This is the accessible text file for GAO report number GAO-14-849R 
entitled 'Unmanned Aerial Systems: Department of Homeland Security's 
Review of U.S. Customs and Border Protection's Use and Compliance with 
Privacy and Civil Liberty Laws and Standards' which was released on 
September 30, 2014. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

GAO-14-849R: 

United States Government Accountability Office: 
GAO:
441 G St. N.W. 
Washington, DC 20548: 

September 30, 2014: 

The Honorable Mary Landrieu: 
Chairman: 
The Honorable Dan Coats: 
Ranking Member: 
Subcommittee on Homeland Security: 
Committee on Appropriations: 
United States Senate: 

The Honorable John Carter: 
Chairman: 
The Honorable David Price: 
Ranking Member: 
Subcommittee on Homeland Security: 
Committee on Appropriations: 
House of Representatives: 

Unmanned Aerial Systems: Department of Homeland Security's Review of 
U.S. Customs and Border Protection's Use and Compliance with Privacy 
and Civil Liberty Laws and Standards: 

This letter formally transmits briefing slides we provided your 
offices on August 28, 2014, in response to a mandate in the House 
Committee Report[Footnote 1] (113-91) accompanying the Department of 
Homeland Security (DHS) Appropriations Act, 2014. This mandate 
required us to review DHS's Privacy Office (Privacy Office) and Office 
of Civil Rights and Civil Liberties (CRCL) joint review (DHS's review) 
of U.S. Customs and Border Protection's (CBP) unmanned aerial systems 
(UAS) program. House Committee Report 113-91 accompanying the fiscal 
year 2014 DHS Appropriations Act mandated CRCL and the Privacy Office 
to conduct a review of CBP's efforts to ensure that CBP's UAS use (1) 
complies with existing law and applicable privacy and civil liberty 
standards and (2) is limited to operation along the border and coastal 
areas of the United States. CRCL and the Privacy Office completed 
their review and provided it to us on June 12, 2014. 

CBP, within DHS, is responsible for securing U.S. borders to prevent 
acts of terrorism and the unlawful movement of people, illegal drugs, 
and other contraband toward or across U.S. borders. Within CBP, the 
Office of Air and Marine (OAM) helps CBP fulfill its mission by 
providing aviation and marine assets--which include nine UAS--to 
support border security operations.[Footnote 2] The Privacy Office, 
within DHS, is responsible for embedding and enforcing privacy 
protections and transparency in DHS activities, and ensuring that 
privacy considerations are addressed when planning or updating any 
program, system, or initiative. CRCL, within DHS, helps to integrate 
civil rights and civil liberties into agency activities by providing 
policy advice and training, assessing the impact of DHS policies and 
activities, and engaging with the public to provide information on DHS 
policies and avenues of redress. The use of UAS has raised privacy 
concerns, including questions regarding the scope of CBP's authorities 
to collect and use aerial surveillance. 

House Committee Report 113-91 mandated us to review DHS's review of 
CBP's UAS program. This report examines the extent to which DHS's 
review of CBP's UAS addressed CBP efforts to (1) ensure compliance 
with existing privacy and civil liberty laws and standards and (2) 
ensure its UAS usage is limited to border and coastal areas of the 
United States. 

To address both objectives, we reviewed applicable privacy and civil 
liberty laws and standards and CBP authorities to use UAS; examined 
DHS's review, as well as CBP policies regarding use of UAS and UAS 
data; interviewed CBP officials responsible for managing UAS 
operations and analyzing UAS data; and interviewed CRCL and Privacy 
Office officials responsible for developing DHS's review on CBP's UAS 
use. To determine the extent to which DHS's review addressed CBP 
efforts to ensure compliance with privacy and civil liberty laws and 
standards, we also examined DHS's review to identify key procedures to 
protect privacy and civil liberties, and determined the extent to 
which CBP had institutionalized these procedures in written policies. 
To determine the extent to which DHS's review addressed CBP's efforts 
to ensure UAS usage is limited to border and coastal areas of the 
United States, we also reviewed Federal Aviation Administration (FAA) 
requirements, analyzed CBP reports on compliance with these FAA 
requirements, and analyzed UAS flight hours reports CBP submitted to 
FAA from fiscal year 2011 through April 30, 2014, covering the time 
period when all four of CBP's UAS centers became operational. To 
assess the reliability of UAS flight hour data, we reviewed guidance 
for reporting UAS flight hours, interviewed CBP officials about their 
policies and procedures related to tracking UAS flight hours, and 
compared monthly report data with data from other CBP flight hour 
reports. We found the data were sufficiently reliable for the purposes 
of reporting how CBP allocates its UAS flight hours. 

We conducted this performance audit from April 2014 to September 2014 
in accordance with generally accepted government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe 
that the evidence obtained provides a reasonable basis for our 
findings and conclusions based on our audit objectives. 

