5 Records of Alleged Abusive or Improper Conduct where the event type is “Civil Liberties or Privacy Infringement”

Mid-September 2023

Customs and Border Protection (CBP), along with other U.S. law enforcement agencies, bought access to—and has used for years—commercially sourced location data harvested from U.S. citizens’ and others’ smartphones, revealed 404 Media.

The U.S. Government Accountability Office (GAO) released a report on September 12 finding that the Department of Homeland Security’s (DHS) Office of Intelligence and Analysis (OIA) “is not fully implementing activities intended to monitor whether personnel are following its policies to protect the privacy, civil rights, and civil liberties of U.S. persons, including U.S. citizens and lawful permanent residents.” (Original link)

A former location data company worker indicated that Commercial Telemetry Data (CTD) is typically used to track “herds of people”, but that it can be and has been used to monitor specific targets. Reports indicated that data has been used to identify border crossings and consequently arrest people. Since the agencies paid a commercial vendor for the data, they have not been required to acquire a warrant or another court order to obtain the information.

CBP, in response to investigations, stated that “CBP officers, agents, and analysts are provided with access to the vendor’s interface on a case-by-case basis, and are only able to view a limited sample of anonymized data consistent with existing border security or law enforcement operations.”

CBP discontinued the use of CTD at the end Fiscal Year 2023, on September 30, 2023. The reasons for discontinuation are unknown. Nonetheless, CBP publicly stated that if the agency “identifies a critical mission need to re-acquire a vendor who provides CTD, we would ensure CBP would engage Oversight, Legal, and Privacy entities at the agency and department level.”

—“Homeland Security: Office of Intelligence and Analysis Should Improve Privacy Oversight and Assessment of Its Effectiveness.” Washington: U. S. Government Accountability Office, August 28, 2023. https://www.gao.gov/products/gao-23-105475.

—Cox, Joseph. “Customs and Border Protection Says It Will Stop Buying Smartphone Location Data.” 404 Media, September 12, 2023. https://www.404media.co/customs-and-border-protection-stop-buying-location-data

Sector(s): Border-Wide

Agency(ies): CBP, DHS

Event Type(s): Civil Liberties or Privacy Infringement

Last Known Accountability Status: GAO Investigation Closed, Unknown

Victim Classification:

End of July 2023

Newsite Government Executive reported that the Department of Homeland Security’s Inspector General Joseph Cuffari agreed to pay a former official $1.17 million in a settlement agreement after allegedly firing her in retaliation for her whistleblower claims.  

Jennifer Costello is a former deputy who worked for the Department of Homeland Security under Inspector General Joseph Cuffari. When Costello discovered that Cufarri had delayed a report into the Trump administration’s family separation policy at the southern border, Costello brought forth complaints to Congress and the Council of Inspectors General on Integrity and Efficiency in 2019. 

Then, Cuffari launched a third-party investigation into Costello and two of her colleagues, resulting in a $1.4 million cost. The investigation concluded that she had engaged in divisive and unprofessional behavior, which Costello argued was a “farce” launched in retaliation for her claims. She was fired in June 2020. 

According to the official settlement, the Inspector General’s Office did not admit to any guilt or wrongdoing. Instead, Costello’s firing was overturned, and she is now formally listed as an employee who resigned from the DHS. Cufarri continues to push back against allegations that he is an ‘unethical’ employee. He launched a lawsuit against the Council of the Inspectors General on Integrity and Efficiency for investigating the IG’s office. This lawsuit was dismissed on November 2nd, 2023 after a judge deemed Cufarri failed to prove that the Council’s investigation was harassment. Despite the investigation, he continues to serve as the Inspector General for the DHS.

Katz, Eric. “DHS Inspector General Pays $1.2M Settlement to Former Deputy.” Government Executive, July 27, 2023. https://www.govexec.com/management/2023/07/dhs-inspector-general-pays-12m-settlement-former-deputy/388892/.

Sector(s):

Agency(ies): DHS

Event Type(s): Civil Liberties or Privacy Infringement, Insubordinate or Highly Politicized Conduct

Last Known Accountability Status: Shared with Congressional Oversight Committees, Under DHS Review

Victim Classification: Advocate or Humanitarian Worker

September 15, 2022

Sen. Ron Wyden (D-Oregon), a member of the Senate Select Committee on Intelligence, sent a letter to CBP Commissioner Chris Magnus voicing concerns about the electronic privacy of travelers who pass through U.S. ports of entry, including land border crossings and airports. Sen. Wyden accused CBP of “pressuring travelers to unlock their electronic devices without adequately informing them of their rights” and “downloading the contents of Americans’ phones into a central database, where this data is saved and searchable for 15 years by thousands of Department of Homeland Security employees, with minimal protections against abuse.”

