Skip to main content

Homeland Security: Office of Intelligence and Analysis Should Improve Privacy Oversight and Assessment of Its Effectiveness

GAO-23-105475 Published: Aug 28, 2023. Publicly Released: Sep 12, 2023.
Jump To:

Fast Facts

The DHS Office of Intelligence and Analysis collects and shares homeland security data with its partners in law enforcement, the intelligence community, and the private sector. While doing so, it's important to protect U.S. citizens and residents' rights and privacy.

But the office hasn't done some required audits that would ensure that its personnel are following policies to protect these rights. For example, auditing the information systems that contain sensitive data would tell the office whether the personnel who accessed them had the appropriate clearance and permissions.

Our recommendations address this and other issues we found.

An exterior Department of Homeland Security sign.

Skip to Highlights

Highlights

What GAO Found

GAO found that the Department of Homeland Security (DHS) Office of Intelligence and Analysis collected input from its mission centers and partners to prioritize threats and guide intelligence production during fiscal years 2019 to 2022. Specifically, the office (1) integrated Intelligence Community priorities into a single framework; (2) coordinated with DHS intelligence components to prioritize threats identified in that framework; and (3) solicited input from state, local, and other partners to refine priorities and inform product development.

GAO also found that the Office of Intelligence and Analysis is not fully implementing activities intended to monitor whether personnel are following its policies to protect the privacy, civil rights, and civil liberties of U.S. persons, including U.S. citizens and lawful permanent residents. For example, the office has not conducted two required monitoring activities: audits of information systems and audits of bulk data.

Audits Required by the Intelligence Oversight Guidelines

HLP_5 v3 - 105475 
aBulk data are large quantities of data acquired without the use of discriminants (e.g., specific identifiers or search terms), most of which does not have intelligence value.

The office has not identified who is responsible for conducting these audits. By doing so, and by ensuring that relevant staff conduct these audits, the office will be better positioned to address any failures to protect privacy, civil rights, and civil liberties within its information systems and bulk data transfers.

The Office of Intelligence and Analysis tracks 13 performance measures, but it lacks information about its effectiveness because the performance measures do not clearly align with its strategic goals. For example, the office does not have a performance measure relating to its strategic goal of protecting privacy and civil liberties or of promoting technological innovation. Developing performance measures that clearly align with its strategic goals would give leadership information about the office's overall effectiveness.

In addition, officials said the office intends to use data from questionnaires attached to its intelligence products to better understand its customer interests. However, the office has not assessed whether these data are fulfilling its intent. By conducting such an assessment, the office may be better positioned to produce intelligence that aligns with the interests and needs of its customers.

Why GAO Did This Study

The DHS Office of Intelligence and Analysis provides information to DHS components and other partners to identify and mitigate threats to homeland security. Because such reporting can involve information about U.S. persons, the office issued Intelligence Oversight Guidelines that identify safeguards to protect privacy, civil rights, and civil liberties.

GAO was asked to review how the office sets priorities; protects privacy, civil rights, and civil liberties; and assesses its effectiveness. This report examines (1) how the office prioritizes threats, (2) the extent to which it monitors implementation of its Intelligence Oversight Guidelines, and (3) the extent to which it assesses its effectiveness.

GAO assessed the office's monitoring activities against its guidelines, reviewed performance information, and interviewed officials and a nongeneralizable selection of partners. This included eight DHS intelligence components, seven state and local agencies, and three private-sector partners, selected on the basis of geographic location and other factors.

Recommendations

GAO is making nine recommendations, including that the Office of Intelligence and Analysis (1) identify who is responsible for conducting audits of information systems and bulk data and ensure these audits are conducted, (2) develop performance measures that clearly align with strategic goals, and (3) assess the extent to which customer feedback data improve its understanding of customers' interests. The Department of Homeland Security agreed with our recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Office of Intelligence and Analysis The Under Secretary for Intelligence and Analysis should ensure that I&A's intelligence oversight branch documents the reviews it conducts to verify I&A personnel's compliance with I&A's guidelines for protecting privacy, civil rights, and civil liberties. (Recommendation 1)
Open
The agency concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the I&A has taken in response to this recommendation, we will provide updated information.
Office of Intelligence and Analysis The Under Secretary for Intelligence and Analysis should establish a goal for the number of compliance reviews that I&A's intelligence oversight branch is to conduct during a given period to verify personnel's compliance with I&A's guidelines for protecting privacy, civil rights, and civil liberties. (Recommendation 2)
Open
The agency concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the I&A has taken in response to this recommendation, we will provide updated information.
Office of Intelligence and Analysis The Under Secretary for Intelligence and Analysis should assess the intelligence oversight branch's performance against its goal for compliance reviews, including identifying any factors preventing it from meeting this goal and any needed corrective actions. (Recommendation 3)
Open
The agency concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the I&A has taken in response to this recommendation, we will provide updated information.
Office of Intelligence and Analysis The Under Secretary for Intelligence and Analysis should establish time frames for completing I&A's standard operating procedure for conducting preliminary inquiries and should finalize this procedure according to these time frames. (Recommendation 4)
Open
The agency concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the I&A has taken in response to this recommendation, we will provide updated information.
Office of Intelligence and Analysis The Under Secretary for Intelligence and Analysis should identify who is responsible for conducting the audits of information systems and bulk data described in I&A's Intelligence Oversight Guidelines, and to whom the results of these audits should be reported. (Recommendation 5)
Open
The agency concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the I&A has taken in response to this recommendation, we will provide updated information.
Office of Intelligence and Analysis The Under Secretary for Intelligence and Analysis should ensure that the responsible entities conduct audits of information systems and bulk data, as described in I&A's Intelligence Oversight Guidelines. (Recommendation 6)
Open
The agency concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the I&A has taken in response to this recommendation, we will provide updated information.
Office of Intelligence and Analysis The Under Secretary for Intelligence and Analysis should develop performance measures for I&A that clearly align with and assess progress toward its strategic goals. (Recommendation 7)
Open
The agency concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the I&A has taken in response to this recommendation, we will provide updated information.
Office of Intelligence and Analysis The Under Secretary for Intelligence and Analysis should develop and implement a process to submit the statutorily required annual report related to customer feedback on intelligence products to relevant congressional committees. (Recommendation 8)
Open
The agency concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the I&A has taken in response to this recommendation, we will provide updated information.
Office of Intelligence and Analysis The Under Secretary for Intelligence and Analysis should assess the extent to which customer feedback data meet its need to understand its customers' interests and, if necessary, take steps to collect more appropriate data. (Recommendation 9)
Open
The agency concurred with this recommendation and said it would take steps to implement it. When we confirm what actions the I&A has taken in response to this recommendation, we will provide updated information.

Full Report

Office of Public Affairs

Topics

Compliance oversightHomeland securityInformation systemsIntelligence communityInternal controlsPerformance measurementPrivacyPrivacy protectionPrivate sectorStrategic goals