Homeland Security: Office of Intelligence and Analysis Should Improve Privacy Oversight and Assessment of Its Effectiveness

What GAO Found

GAO found that the Department of Homeland Security (DHS) Office of Intelligence and Analysis collected input from its mission centers and partners to prioritize threats and guide intelligence production during fiscal years 2019 to 2022. Specifically, the office (1) integrated Intelligence Community priorities into a single framework; (2) coordinated with DHS intelligence components to prioritize threats identified in that framework; and (3) solicited input from state, local, and other partners to refine priorities and inform product development.

GAO also found that the Office of Intelligence and Analysis is not fully implementing activities intended to monitor whether personnel are following its policies to protect the privacy, civil rights, and civil liberties of U.S. persons, including U.S. citizens and lawful permanent residents. For example, the office has not conducted two required monitoring activities: audits of information systems and audits of bulk data.

Audits Required by the Intelligence Oversight Guidelines

 
^aBulk data are large quantities of data acquired without the use of discriminants (e.g., specific identifiers or search terms), most of which does not have intelligence value.

The office has not identified who is responsible for conducting these audits. By doing so, and by ensuring that relevant staff conduct these audits, the office will be better positioned to address any failures to protect privacy, civil rights, and civil liberties within its information systems and bulk data transfers.

The Office of Intelligence and Analysis tracks 13 performance measures, but it lacks information about its effectiveness because the performance measures do not clearly align with its strategic goals. For example, the office does not have a performance measure relating to its strategic goal of protecting privacy and civil liberties or of promoting technological innovation. Developing performance measures that clearly align with its strategic goals would give leadership information about the office's overall effectiveness.

In addition, officials said the office intends to use data from questionnaires attached to its intelligence products to better understand its customer interests. However, the office has not assessed whether these data are fulfilling its intent. By conducting such an assessment, the office may be better positioned to produce intelligence that aligns with the interests and needs of its customers.

Why GAO Did This Study

The DHS Office of Intelligence and Analysis provides information to DHS components and other partners to identify and mitigate threats to homeland security. Because such reporting can involve information about U.S. persons, the office issued Intelligence Oversight Guidelines that identify safeguards to protect privacy, civil rights, and civil liberties.

GAO was asked to review how the office sets priorities; protects privacy, civil rights, and civil liberties; and assesses its effectiveness. This report examines (1) how the office prioritizes threats, (2) the extent to which it monitors implementation of its Intelligence Oversight Guidelines, and (3) the extent to which it assesses its effectiveness.

GAO assessed the office's monitoring activities against its guidelines, reviewed performance information, and interviewed officials and a nongeneralizable selection of partners. This included eight DHS intelligence components, seven state and local agencies, and three private-sector partners, selected on the basis of geographic location and other factors.