On December 3, an email landed inside the Department of Homeland Security Privacy Office announcing a “major change.” Every future Privacy Threshold Analysis — the required compliance forms that document how government systems collect personal data — would carry a disclaimer declaring them pre-decisional, deliberative, and exempt from public release. Unauthorized disclosure, the notice warned, could bring administrative, civil, or criminal penalties.
Within weeks, officials who pushed back were gone.
Since January, DHS has reassigned at least two senior Customs and Border Protection privacy officials: the agency’s top privacy officer and one of its two privacy branch chiefs. The director of CBP’s FOIA office was also removed last month, according to multiple sources with knowledge of the situation who spoke anonymously out of fear of retaliation.
The removals followed objections those officials raised to December orders from the DHS Privacy Office — specifically, the instruction to treat routine compliance forms as legally privileged and to label signed privacy assessments as “drafts” exempt from disclosure under federal records law.
The sequence that triggered all of this began last fall. A CBP FOIA officer lawfully released a redacted Privacy Threshold Analysis, or PTA, to 404 Media. The document concerned Mobile Fortify, a previously undisclosed face recognition application. That release drew backlash from DHS political leadership.
What the public learned from that single document was specific. DHS had acknowledged that Mobile Fortify would capture faces and fingerprints without consent, that US citizens and lawful permanent residents would inevitably be photographed, and that every image taken — regardless of whether it matched anyone — would be stored for up to 15 years.
By reclassifying signed PTAs as drafts, the agency would gain a stronger legal foothold to withhold such records under FOIA’s exemption covering “advisory opinions” and “recommendations.” The officials who were later removed argued the logic was incoherent: a completed, signed compliance form cannot simultaneously be a draft.
Ginger Quintero-McCall, an attorney at the public interest law firm Free Information Group and a former supervisory information law attorney at the Federal Emergency Management Agency, calls the policy unlawful. “There is nothing in the FOIA statute — or any other statute — that allows the agency to categorically withhold Privacy Threshold Analyses,” she says. “It would not surprise me at all to learn that the administration reassigned employees who objected to this illegal policy of secrecy.”
A DHS spokesperson issued a flat denial, telling reporters that “any allegation that DHS adopted a policy making Privacy Threshold Analyses exempt from the Freedom of Information Act is FALSE.” The December 3 internal email, reviewed as part of the reporting, states otherwise.
The disclaimer embedded in that email reads in full that the documents are “subject to the deliberative process privilege and attorney client privilege” and that distribution outside authorized channels requires prior approval from the DHS Privacy Office.
There is also a structural shift behind the reassignments. CBP privacy officers have not historically held authority to sign off on privacy reviews — under previous administrations that responsibility rested with a headquarters official working directly for the department’s chief privacy officer. The current chief privacy officer, Roman Jankowski, delegated that authority downward, to the CBP officials now removed from their posts.
Photo by Pixabay
This article is a curated summary based on third-party sources. Source: Read the original article
