privacy standards.
However, although it described privacy protections in general terms,
the original PIA did not fully analyze privacy risks or identify
specific ways to mitigate them. For example:
* Data quality and integrity – DHS guidance requires agency information
on U.S. persons to be accurate, relevant, and timely. However, the
original PIA did not discuss this risk or other specific risks
regarding the accuracy of personal information to be processed by the
NAO. The PIA asserted that the office would follow ’appropriate
policies and procedures“ to ensure data quality but did not identify
the polices and procedures. Thus, the document did not identify the
risks associated with use of inaccurate data or discuss how specific
controls would mitigate these risks.
* Security – DHS guidance requires agency information on U.S. persons
to be protected by proper safeguards and security measures; however,
the original PIA did not identify the specific security risks. The PIA
asserted the office would follow applicable security policies and
procedures, including the use of password-protected storage of
information. However, these statements only referred generically to the
use of standard security controls. They did not discuss how such
techniques addressed the specific security risks.
* Use limitation – DHS guidance requires agency information on U.S.
persons to be used only for the purposes for which it was originally
collected. The original PIA stated that the ’NAO will use a multi-layer
system of protection to ensure that information passing through or
stored by the NAO is in compliance with privacy and civil liberties
laws and policies of the United States.“ It also stated that the NAO
would adhere to NGA policies related to proper use of information.
However, the PIA did not discuss specific risks associated with
inadequately limiting the use of personal information that NAO might be
distributing. For example, by broadly sharing information with non-
federal users, who are not bound by the Privacy Act, personal
information could be at risk of being used in ways not specified when
it was originally collected. The PIA did not discuss control mechanisms
for mitigating risks such as this.
In discussions with us, the DHS Director of Privacy Compliance
acknowledged these shortcomings in the original PIA. In response, the
Privacy Office developed and issued a revised PIA on July 28, 2008,
that more fully addressed risks and mitigating controls. The revised
document identifies four overall privacy risks associated with the
operation of the NAO:
1. An individual may be unaware that personally identifiable
information will be collected about him or her in response to a request
processed by the NAO.
2. Personally identifiable information may be collected, analyzed, or
disseminated in a manner that makes the information inaccurate.
3. Personally identifiable information may be misused by a requestor.
4. Associated technology may improve so dramatically that qualitatively
new capabilities will enable the gathering of personally identifiable
information in ways that are impossible today, thus creating new
potential privacy risks.
The PIA states that these risks can be mitigated by providing
appropriate oversight, building a process to identify and correct
inaccurate information, and ensuring that the DHS Privacy Office and
DHS Office for Civil Rights and Civil Liberties remain critical
components of all review processes as new and improved technology is
developed.
The revised PIA also identifies specific privacy risks associated with
several of the individual Fair Information Practices and outlines
measures taken by the NAO to address them. For example, regarding Use
Limitation, the assessment identifies the risk that users of NAO-
provided information may distribute NAO products inappropriately. The
PIA states that the review processes for annual memorandums and
requests, along with a process for educating potential and actual
customers, are to mitigate the risk of improper use of information.
However, several of the mitigating techniques identified in the revised
PIA include specifics that differ from the standard operating
procedures. For example, to address risks associated with the data
quality and integrity of NAO-provided information, the PIA stated that
NAO will implement several internal quality reviews conducted by
officials not cited in NAO program documentation.
According to the DHS Director of Privacy Compliance, the DHS Privacy
Office plans to meet with NAO officials to discuss the revised PIA and
their plans to implement the controls that will be required to address
the identified risks.
The revised PIA represents a substantial improvement over the original
PIA in identifying privacy risks and mitigating controls to address
them. However, the differences between the review procedures outlined
in the revised PIA and those in the standard operating procedures raise
questions about whether the specifics of NAO‘s privacy protection
controls have been clearly established.
The system-of-records notices cited by DHS do not provide a public
explanation of the privacy protections associated with planned NAO
operations.
