This is the accessible text file for GAO report number GAO-09-105R 
entitled 'National Applications Office Certification Review' which was 
released on November 6, 2008. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

November 6, 2008: 

Congressional Committees: 

Subject: National Applications Office Certification Review: 

Since the 1960s, classified satellite information collected by 
intelligence agencies[Footnote 1] has been used, from time to time, by 
federal civilian agencies and other non-intelligence entities for 
civil, scientific, and environmental purposes (such as mapping, 
disaster relief, and environmental research). These uses have 
historically been coordinated by the Civil Applications Committee (CAC) 
led by the U.S. Geological Survey, a component of the Department of the 
Interior. 

Following the events of September 11, 2001, attention has turned to 
information sharing as a key element in developing comprehensive and 
practical approaches to defending against potential terrorist attacks. 
Having information on threats, vulnerabilities, and incidents can help 
an agency better understand the risks and determine what preventive 
measures should be implemented. The ability to share such terrorism- 
related information can also unify the efforts of federal, state, and 
local government agencies, as well as the private sector in preventing 
or minimizing terrorist attacks. Exchanging terrorism-related 
information continues to be a significant challenge for federal, state, 
and local governments--one that we recognize is not easily addressed. 
Accordingly, since January 2005, we have designated information sharing 
for homeland security a high-risk area.[Footnote 2] 

Citing a growing need to use classified satellite information for civil 
or domestic purposes, in 2005, an independent study group reviewed the 
future role of the CAC and concluded that although the civil domestic 
users were well supported through the CAC, homeland security and law 
enforcement users lacked a coherent, organized, and focused process to 
access classified satellite information.[Footnote 3] 

In 2007, the Office of the Director of National Intelligence designated 
the Department of Homeland Security (DHS) as the executive agency and 
home of a newly created National Applications Office (NAO), whose 
mission would be to process requests for classified satellite 
information from, among others, nontraditional users of intelligence 
for civil, homeland security, and law enforcement purposes. DHS 
established a process whereby potential requesters for classified 
satellite information annually submit memorandums generally describing 
the information they plan to ask for, followed by a more detailed 
review of each actual request to ensure legal compliance. 

The Consolidated Appropriations Act, 2008, prohibited funds from being 
made available to commence operations of the NAO until the Secretary of 
Homeland Security certified that the program complies with all existing 
laws, including all applicable privacy and civil liberties standards, 
and that certification was reviewed by GAO. 

On April 9, 2008, in a letter to Members of Congress, the Secretary of 
the Department of Homeland Security certified that the NAO complies 
with all existing laws, including all applicable privacy and civil 
liberties standards. The Secretary also provided a charter for the 
office, privacy and civil liberties impact assessments, and NAO 
standard operating procedures. 

Our objectives were to determine the extent to which DHS justified its 
certification that the NAO complies with (1) all applicable laws, (2) 
privacy standards, and (3) civil liberties standards. 

To assess DHS's certification of compliance with all applicable laws, 
we reviewed the certification documents to determine the extent to 
which DHS evaluated and addressed laws applicable to NAO operations. We 
interviewed agency officials from the NAO program office and the DHS 
Office of General Counsel to identify all available analysis conducted 
on applicable laws and to determine the extent to which mechanisms for 
ensuring compliance had been established. 

To assess DHS's certification of compliance with privacy standards, we 
reviewed two versions of the privacy impact assessment developed for 
the program (one completed in connection with the April 2008 
certification and a revised version developed in July 2008 in response 
to discussions with us) and interviewed officials from the program 
office and the DHS Privacy Office. In addition, we analyzed the system- 
of-records notices identified within the certification documentation 
and by DHS to determine whether they provided public notice regarding 
NAO's planned operations and potential use of personal information. 

To assess DHS's certification of NAO compliance with civil liberties 
standards, we reviewed the civil liberties impact assessment to 
identify concerns raised about civil liberties and recommendations made 
to address them. We also interviewed officials from the program office 
and the DHS Office of Civil Rights and Civil Liberties to determine the 
extent to which DHS had instituted measures to address the concerns 
raised by the impact assessment: 

We conducted this performance audit in the Washington, D.C., area from 
April 2008 to September 2008 in accordance with generally accepted 
government auditing standards. Those standards require that we plan and 
perform the audit to obtain sufficient, appropriate evidence to provide 
a reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives. 

On September 15, 2008, we provided the staff of cognizant committees 
with sensitive but unclassified briefing slides on the results of this 
review. Subsequently, we coordinated with DHS officials to review the 
sensitivity of the slides and determine what contents could be publicly 
released. This report summarizes the results of our review, provides 
the public version of the slides, and officially transmits our 
recommendations to the Secretary of Homeland Security. The slides, 
including details on our scope and methodology, are reprinted in 
enclosure I. 

DHS Has Not Fully Justified Its Certification That the NAO Complies 
with Applicable Laws: 

Although the department has established procedures for legal review, it 
has not yet fully addressed all outstanding issues regarding how the 
planned operations of the NAO, as described in the department's 
certification documents, are to comply with legal requirements. 
Specifically, DHS has not resolved legal and policy issues associated 
with NAO support for law enforcement. The NAO charter states that 
requests for law enforcement domain uses (i.e., activities relating to 
enforcing criminal or civil laws or investigating violations thereof) 
will not be accepted by the NAO until interagency agreement is reached 
on unresolved legal and policy issues. An independent study group had 
determined that the legality of using satellite imagery of domestic 
subjects for law enforcement purposes raised difficult issues that had 
not been fully settled. Work has begun to address these issues, and the 
department now plans to recertify the NAO's compliance with all laws 
before accepting requests related to law enforcement. Recertification 
following the resolution of legal and policy concerns will be an 
important element in providing assurance that NAO operations are in 
compliance with all applicable laws. 

In addition, DHS has taken steps to develop a legal review procedure 
for classified satellite information requests but has not yet fully 
established management controls to ensure that it will be effective. 
DHS has developed a multistage process for reviewing potential requests 
to address any legal or policy concerns. This process represents a 
reasonable approach for ensuring that decisions are reviewed on a case- 
by-case basis, to the extent that law enforcement requests are not 
accepted. However, the NAO charter leaves it unclear what types of 
requests will be initially rejected as being in the law enforcement 
domain and what types will be accepted as homeland security requests, 
because the distinctions between the two domains are not clear. 

Further, other important details have not yet been fully addressed. The 
process for developing and approving annual memorandums, which set 
expectations about planned customer uses of NAO data, has not yet been 
established for all categories of classified satellite information. In 
addition, procedures for monitoring the legal review process to ensure 
that it is making appropriate determinations about the legality of 
requests have not yet been established. Without clarifying these 
details of the planned legal review process, DHS will have limited 
assurance that the process is effective at ensuring compliance with 
applicable laws. 

DHS Has Taken Steps to Justify Its Certification of Compliance with 
Privacy Standards: 

The DHS Privacy Office worked with NAO program officials to define 
privacy protections for the program and prepared a privacy assessment 
that discussed high-level privacy protections. Further, DHS has 
recently taken additional steps to justify its certification of 
compliance with privacy standards. 

Specifically, DHS originally did not fulfill agency requirements to 
identify privacy risks and control mechanisms but recently has taken 
steps to do so. At the time of NAO certification, DHS did not fully 
explain how the office would comply with widely accepted privacy 
standards, such as the need for personally identifiable information to 
be accurate, secure, and used only for limited purposes. Specifically, 
the NAO's original privacy assessment did not identify or analyze the 
risks that NAO operations might not meet these standards, nor did it 
specify measures to mitigate such risks. In response to discussions 
with us regarding these shortcomings, the Privacy Office developed a 
revised assessment that represented a substantial improvement in 
identifying privacy risks and mitigating controls to address them, such 
as providing appropriate oversight and building a process to identify 
and correct inaccurate information. However, differences between the 
review procedures outlined in the revised privacy impact assessment and 
those in the standard operating procedures raise questions about 
whether the specifics of the NAO's privacy protection controls have 
been clearly established. 

In addition, the public notices cited by DHS did not provide a public 
explanation of the privacy protections associated with planned NAO 
operations. One key privacy standard requires that the public be 
notified about the existence of systems containing personal information 
and the privacy protections associated with them. However, publicly 
available privacy notices (called system-of-records notices under the 
Privacy Act of 1974) cited by DHS as applying to the NAO did not 
provide information specifically about the NAO, its planned uses of 
personal information, or the privacy protections that are to be 
established. In response to discussions with us regarding this lack of 
public notice, DHS updated NAO information on the department's public 
Web site to reflect the relationship between the NAO and the applicable 
system-of-records notice. The updated information better informs the 
public about how personal information is to be processed, analyzed, and 
distributed by the NAO. 

DHS Identified Civil Liberties Concerns Associated with NAO Operations 
but Has Not Yet Fully Addressed Them: 

The NAO civil liberties impact assessment identified a number of areas 
of potential concern regarding civil rights and civil liberties. 
Although the NAO program office addressed several of these issues--such 
as the need to develop and conduct training on civil liberties issues-
-the department has not indicated how the NAO would address other 
significant issues, including the potential for improper use or 
retention of intelligence information by customers and the potential 
for overly broad annual memorandums about customers' planned uses, 
which may facilitate the acceptance of requests that should be 
rejected. 

In a July 2008 letter to the DHS Undersecretary of Intelligence and 
Analysis, the acting NAO program director outlined plans to address 
several issues raised by the assessment. However, specific measures 
have not yet been developed to address the potential for improper use 
or retention of information provided by the NAO and the potential for 
impermissible requests to be accepted as a result of a reliance on 
broad annual memorandums as justifications. Certifying the readiness of 
the NAO without fully addressing the concerns outlined within the 
assessment--including establishing internal controls for mitigating 
identified risks--provides only limited assurance that the office is in 
compliance with civil liberties standards and will take appropriate 
measures to protect civil liberties. 

