This is not the document you are looking for? Use the search form below to find more!

Report home > Social

US Government warns it needs to improve its spying on citizens

0.00 (0 votes)
Document Description
A recent inquiry by the Government Accountability Office determined that Homeland Security needs more spying done on its citizens
File Details
  • Added: October, 08th 2011
  • Reads: 96
  • Downloads: 0
  • File size: 1.68mb
  • Pages: 75
  • Tags: government, lol, funny
  • content preview
Submitter
  • Name: Eric Gomez
Embed Code:

Add New Comment




Related Documents

Top five things Windows Phone 7 Mango needs to improve

by: batteryfast, 3 pages

Top five things Windows Phone 7 Mango needs to improve

How to Improve Memory and Increase Brain Power

by: Improve Memory, 41 pages

Believe it or not, it's not too hard to learn how to improve memory. In fact, thousands of people around the world are now able to increase brain power without any hassle. Read my report below and ...

Methods To Improve Memory

by: dust3square, 2 pages

In order to learn and consider benefit of these how to improve memory techniques, it is important to...

is it possible to grow taller

by: mike80, 1 pages

is it possible to grow taller

How To Improve Your Jumping Ability - Vertical Jump Guide

by: jonny, 2 pages

How To Improve Your Jumping Ability - Vertical Jump Guide

How Long Does It Take To Lose Fat - Strip That Fat

by: ufuk, 2 pages

How Long Does It Take To Lose Fat - Strip That Fat

Singorama - How To Improve My Singing

by: roberto, 2 pages

Singorama - How To Improve My Singing

Get Applause Now - How To Improve Public Speaking

by: hossein, 2 pages

Get Applause Now - How To Improve Public Speaking

Nitro Factor - How To Improve Muscular Power

by: csenger, 2 pages

Nitro Factor - How To Improve Muscular Power

How To Be Better At Sex: Ways To Improve Your Love Life And Libido

by: Eddiestrickland, 0 pages

Great sex, in many ways, is similar to watching a great movie. And just like a great movie, to be able to enjoy sex again and again, it has to be unique.

Content Preview


United States Government Accountability Office


Report to Congressional Requesters

GAO







September 2011

DATA MINING
DHS Needs to
Improve Executive
Oversight of Systems
Supporting
Counterterrorism




GAO-11-742




September 2011
DATA MINING
DHS Needs to Improve Executive Oversight of
Systems Supporting Counterterrorism


Highlights of GAO-11-742, a report to
congressional requesters
Why GAO Did This Study
What GAO Found
Data mining--a technique for
As part of a systematic evaluation framework, agency policies should ensure
extracting useful information from large
organizational competence, evaluations of a system's effectiveness and privacy
volumes of data--is one type of
protections, executive review, and appropriate transparency throughout the
analysis that the Department of
system's life cycle. While DHS and three of its component agencies--U.S.
Homeland Security (DHS) uses to help
Customs and Border Protection, U.S. Immigration and Customs Enforcement,
detect and prevent terrorist threats.
and the U.S. Citizenship and Immigration Services--have established policies
While data-mining systems offer a
that address most of these key policy elements, the policies are not
number of promising benefits, their use
comprehensive. For example, DHS policies do not fully ensure executive review
also raises privacy concerns.
and transparency, and the component agencies' policies do not sufficiently
GAO was asked to (1) assess DHS
require evaluating system effectiveness. DHS's Chief Information Officer
policies for evaluating the effectiveness
reported that the agency is planning to improve its executive review process by
and privacy protections of data-mining
conducting more intensive reviews of IT investments, including the data-mining
systems used for counterterrorism, (2)
systems reviewed in this report. Until such reforms are in place, DHS and its
assess DHS agencies' efforts to
component agencies may not be able to ensure that critical data mining systems
evaluate the effectiveness and privacy
used in support of counterterrorism are both effective and that they protect
protections of their data-mining
personal privacy.
systems, and (3) describe the
challenges facing DHS in implementing
Another aspect of a systematic evaluation framework involves ensuring that
an effective evaluation framework.
agencies implement sound practices for organizational competence, evaluations
of a system's effectiveness and privacy protections, executive review, and
To do so, GAO developed a systematic
appropriate transparency and oversight throughout a system's life cycle.
evaluation framework based on
recommendations and best practices
Evaluations of six data mining systems from a mix of DHS component agencies
outlined by the National Research
showed that all six program offices took steps to evaluate their system's
Council, industry practices, and prior
effectiveness and privacy protections. However, none performed all of the key
GAO reports. GAO compared its
activities associated with an effective evaluation framework. For example, four of
evaluation framework to DHS's and
the program offices executed most of the activities for evaluating program privacy
three component agencies' policies
impacts, but only one program office performed most of the activities related to
and to six systems' practices, and
obtaining executive review and approval. By not consistently performing
interviewed agency officials about gaps
necessary evaluations and reviews of these systems, DHS and its component
in their evaluations and challenges.
agencies risk developing and acquiring systems that do not effectively support
their agencies' missions and do not adequately ensure the protection of privacy-
What GAO Recommends
related information.
GAO is recommending that DHS
DHS faces key challenges in implementing a framework to ensure systems are
executives address gaps in agency
effective and provide privacy protections. These include reviewing and
evaluation policies and that component
overseeing systems once they are in operation, stabilizing and implementing
agency officials address shortfalls in
acquisition policies throughout the department, and ensuring that privacy-
their system evaluations. DHS
sensitive systems have timely and up-to-date privacy reviews. The shortfalls
concurred with GAO's
recommendations and identified steps
GAO noted in agency policies and practices provide insight into these
it is taking to address selected
challenges. Until DHS addresses these challenges, it will be limited in its ability to
recommendations. The department
ensure that its systems have been adequately reviewed, are operating as
also offered technical comments,
intended, and are appropriately protecting individual privacy and assuring
which GAO incorporated as
transparency to the public.
appropriate.

View GAO-11-742 or key components.
For more information, contact Dave Powner at
(202) 512-9286 or pownerd@gao.gov.

United States Government Accountability Office





Contents








Letter
1
Background
2
Agency Policies Address Most Elements of a Systematic
Framework for Evaluating Effectiveness and Privacy, but Are
Not Comprehensive
15
Program Offices Are Evaluating System Effectiveness and Privacy
Protections, but Have Not Consistently Implemented Key
Activities
21
DHS Faces Challenges in Implementing a Framework to Ensure
System Effectiveness and Privacy Protections
28
Conclusions
32
Recommendations for Executive Action
32
Agency Comments and Our Evaluation
33
Appendix I
Objectives, Scope, and Methodology
37

Appendix II
Fair Information Practices
40

Appendix III
Detailed Assessment of DHS and Selected Agencies' Policies
42

Appendix IV
Detailed Assessments of Selected Data-Mining Systems
44

Appendix V
Comments from the Department of Homeland Security
61

Appendix VI
GAO Contact and Staff Acknowledgments
69

Tables
Table 1: DHS Component Agencies
4
Table 2: Selected DHS Data-Mining Systems
7
Page i
GAO-11-742 Data Mining












Table 3: Overview of a Systematic Framework for Evaluating
Agency Policies and Practices for System Effectiveness
and Privacy Impacts
13
Table 4: Key Elements of an Effective Policy for Evaluating System
Effectiveness and Privacy Impacts
16
Table 5: Assessment of DHS and Selected Component Agencies'
Policies
17
Table 6: Key Elements and Activities for Evaluating System
Effectiveness and Privacy Protections
21
Table 7: Assessment of System Practices
23
Table 8: Status of Privacy Impact Assessments
31
Table 9: Fair Information Practices
41
Table 10: Detailed Assessment of DHS and Selected Agencies'
Policies
42
Table 11: Detailed Assessment of AFI
45
Table 12: Detailed Assessment of ATS-P
48
Table 13: Detailed Assessment of CIDR
50
Table 14: Detailed Assessment of DARTTS
53
Table 15: Detailed Assessment of ICEPIC
55
Table 16: Detailed Assessment of CBP's TECS-Mod
58

Figure
Figure 1: DHS Organizational Structure
3


















Page ii
GAO-11-742 Data Mining





























Abbreviations
AFI
Analytical Framework for Intelligence
ATS
Automated Targeting System
ATS-P
ATS-Passenger module
CBP
Customs and Border Protection
CIDR
Citizen and Immigration Data Repository
CIO
Chief Information Officer
DARTTS
Data Analysis and Research for Trade Transparency
System
DHS
Department of Homeland Security
FISMA
Federal Information Security Management Act of 2002
ICE
Immigration and Customs Enforcement
ICEPIC
ICE Pattern Analysis and Information Collection
NRC
National Research Council
OECD
Organization for Economic Cooperation and Development
OMB
Office of Management and Budget
PIA
privacy impact assessment
TECS-Mod TECS
Modernization
USCIS
U.S. Citizenship and Immigration Services
This is a work of the U.S. government and is not subject to copyright protection in the
United States. The published product may be reproduced and distributed in its entirety
without further permission from GAO. However, because this work may contain
copyrighted images or other material, permission from the copyright holder may be
necessary if you wish to reproduce this material separately.
Page iii
GAO-11-742 Data Mining





United States Government Accountability Office
Washington, DC 20548

September 7, 2011
The Honorable Donna F. Edwards
Ranking Member
Subcommittee on Investigations and Oversight
Committee on Science, Space, and Technology
House of Representatives

The Honorable Brad Miller
Ranking Member
Subcommittee on Energy and Environment
Committee on Science, Space, and Technology
House of Representatives
Established in the aftermath of the terrorist attacks that took place on
September 11, 2001, the Department of Homeland Security (DHS) is,
among other things, responsible for preventing terrorist attacks within the
United States, reducing the nation's vulnerability to terrorism, minimizing
damages from attacks that occur, and helping the nation recover from
such attacks. Since its formation, DHS has increasingly focused on the
prevention and detection of terrorist threats through technological means.
Data mining--a technique for extracting useful information from large
volumes of data--is one type of analysis that DHS uses to help detect
terrorist threats. While data mining offers a number of promising benefits,
its use also raises privacy concerns when the data being mined include
personal information.
Given the challenge of balancing DHS's counterterrorism mission with the
need to protect individuals' personal information, you requested that we
evaluate DHS policies and practices for ensuring that its data-mining
systems are both effective and that they protect personal privacy. Our
objectives were to (1) assess DHS policies for evaluating the
effectiveness and privacy protections of data-mining systems used for
counterterrorism, (2) assess DHS agencies' efforts to evaluate the
effectiveness and privacy protections of their counterterrorism-related
data-mining systems throughout the systems' life cycles, and (3) describe
the challenges facing DHS in implementing an effective framework for
evaluating its counterterrorism-related data-mining systems.
To address our objectives, we developed an assessment framework
based on recommendations and best practices outlined by the National
Research Council, industry practices, and prior GAO reports. We
Page 1
GAO-11-742 Data Mining






compared DHS policies for evaluating the effectiveness and privacy
protections of its data-mining systems to this framework and identified
gaps. We also selected a nonrandom sample of six systems that perform
data mining in support of counterterrorism, seeking systems from a mix of
component agencies and in different life-cycle stages. We compared the
practices used to evaluate these systems to the assessment framework
and identified gaps. Because we reviewed a nonrandom sample of
systems, our results cannot be generalized to the agency as a whole or to
other agency systems that we did not review. We identified the causes of
any gaps in DHS's policies and practices to determine challenges the
department faces in implementing an effective framework for evaluating
its data-mining systems. We also interviewed agency and program
officials on their policies, practices, and challenges.
We conducted this performance audit from August 2010 to September
2011, in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit to
obtain sufficient, appropriate evidence to provide a reasonable basis for
our findings and conclusions based on our audit objectives. We believe
that the evidence obtained provides a reasonable basis for our findings
and conclusions based on our audit objectives. Additional details on our
objectives, scope, and methodology are provided in appendix I.

DHS is charged with preventing and deterring terrorist attacks and
Background
protecting against and responding to threats and hazards to the United
States. Originally formed in 2003 with the combination and reorganization
of functions from 22 different agencies, the department currently consists
of 7 component agencies, including U.S. Customs and Border Protection
(CBP), U.S. Immigration and Customs Enforcement (ICE), and the U.S.
Citizenship and Immigration Services (USCIS). In addition to the
component agencies, centralized management functions are handled by
offices including the Privacy Office, the Office of the Chief Procurement
Officer, and the Office of the Chief Information Officer. Figure 1 provides
an overview of the DHS organizational structure, while table 1
summarizes the responsibilities of the seven component agencies.
Page 2
GAO-11-742 Data Mining






Figure 1: DHS Organizational Structure
Executive Secretariat
Secretary
Chief of Staff
Deputy Secretary
Military Advisor
Management
Science and
National Protection
Policy
General
Legislative Affairs
Public Affairs
Inspector
Under Secretary
Technology
and Programs
Assistant
Counsel
Assistant Secretary
Assistant Secretary
General
Under Secretary
Under Secretary
Secretary
Deputy Under Secretary
Chief
Chief
Chief
Chief
Chief
Chief
Financial
Security
Human Capital
Administrative
Procurement
Information
Officer
Officer
Officer
Services
Officer
Officer
Officer
Health Affairs
Intelligence and
Operations
Citizenship and
Civil Rights and
Counternarcotics
Chief Privacy
Assistant Secretary/
Analysis
Coordination
Immigration
Civil Liberties
Enforcement
Officer
Chief Medical Officer
Under Secretary
Director
Services
Officer
Director
Ombudsman
Federal Law
Domestic Nuclear
National Cyber
Enforcement
Detection Office
Security Center
Training Center
Director
Director
Director
Transportation Security
U.S. Citizenship
U.S. Immigration
U.S. Customs and
Federal Emergency
Administration
and Immigration
and Customs
U.S. Secret Service
U.S. Coast Guard
Border Protection
Management
Assistant Secretary/
Services
Enforcement
Director
Commandant
Commissioner
Agency
Administrator
Director
Assistant Secretary
Administrator
Source: DHS.






Page 3
GAO-11-742 Data Mining






Table 1: DHS Component Agencies
Component agency
Mission
Customs and Border Protection
Protects the nation's borders to prevent terrorists and terrorist weapons from entering
the United States, while facilitating the flow of legitimate trade and travel.
Federal Emergency Management Agency
Prepares the nation for hazards, manages federal response and recovery efforts
following any national incident, and administers the National Flood Insurance Program.
U.S. Immigration and Customs Enforcement Protects the nation's borders by identifying and shutting down vulnerabilities in the
nation's border, economic, transportation, and infrastructure security.
Transportation Security Administration
Protects the nation's transportation systems to ensure freedom of movement for people
and commerce.
U.S. Citizenship and Immigration Services
Administers immigration and naturalization adjudication functions and establishes
immigration services, policies, and priorities.
U.S. Coast Guard
Protects the public, the environment, and economic interests in the nation's ports and
waterways, along the coast, on international waters, and in any maritime region as
required to support national security.
U.S. Secret Service
Protects the President and other high-level officials and investigates counterfeiting and
other financial crimes, including financial institution fraud, identity theft, computer fraud,
and computer-based attacks on our nation's financial, banking, and
telecommunications infrastructure.
Source: GAO analysis of DHS data.


DHS IT Acquisition
DHS spends billions of dollars each year to develop and acquire IT
systems that perform both mission-critical and support functions. In fiscal
Management
year 2011, DHS expects to spend approximately $6.27 billion on over 300
IT-related programs, including 45 major IT acquisition programs.1
In order to manage these acquisitions, the department established the
Management Directorate, which includes the Chief Information Officer
(CIO), the Chief Procurement Officer, and the Acquisition Review Board.
In addition, the Chief Privacy Officer plays a key role in developing and
deploying IT systems. Specific roles and responsibilities for these entities
are described below:

The CIO's responsibilities include setting IT policies, processes and
standards, and ensuring departmental information technology

1DHS defines major IT acquisitions as those with total life-cycle costs over $300 million or
programs that warrant special attention due to their importance to the department's
strategic and performance plans, effect on multiple components, or program and policy
implications, among other factors.
Page 4
GAO-11-742 Data Mining






acquisitions comply with its management processes, technical
requirements, and approved enterprise architecture, among other
things. Additionally, the CIO chairs the department's Chief Information
Officer Council, which is responsible for ensuring the development of
IT resource management policies, processes, best practices,
performance measures, and decision criteria for managing the
delivery of services and investments, while controlling costs and
mitigating risks.

The Chief Procurement Officer is the department's senior
procurement executive, who has leadership and authority over DHS
acquisition and contracting, including major investments. The officer's
responsibilities include issuing acquisition policies and implementation
instructions, overseeing acquisition and contracting functions, and
ensuring that a given acquisition's contracting strategy and plans align
with the intent of the department's Acquisition Review Board.

The Acquisition Review Board2 is the department's highest-level
investment review board, responsible for reviewing major programs at
key acquisition decision points and determining a program's readiness
to proceed to the next life-cycle phase.3 The board's chairperson is
responsible for approving the key acquisition documents critical to
establishing a program's business case, operational requirements,
acquisition baseline, and testing and support plans. Also, the board's
chairperson is responsible for assessing breaches of the acquisition
plan's cost and schedule estimates and directing corrective actions.

The Chief Privacy Officer heads DHS's Privacy Office and is
responsible for ensuring that the department is in compliance with
federal laws and guidance that govern the use of personal information
by the federal government, as well as ensuring compliance with

2Key members of the Acquisition Review Board include the Undersecretary of
Management, the Chief Procurement Officer, CIO, and General Counsel.
3A system's life cycle normally begins with initial concept development and continues
through requirements definition to design, development, various phases of testing,
implementation, and maintenance phases.
Page 5
GAO-11-742 Data Mining

Document Outline

    • ﾿
    • 
        • ﾿
        • ﾿
      • ﾿
        • ﾿
      • ﾿
    • ﾿
      • ﾿
        • ﾿
        • ﾿
    • ﾿

Download
US Government warns it needs to improve its spying on citizens

 

 

Your download will begin in a moment.
If it doesn't, click here to try again.

Share US Government warns it needs to improve its spying on citizens to:

Insert your wordpress URL:

example:

http://myblog.wordpress.com/
or
http://myblog.com/

Share US Government warns it needs to improve its spying on citizens as:

From:

To:

Share US Government warns it needs to improve its spying on citizens.

Enter two words as shown below. If you cannot read the words, click the refresh icon.

loading

Share US Government warns it needs to improve its spying on citizens as:

Copy html code above and paste to your web page.

loading