A key DHS privacy principle states that the agency should be
transparent and provide notice to the individual regarding its
collection, use, dissemination, and maintenance of personally
identifiable information. In addition, the Privacy Act requires
agencies to notify the public, via a notice in the Federal Register
known as a system-of-records notice (SORN), when they create or modify
systems of records. This requirement is in place to protect the
public‘s right to know about the government‘s collection of its
personal information.
The certification documents state that DHS complies with the Privacy
Act notice requirement through the publication of the Homeland Security
Operations Center (HSOC) Database SORN, issued in April 2005. The HSOC
opened in 2004 to serve as a center for real-time threat monitoring,
domestic incident management, and information sharing efforts.
The HSOC Database SORN stated that the HSOC Database ’serves as the
technological platform to receive threat information, integrate it and
disseminate it.“ According to the notice, the HSOC Database contains
law enforcement information, intelligence information, and other
information for identifying and assessing the threats to the
homeland,[Footnote 14] and the HSOC Database will disclose information
to ’a Federal, state, local, joint, tribal, foreign, international or
other public agency or organization, or to any person or entity in
either the public or private sector, domestic or foreign, where such
disclosure may promote assist or otherwise serve homeland or national
security interests.“
However, the SORN does not identify the NAO or specifically describe
its potential uses of personal information.
According to DHS officials, the HSOC Database SORN had broad
applicability to programs within the Office of Intelligence and
Analysis, including NAO.
Further, after the NAO certification was made, DHS issued a new SORN
for the Office of Intelligence and Analysis Enterprise Records System
on May 15, 2008. According to DHS officials, this notice replaced the
HSOC Database SORN as the relevant notice for NAO. The new notice
states that the Intelligence and Analysis Enterprise Records System is
the single system of records to support all Intelligence and Analysis
operations, including analysis and information sharing. Like the
previous document, the new notice does not identify the NAO or
specifically describe its potential uses of personally identifiable
information.
In response to discussions with us regarding the lack of public notice,
DHS officials stated that a more extensive public notice would not be
appropriate for intelligence activities but that they would update NAO
information on the department‘s public Web site to note that the
privacy protections described in the Intelligence and Analysis
Enterprise Records System notice apply to NAO. Explicitly linking NAO
to the existing notice better informs the public about how personal
information is to be processed, analyzed, and distributed by the NAO.
DHS Certification of Compliance with Civil Liberties:
Standards:
DHS identified civil liberties concerns associated with NAO operations
but has not yet fully addressed them.
The DHS Office of Civil Rights and Civil Liberties is responsible for,
among other things, assisting the Secretary of DHS and agency offices
in developing, implementing, and periodically reviewing agency policies
and procedures to ensure that the protection of civil rights and civil
liberties is appropriately incorporated into the department‘s programs
and activities. According to officials, civil liberties impact
assessments (CLIA) serve as a tool to assist in protecting civil rights
and civil liberties as DHS programs are developed.
The CLIA discussed efforts by DHS to take into consideration civil
rights and civil liberties during the development of the NAO program.
For example, the CLIA discussed various safeguards, including
establishment of a training program regarding duties and
responsibilities to protect civil rights and civil liberties. In
addition, the CLIA highlighted the program office‘s working
relationship with the Office of Civil Rights and Civil Liberties and
the DHS Privacy Office in developing the charter and standard operating
procedures. The CLIA also stated that the NAO had benefited from
significant input from the DHS Office of General Counsel. The
assessment concluded that due to the nature of the NAO mission,
rigorous oversight of the office, and existing safeguards, the NAO is
unlikely to impact on individuals‘ civil liberties in a substantial
way.
Officials from the Civil Rights and Civil Liberties Office told us that
they had provided feedback to NAO as they conducted their review and
that measures had been added to the program to address their concerns.
Although the CLIA discusses how many of the issues it raises will be
resolved and concludes that sufficient safeguards are in place, two
significant issues related to civil liberties risks were raised that
NAO has not responded to with a clear indication of how they are to be
resolved. These issues are:
* the potential for improper use or retention of information provided
by NAO, and:
* the potential for impermissible requests to be accepted as a result
of a reliance on broad annual memorandums as justifications.
