CBP Intelligence Records System (CIRS)
Today The Identity Project and eight other civil liberties and human rights organizations filed comments with the US Department of Homeland Security objecting to both the creation and the exemption from the Privacy Act of the latest DHS system of social media and travel surveillance records, the US Customs and Border Protection (CBP) Intelligence Records System (CIRS).
Our comments were co-signed and submitted jointly on behalf of:
- The Identity Project (IDP)
- Restore The Fourth, Inc.
- Woodhull Freedom Foundation
- Defending Rights & Dissent
- Government Information Watch
- National Coalition Against Censorship (NCAC)
- FirstAmendment.Com
- Cyber Privacy Project (CPP)
- Government Accountability Project
Members of the public (regardless of whether they are U.S. citizens or residents) can submit their own comments on these DHS proposals, including anonymous comments, until midnight tonight, Washington DC time, by using the official Web forms here and here at Regulations.gov.
In part, the proposed creation and exemption from the Privacy Act of CIRS is merely the latest episode in a DHS shell game in which some of the same DHS travel logs and surveillance records have been successively redefined as being part of the TECS records system, then the Automated Targeting System (the system used as the basis for algorithmic pre-crime scoring and blacklisting of international travelers), then the Analytical Framework for Analysis (the system used by Palantir’s data mining and profiling tools), and now CIRS.
DHS Privacy Act notices for these systems have often lagged years behind DHS operational practices, even though it’s a crime for a Federal agency to maintain a database of information about individuals without a specific sort of notice before it’s created.
What’s new about CIRS, aside from the new name, is that the categories of records in CIRS would be expanded to include “Articles, public-source data (including information from social media), and other published information on individuals and events of interest to CBP.” Additional sources of information for CIRS records would include “private sector entities and organizations, individuals, commercial data providers, and public sources such as social media, news media outlets, and the Internet.”
According to the comments we filed today along with other civil liberties and human rights organizations:
As described in the System Of Records Notice (SORN), this system of records would include records of how individuals exercise rights guaranteed by the First Amendment to the U.S. Constitution, in violation of the Privacy Act. This system of records would include records which could be, but would not be, collected directly from the individuals to whom they pertain, in violation of the Privacy Act. This system of records would include records pertaining to categories of individuals not disclosed in the SORN, in violation of the Privacy Act.
The SORN contains materially false claims concerning the status of the rulemaking for Privacy Act exemptions which are directly contradicted by the Notice of Proposed Rulemaking [NPRM] for those exemptions published the same day as the SORN in the Federal Register. Because the SORN falsely claims that the Secretary of Homeland Security has exempted this system of records from certain of the requirements of the Privacy Act, when the Secretary has not done so, the SORN is invalid on its face: It fails to provide the public with accurate notice of whether individuals can obtain access to records pertaining to themselves, as required by the Privacy Act. Unless and until a new, valid SORN satisfying the notice requirements of the Privacy Act is duly promulgated and published in the Federal Register, willful maintenance of this system of records would be a criminal offense on the part of the responsible DHS officials or employees….
The SORN and the NPRM for Privacy Act exemptions should be withdrawn, any information already collected should be expunged, and any CBP or DHS officials responsible for willfully operating a system of records without a valid SORN should be prosecuted.