Skip to main content

National Applications Office Certification Review

GAO-09-105R Published: Nov 06, 2008. Publicly Released: Nov 06, 2008.
Jump To:
Skip to Highlights

Highlights

Since the 1960s, classified satellite information collected by intelligence agencies has been used, from time to time, by federal civilian agencies and other non-intelligence entities for civil, scientific, and environmental purposes (such as mapping, disaster relief, and environmental research). These uses have historically been coordinated by the Civil Applications Committee (CAC) led by the U.S. Geological Survey, a component of the Department of the Interior. Following the events of September 11, 2001, attention has turned to information sharing as a key element in developing comprehensive and practical approaches to defending against potential terrorist attacks. Having information on threats, vulnerabilities, and incidents can help an agency better understand the risks and determine what preventive measures should be implemented. The ability to share such terrorism-related information can also unify the efforts of federal, state, and local government agencies, as well as the private sector in preventing or minimizing terrorist attacks. Exchanging terrorism-related information continues to be a significant challenge for federal, state, and local governments--one that we recognize is not easily addressed. Accordingly, since January 2005, we have designated information sharing for homeland security a high-risk area. Citing a growing need to use classified satellite information for civil or domestic purposes, in 2005, an independent study group reviewed the future role of the CAC and concluded that although the civil domestic users were well supported through the CAC, homeland security and law enforcement users lacked a coherent, organized, and focused process to access classified satellite information. In 2007, the Office of the Director of National Intelligence designated the Department of Homeland Security (DHS) as the executive agency and home of a newly created National Applications Office (NAO), whose mission would be to process requests for classified satellite information from, among others, nontraditional users of intelligence for civil, homeland security, and law enforcement purposes. DHS established a process whereby potential requesters for classified satellite information annually submit memorandums generally describing the information they plan to ask for, followed by a more detailed review of each actual request to ensure legal compliance. The Consolidated Appropriations Act, 2008, prohibited funds from being made available to commence operations of the NAO until the Secretary of Homeland Security certified that the program complies with all existing laws, including all applicable privacy and civil liberties standards, and that certification was reviewed by GAO. On April 9, 2008, in a letter to Members of Congress, the Secretary of the Department of Homeland Security certified that the NAO complies with all existing laws, including all applicable privacy and civil liberties standards. The Secretary also provided a charter for the office, privacy and civil liberties impact assessments, and NAO standard operating procedures. Our objectives were to determine the extent to which DHS justified its certification that the NAO complies with (1) all applicable laws, (2) privacy standards, and (3) civil liberties standards.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Homeland Security To ensure that the NAO is in compliance with applicable laws, including privacy and civil liberties standards, the Secretary of Homeland Security should more fully justify the department's certification and given that the NAO is to operate before law enforcement issues are resolved and operations are recertified by establishing clear definitions for law enforcement and homeland security requests to better ensure that law enforcement requests will not be accepted until legal and policy issues are resolved.
Closed – Implemented
Following GAO's recommendation that the Secretary of Homeland Security more fully justify the department's certification of the National Applications Office (NAO), in February 2009, the Secretary began a review of the program in coordination with law enforcement, emergency management and intelligence entities. On June 23, 2009, the Secretary of DHS announced the decision to terminate the NAO program. The Secretary stated that this action would allow DHS to focus its efforts on more effective information sharing programs that better meet the needs of law enforcement, protect the civil liberties and privacy of Americans, and make the country more secure.
Department of Homeland Security To ensure that the NAO is in compliance with applicable laws, including privacy and civil liberties standards, the Secretary of Homeland Security should more fully justify the department's certification by directing the NAO to address remaining issues about its processes and procedures, including (1) defining procedures for developing and approving annual memorandums for all categories of classified satellite information, (2) establishing procedures for monitoring the legal review process to ensure it is achieving its objectives, (3) ensuring that specific privacy controls outlined in the revised privacy assessment are clearly established in NAO standard operating procedures, and (4) establishing specific procedures to fully address issues raised within the civil liberties impact assessment: the potential for improper use or retention of information provided by the NAO and the potential for impermissible requests to be accepted as a result of a reliance on broad annual memorandums as justifications.
Closed – Implemented
Following GAO's recommendation that the Secretary of Homeland Security more fully justify the department's certification of the National Applications Office (NAO), in February 2009, the Secretary began a review of the program in coordination with law enforcement, emergency management and intelligence entities. On June 23, 2009, the Secretary of DHS announced the decision to terminate the NAO program. The Secretary stated that this action would allow DHS to focus its efforts on more effective information sharing programs that better meet the needs of law enforcement, protect the civil liberties and privacy of Americans, and make the country more secure.

Full Report

GAO Contacts

Gregory C. Wilshusen
Director
Information Technology and Cybersecurity

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Public Inquiries

Topics

Civil libertiesClassified defense informationClassified informationConfidential communicationsConfidential informationDomestic intelligenceFederal intelligence agenciesGovernment informationGovernment information disseminationHomeland securityInformation accessInformation classificationInformation disclosureInformation leakingInformation managementInformation securityInformation security managementInformation security regulationsInternal controlsMission critical informationPrivacy lawRight of privacyRisk assessmentRisk managementSecurity threatsStandardsTerrorismInformation sharing