Recommendations for Executive Action: 

To ensure that the NAO is in compliance with applicable laws, including 
privacy and civil liberties standards, we recommend that the Secretary 
of Homeland Security more fully justify the department's certification 
by taking the following actions: 

1. Given that the NAO is to operate before law enforcement issues are 
resolved and operations are recertified, establish clear definitions 
for law enforcement and homeland security requests to better ensure 
that law enforcement requests will not be accepted until legal and 
policy issues are resolved. 

2. Direct the NAO to address remaining issues about its processes and 
procedures, including: 

* defining procedures for developing and approving annual memorandums 
for all categories of classified satellite information, 

* establishing procedures for monitoring the legal review process to 
ensure it is achieving its objectives, 

* ensuring that specific privacy controls outlined in the revised 
privacy assessment are clearly established in NAO standard operating 
procedures, and: 

* establishing specific procedures to fully address issues raised 
within the civil liberties impact assessment: the potential for 
improper use or retention of information provided by the NAO and the 
potential for impermissible requests to be accepted as a result of a 
reliance on broad annual memorandums as justifications. 

Comments from the Department of Homeland Security and Our Evaluation: 

In responding to our request for comments on a draft of this letter, 
the NAO program director stated that the comments provided by DHS in 
September 2008 regarding our briefing slides were to be considered the 
department's official response to our certification review. 

In those written comments, (reprinted in enclosure II) the DHS Deputy 
Undersecretary for Mission Integration described steps that DHS has 
taken or plans to take to address our recommendations. Regarding our 
first recommendation, the Deputy Undersecretary stated that the 
definitions for law enforcement and homeland security requests outlined 
in the charter were sufficiently clear for the NAO to operate in an 
effective and lawful manner. However, we believe that clearer 
definitions are essential to ensuring that law enforcement requests are 
effectively and consistently excluded from consideration by the NAO. 
The Secretary's certification of compliance depends critically on the 
assertion that requests for law enforcement domain uses will not be 
accepted by the NAO until interagency agreement is reached on 
unresolved legal and policy issues. Without clearer definitions that 
unambiguously distinguish the law enforcement and homeland security 
domains, the NAO runs the risk that requests may be accepted without a 
complete analysis of how the NAO will ensure compliance with applicable 
laws. 

Regarding our second recommendation, the Deputy Undersecretary 
highlighted steps the agency is taking to update its processes and 
procedures, including updating its internal procedures to address civil 
liberties issues and focusing resources on training NAO staff and 
customers, particularly with respect to the collection, use, and 
retention of personally identifiable information. We agree that these 
steps, once completed, should provide DHS with better assurance that 
NAO's processes and procedures are effective in ensuring the program's 
compliance with applicable laws, privacy and civil liberties standards. 

We are sending copies of this report to interested congressional 
committees, the Secretary of Homeland Security, and other interested 
parties. We will also make copies available to others upon request. In 
addition, this product will be available at no charge on the GAO Web 
site at [hyperlink, http://www.gao.gov]. 

If you or your staff have any questions concerning this report, please 
contact me at (202) 512-6253 or willemssenj@gao.gov. Contact points for 
our Offices of Congressional Relations and Public Affairs may be found 
on the last page of this report. Key contributions to this report were 
made by Linda Koontz, Director, Information Management Issues; John de 
Ferrari, Assistant Director; Matthew Grote; Nick Marinos; Lee 
McCracken; and David Plocher. 

Signed by: 

Joel Willemssen: 
Managing Director, Information Technology: 

Enclosure: 

List of Congressional Committees: 

The Honorable Robert C. Byrd: 
Chairman: 
The Honorable Thad Cochran: 
Ranking Member: 
Subcommittee on Homeland Security: 
Committee on Appropriations: 
United States Senate: 

The Honorable Joseph I. Lieberman: 
Chairman: 
The Honorable Susan M. Collins: 
Ranking Member: 
Committee on Homeland Security and Governmental Affairs: United States 
Senate: 

The Honorable Daniel K. Akaka: 
Chairman: 
Subcommittee on Oversight of Government Management, the Federal 
Workforce, and the District of Columbia: Committee on Homeland Security 
and Governmental Affairs: United States Senate: 

The Honorable John D. Rockefeller IV: Chairman: 
The Honorable Christopher S. Bond: 
Vice Chairman: 
Select Committee on Intelligence: 
United States Senate: 

The Honorable David E. Price: 
Chairman: 
The Honorable Harold Rogers: 
Ranking Member: 
Subcommittee on Homeland Security: 
Committee on Appropriations: 
House of Representatives: 

The Honorable Bennie G. Thompson: 
Chairman: 
The Honorable Peter T. King: 
Ranking Member: 
Committee on Homeland Security: 
House of Representatives: 

The Honorable Silvestre Reyes: 
Chairman: 
The Honorable Peter Hoekstra: 
Ranking Member: 
Permanent Select Committee on Intelligence: House of Representatives: 

[End of section] 

Enclosure I: Public Version of September 15, 2008, Briefing to 
Congressional Staff: 

National Applications Office: 

Certification of Compliance With Legal, Privacy, and Civil Liberties 
Standards Needs to Be More Fully Justified Briefing for Congressional 
Staff: 

September 15, 2008: 

Contents: 

Introduction: 
Objectives, Scope, and Methodology: 
Results in Brief: 
Background: 
Compliance With Applicable Legal, Privacy, and Civil Liberties: 
Standards Needs to Be More Fully Justified: 
* DHS has not fully justified its certification of compliance with 
applicable laws; 
* DHS has taken steps to justify its certification of compliance with 
privacy standards; 
* DHS identified civil liberties concerns associated with NAO 
operations but has not fully addressed them; Conclusions: 
Recommendations: 
Agency Comments and Our Evaluation: 

Introduction: 

Since the 1960s, classified satellite information collected by 
intelligence agencies[Footnote 4] has been used, from time to time, by 
federal civilian agencies and other non-intelligence entities for 
civil, scientific, and environmental purposes (such as mapping, 
disaster relief, and environmental research). These uses have 
historically been coordinated by the Civil Applications Committee (CAC) 
led by the U.S. Geological Survey (USGS), a component of the Department 
of the Interior. 

Following the events of September 11, 2001, attention has turned to 
information sharing as a key element in developing comprehensive and 
practical approaches to defending against potential terrorist attacks. 
Having information on threats, vulnerabilities, and incidents can help 
n agency better understand the risks and determine what preventative 
measures should be implemented. The ability to share such terrorism- 
related information can also unify the efforts of federal, state, and 
local government agencies, as well as the private sector in preventing 
or minimizing terrorist attacks. 

Citing a growing need to use classified satellite information for civil 
or domestic purposes, in 2005, an independent study group reviewed the 
future role of the CAC and concluded that although the civil domestic 
users were well supported through the CAC, homeland security and law 
enforcement users lacked a coherent, organized, and focused process to 
access classified satellite information. 

In 2007, the Office of the Director of National Intelligence (ODNI) 
designated the Department of Homeland Security (DHS) as the executive 
agency and home of a newly created National Applications Office (NAO), 
whose mission would be to process requests for classified satellite 
information from, among others, non-traditional users of intelligence 
for civil, homeland security, and law enforcement purposes. DHS 
established a process whereby potential requesters for classified 
satellite information annually submit memorandums generally describing 
the information they plan to ask for, followed by a more detailed 
review of each actual request, to ensure legal compliance. 

The Consolidated Appropriations Act, 2008, prohibited funds from being 
made available to commence operations of the NAO until the Secretary of 
Homeland Security certified that the program complies with all existing 
laws, including all applicable privacy and civil liberties standards, 
and that certification was reviewed by GAO. 

Objectives: 

On April 9, 2008, in a letter to members of Congress, the Secretary of 
the Department of Homeland Security certified that NAO complies with 
all existing laws, including all applicable privacy and civil liberties 
standards. The Secretary also provided a charter for the office, 
privacy and civil liberties impact assessments, and NAO standard 
operating procedures. 

Our objectives were to determine the extent to which DHS justified its 
certification that the NAO complies with (1) all applicable laws, (2) 
privacy standards, and (3) civil liberties standards. 

Scope and Methodology: 

To assess DHS certification of compliance with all applicable laws, we 
reviewed the certification documents to determine the extent to which 
DHS evaluated and addressed laws applicable to NAO operations. 
Specifically, we reviewed DHS’ assessment of applicable laws such as 
the Posse Comitatus Act—which generally prohibits the use of U.S. 
military personnel to enforce civilian laws, unless otherwise 
authorized by law—and the 4th Amendment to the Constitution, which 
guards against unreasonable searches and seizures. We also reviewed 
related executive branch directives, including Executive Order 12333, 
which limits how federal agencies in the intelligence community collect 
information concerning U.S. persons.[Footnote 5] We interviewed agency 
officials from the NAO program office and the DHS Office of General 
Counsel to identify all available analysis conducted on applicable laws 
and to determine the extent to which mechanisms for ensuring compliance 
had been established. 

To assess DHS certification of compliance with privacy standards, we 
reviewed two versions of the privacy impact assessment developed for 
the program (one completed in connection with the April 2008 
certification and a revised version developed in July 2008 in response 
to discussions with us) and interviewed officials from the program 
office and the DHS Privacy Office. To identify DHS privacy 
responsibilities, we reviewed the Privacy Act of 1974, Homeland 
Security Act of 2002, and E-Government Act of 2002. We compared the 
original and revised NAO privacy impact assessments with DHS privacy 
impact assessment guidance as well as the Fair Information Practices, a 
widely accepted set of standards for protecting the privacy and 
security of personal information. In addition, we analyzed the system- 
of-records notices identified within the certification documentation 
and by DHS to determine whether they provided public notice regarding 
the NAO’s planned operations and potential use of personal information. 

