DHS Faces Allegations of Retaliation and Systematic Secrecy Over Border Surveillance Records

The US Department of Homeland Security (DHS) has reportedly removed several high-ranking career officials within Customs and Border Protection (CBP) following their internal opposition to a new policy designed to shield surveillance technology records from public view. These removals, which occurred throughout the early months of 2024, highlight an escalating conflict between political leadership and career privacy experts over the interpretation of federal transparency laws and the disclosure of sensitive biometric data collection programs.

According to internal documents and accounts from sources familiar with the matter, the reassignments targeted officials who objected to orders to mislabel routine privacy assessments as "drafts." This designation was intended to prevent their release under the Freedom of Information Act (FOIA), a move that legal experts and whistleblowers describe as a departure from established administrative norms and a potential violation of federal record-keeping statutes.

The Infrastructure of Privacy Oversight

To understand the gravity of these reassignments, it is necessary to examine the role of the Privacy Threshold Analysis (PTA). Within the DHS framework, a PTA serves as the foundational document for any new or modified system that collects personally identifiable information (PII). It functions as a mandatory questionnaire, detailing how a technology operates, what data it harvests, and whether a more comprehensive Privacy Impact Assessment (PIA) is required by law.

Historically, PTAs have been treated as standard agency records. While they may contain sensitive information that is redacted before public release, the documents themselves provide the public with a crucial window into the government’s surveillance capabilities. Between early 2023 and September 2023, the DHS website published dozens of these analyses, maintaining a level of transparency regarding the deployment of new digital tools. However, this practice ceased abruptly in late 2023, coinciding with the emergence of internal directives to categorize these completed forms as "pre-decisional" and "deliberative."

A Timeline of Administrative Conflict

The current friction within the DHS can be traced back to the fall of 2023, following the public disclosure of a previously unknown surveillance application.

In late 2023, a redacted PTA was lawfully released by a CBP FOIA officer. This document provided the first formal confirmation of "Mobile Fortify," a facial recognition and biometric capture application used by border and immigration officials. The revelation sparked significant concern among privacy advocates and triggered what sources describe as a "backlash" from DHS political leadership.

On December 3, 2023, the DHS Privacy Office, led by Chief Privacy Officer Roman Jankowski, announced a "major change" in policy. Internal emails indicate that all future PTAs were required to carry a specific disclaimer. The disclaimer labeled the documents as "drafts" that are "pre-decisional, deliberative, and designated For Official Use Only." Furthermore, the text claimed the documents were subject to attorney-client privilege and could not be shared outside authorized channels without prior approval from the DHS Privacy Office.

By January 2024, the administrative fallout began. Two of the top officials responsible for ensuring CBP technologies complied with federal privacy laws were reassigned. These individuals included CBP’s top privacy officer and one of the agency’s two privacy branch chiefs. The wave of removals continued into the spring; in April 2024, the director of CBP’s FOIA office was also removed from their position.

The Catalyst: Mobile Fortify and Clearview AI

The "Mobile Fortify" leak serves as the primary case study for why the DHS sought increased secrecy. The released PTA revealed that the app was designed to capture facial images and fingerprints without the explicit consent of the subjects. More significantly, the document acknowledged that the technology would inevitably capture the data of US citizens and lawful permanent residents. Perhaps most controversially, the analysis noted that every image captured—regardless of whether it resulted in a biometric match—would be stored in government databases for up to 15 years.

Internal records suggest that the DHS’s new secrecy policy has already been used to suppress information about other controversial tools. In early 2024, CBP’s FOIA division reportedly prepared to release a PTA concerning the use of Clearview AI, a facial recognition tool that relies on a massive database of images scraped from social media and the open web. However, DHS leadership stepped in to block the release, citing the new "draft" designation.