Potential for Improper Use or Retention of Information Provided by NAO:
The CLIA raised concern regarding improper use and retention of
requested information by NAO‘s customers and its impact on U.S.
persons‘ civil liberties. Specifically, the CLIA stated that ’the
manner in which information is accessed, used, and shared between the
requester, the facilitator (NAO), the originating agency, and any
information sharing partners has civil liberties implications.“
Although information may be lawfully collected and is being used
lawfully by the end user, ’it is unclear [after the authorized use is
complete] what will happen to the U.S. person information lawfully
collected.“
The CLIA recommended that two specific actions be taken to mitigate
this risk:
* NAO should vet all requests to amend access, retention, and sharing
instructions contained in annual memorandums; and:
* procedures and/or a system for tracing dissemination and access of
products should be extended beyond NAO to customers as a condition of
service.
In response, NAO inserted a footnote into its standard operating
procedures stating that it would vet all requests to amend access,
retention, and sharing instructions contained in the original annual
memorandum. The footnote also stated that access, retention, and
sharing provisions were already included in existing proper use
memorandums that govern requests to NGA. Finally, the footnote stated
that procedures and/or a system for tracing dissemination and access of
products will be extended beyond NAO to the requesters as a condition
of service. However, no specific procedures have been developed
regarding how such actions are to be implemented by NAO, and thus it is
unclear whether the risk identified in the CLIA has been adequately
addressed.
In a July 2008 letter to the DHS Undersecretary for Intelligence and
Analysis regarding plans to address recommendations identified within
the CLIA, the acting NAO program director stated that NAO staff would
continue to work with other intelligence agencies to explore additional
ways to monitor and enable appropriate dissemination and access of
products, including a discussion of how technology may assist in this
process.
Such a dialogue could assist the NAO in determining how best to
implement these controls. However, until the NAO establishes specific
procedures for vetting amendments to existing annual memorandums and
tracing dissemination and access of products, it is uncertain whether
this risk has been adequately addressed.
Potential For Impermissible Requests as a Result of Broad Annual
Memorandums:
The CLIA stated that annual memorandums will be used as the primary
method of categorizing the nature of multiple, recurring requests.
While the CLIA indicated that such a process provides certain
safeguards against the improper dissemination of personally
identifiable information, it also stated that such agreements could
potentially be formulated so broadly that they result in requests that
could lead to a violation of civil liberties. For example, state and
local agencies might group together by region to submit requests under
a single annual agreement created by a regional information sharing
center. The CLIA stated that allowing multiple customers to use a
single annual memorandum could result in requests being made by
individuals who lack the proper authority to do so.
The CLIA recommended placing limits on what can be requested at the
outset of the process to prevent potential mission creep, improper
sharing, and improper requests. Further, it stated that failing to
establish such limits increased the risk that improper requests would
be received and could slip through the NAO‘s review process.
The certification documents generally outlined NAO‘s annual memorandum
process, but they did not set the recommended limits or identify
controls to enforce them.
NAO officials stated that civil liberties controls, such as those
necessary to address the civil liberties risks identified in the CLIA,
were not fully identified in the certification documentation because
the NAO is in the early stages of its development and has not yet
documented many of its internal controls.
Prior to the NAO certification, DHS indicated that it planned to
address certain civil liberties concerns outlined in the assessment. On
April 8, 2008, the DHS Undersecretary for Intelligence and Analysis
stated in a memorandum to the Civil Rights and Civil Liberties Office
that he concurred with the report and that elements were already being
incorporated into NAO management.
The acting NAO program director‘s July letter outlining plans for
implementing several of the CLIA recommendations demonstrates the
agency‘s commitment to addressing civil liberties concerns. However,
specific measures to address the potential for improper use or
retention of information provided by NAO and the potential for
impermissible requests to be accepted as a result of a reliance on
broad annual memorandums as justifications have not yet been developed.