In summary, we found the following: 

* DHS reported that CBP has an oversight framework and procedures that 
help ensure compliance with privacy and civil liberty laws and 
standards. DHS's review contains information on CBP procedures on 
collecting, retaining, storing, and disseminating images from UAS, 
among others, to help ensure compliance with privacy and civil liberty 
laws and standards. DHS's review did not address the extent to which 
CBP had institutionalized these procedures in written policies. 
However, we found that CBP has taken steps to document these 
procedures and has issued or plans to issue policies to 
institutionalize the procedures that help protect privacy and civil 
liberties. 

* DHS's review reported that CBP operates UAS in accordance with its 
authorities, which do not limit use to border and coastal areas. The 
location of UAS operations is limited by FAA requirements and CBP 
policies and procedures. DHS's review did not address the extent to 
which CBP's use of UAS is within border and coastal areas. However, we 
found that over 80 percent of CBP's UAS flight hours were associated 
with airspace encompassing border and coastal areas of the United 
States. 

For additional information on the results of our work, please see the 
briefing slides provided in the enclosure. We are not making any 
recommendations in this report. 

Agency Comments: 

We provided a draft of this report to DHS for its review and comment. 
DHS provided technical comments on the briefing slides, which we 
incorporated as appropriate. 

We are sending copies of this report to the appropriate congressional 
committees and the Secretary of Homeland Security. This report is also 
available at no charge on the GAO website at [hyperlink, 
http://www.gao.gov]. Should you or your staff have questions 
concerning this report, please contact me at (202) 512-8777 or 
GamblerR@gao.gov. Contact points for our Offices of Congressional 
Relations and Public Affairs may be found on the last page of this 
report. Key contributors to this report were Kirk Kiester (Assistant 
Director), David Alexander, Frances Cook, Eric Hauswirth, Heather May, 
David Plocher, Carl Potenzieri, and Christopher Robinson. 

Signed by: 

Rebecca Gambler: 
Director, Homeland Security and Justice: 

Footnotes: 

[1] H. R. Rep. No. 113-91, at 11 (2013). 

[2] CBP refers to UAS as "unmanned aircraft systems." 

[End of section] 

Enclosure: 

Unmanned Aerial Systems: DHS's Review of U.S. Customs and Border 
Protection's Use and Compliance with Privacy and Civil Liberty Laws 
and Standards: 

Briefing for Staff of the Subcommittees on Homeland Security, U.S. 
Senate and House Committees on Appropriations: 

Contents: 

* Introduction: 
* Objectives: 
* Scope and Methodology: 
* Summary: 
* Background: 
* Findings: 
* GAO Contact: 

Introduction: 

U.S. Customs and Border Protection (CBP), within the Department of 
Homeland Security (DHS), is responsible for securing U.S. borders to 
prevent acts of terrorism and the unlawful movement of people, illegal 
drugs, and other contraband toward or across U.S. borders. 

Within CBP, the Office of Air and Marine (OAM) helps CBP fulfill its 
mission by providing aviation and marine assets-—which include nine 
unmanned aerial systems (UAS)[Footnote 1]—-to patrol the border. 

CBP also uses UAS in support of other federal, state, or local law 
enforcement activities and for emergency humanitarian efforts, such as 
flood and wildfire monitoring. 

The use of UAS has raised privacy concerns, including questions 
regarding the scope of CBP's authorities to collect and use aerial 
surveillance. 

The Office of Civil Rights and Civil Liberties (CRCL), within DHS, 
helps to integrate civil rights and civil liberties into agency 
activities by providing policy advice and training, assessing the 
impact of DHS policies and activities, and engaging with the public to 
provide information on DHS policies and avenues of redress. 

The Privacy Office, within DHS, is responsible for embedding and 
enforcing privacy protections and transparency in DHS activities, and 
ensuring that privacy considerations are addressed when planning or 
updating any program, system, or initiative. 

House Committee Report 113-91 accompanying the fiscal year 2014 DHS 
Appropriations Act mandated CRCL and the Privacy Office to conduct a 
review of CBP efforts to ensure that CBP's UAS use (1) complies with 
existing law and applicable privacy and civil liberty standards and 
(2) is limited to operation along the border and coastal areas. 
[Footnote 2] The report also mandated GAO evaluate the review. 

CRCL and the Privacy Office completed their review (referred to as 
DHS's review) and provided it to us on June 12, 2014. 

Objectives: 

House Committee Report 113-91 accompanying the fiscal year 2014 DHS 
Appropriations Act mandated that GAO submit a report evaluating CRCL 
and the Privacy Office's review.[Footnote 3] 

This briefing examines the extent to which DHS's review of CBP's UAS 
addressed CBP efforts to (1) ensure compliance with existing privacy 
and civil liberty laws and standards and (2) ensure its UAS usage is 
limited to border and coastal areas of the United States. 