To assess DHS certification of NAO compliance with civil liberties 
standards, we reviewed the civil liberties impact assessment (CLIA) to 
identify concerns raised about civil liberties and recommendations made 
to address them. We compared the content of the CLIA to a set of 
standard civil liberties assessment criteria developed by DHS for 
analyzing a program’s potential civil liberties impact, including 
questions about the impact on particular groups or individuals, such as 
racial or ethnic groups; the impact on the influence of government in 
its relationship with private citizens; and whether alternatives and 
safeguards have been considered to address potential concerns. We also 
interviewed officials from the program office and the DHS Office of 
Civil Rights and Civil Liberties to determine the extent to which DHS 
had instituted measures to address the concerns raised by the CLIA. 

We interviewed officials at the USGS and National Geospatial- 
Intelligence Agency (NGA) to obtain information on how requests for 
information from classified satellites are currently processed for 
federal civilian agencies. This information pertained to compliance 
with applicable laws as well as privacy and civil liberties standards. 

We conducted this performance audit in the Washington, D.C., area from 
April 2008 to September 2008 in accordance with generally accepted 
government auditing standards. Those standards require that we plan and 
perform the audit to obtain sufficient, appropriate evidence to provide 
a reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives. 

Results in Brief: 

DHS has not fully justified its certification that the NAO complies 
with applicable laws. 

Although the department has established procedures for legal review, it 
has not yet fully addressed all outstanding issues regarding how the 
planned operations of the NAO, as described in the department’s 
certification documents, are to comply with legal requirements. 
Specifically: 

DHS has not resolved legal and policy issues associated with NAO 
support for law enforcement. The NAO charter states that requests for 
law enforcement domain uses (i.e., activities relating to enforcing 
criminal or civil laws or investigating violations thereof) will not be 
accepted by the NAO until interagency agreement is reached on 
unresolved legal and policy issues. The Independent Study Group had 
determined that the legality of using satellite imagery of domestic 
subjects for law enforcement purposes raised difficult issues that had 
not been fully settled. Work has begun to address these issues, and the 
department now plans to re-certify the NAO’s compliance with all laws 
before accepting requests related to law enforcement. Recertification 
following the resolution of legal and policy concerns will be an 
important element in providing assurance that NAO operations are in 
compliance with all applicable laws. 

DHS has taken steps to develop a legal review procedure for classified 
satellite information requests but has not yet fully established 
management controls to ensure that it will be effective. DHS has 
developed a multi-stage process for reviewing potential requests to 
address any legal or policy concerns. This process represents a 
reasonable approach for ensuring that decisions are reviewed on a case- 
by-case basis, to the extent that law enforcement requests are not 
accepted. However, the NAO charter leaves it unclear what types of 
requests will be initially rejected as being in the law enforcement 
domain and what types will be accepted as homeland security requests, 
because the distinctions between the two domains are not clear. 

In addition, other important details have not yet been fully addressed. 
The process for developing and approving annual memorandums, which set 
expectations about planned customer uses of NAO data, has not yet been 
established for all categories of classified satellite information. In 
addition, procedures for monitoring the legal review process to ensure 
it is making appropriate determinations about the legality of requests 
have not yet been established. Without clarifying these details of the 
planned legal review process, DHS will have limited assurance that the 
process is effective at ensuring compliance with applicable laws. 

DHS has taken steps to justify its certification of compliance with 
privacy standards. 

The DHS Privacy Office worked with NAO program officials to define 
privacy protections for the program and prepared a privacy assessment 
that discussed high-level privacy protections. Further, DHS has 
recently taken additional steps to justify its certification of 
compliance with privacy standards. 

DHS originally did not fulfill agency requirements to identify privacy 
risks and control mechanisms but recently has taken steps to do so. At 
the time of NAO certification, DHS did not fully explain how the office 
would comply with widely accepted privacy standards, such as the need 
for personally identifiable information to be accurate, secure, and 
used only for limited purposes. Specifically, NAO’s original privacy 
assessment did not identify or analyze the risks that NAO operations 
might not meet these standards, nor did it specify measures to mitigate 
such risks. In response to discussions with us regarding these 
shortcomings, the Privacy Office developed a revised assessment that 
represents a substantial improvement in identifying privacy risks and 
mitigating controls to address them, such as providing appropriate 
oversight and building a process to identify and correct inaccurate 
information. However, differences between the review procedures 
outlined in the revised PIA and those in the standard operating 
procedures raise questions about whether the specifics of NAO’s privacy 
protection controls have been clearly established. 

The system-of-records notices cited by DHS do not provide a public 
explanation of the privacy protections associated with planned NAO 
operations. One key privacy standard requires that the public be 
notified about the existence of systems containing personal information 
and the privacy protections associated with them. However, publicly 
available privacy notices (called system-of-records notices under the 
Privacy Act of 1974) cited by DHS as applying to NAO do not provide 
information specifically about the NAO, its planned uses of personal 
information, or the privacy protections that are to be established. In 
response to discussions with us regarding this lack of public notice, 
DHS updated NAO information on the department’s public Web site to 
reflect the relationship between the NAO and the applicable system-of- 
records notice. The updated information better informs the public about 
how personal information is to be processed, analyzed, and distributed 
by the NAO. 

DHS identified civil liberties concerns associated with NAO operations 
but has not yet fully addressed them. 

The Department's assessment of the civil liberties impact of NAO 
operations identified a number of areas of potential concern regarding 
civil rights and civil liberties. Although the NAO program office 
addressed several of these issues—such as the need to develop and 
conduct training on civil liberties issues—the department has not 
indicated how NAO would address other significant issues, including the 
potential for improper use or retention of intelligence information by 
customers, and the potential for overly broad, annual memorandums about 
customers’ planned uses that may facilitate the acceptance of requests 
that should be rejected. 

In a July 2008 letter to the DHS Undersecretary of Intelligence and 
Analysis, the acting NAO program director outlined plans to address 
several issues raised by the assessment. However, specific measures 
have not yet been developed to address the potential for improper use 
or retention of information provided by NAO and the potential for 
impermissible requests to be accepted as a result of a reliance on 
broad annual memorandums as justifications. 

Certifying the readiness of the NAO without fully addressing the 
concerns outlined within the assessment—including establishing internal 
controls for mitigating identified risks—does not provide assurance 
that the office is in compliance with civil liberties standards and 
will take appropriate measures to protect civil liberties. 

Without fully justifying its certification, DHS lacks assurance that 
NAO operations will comply with applicable laws and privacy and civil 
liberties standards. To help ensure that NAO is in compliance with such 
laws and standards, we recommend that the Secretary of Homeland 
Security more fully justify the department's certification by: 

1. establishing clear definitions for law enforcement and homeland 
security requests to better ensure that law enforcement requests will 
not be accepted until legal and policy issues are resolved, and: 

2. directing NAO to address remaining issues regarding its processes 
and procedures, including: 

* defining procedures for developing and approving annual memorandums 
in all categories, 

* establishing procedures for monitoring the legal review process, 

* ensuring that privacy controls outlined in the revised privacy impact 
assessment are clearly established in standard operating procedures, 
and: 

* establishing specific procedures to fully address issues raised by 
the civil liberties impact assessment. 

In written comments provided on a draft of this briefing, the DHS 
Deputy Undersecretary for Mission Integration described steps that DHS 
has taken or plans to take to address our recommendations. Regarding 
our first recommendation, the Deputy Undersecretary stated that the 
definitions for law enforcement and homeland security requests outlined 
in the charter were sufficiently clear for the NAO to operate in an 
effective and lawful manner. However, we believe that clearer 
definitions are essential to ensuring that law enforcement requests are 
effectively and consistently excluded from consideration by the NAO. 
The Secretary’s certification of compliance depends critically on the 
assertion that requests for law enforcement domain uses will not be 
accepted by the NAO until interagency agreement is reached on 
unresolved legal and policy issues. Without clearer definitions that 
unambiguously distinguish the law enforcement and homeland security 
domains, the NAO runs the risk that requests may be accepted without a 
complete analysis of how the NAO will ensure compliance with applicable 
laws. 

Regarding our second recommendation, the Deputy Undersecretary 
highlighted steps the agency is taking to update its processes and 
procedures, including updating its internal procedures to address civil 
liberties issues and focusing resources on training NAO staff and 
customers, particularly with respect to the collection, use, and 
retention of personally identifiable information. We agree that these 
steps, once completed, should provide DHS with better assurance that 
NAO’s processes and procedures are effective in ensuring the program’s 
compliance with applicable laws, privacy and civil liberties standards. 

Background: 

Sharing of Classified Satellite Information for Domestic Purposes Since 
the 1960’s, federal civilian agencies have used classified satellite 
information for civil, scientific, and environmental purposes. In 1975, 
the U.S. President’s Commission on Central Intelligence Agency 
Activities within the United States recommended that an interagency 
committee of federal civil agencies be established to oversee the use 
of classified satellites for imaging domestic areas and to allay 
concerns about improper or illegal uses of such imaging capabilities. 
In response to the Commission’s recommendations, the Civil Applications 
Committee (CAC) was established in 1976 to serve as a mechanism for 
reviewing and prioritizing the needs of civilian agencies for 
classified satellite information. 

In response to the events of September 11, 2001, information sharing 
has been identified as a key element in developing comprehensive and 
practical approaches to defending against potential terrorist attacks. 
Having information on threats, vulnerabilities, and incidents can help 
an agency better understand the risks and determine what preventative 
measures should be implemented. The ability to share such terrorism- 
related information can also unify the efforts of federal, state, and 
local government agencies, as well as the private sector in preventing 
or minimizing terrorist attacks. Exchanging terrorism-related 
information continues to be a significant challenge for federal, state, 
and local governments—one that we recognize is not easily addressed. 
Accordingly, since January 2005, we have designated information sharing 
for homeland security a high-risk area.[Footnote 6] 

Background: 

The Role of the Civil Applications Committee: 

The mission of the CAC has been to facilitate the appropriate civil 
uses of data collected by classified government satellites. Led by the 
U.S. Geological Survey (USGS), the CAC includes representatives from 
the Departments of Agriculture, Commerce, Health and Human Services, 
Homeland Security (DHS), the Interior, and Transportation; the U.S. 
Army Corps of Engineers; the Environmental Protection Agency; the 
Federal Emergency Management Agency; the National Science Foundation; 
the U.S. Coast Guard; and the National Aeronautics and Space 
Administration. 