Certifying the readiness of the NAO without fully addressing the
concerns outlined within the assessment does not provide assurance that
the office is fully in compliance with civil liberties standards and
will take appropriate measures to protect civil liberties.
Conclusions:
DHS has taken positive steps to ensure that NAO operations will comply
with applicable laws, including developing a legal review procedure for
requests for classified satellite information. However, DHS has not yet
fully justified that the planned operations of the NAO comply with
applicable laws and standards. While the agency plans to provide an
additional certification before the law enforcement domain becomes
operational, the department has not provided clear definitions that
show how law enforcement requests will be excluded from consideration
before legal and policy issues associated with NAO support for law
enforcement are resolved. Without clear definitions, DHS cannot be
certain that requests related to law enforcement are being effectively
and consistently excluded from consideration, and therefore runs the
risk that requests may be accepted without a complete analysis of how
the NAO will ensure compliance with applicable laws. In addition,
procedures for developing and approving memorandums in the MASINT and
ELINT categories have yet to be defined, and a specific process for
monitoring the legal reviews has not yet been established. Given the
sensitivity of NAO‘s mission, it is important that these specific
procedures be documented in the program‘s implementing instructions.
Without clarifying these details, DHS will have limited assurance that
the legal review process is effectively ensuring compliance with
applicable laws.
DHS has recently taken steps to address privacy standards, including
fulfilling agency requirements to identify privacy risks and control
mechanisms to mitigate them. However, differences between the review
procedures outlined in the revised NAO PIA and those in the standard
operating procedures raise questions about whether the specifics of
NAO‘s privacy protection controls have been clearly established.
Furthermore, DHS initially did not provide a public explanation of the
privacy protections associated with planned NAO operations but has
recently taken steps to do so. In response to discussions with us
regarding the lack of public notice, DHS updated its publicly available
information about the NAO to show its relationship with the applicable
system-of-records notice, better informing the public about how
personal information is to be processed, analyzed, and distributed by
the NAO.
Finally, DHS also completed a CLIA that identifies and assesses civil
liberties risks associated with NAO, and discusses how most of them
will be mitigated. However, measures to address the potential for
improper use or retention of information provided by NAO and the
potential for impermissible requests to be accepted as a result of a
reliance on broad annual memorandums as justifications have not yet
been fully addressed. Certifying the readiness of the NAO without fully
addressing these concerns does not provide assurance that it is fully
in compliance with civil liberties standards and will take appropriate
measures to protect civil liberties.
Recommendations:
To ensure that NAO is in compliance with applicable laws, including
privacy and civil liberties standards, we recommend that the Secretary
of Homeland Security more fully justify the department's certification
by taking the following actions:
1. Given that NAO is to operate before law enforcement issues are
resolved and operations are re-certified, establish clear definitions
for law enforcement and homeland security requests to better ensure
that law enforcement requests will not be accepted until legal and
policy issues are resolved.
2. Direct NAO to address remaining issues about its processes and
procedures, including:
* defining procedures for developing and approving annual memorandums
in the MASINT and ELINT categories,
* establishing procedures for monitoring the legal review process to
ensure it is achieving its objectives,
* ensuring that specific privacy controls outlined in the revised
privacy assessment are clearly established in NAO standard operating
procedures, and:
* establishing specific procedures to fully address issues raised
within the CLIA: the potential for improper use or retention of
information provided by NAO and the potential for impermissible
requests to be accepted as a result of a reliance on broad annual
memorandums as justifications.
Agency Comments and Our Evaluation:
In written comments provided on a draft of this briefing, the DHS
Deputy Undersecretary for Mission Integration stated that the
department had taken or would take steps to ensure that our
recommendations are incorporated in to the functioning of the NAO.