Scope and Methodology: 

To address both objectives, we: 

* reviewed applicable privacy and civil liberty laws and standards and 
CBP authorities to use UAS, as noted later in the slides; 

* examined DHS's review, as well as CBP policies regarding use of UAS 
and UAS data; 

* interviewed CBP officials responsible for managing UAS operations 
and analyzing UAS data; and; 

* interviewed CRCL and Privacy Office officials responsible for 
developing DHS's review on CBP's UAS use. 

For the first objective, regarding the extent to which DHS's review 
addressed CBP efforts to ensure compliance with privacy and civil 
liberty laws and standards, we also: 

* examined DHS's review to identify key procedures to protect privacy 
and civil liberties, and; 

* determined the extent to which CBP had institutionalized these 
procedures in written policies. 

To address the second objective, regarding the extent to which CBP's 
UAS use is limited to border and coastal areas, we also: 

* reviewed Federal Aviation Administration (FAA) requirements for CBP'
s use of UAS in the National Airspace System;[Footnote 4] 

* analyzed CBP reports on compliance with these FAA requirements from 
fiscal year 2011 through April 2014, covering the time period when all 
four current CBP UAS centers were in operation; and; 

* analyzed UAS flight hour data from monthly reports CBP submitted to 
FAA from fiscal year 2011 through April 2014. 

To assess the reliability of UAS flight hour data, we reviewed 
guidance for reporting UAS flight hours, interviewed CBP officials 
about their policies and procedures related to tracking UAS flight 
hours, and compared monthly report data with data from other CBP 
flight hour reports. We found the data were sufficiently reliable for 
the purposes of reporting how CBP allocates its UAS flight hours. 

DHS provided technical comments for this briefing, which we have 
incorporated as appropriate. 

Summary: 

In its review, DHS reported that CBP has an oversight framework and 
procedures that help ensure compliance with privacy and civil liberty 
laws and standards. DHS's review contains information on CBP 
procedures on collecting, retaining, storing, and disseminating images 
from UAS, among others, to help ensure compliance with privacy and 
civil liberty laws and standards. DHS's review did not address the 
extent to which CBP had institutionalized these procedures in written 
policies. However, we found that CBP has taken steps to document these 
procedures and has issued or plans to issue policies to 
institutionalize the procedures that help protect privacy and civil 
liberties. 

DHS's review reported that CBP operates UAS in accordance with its 
authorities, which do not limit use to border and coastal areas.The 
location of UAS operations is limited by FAA requirements and CBP 
policies and procedures. DHS's review did not address the extent to 
which CBP's use of UAS is within border and coastal areas. However, we 
found that over 80 percent of CBP's UAS flight hours were associated 
with airspace encompassing border and coastal areas. 

Background: CBP's UAS program: 

OAM is responsible for administering CBP's UAS program. 

CBP operates nine UAS from four OAM National Air Security Operation 
Centers (NASOC): 

* Sierra Vista, AZ (3 aircraft); 
* Grand Forks, ND (3 aircraft); 
* Corpus Christi, TX (3 aircraft); 
* Jacksonville, FL (remotely operates aircraft launched from other 
NASOCs). 

CBP's UAS operations began in fiscal year 2006; all four NASOCs became 
operational starting in fiscal year 2011. 

Background: CBP's Operation of UAS in National Airspace: 

CBP operates UAS in accordance with FAA requirements for authorizing 
all UAS operations in national airspace. 

CBP must apply for a certificate of waiver or authorization (COA) from 
the FAA to operate UAS in national airspace. 

* Each COA defines airspace and location where UAS can operate. 

* COAs are valid for 2 years. 

* COAs are divided into four types: disaster, operational, transit, 
and training. 

* CBP is required to report to FAA monthly on the number of flight 
hours in each COA. 

CBP also operates UAS in restricted airspace in accordance with 
agreements with the Department of Defense (DOD). 

Background: UAS Operations: 

UAS are operated by OAM primarily to support other CBP components, 
such as the Office of Border Patrol, and federal, state, and local 
agencies, as shown in table 1. 

Federal, state, and local agencies make requests for OAM support. CBP'
s Office of Intelligence and Investigative Liaison (OIIL) is 
responsible for facilitating and reviewing requests for air support 
from outside agencies. 

Table 1: Unmanned Aerial System (UAS) Operations: 

Type of mission: Patrol; 
Purpose: Detect illegal entry of goods and people at and between 
points of entry; 
Examples of entities supported: Border Patrol; 
Type of certificate of waiver or authorization (COA): Operational. 

Type of mission: Investigative; 
Purpose: Provide aerial support for law enforcement activities and 
investigations; 
Examples of entities supported: Multiple agencies, such as 
U.S.Immigration and Customs Enforcement, Federal Bureau of 
Investigation, and multi-agency task forces; 
Type of certificate of waiver or authorization (COA): Operational. 

Type of mission: Disaster; 
Purpose: Provide aerial support for monitoring natural disasters such 
as wildfires and floods; 
Examples of entities supported: State, local, and federal agencies; 
Type of certificate of waiver or authorization (COA): Disaster and 
operational. 