Background: 

According to its charter, the CAC’s responsibilities include, among 
other things: 

* assisting in ensuring the effective application of classified 
satellite information to support the appropriate worldwide production, 
analysis, and research programs of federal civil agencies; 

* facilitating the use of such data to derive basic information for 
civil applications, including mapping, disaster assessments, monitoring 
environmental changes, and for deriving other information to support 
national policies and objectives; and: 

* overseeing federal civil agencies’ requests for the collection of 
classified satellite information to ensure the constitutional and other 
legal rights of U.S. persons are not violated and that such requests 
and the use of such data are consistent with the authorities and 
responsibilities of the agencies and are in accordance with authorized 
programs. 

Background: 

Independent Study Group: 

Citing a growing need for domestic uses of information collected by 
intelligence agencies, in May 2005, the Office of the Director of 
National Intelligence (ODNI) and USGS chartered an Independent Study 
Group to conduct a review of the future role of the CAC for the 
facilitation, management, and oversight of classified satellite 
information for civil or domestic use.[Footnote 7] The group, composed 
of former senior government and military officials and consultants, 
concluded in its report (known as the Blue Ribbon Study) that although 
civil users were well supported through the CAC, homeland security and 
law enforcement users lacked a coherent, organized, and focused process 
to access classified satellite information.[Footnote 8] Further, the 
report stated that most of these users did not understand how 
classified satellite information could be applied to support their 
missions and functions and, likewise, that intelligence agencies lacked 
a comprehensive understanding of the needs of those users. 

Background: 

National Applications Office: 

As a result of its findings, the study group recommended the 
establishment of a domestic applications program to provide a focal 
point and act as a facilitator between intelligence agencies and their 
potential customers, such as homeland security and law enforcement 
users. The study group recommended that the office be informed by 
working groups from three domestic user domains: civil, homeland 
security, and law enforcement, and be modeled after the operations of 
the CAC. The group also recommended that the establishment of the 
office be informed by a comprehensive review of legal and policy 
issues. 

Responding to the study group’s recommendations, ODNI began planning 
the National Applications Office (NAO) in September 2006 and, in May 
2007, designated DHS as its executive agent. Following the August 2007 
DHS publication of the NAO’s mission, a congressional hearing was held 
in September 2007 to examine the privacy and civil liberties 
implications of using classified satellite information for domestic 
purposes. 

The Consolidated Appropriations Act, 2008, prohibited funds provided in 
the act from being available to commence NAO operations until the 
Secretary of DHS certified that the program complies with all existing 
laws, including all applicable privacy and civil liberties standards, 
and that certification was reviewed by GAO. 

Background: 

NAO Certification: 

On April 9, 2008, in a letter to members of Congress, the DHS Secretary 
certified that the NAO, as described in its charter and standard 
operating procedures, complies with all existing laws, including all 
applicable privacy and civil liberties standards. The Secretary also 
provided the following supporting documentation: 

* The NAO Charter – The charter defines the mission of the NAO and the 
responsibility of its members. The charter was approved in February 
2008 by the Attorney General, Director of National Intelligence, 
Secretary of the Interior, Secretary of Homeland Security, and 
Secretary of Defense. 

* A Privacy Impact Assessment (PIA) –The PIA was reviewed and approved 
by the DHS Privacy Office, which is responsible for ensuring PIAs are 
conducted to identify specific privacy risks and controls needed to 
mitigate those risks.[Footnote 9] The PIA describes how the NAO plans 
to address the Fair Information Practices—a set of widely-accepted 
principles for protecting the privacy and security of personal 
information that include such things as limiting the collection and use 
of such information and ensuring that it is accurate for its intended 
purpose. The PIA concludes that privacy risks have been minimized by 
the institution of multi-layered protection mechanisms involving 
personnel management, IT system security, and business processes. 

* A Civil Liberties Impact Assessment (CLIA) – The DHS Civil Rights and 
Civil Liberties Office conducts these assessments to help ensure that 
civil liberties are considered as the department develops or implements 
laws, regulations, policies, procedures, and guidelines related to 
efforts to protect the nation against terrorism.[Footnote 10] The NAO 
CLIA discusses potential civil liberties impacts, identifies safeguards 
in place, and makes recommendations for additional measures. It 
concludes that due to the nature of the NAO mission, rigorous oversight 
of the office, and existing safeguards, the NAO is unlikely to impact 
on individuals’ civil liberties in a substantial way. 

* Standard Operating Procedures – These procedures cover the required 
steps involved in the submission, approval, and processing of 
information requests in support of civil, homeland security, and law 
enforcement purposes when such requests are submitted through the NAO. 

Background: 

NAO User Domains: 

According to its charter, the mission of the NAO is to serve as an 
independent advocate for the use of, and facilitate access to, 
classified satellite information by, among others, non- traditional 
users of intelligence in the following three domains: 

Civil Applications includes entities involved with domestic and 
international research, analysis, and operations designed to support 
the assessment and management of environmental issues and natural 
resources, evaluating socioeconomic conditions, producing maps and 
charts, and assessment, preparation and response to disasters. 

Homeland Security includes those government agencies and activities 
involved in the prevention and mitigation of, preparation for, response 
to, and recovery from natural or man-made disasters, including 
terrorism, and other threats to the homeland. 

Law Enforcement includes government law enforcement entities when they 
are seeking to enforce criminal or civil laws or investigate violations 
thereof. 

Background: 

NAO Functions: 

For each of the three domains, NAO’s function is to: 

* review, coordinate and advocate for requests from government entities 
for classified satellite information (agencies may also directly 
contact the intelligence community for access to intelligence 
capabilities); 

* advocate future technology needs to the intelligence community; 

* educate potential users about intelligence capabilities and how and 
when they might be leveraged to support their needs within the existing 
policy and legal frameworks; 

* if necessary, analyze data received from providers to meet the needs 
of the requesters; and: 

* promote information sharing through the effective and efficient use 
of intelligence capabilities. 

In carrying out these functions, NAO’s goal is to: 

* protect privacy, civil rights, and civil liberties; 

* lawfully and appropriately use intelligence capabilities; and: 

* protect the confidentiality of the sources and methods used to 
collect the information. 

Background: 

Information Categories: 

Three categories of classified satellite information are to be provided 
through the NAO:[Footnote 11] 

Geospatial intelligence (GEOINT) – GEOINT is defined as “the 
exploitation and analysis of imagery and geospatial information to 
describe, assess, and visually depict physical features and 
geographically referenced activities on the Earth. Geospatial 
intelligence consists of imagery, imagery intelligence, and geospatial 
information.” 

Measurement and signature intelligence (MASINT) – MASINT is defined as 
intelligence “derived from measurements of physical phenomena intrinsic 
to an object or event.” These phenomena can include the following 
types: “electro-optical, infrared, laser, spectral, radar, 
polarimetric, high-power or unintentional radio frequency emanations, 
geophysical, chemical, biological, radiological, or nuclear.” 

Electronic intelligence (ELINT) – ELINT is defined as “technical and 
geolocation intelligence derived from non-communications 
electromagnetic radiations emanating from other than nuclear etonations 
or radioactive sources. It does not include oral or written 
communications.” Thus, ELINT could include intelligence based on 
signals from machines, such as computers, but not telephone 
conversations or other communications between individuals. 

Background: 

Information Categories: 

In addition, according to the charter, NAO may provide open source 
intelligence information, derived from publicly available information 
that anyone can lawfully obtain by request, purchase, or observation. 
For example, DHS officials stated that certain requests might be most 
easily filled with publicly available mapping imagery. 

Background: 

NAO Acceptance Process: 

According to its charter NAO will not accept any requests that fall 
within the law enforcement domain when it begins operations.[Footnote 
12] Such requests will not be accepted until legal and policy issues 
are resolved. For all other requests, NAO acceptance of requests for 
classified satellite information relies on a two-phased process: 

Filing of annual memorandums: 

As a first phase, potential requesters (i.e., agencies within the civil 
and homeland security domains) are to annually submit memorandums that 
generally describe the information they plan to request and its 
intended use. 

Processing of individual requests: 

In the second phase of the process, NAO has defined a six-step review 
procedure for individual information requests. 

DHS Certification of Compliance with Applicable Laws: 

DHS has not resolved legal and policy issues associated with NAO 
support for law enforcement operations. 

The NAO is intended to support law enforcement as a key element of its 
mission. Its charter states that the office is to be an advocate for 
the use of intelligence community capabilities by civil, homeland 
security, and law enforcement communities, and DHS officials have said 
that the NAO will eventually process law enforcement requests. Further, 
the Independent Study Group, which was an impetus to the creation of 
the NAO, cites assistance to law enforcement as a major reason to 
establish the NAO. 

The Independent Study Group determined that the legality of using 
satellite imagery of domestic subjects for law enforcement purposes was 
a difficult issue that had not been fully settled. For example, it 
stated that no case regarding the use of military, civil, or commercial 
satellites has been brought to court. The study group also stated that 
appropriate safeguards were needed to ensure that classified satellite 
information would be used lawfully and with full consideration of the 
rights of U.S. persons. 

The NAO certification documents include discussions of the 
applicability of certain laws, such as the 4th Amendment to the 
Constitution, and executive branch directives, such as Executive Order 
12333—which limits how federal agencies in the intelligence community 
collect information concerning U.S. persons. For example, the CLIA 
includes a discussion of the Posse Comitatus Act, which generally 
prohibits the use of U.S. military personnel to enforce civilian (civil 
or criminal) laws, unless otherwise authorized by law. The CLIA 
concludes that there is little likelihood that NAO activities will 
raise Posse Comitatus Act issues. 