The Washington Post and Gizmodo reported on the letter, and on CBP’s apparent exception to the Constitution’s Fourth Amendment allowing it to carry out “advanced searches” of travelers’ phones—including those of U.S. citizens—if they have a “reasonable suspicion” that the individual is breaking the law or poses a “national security concern.” “It’s not immediately clear what a ‘national security concern’ is, or what differentiates it from reasonable suspicion, an already low evidentiary standard,” Gizmodo reported.

Even without such suspicion, CBP claims the power to access travelers’ electronic devices, looking at “anything that ‘would ordinarily be visible by scrolling through the phone manually,’ including contact lists, calendar entries, messages, photos and videos,” the Washington Post explained citing a 2018 CBP “Privacy Impact Assessment Update.” With the “reasonable suspicion” standard, CBP can copy the entire contents of the phone or device. “That data is then stored in the Automated Targeting System database, which CBP officials can search at any time.”

CBP is collecting further, “advanced” data from “less than 10,000” border-crossers’ devices each year, Sen. Wyden’s letter indicates that agency personnel told his office. The number appears to refer only to the “advanced” searches: CBP’s Enforcement Statistics web page indicates that the agency subjected 45,499 international travelers to “electronic device search” in fiscal year 2022, a 21 percent increase over 2021. In the case of “advanced” searches, CBP retains the copied data for 15 years.

Sources told the Washington Post that about 2,700 or 3,000 CBP personnel have access to this collected data, all without a warrant. CBP personnel are not required to record the purpose of their searches, Sen. Wyden noted, “even though auditable records of this sort are an important safeguard against abuse.”

Sen. Wyden’s letter called on CBP to change its policy, laid out in a January 2018 directive, and halt warrantless searches of U.S. citizens’ phones. The Senator asked the CBP Commissioner for “a written plan,” by October 31, 2022, describing the steps that CBP would take to address his concerns.

CBP officials declined to answer Washington Post questions “about how many Americans’ phone records are in the database, how many searches have been run or how long the practice has gone on, saying it has made no additional statistics available ‘due to law enforcement sensitivities and national security implications.’”

— Sen. Ron Wyden (D-Oregon). “Wyden Letter to CBP on Border Searches of Devices,” September 15, 2022. <https://www.wyden.senate.gov/imo/media/doc/Wyden%20letter%20to%20CBP%20on%20border%20searches%20of%20devices.pdf>.

— Harwell, Drew. “Customs Officials Have Copied Americans’ Phone Data at Massive Scale.” Washington Post, September 19, 2022. <https://www.washingtonpost.com/technology/2022/09/15/government-surveillance-database-dhs/>.

— Dell Cameron and Lauren Leffer. “Border Agents Are Taking Data From Americans’ Phones Without Warrants.” Gizmodo, September 15, 2022. <https://gizmodo.com/border-patrol-surveillance-cell-data-no-warrants-1849540504>.

— “Privacy Impact Assessment Update for CBP Border Searches of Electronic Devices.” U.S. Customs and Border Protection, January 4, 2018. <https://www.dhs.gov/sites/default/files/publications/PIA-CBP%20-%20Border-Searches-of-Electronic-Devices%20-January-2018%20-%20Compliant.pdf>.

Screenshot from CBP Enforcement Statistics web page, January 14, 2023 (Washington: U.S. Customs and Border Protection, January 14, 2023) <https://www.cbp.gov/newsroom/stats/cbp-enforcement-statistics>.

— “CBP Directive 3340-049A: Border Search of Electronic Devices.” U.S. Customs and Border Protection, January 4, 2018. <https://www.cbp.gov/sites/default/files/assets/documents/2018-Jan/CBP-Directive-3340-049A-Border-Search-of-Electronic-Media-Compliant.pdf>.

Sector(s): Border-Wide

Agency(ies): CBP

Event Type(s): Civil Liberties or Privacy Infringement

Last Known Accountability Status: Unknown

Victim Classification:

July 18, 2022

Documents obtained by the American Civil Liberties Union (ACLU) show that CBP was among DHS agencies that purchased large amounts of location data from a contractor that harvested it from hundreds of millions of mobile phones across the United States. “In just three days in 2018, the documents show that the CBP collected data from more than 113,000 locations from phones in the Southwestern United States—equivalent to more than 26 data points per minute—without obtaining a warrant,” Politico reported. “By searching through this massive trove of location information at their whim, government investigators can identify and track specific individuals or everyone in a particular area, learning details of our private activities and associations,” the ACLU warned.