Type of mission: Transit; 
Purpose: Move UAS between National Air Security Operations Centers; 
Examples of entities supported: Office of Air and Marine; 
Type of certificate of waiver or authorization (COA): Transit. 

Type of mission: Training; 
Purpose: Train UAS pilots; 
Examples of entities supported: Office of Air and Marine; 
Type of certificate of waiver or authorization (COA): Training. 

Source: GAO analysis of Department of Homeland Security information. 

[End of table] 

Background: UAS Sensors: 

CBP's UAS may be equipped with sensors, as shown in table 2. 

Table 2: Sensors Used by U.S. Customs and Border Protection on 
Unmanned Aerial Systems: 

Sensor: Electro-optical and infrared camera; 
Types of data collected: Full-motion video. 

Sensor: Vehicle and Dismount Exploitation Radar; 
Types of data collected: Radar images that show the movement of 
objects. 

Sensor: Synthetic-aperture radar; 
Types of data collected: Radar images that show terrain and structures 
and allow for analysis to detect change over time. 

Sensor: SeaVue radar; 
Types of data collected: Radar images of maritime vessels. 

Source: GAO analysis of Department of Homeland Security information. 

[End of table] 

Background: Privacy and Civil Liberty Laws and Standards: 

DHS's review identified the following privacy laws and standards as 
applicable to CBP's use of UAS: 

* the Privacy Act of 1974;[Footnote 5] 

* the E-Government Act of 2002;[Footnote 6] 

* the Homeland Security Act of 2002, as amended;[Footnote 7] 

* universally recognized Fair Information Practice Principles; 
[Footnote 8] and; 

* relevant DHS guidelines[Footnote 9] and policy memorandums.[Footnote 
10] 

DHS's review states that the E-Government Act and the Privacy Act do 
not apply to CBP's UAS because they are not information technology 
systems, they do not collect information in an identifiable form, and 
they are not systems of records in which information can be retrieved 
by personally identifiable information, such as a name. 

The review notes, however, that if CBP were to obtain personally 
identifiable information through the sensor on a UAS, that information 
would have to be treated in accordance with these standards. 

DHS's review also states that CBP and the DHS Privacy Office concurred 
that the use of sensors on aircraft—including unmanned aircraft 
systems—could erode privacy protections if not appropriately 
managed.As a result, they conducted a privacy impact assessment (PIA), 
issued in September 2013, of CBP's use of UAS in relation to the Fair 
Information Practice Principles.[Footnote 11] 

DHS's review does not specifically identify applicable civil liberty 
laws or standards; however, it does address whether CBP's use of UAS 
avoids capturing constitutionally protected activities, such as the 
First Amendment right to free assembly (demonstrations or protests), 
or results in an unreasonable search under the Fourth Amendment. 

CRCL officials stated that the constitutional rights to equal 
protection and due process are potentially applicable, which would 
prohibit using UAS to target a group based on race, ethnicity, or 
another constitutionally protected characteristic, and would require a 
redress process for individuals to correct or object to information 
collected using UAS. Redress is also addressed in the Fair Information 
Practices Principles. 

Objective 1: DHS Reported That CBP Has an Oversight Framework and 
Procedures That Help Ensure Compliance with Privacy and Civil Liberty 
Laws and Standards: 

DHS's review discusses the oversight framework provided by the DHS 
Privacy Office, CRCL, and a DHS UAS Working Group that helps to ensure 
CBP's use of UAS complies with privacy and civil liberty laws and 
standards. The oversight framework described in DHS's review includes 
the following: 

* The DHS Privacy Office, in coordination with the CBP Privacy 
Officer, is to ensure that DHS's operation of UAS is in compliance 
with the applicable privacy laws and standards through oversight 
processes, such as conducting a PIA. 

- In September 2013, the Privacy Office issued the PIA on Aircraft 
Systems, which examines the privacy impact of aircraft systems 
operations as it relates to the Fair Information Practice Principles. 
Privacy Office officials stated that CBP's use of UAS was consistent 
with the Fair Information Practice Principles. 

* CRCL is to investigate and resolve civil rights and civil liberties 
complaints filed by the public regarding DHS policies or activities. 
[Footnote 12] The Privacy Office also is to review and respond to 
privacy complaints. As of June 2014, DHS reports that no formal 
complaints regarding CBP's use of UAS had been received by CBP, CRCL, 
or the Privacy Office. 

DHS's review also states that DHS has established a UAS Working Group 
that is charged with: 

* establishing a forum to discuss privacy, civil rights, and civil 
liberties issues; 

* ensuring Privacy Office and CRCL guidance and policies are reflected 
in the concept of operations for UAS uses; 

* identifying potential privacy, civil rights, and civil liberties 
concerns with current or planned UAS uses; and; 

* promoting best practices for safeguarding privacy, civil rights, and 
civil liberties by DHS partners and grant recipients. 

DHS's review discusses CBP procedures that are designed to help ensure 
compliance with privacy and civil liberty laws and standards. These 
procedures include those related to: 

* collecting video and radar images; 

* minimizing retention of such images; 

* securing, storing, and dissemination of data; 

* training; and; 

* ensuring transparency. 