However, DHS analysis of these laws did not resolve the legal issues of 
using intelligence community capabilities for law enforcement purposes. 
For example, regarding the 4th Amendment to the Constitution, which 
guards against unreasonable searches and seizures, the CLIA notes that 
NAO’s involvement in law enforcement uses “remains under consideration 
and thus its ultimate contours are not known at this time.” The 
document states that the Civil Rights and Civil Liberties Office will 
update its assessment and assist in constructing polices and procedures 
for law enforcement use. This indicates that, with respect to issues 
related to law enforcement, NAO certification is not yet complete. 

DHS Certification of Compliance with Applicable Laws DHS certification 
recognizes that law enforcement issues have not been resolved and, in 
response, states that law enforcement requests will not be accepted 
until such issues are resolved. The NAO charter established a Policy 
and Legal Working Group to develop responses to the legal and policy 
concerns. The group plans to conduct analyses and make recommendations 
regarding potential changes in policy and law regarding permissible 
access to classified satellite information for law enforcement 
purposes. At the time of our review, the working group had begun its 
work but had yet to complete its analysis or make recommendations. 

According to the acting NAO director, it was an agency priority to 
begin operations at the NAO as soon as possible and thus a decision was 
reached to set unresolved law enforcement issues aside and proceed with 
certification of legal compliance for the rest of the NAO’s planned 
operations. 

In responding to our questions regarding law enforcement issues, the 
DHS Deputy Undersecretary for Mission Integration, who oversees NAO, 
stated that the agency will provide an additional certification before 
the law enforcement domain becomes operational. Recertification 
following the resolution of legal and policy concerns will be an 
important element in providing assurance that NAO operations are in 
compliance with all applicable laws. 

DHS Certification of Compliance with Applicable Laws DHS took steps to 
develop a legal review procedure for requests but has not yet 
established sufficient management controls to ensure that it will be 
effective. 

The DHS Secretary’s certification letter states that NAO’s charter and 
standard operating procedures were carefully crafted to ensure 
compliance with all applicable laws. The charter also states that a 
primary function of the office will be to ensure that its procedures 
are in accordance with laws, policies, and procedures that protect 
privacy, civil rights, and civil liberties. 

Given the need to ensure compliance with all laws, it is important that 
NAO establish management controls to ensure that only requests that 
meet established criteria are accepted. According to government 
standards, management controls (or internal controls) are the policies, 
procedures, techniques, and mechanisms that help ensure that 
management’s directives are carried out.[Footnote 13] Management 
controls can include a wide range of diverse activities, such as 
approvals and authorizations, which vary depending on agency missions, 
organization, complexity and other factors, and should be clearly 
documented in agency directives, policies, and other guidance. Further, 
processes need to be established to monitor management controls on a 
regular basis to ensure they are achieving their objectives. 

As its management control to ensure compliance with applicable laws, 
DHS developed a multi-stage legal review process for all requests 
submitted to NAO. According to the charter and standard operating 
procedures, assurance that information requests are consistent with 
applicable laws and official policy will occur through the review of 
requests by the NAO staff, the legal staff of the relevant collecting 
agencies, and, as appropriate, other federal agencies. As previously 
described, this will involve interagency review when “special uses,” 
such as the use of U.S. person data or law enforcement functions, are 
being requested, as well as review by the DHS Secretary or Deputy 
Secretary of uses that involve novel or significant homeland security 
uses, or where the use of a new technology has 4th Amendment 
implications. 

This process represents a reasonable approach for ensuring that 
decisions are reviewed on a case-by-case basis to the extent that law 
enforcement requests are not accepted, which is a critical element of 
the process. As the Office for Civil Rights and Civil Liberties has 
pointed out in the CLIA, the impact on NAO operations of 4th Amendment 
and other law enforcement issues cannot yet be evaluated because “the 
ultimate contours [of NAO support for the Law Enforcement Domain] are 
not known at this time.” 

However, NAO has not established clear definitions of the homeland 
security and law enforcement domains to guide decisions by NAO and 
other agency officials and to ensure that law enforcement requests are 
not accepted. 

As previously discussed, the NAO charter describes three civilian 
customer domains that could use intelligence capabilities in support of 
their missions—civil applications, homeland security, and law 
enforcement. Homeland security includes those government agencies and 
activities involved in the prevention and mitigation of, preparation 
for, response to, and recovery from natural or man-made disasters, 
including terrorism and other threats to the homeland. Law enforcement 
includes law enforcement entities when they are seeking to enforce 
criminal or civil laws or investigate violations thereof. However, the 
charter further states that when law enforcement entities are “not so 
focused,” their activities may fall within the homeland security 
domain. 

The domain definitions are unclear because they describe functions that 
could overlap. For example, law enforcement entities would likely be 
involved in seeking to enforce homeland security laws, such as the USA 
PATRIOT Act or the Intelligence Reform and Terrorism Prevention Act. It 
is not clear whether that function would be interpreted as falling 
under the homeland security or law enforcement domain, because elements 
of both domains are involved. 

Likewise many other types of homeland security functions have the 
potential to overlap with law enforcement functions, thus leaving it 
unclear how they would be categorized. For example, border security 
involves closely interrelated law enforcement and homeland security 
functions. A request for imagery along the U.S. border might be 
interpreted as a law enforcement matter (e.g., surveillance of 
suspected criminal activity), in which case it is not to be accepted by 
the NAO under the office's initial operating procedures. However, 
alternatively, the request might be considered a homeland security 
matter (e.g., serving a broader objective of protecting the border). In 
that case, the request might be accepted. 

This lack of clarity is exacerbated by the fact that while NAO does not 
plan to accept law enforcement requests initially, it will accept 
requests from federal law enforcement agencies for homeland security 
purposes. 

DHS officials acknowledged the overlap between the two domains, but 
stated that they expect that the review process for requests outlined 
in the NAO charter, along with communication between NAO and the 
requester, will provide sufficient clarity for distinguishing between 
law enforcement and homeland security requests. 

However, the review process outlined within the charter relies upon the 
domain definitions included in that document. Without clear domain 
definitions, DHS cannot be certain that requests related to law 
enforcement are being effectively and consistently excluded from 
consideration. And because law enforcement issues have not yet been 
analyzed and resolved, the NAO therefore runs the risk that requests 
may be accepted without a complete analysis of how the NAO will ensure 
compliance with applicable laws. 

Other important details of how the legal review process is to be 
implemented have also not yet been determined. For example, 

The process for developing and approving annual memorandums for MASINT 
and ELINT has not been delineated. Such procedures are an important 
control in assuring that access, retention, and sharing of information 
is properly constrained. 

Specific processes have not yet been established for monitoring the 
legal review process on a regular basis to ensure it is achieving its 
objectives. Monitoring the NAO’s operations will be important to ensure 
that planned privacy and civil liberties protections are being 
implemented as intended. 

NAO officials stated that they are in the process of developing these 
procedures. For example, they stated that MASINT and ELINT procedures 
will be developed that mirror existing GEOINT procedures. They also 
stated that it would be up to the Privacy Office, Civil Rights and 
Civil Liberties Office, and Office of the Inspector General to 
determine how they will monitor the program to ensure it is achieving 
its objectives. 

However, officials did not provide milestones for completing procedures 
that are in process or state when monitoring procedures will be 
developed. Until the procedures are adequately defined, DHS will have 
limited assurance that the process is effective at ensuring compliance 
with applicable laws. 

DHS Certification of Compliance with Privacy Standards: 

DHS originally did not fulfill agency requirements to identify privacy 
risks and control mechanisms but recently has taken steps to do so. 

Under law, Office of Management and Budget guidance, and DHS guidance, 
DHS is to conduct privacy impact assessments (PIA) to ensure that the 
technology used by DHS sustains and does not erode privacy protections. 

Specifically, DHS guidance states that a PIA should be completed for 
any program, system technology, or rulemaking that involves personally 
identifiable information. The guidance also states that a PIA should 
accomplish two goals: 

* determine the risks and effects of collecting, maintaining and 
disseminating information in identifiable form via an electronic 
information system; and: 

* evaluate protections and alternative processes for handling 
information to mitigate potential privacy risks. 

In order to accomplish these goals, PIAs are required to include 
“privacy impact analysis” sections that assess privacy risks and 
identify specific steps to be taken to mitigate those risks. 

DHS Certification of Compliance with Privacy Standards PIAs can serve 
as an analysis of adherence to the Fair Information Practices. These 
practices, first proposed in 1973 by a U.S. government advisory 
committee, are now widely accepted as principles for protecting the 
privacy and security of personal information. The DHS Privacy Office 
defines these principles as follows: 

* Transparency - DHS should be transparent and provide notice to the 
individual regarding its collection, use, dissemination, and 
maintenance of personally identifiable information (PII). 

* Individual participation - DHS should involve the individual in the 
process of using PII. DHS should, to the extent practical, seek 
individual consent for the collection, use, dissemination, and 
maintenance of PII and should provide mechanisms for appropriate 
access, correction, and redress regarding DHS use of PII. 

* Purpose specification - DHS should specifically articulate the 
authority which permits the collection of PII and specifically 
articulate the purpose or purposes for which the PII is intended to be 
used. 

* Data minimization - DHS should only collect PII that is directly 
relevant and necessary to accomplish the specified purpose and only 
retain PII for as long as is necessary to fulfill the specified 
purpose. 

* Use limitation - DHS should use PII solely for the purpose specified 
in the notice. Sharing PII outside the department should be for a 
purpose compatible with the purpose for which the PII was collected. 

* Data quality and integrity - DHS should, to the extent practical, 
ensure that PII is accurate, relevant, and timely, within the context 
of each use of the information. 

* Security - DHS should protect PII (in all forms) through appropriate 
security safeguards against risks such as loss, unauthorized access or 
use, destruction, modification, or unintended or inappropriate 
disclosure. 

* Accountability and auditing - DHS should be accountable for complying 
with these principles, providing training to all employees and 
contractors who use PII, and should audit the actual use of PII to 
demonstrate compliance with these principles and all applicable privacy 
protection requirements. 