Legal and Ethical Implications of the "Draft" Designation

The core of the internal dispute lies in the legal definition of a "draft." Career officials who were removed from their posts argued that a completed, signed compliance form cannot logically be considered a draft. Under FOIA, Exemption 5 allows agencies to withhold "inter-agency or intra-agency memorandums or letters that would not be available by law to a party other than an agency in litigation with the agency." This is often referred to as the "deliberative process privilege," intended to protect the internal decision-making process of an agency.

However, legal experts argue that PTAs are factual descriptions of existing or proposed systems, not advisory opinions or recommendations. Ginger Quintero-McCall, an attorney at the Free Information Group and former supervisory information law attorney at FEMA, characterized the policy change as illegal. She noted that nothing in the FOIA statute allows an agency to categorically withhold Privacy Threshold Analyses by simply labeling them as drafts.

The shift in policy also appears to contradict the practices of other federal agencies. For example, the FBI has historically acknowledged that PTAs are ordinary records. In a 2015 legal challenge, the FBI released nearly 50 such documents, only withholding specific pages that were proven to be genuine, unsigned drafts.

Official Responses and Contradictory Evidence

In response to inquiries regarding these policy changes, a DHS spokesperson issued a firm denial, stating that any allegation that the department adopted a policy making PTAs exempt from FOIA is "FALSE." The spokesperson maintained that these forms are subject to the same review process as any other agency record when requested by the public.

However, internal communications obtained by investigators tell a different story. In an email dated February 20, 2024, Catrina Pavlik-Keenan, the department’s deputy FOIA chief, wrote to top privacy officials stating explicitly that "PTAs are NOT supposed to be released at all." This internal directive suggests a blanket prohibition on disclosure that stands in stark contrast to the department’s public-facing statements.

The reassignment of career staff who questioned this directive has raised alarms about the erosion of the "civil service" barrier intended to protect non-partisan experts from political pressure. Career privacy officers are tasked with ensuring that the government does not overstep its legal authority regarding data collection; their removal suggests a systemic effort to prioritize operational secrecy over legal transparency.

Broader Impact on Public Oversight and Civil Liberties

The implications of this policy shift extend far beyond administrative bureaucracy. Privacy advocates argue that PTAs are often the only way the public can learn about the deployment of invasive surveillance technologies before they become entrenched in law enforcement operations.

Nathan Wessler, deputy director of the ACLU’s Speech, Privacy, and Technology Project, emphasized that public access is especially critical when agency staff conclude that a new technology has "no significant privacy impact." In such cases, the review process ends with the PTA, meaning no further public-facing Privacy Impact Assessment is ever created. If the PTA is hidden from view, the public has no way to challenge the reasoning behind such a conclusion.

"If the public can’t see the PTA, we’ll never know about faulty reasoning that undervalues privacy threats," Wessler stated. "That opens people up to violation of their rights."

Furthermore, the use of "attorney-client privilege" to protect these documents suggests a strategy to create a legal shield that is difficult for FOIA litigants to pierce. By involving agency lawyers in the "drafting" of routine compliance forms, the DHS can claim that the documents are part of a privileged legal consultation, even if the content is primarily technical or operational.

Conclusion: The Future of DHS Transparency

The removal of career officials at CBP marks a significant moment in the ongoing debate over government surveillance and the public’s right to know. As the DHS continues to integrate advanced biometrics, artificial intelligence, and automated screening tools into its operations, the documents that describe these systems become increasingly vital for democratic oversight.

The current trajectory suggests a move toward "wholesale secrecy," according to Jeramie Scott, senior counsel at the Electronic Privacy Information Center (EPIC). By reclassifying mandatory compliance records as privileged drafts, the department effectively removes itself from the scrutiny of the press, the legal community, and the public.

As of mid-2024, the reassigned officials remain in their new roles, and the DHS has not signaled a return to its previous policy of publishing PTAs. The situation remains a flashpoint for whistleblowers and transparency advocates who fear that the "Mobile Fortify" leak was not an isolated incident, but the catalyst for a permanent darkening of the department’s privacy oversight mechanisms. The tension between the need for operational security and the mandate for public transparency continues to define the administrative landscape of the Department of Homeland Security.