DHS's review identified the following CBP procedures that minimize the 
collection of video and radar images and avoid capture of 
constitutionally protected activities: 

* authorizing UAS to fly only within a designated mission area to help 
ensure UAS only capture images and information necessary for the 
authorized mission and; 

* operating UAS primarily at an altitude between 19,000 and 28,000 
feet, where the video images do not permit identification of 
individuals or license plates. 

The DHS review also reports that the cameras on the UAS do not have 
the capability to collect images from nonpublic areas, such as the 
interior of homes or businesses, or otherwise perform observations 
that would be considered a search under the Fourth Amendment of the 
Constitution. 

CBP procedures identified in DHS's review as helping to minimize the 
retention of video and radar images that are collected by UAS include: 

* overwriting the UAS video and radar images that are recorded on the 
digital video recorder at the NASOC about every 30 days and; 

* retaining UAS video and radar images at the Air and Marine 
Operations Center for a maximum of 5 years to use in analysis and 
intelligence products. 

The review states that if CBP associates UAS video with an individual 
as part of an investigation, the information becomes part of a case 
management system that is subject to the requirements of the Privacy 
Act, which include publishing a system of records notice in the 
Federal Register that is to describe the retention schedule, nature, 
purpose, maintenance, use, and sharing of the information. 

CBP procedures identified in DHS's review as helping to ensure data 
are properly secured, stored, and disseminated include: 

* encrypting the transmission of UAS video; 

* restricting access to real-time video to authorized users with a 
need to know; 

* restricting disclosure of analytical products that contain UAS-
obtained images to approved requesters and redacting law enforcement 
sensitive, personally identifying information, and other sensitive 
information prior to disclosure, unless the requester has a need to 
know; 

* maintaining a log to track the dissemination of all analytical 
products that contain UAS-obtained images; and; 

* handling UAS-obtained images that are to be used as evidence in 
accordance with rules of evidence, such as ensuring they are not co-
mingled with information from other investigations and maintaining an 
adequate chain of custody. 

Figure 1 on the following slide illustrates CBP UAS data collection 
and retention procedures. 

Figure 1: U.S. Customs and Border Protection (CBP) Unmanned Aerial 
System (UAS) Data Collection and Retention: 

[Refer to PDF for image: illustration with 4 photographs] 

Sensors on the UAS collect radar and video images: 
Synthetic Aperture Radar; 
Electro Optical/Infrared camera; 
Maritime Radar; 
Vehicle Dismount Exploitation Radar. 

The images are recorded on a digital video recorder (DVR) at the site 
from which the UAS launched. The DVR is to record over this 
information about every 30 days. 
If the video is associated with an individual as part of an 
investigation, it is maintained in a case management system that is 
subject to Privacy Act requirements, and retained according to the 
schedule listed in the systems of records notice published in the 
Federal Register. 

The images are also recorded at the Air and Marine Operations Center, 
where they are analyzed. The images are to be maintained for a maximum 
of 5 years. 
Analytical products with UAS data are distributed to approved 
requesters. Law enforcement sensitive, personally identifying 
information, and other sensitive analytical surveillance or 
reconnaissance related information is to be redacted prior to 
disclosure unless the requester has a need to know. Intelligence 
products are kept as long as they can be of use to CBP. 

Source: GAO analysis of Department of Homeland Security information, 
U.S. Customs and Border Protection (photographs). GAO-14-849R. 

[End of figure] 

CBP training procedures identified in DHS's review include: 

* requiring all CBP employees to complete annual privacy awareness, 
civil rights and civil liberties, ethics, and CBP Code of Conduct 
training and; 

* requiring OAM law enforcement officers to take additional training 
focused on privacy, civil rights, and civil liberties issues related 
to the collection, processing, and safeguarding of evidence. 

Procedures identified in DHS's review as helping to ensure 
transparency include: 

* making privacy documentation, such as the Privacy Impact Assessment, 
available on the Internet and; 

* releasing information to the public on the UAS program in response 
to Freedom of Information Act requests. 

Objective 1: DHS's Review Did Not Address the Extent to Which CBP Had 
Written Policies to Institutionalize the Procedures That Protect 
Privacy and Civil Liberties: 

DHS's review did not address the extent to which CBP had 
institutionalized the procedures reported as helping to protect 
privacy and civil liberties through written policies. 

We found that CBP has taken steps to document these procedures and has 
issued or plans to issue policies to institutionalize these 
procedures. Table 3 on the following slide shows the policies CBP has 
issued and the key procedures documented in each policy. 

Objective 1: CBP Has Taken Steps to Document Key Procedures That Help 
Protect Privacy and Civil Liberties: 

Table 3: U.S. Customs and Border Protection Unmanned Aerial Systems 
(UAS) Policies and Key Procedures: 

Policy: Office of Air and Marine (OAM), Unmanned Aircraft System 
Operations and Privacy, September 9, 2013; 
Key procedures documented: 
* Flight authorization requirements; 
* National Air Security Operations Center UAS video retention schedule; 
* Access restriction requirements for UAS video; 
* Requirement to follow previously established evidence-handling 
policies. 