However, with respect to our recommendation regarding the definitions
of law enforcement and homeland security requests, the Deputy
Undersecretary stated that the definitions outlined in the charter were
sufficiently clear for the NAO to operate in an effective and lawful
manner. He also noted that DHS ’acknowledge[s] that overlap between
these two general areas is possible,“ and that ’to the extent overlap
between domains is conceivable, communication between the NAO and the
requester will provide sufficient clarity.“
However, we believe that without clearer domain definitions, DHS cannot
be certain that requests related to law enforcement are being
effectively and consistently excluded from consideration. The
Secretary‘s certification of compliance depends critically on the
assertion that requests for law enforcement domain uses will not be
accepted by the NAO until interagency agreement is reached on
unresolved legal and policy issues. Because these law enforcement
issues have not yet been analyzed and resolved, the NAO runs the risk
that requests may be accepted without a complete analysis of how the
NAO will ensure compliance with applicable laws.
Regarding our recommendation to direct NAO to address remaining issues
about its processes and procedures, the Deputy Undersecretary stated
that NAO is taking several steps to incorporate the recommendation,
including:
* working with the intelligence community to establish more detailed
procedures for requesting ELINT and MASINT, which are to be patterned
after the GEOINT process;
* developing a metrics program to help assess its effectiveness and
maintain its customer focus;
* updating its standard operating procedures to conform to the recently
revised PIA; and:
* updating its internal procedures to address issues raised in the
CLIA, focusing resources on educating and training NAO staff and
customers, particularly with respect to the collection, use, and
retention of personally identifiable information.
These actions have not yet been completed. However, we agree that
completing these steps should provide DHS with better assurance that
NAO‘s processes and procedures will be effective in ensuring the
program‘s compliance with applicable laws, privacy and civil liberties
standards.
The Deputy Undersecretary also commented that the title of the briefing
was misleading because it suggested that the NAO had failed to comply
with all existing laws. We disagree that the title makes such a
suggestion. The purpose of our review was not to make an independent
determination of compliance, but to assess the completeness of DHS‘
justification for certifying its compliance. Our conclusion was that
additional justification was needed.
In addition, the Deputy Undersecretary stated that some of the matters
addressed in our briefing were, in DHS‘ view, beyond the scope of what
Congress authorized and that some of our recommendations point out
programmatic or policy differences between GAO and DHS. Specifically,
the Deputy Undersecretary stated his position that GAO‘s tasking was
limited to reviewing legal compliance. However, our scope and
methodology were established on the basis of the language within the
congressional mandate, and, in addition, we reached agreement with
relevant Congressional appropriations, authorization, and oversight
committees on the scope of our review prior to initiating our work.
Further, we based our evaluation of the Secretary‘s certification of
compliance with privacy and civil liberties standards on the agency‘s
own policies and standards, including the DHS version of the Fair
Information Practice Principles.
Finally, the Deputy Undersecretary stated that our briefing constituted
the completion of the review required by the Appropriations Act, and
that the NAO is preparing to commence its operations in the civil
applications and homeland security communities.
[End of section]
Enclosure II: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security Washington, DC 20528
Homeland Security:
August 29, 2008:
Gene Dodaro:
Acting Comptroller General Of the United States: Government
Accountability Office:
441 G Street NW:
Washington, DC 20548:
Dear Mr. Dodaro,
Thank you for your thorough review of the Secretary's certification of
the National Applications Office (NAO), as required by the 2008 Omnibus
Appropriations Act.[Footnote 15] We have carefully considered your
draft recommendations and, as described below, have taken or will take
steps to ensure that these recommendations are incorporated into the
functioning of the NAO.
As an initial matter, I must address the title of the report: National
Applications Office, Certification of Compliance with Legal, Privacy
and Civil Liberties Standards Needs To Be More Fully Justified. GAO's
report runs sixty pages and reflects a comprehensive and thoughtful
review. The recommendations discussed below are focused on discrete and
technical matters”and in no way suggest that the NAO fails to "comply
with [any] existing laws." The title paints a very different picture.
It is our view that the title is misleading because it does not
accurately reflect the substance of the report.
