U.S. Customs and Border Protection has adopted a new rule that allows the agency to collect social-media data from those who cross the border.
The agency claims the exemption from Privacy Act provisions is necessary because it needs “to identity and understand relationships between individuals, entities, threats and events, and to monitor patterns of activity over extended periods of time that may be indicative of criminal, terrorist, or other threat.”
A number of privacy groups and interests had opposed the expansion of the exemptions to the privacy law, but the agency in a filing in the Federal Register explained that it needed to move forward.
It amended its regulations “to exempt portions of a newly established system of records … from certain provisions of the Privacy Act. Specifically, the department exempts portions of ‘DHS/CBP-024 CBP Intelligence Records System” from one or more protections of the act.
The Electronic Privacy Information Center opposed the exemptions, warning that the agency “will collect social-media information from Americans and placed that data outside legal protections provided by the Privacy Act.”
The privacy organization had lobbied for a decision that would keep such information protected.
“In a related FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government,” EPIC said.
EPIC said the government database was to contain names, Social Security numbers, passport information, immigrant benefit data, public-source data – including social media information, reports of suspicious activities and metadata.
“Individuals covered by the database include individuals associated with CBP investigations (e.g. witnesses), individuals identified in classified or unclassified intelligence reports, individuals identified in immigration benefit data, and individuals identified in public news reports,” it said.
EPIC said the database “will include an exorbitant amount of personal information.”
“Federal contractors, security experts, and EPIC have argued to the U.S. Supreme Court that much of this information simply should not be collected by the federal government,” it said.
The problem is that breaches of computer security happen often, the groups argued.
“This is illustrated by the 2015 data breach at OPM, which compromised the background investigation records of 21.5 million individuals. Also in 2015, the Internal Revenue Service reported that approximately 390,000 tax accounts were compromised exposing Social Security numbers, dates of birth, street addresses, and other sensitive information.”
“The CBP’s Intelligence Reporting System poses a significant threat to the First Amendment and marginalized groups in particular,” the group commented. “The …. database will not only collect social media information but use data mining tools to analyze the data.”
But the Federal Register announcement said that during investigations, “the accuracy of information obtained or introduced occasionally may be unclear, or the information may not be strictly relevant or necessary to a specific investigation. In the interests of effective law enforcement, it is appropriate to retain all information that may aid in establishing patterns of unlawful activity.”
The data can be collected from anyone who encounters the Border Patrol while crossing a border.