Policy: OAM, Aviation Support Request for National Air Security Office 
Intelligence, Surveillance, and Reconnaissance (ISR) and Aviation 
Support, March 28, 2014; 
Key procedures documented: 
* Flight authorization requirements, including the process to submit, 
vet, prioritize, schedule, and archive requests to use UAS, among 
other air assets, to collect ISR. 

Policy: Office of Intelligence and Investigative Liaison (OIIL), 
Procedures for the Review and Dissemination of CBP Information 
Containing ISR Data, May 2013; 
Key procedures documented: 
* Requirement to restrict disclosure of analytical products with ISR 
to approved requesters with a need to know; 
* Requirement to redact sensitive information prior to disclosure 
unless the requester has a valid need to know; 
* Requirement to log disclosure requests. 

Policy: OIIL, Collection Operations Procedures and Collection 
Operations Managers, last updated July 18, 2012; 
Key procedures documented: 
* Flight authorization requirements, including the requirement for 
OIIL managers to review, verify, and validate all ISR requests for 
other agencies, including UAS aviation support requests. 

Source: GAO analysis of U.S. Customs and Border Protection information. 

[End of table] 

Although CBP has documented key procedures in those areas identified 
in table 3, CBP has not yet issued a written policy on retaining UAS 
data at the Air and Marine Operations Center that is used by OIIL for 
data analysis for a maximum of 5 years. An OIIL official noted that 
OIIL has been conducting analysis on UAS data since 2010, so it has 
not yet retained data for more than 5 years. 

According to OIIL officials, OIIL has developed a draft policy on 
retaining UAS data that it plans to have signed once an Assistant 
Commissioner for OIIL is in place. 

[End of Objective 1] 

Objective 2: DHS Reported That CBP Operates UAS in Accordance with Its 
Authorities, Which Do Not Limit Use Exclusively to Border and Coastal 
Areas: 

DHS's review stated that CBP's use of UAS is not limited to areas 
along the border, as CBP's authorities allow the agency to use UAS in 
other areas. 

According to DHS's review, CBP operates UAS in accordance with federal 
law, which includes a broad mandate to determine the admissibility of 
persons and ensure that goods are not introduced into the United 
States contrary to law, as well as appropriations language authorizing 
support for federal, state, and local law enforcement operations. 

* DHS's review cited laws governing immigration and customs 
enforcement, including inspection and arrest of aliens attempting to 
enter or present in the United States illegally, and search and 
seizure of items subject to duty or imported or exported contrary to 
law.[Footnote 13] 

* DHS's review also cited the Consolidated Appropriations Act, 2014, 
which provides funding for air and marine operations, including “the 
interdiction of narcotics and other goods; the provision of support to 
Federal, State, and local agencies in the enforcement or 
administration of laws enforced by the Department of Homeland 
Security; and, at the discretion of the Secretary of Homeland 
Security, the provision of assistance to Federal, State, and local 
agencies in other law enforcement and emergency humanitarian efforts.” 
[Footnote 14] 

According to DHS's review, CBP's mission is focused on border 
security, but its use of UAS is not limited by law exclusively to 
border and coastal areas. 

CBP's OAM has authority under its fiscal year 2014 appropriation to 
support federal, state, and local agencies in enforcing homeland 
security laws, and the Secretary of Homeland Security has the 
discretion to authorize OAM to assist law enforcement and emergency 
humanitarian efforts. 

DHS's review provides examples of CBP's use of UAS in support of its 
border security mission, such as collecting video and other images to 
assist in enforcement of laws pertaining to drug and alien smuggling, 
and in support of other agencies, such as providing video or radar 
images of flooding in disaster situations. 

Objective 2: Location of UAS Operations Is Limited by COAs and CBP 
Policies and Procedures: 

According to DHS's review, CBP's UAS operations are limited 
geographically via COAs. 

* DHS's review stated that COAs for CBP's use of UAS defines airspace 
and establishes operational corridors for unmanned aircraft. 
Specifically, the review cited the following operational corridors: 

- northern border: along and within 100 miles of border and; 
- southern border: along and within 25 to 60 miles of border 

CBP operates UAS in airspace outside existing COAs by working with FAA 
to create a new COA or by requesting an addendum to an existing COA. 

* Specifically, CBP worked with FAA to construct new COAs defining 
airspace where CBP can operate for natural disaster missions. 

* According to CBP officials, addendums to existing COAs were 
requested in order to meet operational needs or during emergency 
situations. 

- Addendums approved by FAA for CBP's UAS operations are temporary and 
limited to a specific time period. 
- We reviewed all COA addendums CBP received from fiscal year 2011 
through April 2014 and found that CBP received nine addendums 
expanding existing COA-designated airspace. 