GAO's first recommendation is that the NAO establish a clearer
definition of law enforcement activity. The NAO Charter states that the
law enforcement domain includes activities conducted by law enforcement
entities "to the extent they are enforcing criminal or civil laws or
investigating violations thereof". The homeland security domain
includes activities conducted by any agency related to "the prevention
and mitigation of, preparation for, response to, and recovery from
natural or man-made disasters, including terrorism, and other threats
to the homeland." As we explained in our letter dated July 30, 2008, we
believe that these definitions are sufficiently clear for the NAO to
operate in an effective and lawful manner. A copy of that letter is
attached.
GAO's second recommendation pertains to operational processes and
procedures. The NAO is taking several steps to incorporate this
recommendation. First, the NAO is working with the Intelligence
Community's Functional Managers to establish more detailed procedures
for requesting electronic intelligence (ELINT) and measurements and
signatures intelligence (MASINT), which will be patterned after the
geospatial intelligence (GEOINT) community's Proper Use Memorandum
(PUM) process. As with the PUM process, these procedures will enhance
individual privacy and civil rights protections. Second, the NAO is
developing a metrics program to help assess the NAO's effectiveness and
maintain its customer focus. Among other benefits, this will allow the
NAO to ensure that it is adequately safeguarding individuals' civil
rights and privacy. Third, the NAO is updating its Standard Operating
Procedures (SOPs) to conform to the recently revised Privacy Impact
Assessment (PIA). During the review process, GAO identified several
concerns with the PIA for the NAO. DHS has worked closely with the DHS
Privacy Office to address these concerns and in August 2008 the Privacy
Office issued a revised PIA. Finally, to address the issues raised in
the Civil Liberties Impact Assessment (CLIA) for the NAO, the NAO is
updating its internal procedures. It will focus resources on educating
and training NAO staff and customers, particularly with respect to the
collection, use and retention of Personally Identifiable Information
(PII).
Notwithstanding the steps DHS has taken to incorporate GAO's
recommendations, some of the matters addressed in GAO's report are, in
our view, beyond the scope of what Congress authorized. GAO's task was
to review the Secretary's certification, which states only that the
NAO, as contemplated, satisfies all existing laws, including statutory
privacy and civil liberties standards. The classified portion of the
Appropriations Act clarified and narrowed the scope of this review,
providing that it is to focus on whether "all statutory privacy and
civil liberties requirements have been met." Yet some of GAO's
recommendations point out programmatic or policy differences between it
and the Department, and thus are beyond the review contemplated in the
Appropriations Act.
Since GAO's report constitutes the completion of the review required by
the Appropriations Act, the NAO is preparing to commence operations in
the civil applications and homeland security communities.
Sincerely,
Signed by:
James M. Chaparro:
Deputy Under Secretary for Mission Integration Office of Intelligence
and Analysis:
Attachment:
Letter to GAO dated July 30, 2008:
[End of section]
Footnotes:
[1] For purposes of this report, the term "classified satellite
information" will be used to refer to all information derived from
intelligence community sources that is expected to be made available
through the National Applications Office (NAO). Based on discussions
with NAO officials, a substantial part--but not all--of this
information is derived from sensors mounted on classified government
satellites.
[2] For more information, see GAO, High-Risk Series: An Update, GAO-07-
310 (Washington, D.C.: January 2007), p. 47; Information Sharing: The
Federal Government Needs to Establish Policies and Processes for
Sharing Terrorism-Related and Sensitive but Unclassified Information,
GAO-06-385 (Washington, D.C.: Mar. 17, 2006).
[3] Independent Study Group, Civil Applications Committee Blue Ribbon
Study, (September 2005).
[4] For purposes of this briefing, the term ’classified satellite
information“ will be used to refer to all information derived from
intelligence community sources that is expected to be made available
through the National Applications Office (NAO). Based on discussions
with NAO officials, a substantial part”but not all”of this information
is derived from sensors mounted on classified government satellites.
