DHS: impact of Secret Service Cyveillance system on individual privacy is limited
Although the primary purpose of the Secret Service's Cyveillance system is not to collect personally identifiable information, it may still do so as an unintended result of public web searches, says a privacy impact assessment (.pdf) conducted by the Homeland Security Department.
As part of its Cyber Awareness Program, the Secret Service contracts the system from Reston, Va.-based Cyveillance, a subsidiary of QinetiQ North America, to search online data related to investigatory and protective intelligence information. DHS concluded in its assessment released last month that the privacy impact on individuals is "limited" and that the Secret Service retains only that information derived from Cyveillance that is required for investigations related to the Secret Service's missions. The Secret Service used the tool to identify fraudulent fund-raising sites purportedly for victims of the Newtown, Conn., elementary school shooting in December.
According to DHS, the information captured by Cyveillance is reviewed by Cyveillance personnel to identify the results that appear to fall within the parameters of the Secret Service's requirements and only relevant information related to the agency's missions is forwarded to Secret Service personnel, who then determine whether further investigation is required to assess the content.
"The Cyveillance program itself does not address and is not concerned with data accuracy," says DHS. "The accuracy of data searched and identified by Cyveillance is only addressed if the Secret Service takes action based upon the information identified by Cyveillance."
Content that relates to the Secret Service brand (i.e., mention of the Secret Service name) is forwarded to agency personnel for informational purposes and following their review, the information is deleted and not retained, states DHS. All information collected by Cyveillance in support of the Secret Service that does not warrant further investigation is deleted from Cyveillance not later than 10 business days from its collection, and is also deleted from Secret Service systems and email accounts.
Information collected and reported to the Secret Service by Cyveillance is not automatically shared with external entities as part of normal agency operations, according to DHS. Nevertheless, once the information is deemed relevant to its mission, the Secret Service "shares information in its possession, regardless of origin, with those individuals or agencies with a need-to-know in order to facilitate the detection and/or prevention of crime, or to provide for the protection of individuals, events, and facilities."
-download the DHS privacy impact assessment (.pdf)
Lack of funding hampers DHS info sharing, says GAO
HSPI: Fusion centers too oriented toward law enforcement
Panel: Info-sharing key to counternarcotics efforts along border in Arizona