According to DHS's review, CBP conducts UAS operations at altitudes 
between 19,000 and 28,000 feet pursuant to COAs approved by FAA, 
which, as previously discussed, limits the detail of images collected. 

( Our analysis of operational, transit, and disaster COAs confirmed 
UAS operations were authorized at altitudes of operation between 
19,000 and 28,000 feet. 

* In addition, CBP officials told us UAS training missions occur from 
ground level to 2,500 feet, limited to the immediate area around the 
airport where the NASOC is located. 

* Our analysis of training COAs confirmed UAS training operations were 
authorized at altitudes of operation between ground level and 2,500 
feet around the relevant NASOC. 

According to CBP officials, UAS flights outside COA-designated or 
restricted airspace without FAA approval are typically in response to 
emergency situations. 

* For example, immediate emergency situations include those caused by 
equipment malfunction or weather. 

* CBP must submit an incident report to FAA for each instance it flies 
outside COA-designated or restricted airspace without permission. 

* We reviewed incident reports submitted by CBP from fiscal year 2011 
through April 2014 and found that CBP reported deviations from COA-
designated and restricted airspace eight times for reasons such as 
pilot error, equipment malfunctions, and weather. 

According to DHS's review, CBP's UAS operations are limited internally 
by CBP's own policies and procedures. 

* DHS's review stated that UAS are assigned to missions in accordance 
with CBP's nationwide policy regarding the tasking of CBP air assets. 

OAM policies call for all requests for UAS support to be reviewed and 
approved by OAM. 

* Requests for UAS support are tiered and prioritized against 
resources. 

* Tier levels and examples include: 
- Tier I nationally directed: international disaster response; 
- Tier II CBP directed: operations to support Border Patrol; and; 
- Tier III local operations: support for local law enforcement 
agencies. 

Objective 2: DHS's Review Did Not Address the Extent to Which CBP's 
Use of UAS Is in Border and Coastal Areas: 

DHS's review did not provide information on the extent to which CBP's 
use of UAS is in border and coastal areas of the United States. 

As shown in figure 2, we found that over 80 percent of UAS flight 
hours from fiscal year 2011 through April 2014 were in border and 
coastal areas. 

Objective 2: Over 80 Percent of CBP UAS Flight Hours Were Associated 
with Airspace Encompassing Border and Coastal Areas: 

Figure 2: U.S. Customs and Border Protection's (CBP) Unmanned Aerial 
System (UAS) Flight Hours in Operational Certificates of Waiver or 
Authorization (COA) Airspace Encompassing Border and Coastal Areas, 
Fiscal Year 2011 through April 2014: 

[Refer to PDF for image: illustrated U.S. map] 

Northern border: 3,184 flight hours: 18%. 

Southwest border: 10,396 flight hours: 57%. 

Southeast border: 1,189 flight hours: 7%. 

Nonoperational COAs: 1,594 flight hours: 9%. 

Other airspace: 1,726 flight hours: 9%. 

Total flight hours: 18,089. 

Source: GAO analysis of U.S.Customs and Border Protection data. GAO-14-
849R. 

Note: Operational COAs were associated with the southwest, southeast, 
and northern borders. Airspace locations shown above are approximate 
and reflect COA-designated operational airspace active as of April 30, 
2014. Nonoperational COAs include training, transit, and disaster 
COAs. See table 4 for additional information on nonoperational COA 
flight hours. Other airspace includes UAS operations in restricted and 
foreign airspace. 

[End of figure] 

Objective 2: UAS Flight Hours in Nonoperational COAs Were Limited: 

As shown in table 4, the proportion of flight hours CBP's UAS flew in 
airspace designated in nonoperational COAs, which include training, 
transit, and disaster COAs, was relatively low. 

Table 4: U.S. Customs and Border Protection (CBP) Unmanned Aerial 
System (UAS) Flight Hours in Nonoperational Certificate of Waiver or 
Authorization (COA)-Designated Airspace, Fiscal Year 2011 through 
April 2014: 

Type of COA: Training; 
UAS flight hours: 1,377; 
Percentage of total flight hours: 7.6%. 

Type of COA: Transit; 
UAS flight hours: 40; 
Percentage of total flight hours: 0.2%. 

Type of COA: Disaster; 
UAS flight hours: 178; 
Percentage of total flight hours: 1.0%. 

Type of COA: Total nonoperational COA flight hours; 
UAS flight hours: 1,594[A]; 
Percentage of total flight hours: 9%. 

Type of COA: Total UAS flight hours; 
UAS flight hours: 18,089; 
Percentage of total flight hours: 100%[B]. 

Source: GAO analysis of CBP data. 

[A] Numbers do not add because of rounding. 

[B] Eighty-two and 9 percent of UAS flight hours were associated with 
operational COAs and other airspace, respectively (see figure 2). 