The original NAO PIA was divided into sections that correspond to the 
Fair Information Practices. For each principle, a planned course of 
action was described. For example, the principle of purpose 
specification was to be addressed through the use of annual 
memorandums, which state requesters’ intended uses. Based on the 
discussions in these sections, the PIA concluded that privacy risks had 
been minimized by instituting multi-layered protection mechanisms 
involving personnel management, information technology (IT) system 
security, and business processes. 

The PIA further stated that the NAO did not anticipate routinely 
collecting, storing, and disseminating personally identifiable 
information and that, in those instances when it did, the information 
would be maintained and disseminated in accordance with applicable 
laws, regulations, and polices. In discussing the original PIA, DHS 
Privacy Office officials noted that NAO’s adherence to privacy 
standards was assured in part because it was expected to be staffed 
with individuals who would be trained in privacy protection standards 
and who would be required to adhere to authorities such as Executive 
Order 12333, which includes limits on the extent and manner in which 
information about U.S. persons is collected by intelligence agencies. 
In addition, they stated that the NAO’s planned multi-stage review 
process for requests would also help ensure that privacy standards are 
met. For example, that review process could include consultation with 
the Privacy Office if it is deemed necessary. Because these broad 
measures were in place, Privacy Office officials believed that NAO 
operations would meet privacy standards. 

However, although it described privacy protections in general terms, 
the original PIA did not fully analyze privacy risks or identify 
specific ways to mitigate them. For example: 

* Data quality and integrity – DHS guidance requires agency information 
on U.S. persons to be accurate, relevant, and timely. However, the 
original PIA did not discuss this risk or other specific risks 
regarding the accuracy of personal information to be processed by the 
NAO. The PIA asserted that the office would follow “appropriate 
policies and procedures” to ensure data quality but did not identify 
the polices and procedures. Thus, the document did not identify the 
risks associated with use of inaccurate data or discuss how specific 
controls would mitigate these risks. 

* Security – DHS guidance requires agency information on U.S. persons 
to be protected by proper safeguards and security measures; however, 
the original PIA did not identify the specific security risks. The PIA 
asserted the office would follow applicable security policies and 
procedures, including the use of password-protected storage of 
information. However, these statements only referred generically to the 
use of standard security controls. They did not discuss how such 
techniques addressed the specific security risks. 

* Use limitation – DHS guidance requires agency information on U.S. 
persons to be used only for the purposes for which it was originally 
collected. The original PIA stated that the “NAO will use a multi-layer 
system of protection to ensure that information passing through or 
stored by the NAO is in compliance with privacy and civil liberties 
laws and policies of the United States.” It also stated that the NAO 
would adhere to NGA policies related to proper use of information. 
However, the PIA did not discuss specific risks associated with 
inadequately limiting the use of personal information that NAO might be 
distributing. For example, by broadly sharing information with non- 
federal users, who are not bound by the Privacy Act, personal 
information could be at risk of being used in ways not specified when 
it was originally collected. The PIA did not discuss control mechanisms 
for mitigating risks such as this. 

In discussions with us, the DHS Director of Privacy Compliance 
acknowledged these shortcomings in the original PIA. In response, the 
Privacy Office developed and issued a revised PIA on July 28, 2008, 
that more fully addressed risks and mitigating controls. The revised 
document identifies four overall privacy risks associated with the 
operation of the NAO: 

1. An individual may be unaware that personally identifiable 
information will be collected about him or her in response to a request 
processed by the NAO. 

2. Personally identifiable information may be collected, analyzed, or 
disseminated in a manner that makes the information inaccurate. 

3. Personally identifiable information may be misused by a requestor. 

4. Associated technology may improve so dramatically that qualitatively 
new capabilities will enable the gathering of personally identifiable 
information in ways that are impossible today, thus creating new 
potential privacy risks. 

The PIA states that these risks can be mitigated by providing 
appropriate oversight, building a process to identify and correct 
inaccurate information, and ensuring that the DHS Privacy Office and 
DHS Office for Civil Rights and Civil Liberties remain critical 
components of all review processes as new and improved technology is 
developed. 

The revised PIA also identifies specific privacy risks associated with 
several of the individual Fair Information Practices and outlines 
measures taken by the NAO to address them. For example, regarding Use 
Limitation, the assessment identifies the risk that users of NAO- 
provided information may distribute NAO products inappropriately. The 
PIA states that the review processes for annual memorandums and 
requests, along with a process for educating potential and actual 
customers, are to mitigate the risk of improper use of information. 

However, several of the mitigating techniques identified in the revised 
PIA include specifics that differ from the standard operating 
procedures. For example, to address risks associated with the data 
quality and integrity of NAO-provided information, the PIA stated that 
NAO will implement several internal quality reviews conducted by 
officials not cited in NAO program documentation. 

According to the DHS Director of Privacy Compliance, the DHS Privacy 
Office plans to meet with NAO officials to discuss the revised PIA and 
their plans to implement the controls that will be required to address 
the identified risks. 

The revised PIA represents a substantial improvement over the original 
PIA in identifying privacy risks and mitigating controls to address 
them. However, the differences between the review procedures outlined 
in the revised PIA and those in the standard operating procedures raise 
questions about whether the specifics of NAO’s privacy protection 
controls have been clearly established. 

The system-of-records notices cited by DHS do not provide a public 
explanation of the privacy protections associated with planned NAO 
operations. 

A key DHS privacy principle states that the agency should be 
transparent and provide notice to the individual regarding its 
collection, use, dissemination, and maintenance of personally 
identifiable information. In addition, the Privacy Act requires 
agencies to notify the public, via a notice in the Federal Register 
known as a system-of-records notice (SORN), when they create or modify 
systems of records. This requirement is in place to protect the 
public’s right to know about the government’s collection of its 
personal information. 

The certification documents state that DHS complies with the Privacy 
Act notice requirement through the publication of the Homeland Security 
Operations Center (HSOC) Database SORN, issued in April 2005. The HSOC 
opened in 2004 to serve as a center for real-time threat monitoring, 
domestic incident management, and information sharing efforts. 

The HSOC Database SORN stated that the HSOC Database “serves as the 
technological platform to receive threat information, integrate it and 
disseminate it.” According to the notice, the HSOC Database contains 
law enforcement information, intelligence information, and other 
information for identifying and assessing the threats to the 
homeland,[Footnote 14] and the HSOC Database will disclose information 
to “a Federal, state, local, joint, tribal, foreign, international or 
other public agency or organization, or to any person or entity in 
either the public or private sector, domestic or foreign, where such 
disclosure may promote assist or otherwise serve homeland or national 
security interests.” 

However, the SORN does not identify the NAO or specifically describe 
its potential uses of personal information. 

According to DHS officials, the HSOC Database SORN had broad 
applicability to programs within the Office of Intelligence and 
Analysis, including NAO. 

Further, after the NAO certification was made, DHS issued a new SORN 
for the Office of Intelligence and Analysis Enterprise Records System 
on May 15, 2008. According to DHS officials, this notice replaced the 
HSOC Database SORN as the relevant notice for NAO. The new notice 
states that the Intelligence and Analysis Enterprise Records System is 
the single system of records to support all Intelligence and Analysis 
operations, including analysis and information sharing. Like the 
previous document, the new notice does not identify the NAO or 
specifically describe its potential uses of personally identifiable 
information. 

In response to discussions with us regarding the lack of public notice, 
DHS officials stated that a more extensive public notice would not be 
appropriate for intelligence activities but that they would update NAO 
information on the department’s public Web site to note that the 
privacy protections described in the Intelligence and Analysis 
Enterprise Records System notice apply to NAO. Explicitly linking NAO 
to the existing notice better informs the public about how personal 
information is to be processed, analyzed, and distributed by the NAO. 

DHS Certification of Compliance with Civil Liberties: 

Standards: 

DHS identified civil liberties concerns associated with NAO operations 
but has not yet fully addressed them. 

The DHS Office of Civil Rights and Civil Liberties is responsible for, 
among other things, assisting the Secretary of DHS and agency offices 
in developing, implementing, and periodically reviewing agency policies 
and procedures to ensure that the protection of civil rights and civil 
liberties is appropriately incorporated into the department’s programs 
and activities. According to officials, civil liberties impact 
assessments (CLIA) serve as a tool to assist in protecting civil rights 
and civil liberties as DHS programs are developed. 

The CLIA discussed efforts by DHS to take into consideration civil 
rights and civil liberties during the development of the NAO program. 
For example, the CLIA discussed various safeguards, including 
establishment of a training program regarding duties and 
responsibilities to protect civil rights and civil liberties. In 
addition, the CLIA highlighted the program office’s working 
relationship with the Office of Civil Rights and Civil Liberties and 
the DHS Privacy Office in developing the charter and standard operating 
procedures. The CLIA also stated that the NAO had benefited from 
significant input from the DHS Office of General Counsel. The 
assessment concluded that due to the nature of the NAO mission, 
rigorous oversight of the office, and existing safeguards, the NAO is 
unlikely to impact on individuals’ civil liberties in a substantial 
way. 

Officials from the Civil Rights and Civil Liberties Office told us that 
they had provided feedback to NAO as they conducted their review and 
that measures had been added to the program to address their concerns. 

Although the CLIA discusses how many of the issues it raises will be 
resolved and concludes that sufficient safeguards are in place, two 
significant issues related to civil liberties risks were raised that 
NAO has not responded to with a clear indication of how they are to be 
resolved. These issues are: 

* the potential for improper use or retention of information provided 
by NAO, and: 

* the potential for impermissible requests to be accepted as a result 
of a reliance on broad annual memorandums as justifications. 

Potential for Improper Use or Retention of Information Provided by NAO: 

The CLIA raised concern regarding improper use and retention of 
requested information by NAO’s customers and its impact on U.S. 
persons’ civil liberties. Specifically, the CLIA stated that “the 
manner in which information is accessed, used, and shared between the 
requester, the facilitator (NAO), the originating agency, and any 
information sharing partners has civil liberties implications.” 
Although information may be lawfully collected and is being used 
lawfully by the end user, “it is unclear [after the authorized use is 
complete] what will happen to the U.S. person information lawfully 
collected.” 