[5] Executive Order 12333 defines a U.S. person as a U.S. citizen, an
alien known by the intelligence agency concerned to be a permanent
resident alien, an unincorporated association substantially composed of
United States citizens or permanent resident aliens, or a corporation
incorporated in the United States, except for a corporation directed
and controlled by a foreign government(s).
[6] For more information, see GAO, High-Risk Series: An Update, GAO-07-
310 (Washington, D.C.: January 2007), p.47, and GAO, Information
Sharing: The Federal Government Needs to Establish Policies and
Processes for Sharing Terrorism-Related and Sensitive but Unclassified
Information, GAO-06-385 (Washington, D.C.: Mar. 17, 2006).
[7] Independent Study Group, Civil Applications Committee Blue Ribbon
Study (September 2005).
[8] The report discussed the use of intelligence capabilities, which
include the technical and analytic assets of intelligence agencies. For
purposes of this report, we are focusing on the use of classified
satellite information.
[9] As directed by section 222 of the Homeland Security Act, the DHS
Privacy Office is responsible for, among other things, ensuring that
the department is in compliance with federal laws that govern the use
of personal information by the federal government. Further, the E-
Government Act of 2002 requires agencies to conduct PIAs before
developing or procuring information technology that collects,
maintains, or disseminates information in an identifiable form. The E-
Government Act specifically exempts national security systems from its
privacy provisions. However, DHS policy requires PIAs to be completed
for intelligence programs but, consistent with the E-Government Act,
does not make these PIAs public.
[10] The responsibilities of the Civil Rights and Civil Liberties
Office include overseeing DHS compliance with constitutional,
statutory, regulatory, policy, and other requirements relating to the
civil rights and civil liberties of individuals affected by the
agency‘s programs and activities.
[11] Department of Homeland Security, National Applications Office
Charter, pp. 13-14 (February 2008), National Applications Office
Standard Operating Procedures Requirements Process for Electronic
Intelligence, p. 1 (March 2008), National Applications Office Standard
Operating Procedures Requirements Process for Measurement and Signature
Intelligence, p. 7 (March 2008).
[12] In addition, according to the charter, prior to the establishment
of the law enforcement applications domain committee, the NAO will not
accept any requests from state, local, tribal, and territorial law
enforcement entities, even if the subject of such requests properly
resides in the homeland security domain.
[13] GAO, Standards for Internal Control in the Federal Government,
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999), p.11.
[14] The notice states that ’the HSOC database includes intelligence
information and other information received from agencies and components
of the Federal Government, foreign governments, organizations or
entities, international organizations, state and local government
agencies (including law enforcement agencies), and private sector
entities, as well as information provided by individuals, regardless of
the medium used to submit the information or the agency to which it was
submitted. This system also contains: information regarding persons on
watch lists with possible links to terrorism; the results of
intelligence analysis and reporting; ongoing law enforcement
investigative information, information systems security analysis and
reporting; historical law enforcement information, operational and
administrative records; financial information; and public-source data
such as that contained in media reports and commercial databases as
appropriate to identify and assess the nature and scope of terrorist
threats to the homeland, detect and identify threats of terrorism
against the United States, and understand such threats in light of
actual and potential vulnerabilities of the homeland.“
[15] Section 525 of the 2008 Omnibus Appropriations Act provides the
following:
None of the funds provided in this Act shall be available to commence
operations of the National Applications Office.until the Secretary
certifies that thi[s] program[ ] compli[es] with all existing laws,
including all applicable privacy and civil liberties standards, and
that certification is reviewed by the Government Accountability Office.
The Classified Annex to the Act further provides:
(U) Included in the bill is a provision that restricts obligation of
any funds to commence operations of [the National Applications Office]
until the Secretary of Homeland Security certifies that all statutory
privacy and civil liberties requirements have been met, and submits
Standard Operating Procedures for [the] program[] to the Committees on
Appropriations. The bill also requires the Government Accountability
Office to review the Secretary's certification.
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office:
441 G Street NW, Room LM:
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