— Shreya Tewari, Fikayo Walter-Johnson, “New Records Detail DHS Purchase and Use of Vast Quantities of Cell Phone Location Data” (United States: American Civil Liberties Union, July 18, 2022) https://www.aclu.org/news/privacy-technology/new-records-detail-dhs-purchase-and-use-of-vast-quantities-of-cell-phone-location-data.

— Alfred Ng, “Homeland Security records show ‘shocking’ use of phone data, ACLU says” (Washington: Politico, July 18, 2022) https://www.politico.com/news/2022/07/18/dhs-location-data-aclu-00046208.

Sector(s): Border-Wide

Agency(ies): CBP, DHS, ICE

Event Type(s): Civil Liberties or Privacy Infringement

Last Known Accountability Status: Unknown

Victim Classification:

December 11, 2021

A Yahoo News investigation told the story of Jeffrey Rambo, a Border Patrol agent assigned to the Counter Network Division of CBP’s National Targeting Center in 2017 and 2018. The investigation pointed to very troubling CBP intrusions into the private lives of U.S. citizens not suspected of committing any crimes, while all involved have avoided punishment.

Though assigned to a project with the ostensible goal of combatting forced labor, Rambo and his Division ended up digging through classified government databases to uncover information about the private lives of as many as 20 U.S. journalists. The resulting leak investigation ensnared reporter Ali Watkins, revealing her romantic relationship with a married Senate staffer. Rambo, Yahoo News’s Jana Winter reported,

ran Watkins through an assortment of databases. Those included, among others, CBP’s Automated Targeting System, a tool that compares travelers against law enforcement and intelligence data; TECS, which tracks people entering and exiting the country; the Treasury Department’s FinCEN, used for identifying financial crimes; and the State Department consular database, which included details of her passport application.

Dan White, Rambo’s supervisor at the Counter-Network Division, testified about Charlie Ratliff, a program analyst in the Division who “worked on DOMEX, a program that collects information from the contents of a person’s electronic device when they cross a U.S. border.”

According to White’s later testimony, Ratliff regularly investigated congressional staffers’ travel captured by CBP to run against the Terrorist Screening Database. “White stated that when Congressional ‘Staffers’ schedule flights, the numbers they use get captured and analyzed by CBP,” the inspector general report says. White told the investigators that Ratliff “does this all the time,” looking at “inappropriate contacts between people.”

Starting in 2018, the DHS Inspector-General and CBP’s Office of Professional Responsibility carried out a two-year investigation into Rambo’s activities, focused on whether Rambo improperly accessed government databases, and sought information outside the scope of his official duties.

The Inspector-General found grounds for potential criminal charges against Rambo, White, and Ratliff, and presented criminal referrals to the Justice Department in October 2020. In the end, Mark Lytle, the head of financial crimes at United States Attorney’s Office for the Eastern District of Virginia, declined to prosecute, in part because CBP lacked clear policies and procedures governing Rambo’s duties.

“We’re in a very dangerous place if having no rules means officers can’t break any rules,” Hugh Handeyside, a senior staff attorney with the American Civil Liberties National Security Project, told Yahoo News.

That same month, Jeffrey Rambo was taken off administrative leave and returned to duty as a Border Patrol agent, where he remained as of the time of Yahoo News’s investigation, assigned to the San Diego Sector. Dan White, Rambo’s former supervisor, was back running the same team as before at the CBP National Targeting Sector’s Counter Network Division. “When the inspector general requested any new policies or procedures the division had for contacts with journalists and people outside government, it received no reply,” Yahoo News found.

Ali Watkins, the reporter whose personal life came most heavily under CBP scrutiny and was working at the New York Times as of December 2021, told Yahoo News, “I’m deeply troubled at the lengths CBP and DHS personnel apparently went to try and identify journalistic sources and dig into my personal life. It was chilling then, and it remains chilling now.”

— Jana Winter, “Operation Whistle Pig: Inside the secret CBP unit with no rules that investigates Americans” (Yahoo News, December 11, 2021) https://news.yahoo.com/operation-whistle-pig-inside-the-secret-cbp-unit-with-no-rules-that-investigates-americans-100000147.html.

Sector(s): Border-Wide

Agency(ies): Border Patrol, National Targeting Center

Event Type(s): Civil Liberties or Privacy Infringement, Misuse of Intelligence Capability

Last Known Accountability Status: Criminal Charges Dropped, DHS OIG investigation Closed, OPR Investigation Closed

Victim Classification: Journalist, U.S. Citizen or Resident