The CLIA recommended that two specific actions be taken to mitigate 
this risk: 

* NAO should vet all requests to amend access, retention, and sharing 
instructions contained in annual memorandums; and: 

* procedures and/or a system for tracing dissemination and access of 
products should be extended beyond NAO to customers as a condition of 
service. 

In response, NAO inserted a footnote into its standard operating 
procedures stating that it would vet all requests to amend access, 
retention, and sharing instructions contained in the original annual 
memorandum. The footnote also stated that access, retention, and 
sharing provisions were already included in existing proper use 
memorandums that govern requests to NGA. Finally, the footnote stated 
that procedures and/or a system for tracing dissemination and access of 
products will be extended beyond NAO to the requesters as a condition 
of service. However, no specific procedures have been developed 
regarding how such actions are to be implemented by NAO, and thus it is 
unclear whether the risk identified in the CLIA has been adequately 
addressed. 

In a July 2008 letter to the DHS Undersecretary for Intelligence and 
Analysis regarding plans to address recommendations identified within 
the CLIA, the acting NAO program director stated that NAO staff would 
continue to work with other intelligence agencies to explore additional 
ways to monitor and enable appropriate dissemination and access of 
products, including a discussion of how technology may assist in this 
process. 

Such a dialogue could assist the NAO in determining how best to 
implement these controls. However, until the NAO establishes specific 
procedures for vetting amendments to existing annual memorandums and 
tracing dissemination and access of products, it is uncertain whether 
this risk has been adequately addressed. 

Potential For Impermissible Requests as a Result of Broad Annual 
Memorandums: 

The CLIA stated that annual memorandums will be used as the primary 
method of categorizing the nature of multiple, recurring requests. 
While the CLIA indicated that such a process provides certain 
safeguards against the improper dissemination of personally 
identifiable information, it also stated that such agreements could 
potentially be formulated so broadly that they result in requests that 
could lead to a violation of civil liberties. For example, state and 
local agencies might group together by region to submit requests under 
a single annual agreement created by a regional information sharing 
center. The CLIA stated that allowing multiple customers to use a 
single annual memorandum could result in requests being made by 
individuals who lack the proper authority to do so. 

The CLIA recommended placing limits on what can be requested at the 
outset of the process to prevent potential mission creep, improper 
sharing, and improper requests. Further, it stated that failing to 
establish such limits increased the risk that improper requests would 
be received and could slip through the NAO’s review process. 

The certification documents generally outlined NAO’s annual memorandum 
process, but they did not set the recommended limits or identify 
controls to enforce them. 

NAO officials stated that civil liberties controls, such as those 
necessary to address the civil liberties risks identified in the CLIA, 
were not fully identified in the certification documentation because 
the NAO is in the early stages of its development and has not yet 
documented many of its internal controls. 

Prior to the NAO certification, DHS indicated that it planned to 
address certain civil liberties concerns outlined in the assessment. On 
April 8, 2008, the DHS Undersecretary for Intelligence and Analysis 
stated in a memorandum to the Civil Rights and Civil Liberties Office 
that he concurred with the report and that elements were already being 
incorporated into NAO management. 

The acting NAO program director’s July letter outlining plans for 
implementing several of the CLIA recommendations demonstrates the 
agency’s commitment to addressing civil liberties concerns. However, 
specific measures to address the potential for improper use or 
retention of information provided by NAO and the potential for 
impermissible requests to be accepted as a result of a reliance on 
broad annual memorandums as justifications have not yet been developed. 

Certifying the readiness of the NAO without fully addressing the 
concerns outlined within the assessment does not provide assurance that 
the office is fully in compliance with civil liberties standards and 
will take appropriate measures to protect civil liberties. 

Conclusions: 

DHS has taken positive steps to ensure that NAO operations will comply 
with applicable laws, including developing a legal review procedure for 
requests for classified satellite information. However, DHS has not yet 
fully justified that the planned operations of the NAO comply with 
applicable laws and standards. While the agency plans to provide an 
additional certification before the law enforcement domain becomes 
operational, the department has not provided clear definitions that 
show how law enforcement requests will be excluded from consideration 
before legal and policy issues associated with NAO support for law 
enforcement are resolved. Without clear definitions, DHS cannot be 
certain that requests related to law enforcement are being effectively 
and consistently excluded from consideration, and therefore runs the 
risk that requests may be accepted without a complete analysis of how 
the NAO will ensure compliance with applicable laws. In addition, 
procedures for developing and approving memorandums in the MASINT and 
ELINT categories have yet to be defined, and a specific process for 
monitoring the legal reviews has not yet been established. Given the 
sensitivity of NAO’s mission, it is important that these specific 
procedures be documented in the program’s implementing instructions. 
Without clarifying these details, DHS will have limited assurance that 
the legal review process is effectively ensuring compliance with 
applicable laws. 

DHS has recently taken steps to address privacy standards, including 
fulfilling agency requirements to identify privacy risks and control 
mechanisms to mitigate them. However, differences between the review 
procedures outlined in the revised NAO PIA and those in the standard 
operating procedures raise questions about whether the specifics of 
NAO’s privacy protection controls have been clearly established. 

Furthermore, DHS initially did not provide a public explanation of the 
privacy protections associated with planned NAO operations but has 
recently taken steps to do so. In response to discussions with us 
regarding the lack of public notice, DHS updated its publicly available 
information about the NAO to show its relationship with the applicable 
system-of-records notice, better informing the public about how 
personal information is to be processed, analyzed, and distributed by 
the NAO. 

Finally, DHS also completed a CLIA that identifies and assesses civil 
liberties risks associated with NAO, and discusses how most of them 
will be mitigated. However, measures to address the potential for 
improper use or retention of information provided by NAO and the 
potential for impermissible requests to be accepted as a result of a 
reliance on broad annual memorandums as justifications have not yet 
been fully addressed. Certifying the readiness of the NAO without fully 
addressing these concerns does not provide assurance that it is fully 
in compliance with civil liberties standards and will take appropriate 
measures to protect civil liberties. 

Recommendations: 

To ensure that NAO is in compliance with applicable laws, including 
privacy and civil liberties standards, we recommend that the Secretary 
of Homeland Security more fully justify the department's certification 
by taking the following actions: 

1. Given that NAO is to operate before law enforcement issues are 
resolved and operations are re-certified, establish clear definitions 
for law enforcement and homeland security requests to better ensure 
that law enforcement requests will not be accepted until legal and 
policy issues are resolved. 

2. Direct NAO to address remaining issues about its processes and 
procedures, including: 

* defining procedures for developing and approving annual memorandums 
in the MASINT and ELINT categories, 

* establishing procedures for monitoring the legal review process to 
ensure it is achieving its objectives, 

* ensuring that specific privacy controls outlined in the revised 
privacy assessment are clearly established in NAO standard operating 
procedures, and: 

* establishing specific procedures to fully address issues raised 
within the CLIA: the potential for improper use or retention of 
information provided by NAO and the potential for impermissible 
requests to be accepted as a result of a reliance on broad annual 
memorandums as justifications. 

Agency Comments and Our Evaluation: 

In written comments provided on a draft of this briefing, the DHS 
Deputy Undersecretary for Mission Integration stated that the 
department had taken or would take steps to ensure that our 
recommendations are incorporated in to the functioning of the NAO. 
However, with respect to our recommendation regarding the definitions 
of law enforcement and homeland security requests, the Deputy 
Undersecretary stated that the definitions outlined in the charter were 
sufficiently clear for the NAO to operate in an effective and lawful 
manner. He also noted that DHS “acknowledge[s] that overlap between 
these two general areas is possible,” and that “to the extent overlap 
between domains is conceivable, communication between the NAO and the 
requester will provide sufficient clarity.” 

However, we believe that without clearer domain definitions, DHS cannot 
be certain that requests related to law enforcement are being 
effectively and consistently excluded from consideration. The 
Secretary’s certification of compliance depends critically on the 
assertion that requests for law enforcement domain uses will not be 
accepted by the NAO until interagency agreement is reached on 
unresolved legal and policy issues. Because these law enforcement 
issues have not yet been analyzed and resolved, the NAO runs the risk 
that requests may be accepted without a complete analysis of how the 
NAO will ensure compliance with applicable laws. 

Regarding our recommendation to direct NAO to address remaining issues 
about its processes and procedures, the Deputy Undersecretary stated 
that NAO is taking several steps to incorporate the recommendation, 
including: 

* working with the intelligence community to establish more detailed 
procedures for requesting ELINT and MASINT, which are to be patterned 
after the GEOINT process; 

* developing a metrics program to help assess its effectiveness and 
maintain its customer focus; 

* updating its standard operating procedures to conform to the recently 
revised PIA; and: 

* updating its internal procedures to address issues raised in the 
CLIA, focusing resources on educating and training NAO staff and 
customers, particularly with respect to the collection, use, and 
retention of personally identifiable information. 

These actions have not yet been completed. However, we agree that 
completing these steps should provide DHS with better assurance that 
NAO’s processes and procedures will be effective in ensuring the 
program’s compliance with applicable laws, privacy and civil liberties 
standards. 

The Deputy Undersecretary also commented that the title of the briefing 
was misleading because it suggested that the NAO had failed to comply 
with all existing laws. We disagree that the title makes such a 
suggestion. The purpose of our review was not to make an independent 
determination of compliance, but to assess the completeness of DHS’ 
justification for certifying its compliance. Our conclusion was that 
additional justification was needed. 

