Justice and Law Enforcement:

National Applications Office Certification Review

GAO-09-105R: Published: Nov 6, 2008. Publicly Released: Nov 6, 2008.

Additional Materials:

Contact:

Gregory C. Wilshusen
(202) 512-6408
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Since the 1960s, classified satellite information collected by intelligence agencies has been used, from time to time, by federal civilian agencies and other non-intelligence entities for civil, scientific, and environmental purposes (such as mapping, disaster relief, and environmental research). These uses have historically been coordinated by the Civil Applications Committee (CAC) led by the U.S. Geological Survey, a component of the Department of the Interior. Following the events of September 11, 2001, attention has turned to information sharing as a key element in developing comprehensive and practical approaches to defending against potential terrorist attacks. Having information on threats, vulnerabilities, and incidents can help an agency better understand the risks and determine what preventive measures should be implemented. The ability to share such terrorism-related information can also unify the efforts of federal, state, and local government agencies, as well as the private sector in preventing or minimizing terrorist attacks. Exchanging terrorism-related information continues to be a significant challenge for federal, state, and local governments--one that we recognize is not easily addressed. Accordingly, since January 2005, we have designated information sharing for homeland security a high-risk area. Citing a growing need to use classified satellite information for civil or domestic purposes, in 2005, an independent study group reviewed the future role of the CAC and concluded that although the civil domestic users were well supported through the CAC, homeland security and law enforcement users lacked a coherent, organized, and focused process to access classified satellite information. In 2007, the Office of the Director of National Intelligence designated the Department of Homeland Security (DHS) as the executive agency and home of a newly created National Applications Office (NAO), whose mission would be to process requests for classified satellite information from, among others, nontraditional users of intelligence for civil, homeland security, and law enforcement purposes. DHS established a process whereby potential requesters for classified satellite information annually submit memorandums generally describing the information they plan to ask for, followed by a more detailed review of each actual request to ensure legal compliance. The Consolidated Appropriations Act, 2008, prohibited funds from being made available to commence operations of the NAO until the Secretary of Homeland Security certified that the program complies with all existing laws, including all applicable privacy and civil liberties standards, and that certification was reviewed by GAO. On April 9, 2008, in a letter to Members of Congress, the Secretary of the Department of Homeland Security certified that the NAO complies with all existing laws, including all applicable privacy and civil liberties standards. The Secretary also provided a charter for the office, privacy and civil liberties impact assessments, and NAO standard operating procedures. Our objectives were to determine the extent to which DHS justified its certification that the NAO complies with (1) all applicable laws, (2) privacy standards, and (3) civil liberties standards.

Although the department has established procedures for legal review, it has not yet fully addressed all outstanding issues regarding how the planned operations of the NAO, as described in the department's certification documents, are to comply with legal requirements. Specifically, DHS has not resolved legal and policy issues associated with NAO support for law enforcement. The NAO charter states that requests for law enforcement domain uses (i.e., activities relating to enforcing criminal or civil laws or investigating violations thereof) will not be accepted by the NAO until interagency agreement is reached on unresolved legal and policy issues. An independent study group had determined that the legality of using satellite imagery of domestic subjects for law enforcement purposes raised difficult issues that had not been fully settled. Work has begun to address these issues, and the department now plans to recertify the NAO's compliance with all laws before accepting requests related to law enforcement. Recertification following the resolution of legal and policy concerns will be an important element in providing assurance that NAO operations are in compliance with all applicable laws. The DHS Privacy Office worked with NAO program officials to define privacy protections for the program and prepared a privacy assessment that discussed high-level privacy protections. Further, DHS has recently taken additional steps to justify its certification of compliance with privacy standards. The NAO civil liberties impact assessment identified a number of areas of potential concern regarding civil rights and civil liberties. Although the NAO program office addressed several of these issues--such as the need to develop and conduct training on civil liberties issues--the department has not indicated how the NAO would address other significant issues, including the potential for improper use or retention of intelligence information by customers and the potential for overly broad annual memorandums about customers' planned uses, which may facilitate the acceptance of requests that should be rejected.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Following GAO's recommendation that the Secretary of Homeland Security more fully justify the department's certification of the National Applications Office (NAO), in February 2009, the Secretary began a review of the program in coordination with law enforcement, emergency management and intelligence entities. On June 23, 2009, the Secretary of DHS announced the decision to terminate the NAO program. The Secretary stated that this action would allow DHS to focus its efforts on more effective information sharing programs that better meet the needs of law enforcement, protect the civil liberties and privacy of Americans, and make the country more secure.

    Recommendation: To ensure that the NAO is in compliance with applicable laws, including privacy and civil liberties standards, the Secretary of Homeland Security should more fully justify the department's certification and given that the NAO is to operate before law enforcement issues are resolved and operations are recertified by establishing clear definitions for law enforcement and homeland security requests to better ensure that law enforcement requests will not be accepted until legal and policy issues are resolved.

    Agency Affected: Department of Homeland Security

  2. Status: Closed - Implemented

    Comments: Following GAO's recommendation that the Secretary of Homeland Security more fully justify the department's certification of the National Applications Office (NAO), in February 2009, the Secretary began a review of the program in coordination with law enforcement, emergency management and intelligence entities. On June 23, 2009, the Secretary of DHS announced the decision to terminate the NAO program. The Secretary stated that this action would allow DHS to focus its efforts on more effective information sharing programs that better meet the needs of law enforcement, protect the civil liberties and privacy of Americans, and make the country more secure.

    Recommendation: To ensure that the NAO is in compliance with applicable laws, including privacy and civil liberties standards, the Secretary of Homeland Security should more fully justify the department's certification by directing the NAO to address remaining issues about its processes and procedures, including (1) defining procedures for developing and approving annual memorandums for all categories of classified satellite information, (2) establishing procedures for monitoring the legal review process to ensure it is achieving its objectives, (3) ensuring that specific privacy controls outlined in the revised privacy assessment are clearly established in NAO standard operating procedures, and (4) establishing specific procedures to fully address issues raised within the civil liberties impact assessment: the potential for improper use or retention of information provided by the NAO and the potential for impermissible requests to be accepted as a result of a reliance on broad annual memorandums as justifications.

    Agency Affected: Department of Homeland Security

 

Explore the full database of GAO's Open Recommendations »

Jul 9, 2014

May 14, 2014

Apr 30, 2014

Mar 26, 2014

Jan 13, 2014

Dec 9, 2013

Dec 6, 2013

Nov 20, 2013

Oct 29, 2013

Sep 25, 2013

Looking for more? Browse all our products here