[End of table] 

[End of Objective 2] 

GAO Contact: 

Should you or your staff have questions concerning this report, please 
contact: 

Rebecca Gambler: 
Director, Homeland Security and Justice: 
202-512-8777: 
GamblerR@gao.gov. 

GAO on the Web: 

Web site: http://www.gao.gov/]: 

Congressional Relations: 

Katherine Siggerud, Managing Director, siggerudk@gao.gov: 
(202) 512-4400, U.S. Government Accountability Office: 
441 G Street, NW, Room 7125, Washington, DC 20548: 

Public Affairs: 
Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800, U.S. Government Accountability Office: 
441 G Street, NW, Room 7149, Washington, DC 20548: 

Copyright: 
This is a work of the U.S. government and is not subject to copyright 
protection in the United States. The published product may be 
reproduced and distributed in its entirety without further permission 
from GAO. However, because this work may contain copyrighted images or 
other material, permission from the copyright holder may be necessary 
if you wish to reproduce this material separately. 

Briefing Slides Footnotes: 

[1] CBP uses the term “unmanned aircraft systems” for these assets. A 
UAS is composed of a remotely piloted aircraft, a ground control 
station, a digital network, and other ground support equipment and 
personnel required to operate and maintain the system 

[2] H. R. Rep. No. 113-91, at 11 (2013). 

[3] H.R. Rep. No 113-91, at 11 (2013). 

[4] See Federal Aviation Administration, Interim Operational Approval 
Guidance 08-01: Unmanned Aircraft Systems Operations in the U.S. 
National Airspace System (March 13, 2008). The National Airspace 
System is the network of United States airspace that includes the 
interconnected and interdependent network of systems, procedures, 
facilities, aircraft, and people. 

[5] 5 U.S.C. §552a. See also Privacy Policy Guidance Memorandum 2007-
01 (as amended January 12, 2007) (requiring DHS components to handle 
non-U.S. person data held in mixed systems, which contain data on U.S. 
persons and non-U.S. persons, in accordance with the Fair Information 
Practice Principles and administrative protections as set forth in the 
Privacy Act). 

[6] Pub. L. No. 107-347, 116 Stat. 2899. See 44 U.S.C. §§3501 note, 
3541-3549. 

[7] 6 U.S.C. §142. 

[8] DHS, Privacy Policy Guidance Memorandum 2008-1 (Washington, D.C.: 
December 29. 2008). The DHS Privacy Office developed the Fair 
Information Practice Principles from the underlying concepts of the 
Privacy Act to account for the nature and purpose of the information 
being collected in relation to DHS's mission to preserve, protect, and 
secure. The Fair Information Practice Principles are transparency, 
individual participation, purpose specification, data minimization, 
use limitation, data quality and integrity, security, and 
accountability and auditing. 

[9] DHS, Privacy Policy and Compliance, Directive 047-01 (July 7, 
2011), and Privacy and Compliance, Instruction 047-01-001 (July 25, 
2011). 

[10] DHS, Privacy Policy Guidance Memorandum 2008-02 (Washington, 
D.C.: Dec. 30, 2008); and Privacy Policy Guidance Memorandum 2007-01 
(as amended January 12, 2007) (Washington, D.C.: January 7, 2009). 

[11] DHS, Privacy Impact Assessment for the Aircraft Systems, 
DHS/CBP/PIA-019 (Washington, D.C.: September 9, 2013). 

[12] Complaints may be initiated by members of the public, federal 
agencies or agency personnel, nongovernmental organizations, media 
reports, and other sources through submissions to CRCL via mail, e-
mail, fax, or telephone. 

[13] 8 USC §§1225, 1357;19 U.S.C. §§482, 507, 1461, 1496, 1581, 1582, 
1595a(d). 

[14] Pub. L. No. 113-76, 128 Stat. 5, 249-30. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the 
performance and accountability of the federal government for the 
American people. GAO examines the use of public funds; evaluates 
federal programs and policies; and provides analyses, recommendations, 
and other assistance to help Congress make informed oversight, policy, 
and funding decisions. GAO's commitment to good government is 
reflected in its core values of accountability, integrity, and 
reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's website [hyperlink, http://www.gao.gov]. Each 
weekday afternoon, GAO posts on its website newly released reports, 
testimony, and correspondence. To have GAO e-mail you a list of newly 
posted products, go to [hyperlink, http://www.gao.gov] and select 
"E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO's actual cost of 
production and distribution and depends on the number of pages in the 
publication and whether the publication is printed in color or black 
and white. Pricing and ordering information is posted on GAO's 
website, [hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or 
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card, 
MasterCard, Visa, check, or money order. Call for additional 
information. 

Connect with GAO: 

Connect with GAO on facebook, flickr, twitter, and YouTube.
Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts.
Visit GAO on the web at [hyperlink, http://www.gao.gov]. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; 
E-mail: fraudnet@gao.gov; 
Automated answering system: (800) 424-5454 or (202) 512-7470. 

Congressional Relations: 

Katherine Siggerud, Managing Director, siggerudk@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548. 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548. 

[End of document]