The Department of Homeland Security has just released information concerning a new intelligence database which may impact individual privacy online. For readers concerned with online privacy issues, the FALCON-SA (Search & Analysis) System may be of great importance. While inter-agency cooperation is nothing new, inter-agency databases bring up important privacy concerns.
New ICE database enables federal agents from multiple agencies controlled by Homeland Security to upload information on individuals both domestic and abroad that is or may become a threat to national security. ICE agents can then use the data in FALCON to enforce customs and immigration law more effectively, putting them “in the know.”Combating terrorism by monitoring new immigrants seems to be a primary focus of FALCON. This may even serve to assist in the prosecution of narco-terrorists further down the line.
FALCON can also aggregate data from the public internet as well, populating its database with information gleaned by a seemingly unrelated source. This ability to quickly corolate data ensures that ICE makes informed enforcement decisions based on all available information. It is important to note that the Privacy Impact Assessments released by the DHS and mentioned here were supplied on the DHS mailing list to help mitigate concern among citizens.
Depending on your opinions regarding online safety, databases like FALCON may make you feel uneasy. Information is collected in an “ad hoc” way, as stated by the privacy DHS privacy documents. No information is collected directly from any one individual.
It is my opinion that FALCON is an achievement worthy of note because it could potentially be used to warn ICE of impending threats previously assessed by other government agencies. Of course, the potential for abuse is always present. I’ll reserve the right to pass judgment on the system since I don’t actually know how information gleaned from FALCON-SA will be used.
A positive note is that DHS has actually anticipated problems arising from the dissemination of classified information to unauthorized ICE personnel:
“Privacy Risk: Because FALCON-SA aggregates data from multiple data systems, it is possible that its users may be able access records in FALCON-SA that they otherwise could not view in the source system and are inappropriate for them to access.
Mitigation: For data sets routinely ingested into FALCON-SA, ICE has established technical rules to ensure that the user privileges of the source system carry forward and apply to that user in FALCON-SA. As a result, a user’s access privileges to the data stored in FALCON-SA are identical to their access privileges to that same data in the source system. This prevents FALCON-SA from being used, intentionally or unintentionally, to undermine or defeat the role-based access controls established by the source system.”
(Taken from assessment titled “DHS/ICE/PIA-032(a).”)
Furthermore it foresees many concerns that individuals may have with their own privacy being violated. All database queries are logged and inspected routinely. ICE users are also limited to what they see by access controls imposed by ICE (DHS/ICE/PIA-032(a)). As to what “public information” is aggregated, FALCON’s Privacy Impact Assessments remain vague (presumably to adapt with the growing technological climate).
It should be noted that DHS does not need to inform individuals that their previously (legally) obtained information is accessible to ICE via FALCON:
“Because FALCON-SA is a data aggregation system that operates for law enforcement purposes, it is not feasible or advisable to provide notice to all individuals at the time their information is collected or input into FALCON-SA. With respect to information obtained from individuals through federal government forms or other means, such as information collected pursuant to seizures of property, notices on any such forms state that their information may be shared with law enforcement entities.”
(Taken from assessment titled “DHS/ICE/PIA-032(a).”)
Many other privacy concerns are brought up by the new DHS/ICE system. Such concerns are outlined in the DHS Privacy Impact Assessments linked below. Whenever there are advancements in security there are always privacy issues being raised. Undoubtedly, We will hear more of FALCON in the days to come.
DHS Privacy Impact Assessments
DHS/ICE/PIA-032(a) (FALCON-SA Privacy Issues In-Depth)
DHS/ICE/PIA-033: Falcon Tipline
Related fork() Articles
Cyber Terrorism and the Election @ fork()
National Cyber Security Awareness Month (October)