In addition, the Deputy Undersecretary stated that some of the matters 
addressed in our briefing were, in DHS’ view, beyond the scope of what 
Congress authorized and that some of our recommendations point out 
programmatic or policy differences between GAO and DHS. Specifically, 
the Deputy Undersecretary stated his position that GAO’s tasking was 
limited to reviewing legal compliance. However, our scope and 
methodology were established on the basis of the language within the 
congressional mandate, and, in addition, we reached agreement with 
relevant Congressional appropriations, authorization, and oversight 
committees on the scope of our review prior to initiating our work. 
Further, we based our evaluation of the Secretary’s certification of 
compliance with privacy and civil liberties standards on the agency’s 
own policies and standards, including the DHS version of the Fair 
Information Practice Principles. 

Finally, the Deputy Undersecretary stated that our briefing constituted 
the completion of the review required by the Appropriations Act, and 
that the NAO is preparing to commence its operations in the civil 
applications and homeland security communities. 

[End of section] 

Enclosure II: Comments from the Department of Homeland Security: 

U.S. Department of Homeland Security Washington, DC 20528 

Homeland Security: 

August 29, 2008: 

Gene Dodaro: 
Acting Comptroller General Of the United States: Government 
Accountability Office: 
441 G Street NW: 
Washington, DC 20548: 

Dear Mr. Dodaro, 

Thank you for your thorough review of the Secretary's certification of 
the National Applications Office (NAO), as required by the 2008 Omnibus 
Appropriations Act.[Footnote 15] We have carefully considered your 
draft recommendations and, as described below, have taken or will take 
steps to ensure that these recommendations are incorporated into the 
functioning of the NAO. 

As an initial matter, I must address the title of the report: National 
Applications Office, Certification of Compliance with Legal, Privacy 
and Civil Liberties Standards Needs To Be More Fully Justified. GAO's 
report runs sixty pages and reflects a comprehensive and thoughtful 
review. The recommendations discussed below are focused on discrete and 
technical matters—and in no way suggest that the NAO fails to "comply 
with [any] existing laws." The title paints a very different picture. 
It is our view that the title is misleading because it does not 
accurately reflect the substance of the report. 

GAO's first recommendation is that the NAO establish a clearer 
definition of law enforcement activity. The NAO Charter states that the 
law enforcement domain includes activities conducted by law enforcement 
entities "to the extent they are enforcing criminal or civil laws or 
investigating violations thereof". The homeland security domain 
includes activities conducted by any agency related to "the prevention 
and mitigation of, preparation for, response to, and recovery from 
natural or man-made disasters, including terrorism, and other threats 
to the homeland." As we explained in our letter dated July 30, 2008, we 
believe that these definitions are sufficiently clear for the NAO to 
operate in an effective and lawful manner. A copy of that letter is 
attached. 

GAO's second recommendation pertains to operational processes and 
procedures. The NAO is taking several steps to incorporate this 
recommendation. First, the NAO is working with the Intelligence 
Community's Functional Managers to establish more detailed procedures 
for requesting electronic intelligence (ELINT) and measurements and 
signatures intelligence (MASINT), which will be patterned after the 
geospatial intelligence (GEOINT) community's Proper Use Memorandum 
(PUM) process. As with the PUM process, these procedures will enhance 
individual privacy and civil rights protections. Second, the NAO is 
developing a metrics program to help assess the NAO's effectiveness and 
maintain its customer focus. Among other benefits, this will allow the 
NAO to ensure that it is adequately safeguarding individuals' civil 
rights and privacy. Third, the NAO is updating its Standard Operating 
Procedures (SOPs) to conform to the recently revised Privacy Impact 
Assessment (PIA). During the review process, GAO identified several 
concerns with the PIA for the NAO. DHS has worked closely with the DHS 
Privacy Office to address these concerns and in August 2008 the Privacy 
Office issued a revised PIA. Finally, to address the issues raised in 
the Civil Liberties Impact Assessment (CLIA) for the NAO, the NAO is 
updating its internal procedures. It will focus resources on educating 
and training NAO staff and customers, particularly with respect to the 
collection, use and retention of Personally Identifiable Information 
(PII). 

Notwithstanding the steps DHS has taken to incorporate GAO's 
recommendations, some of the matters addressed in GAO's report are, in 
our view, beyond the scope of what Congress authorized. GAO's task was 
to review the Secretary's certification, which states only that the 
NAO, as contemplated, satisfies all existing laws, including statutory 
privacy and civil liberties standards. The classified portion of the 
Appropriations Act clarified and narrowed the scope of this review, 
providing that it is to focus on whether "all statutory privacy and 
civil liberties requirements have been met." Yet some of GAO's 
recommendations point out programmatic or policy differences between it 
and the Department, and thus are beyond the review contemplated in the 
Appropriations Act. 

Since GAO's report constitutes the completion of the review required by 
the Appropriations Act, the NAO is preparing to commence operations in 
the civil applications and homeland security communities. 

Sincerely, 

Signed by: 

James M. Chaparro: 
Deputy Under Secretary for Mission Integration Office of Intelligence 
and Analysis: 

Attachment:
Letter to GAO dated July 30, 2008: 

[End of section] 

Footnotes: 

[1] For purposes of this report, the term "classified satellite 
information" will be used to refer to all information derived from 
intelligence community sources that is expected to be made available 
through the National Applications Office (NAO). Based on discussions 
with NAO officials, a substantial part--but not all--of this 
information is derived from sensors mounted on classified government 
satellites. 

[2] For more information, see GAO, High-Risk Series: An Update, GAO-07- 
310 (Washington, D.C.: January 2007), p. 47; Information Sharing: The 
Federal Government Needs to Establish Policies and Processes for 
Sharing Terrorism-Related and Sensitive but Unclassified Information, 
GAO-06-385 (Washington, D.C.: Mar. 17, 2006). 

[3] Independent Study Group, Civil Applications Committee Blue Ribbon 
Study, (September 2005). 

[4] For purposes of this briefing, the term “classified satellite 
information” will be used to refer to all information derived from 
intelligence community sources that is expected to be made available 
through the National Applications Office (NAO). Based on discussions 
with NAO officials, a substantial part—but not all—of this information 
is derived from sensors mounted on classified government satellites. 

[5] Executive Order 12333 defines a U.S. person as a U.S. citizen, an 
alien known by the intelligence agency concerned to be a permanent 
resident alien, an unincorporated association substantially composed of 
United States citizens or permanent resident aliens, or a corporation 
incorporated in the United States, except for a corporation directed 
and controlled by a foreign government(s). 

[6] For more information, see GAO, High-Risk Series: An Update, GAO-07- 
310 (Washington, D.C.: January 2007), p.47, and GAO, Information 
Sharing: The Federal Government Needs to Establish Policies and 
Processes for Sharing Terrorism-Related and Sensitive but Unclassified 
Information, GAO-06-385 (Washington, D.C.: Mar. 17, 2006). 

[7] Independent Study Group, Civil Applications Committee Blue Ribbon 
Study (September 2005). 

[8] The report discussed the use of intelligence capabilities, which 
include the technical and analytic assets of intelligence agencies. For 
purposes of this report, we are focusing on the use of classified 
satellite information. 

[9] As directed by section 222 of the Homeland Security Act, the DHS 
Privacy Office is responsible for, among other things, ensuring that 
the department is in compliance with federal laws that govern the use 
of personal information by the federal government. Further, the E- 
Government Act of 2002 requires agencies to conduct PIAs before 
developing or procuring information technology that collects, 
maintains, or disseminates information in an identifiable form. The E- 
Government Act specifically exempts national security systems from its 
privacy provisions. However, DHS policy requires PIAs to be completed 
for intelligence programs but, consistent with the E-Government Act, 
does not make these PIAs public. 

[10] The responsibilities of the Civil Rights and Civil Liberties 
Office include overseeing DHS compliance with constitutional, 
statutory, regulatory, policy, and other requirements relating to the 
civil rights and civil liberties of individuals affected by the 
agency’s programs and activities. 

[11] Department of Homeland Security, National Applications Office 
Charter, pp. 13-14 (February 2008), National Applications Office 
Standard Operating Procedures Requirements Process for Electronic 
Intelligence, p. 1 (March 2008), National Applications Office Standard 
Operating Procedures Requirements Process for Measurement and Signature 
Intelligence, p. 7 (March 2008). 

[12] In addition, according to the charter, prior to the establishment 
of the law enforcement applications domain committee, the NAO will not 
accept any requests from state, local, tribal, and territorial law 
enforcement entities, even if the subject of such requests properly 
resides in the homeland security domain. 

[13] GAO, Standards for Internal Control in the Federal Government, 
GAO/AIMD-00-21.3.1 (Washington, D.C.: November 1999), p.11. 

[14] The notice states that “the HSOC database includes intelligence 
information and other information received from agencies and components 
of the Federal Government, foreign governments, organizations or 
entities, international organizations, state and local government 
agencies (including law enforcement agencies), and private sector 
entities, as well as information provided by individuals, regardless of 
the medium used to submit the information or the agency to which it was 
submitted. This system also contains: information regarding persons on 
watch lists with possible links to terrorism; the results of 
intelligence analysis and reporting; ongoing law enforcement 
investigative information, information systems security analysis and 
reporting; historical law enforcement information, operational and 
administrative records; financial information; and public-source data 
such as that contained in media reports and commercial databases as 
appropriate to identify and assess the nature and scope of terrorist 
threats to the homeland, detect and identify threats of terrorism 
against the United States, and understand such threats in light of 
actual and potential vulnerabilities of the homeland.” 

[15] Section 525 of the 2008 Omnibus Appropriations Act provides the 
following: 

None of the funds provided in this Act shall be available to commence 
operations of the National Applications Office.until the Secretary 
certifies that thi[s] program[ ] compli[es] with all existing laws, 
including all applicable privacy and civil liberties standards, and 
that certification is reviewed by the Government Accountability Office. 

The Classified Annex to the Act further provides: 

(U) Included in the bill is a provision that restricts obligation of 
any funds to commence operations of [the National Applications Office] 
until the Secretary of Homeland Security certifies that all statutory 
privacy and civil liberties requirements have been met, and submits 
Standard Operating Procedures for [the] program[] to the Committees on 
Appropriations. The bill also requires the Government Accountability 
Office to review the Secretary's certification. 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: