U.S. Customs and Border Protection (CBP) has failed to address six out of six main privacy protections for three of its border surveillance programs—surveillance towers, aerostats, and unattended ground sensors—according to a new assessment by the Government Accountability Office (GAO).In the...

U.S. Customs and Border Protection (CBP) has failed to address six out of six main privacy protections for three of its border surveillance programs—surveillance towers, aerostats, and unattended ground sensors—according to a new assessment by the Government Accountability Office (GAO). In the report, GAO compared the policies for these technologies against six of the key Fair Information Practice Principles that agencies are supposed to use when evaluating systems and processes that may impact privacy, as dictated by both Office of Management and Budget guidance and the Department of Homeland Security’s own rules.

These include:

Data collection. “DHS should collect only PII [Personally Identifiable Information] that is directly relevant and necessary to accomplish the specified purpose(s).” Purpose specification. “DHS should specifically articulate the purpose(s) for which the PII is intended to be used.” Information sharing. “Sharing PII outside the department should be for a purpose compatible with the purpose for which the information was collected.” Data security. “DHS should protect PII through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure.” Data retention. “DHS should only retain PII for as long as is necessary to fulfill the specified purpose(s).” Accountability. "DHS should be accountable for complying with these principles, including by auditing[…]