Skip Navigation
Analysis

Invasive and Ineffective: DHS Surveillance Since 9/11

The Department of Homeland Security should focus on proven methods and dedicate itself to protecting civil rights and civil liberties.

DHS CrimeEye box
Mark Lennihan/AP

This piece was origin­ally published by the Amer­ican Consti­tu­tion Soci­ety.

In the after­math of the Septem­ber 11 attacks, Pres­id­ent George W. Bush and Congress created the Depart­ment of Home­land Secur­ity (DHS), consol­id­at­ing twenty-two differ­ent agen­cies and their func­tions under one umbrella. Much has been writ­ten since the Depart­ment’s creation about its dysfunc­tion and systemic chal­lenges. But DHS’s sweep­ing collec­tion, reten­tion, and use of data about Amer­ic­ans, immig­rants, and trav­el­ers has received far less scru­tiny. Much of this inform­a­tion – which can reveal everything from a person’s polit­ical and reli­gious lean­ings to the iden­tity of their friends, relat­ives, and asso­ci­ations and their finger­prints or facial signa­tures – is not related to “specific…­threat(s) from…spe­cific terror­ist(s),” which was iden­ti­fied as a signi­fic­ant inten­ded focus of DHS in Pres­id­ent Bush’s proposal to create the Depart­ment. Instead, it is often used to make opaque and unscientific determ­in­a­tions about who might pose a threat in the future.

There is scant evid­ence that the combin­a­tion of suspi­cion­less surveil­lance and spec­u­lat­ive threat assess­ments have made us safer. Moreover, former DHS offi­cials have emphas­ized the impact of DHS’s oper­a­tions on Amer­ic­ans’ civil rights and civil liber­ties, noting that the “privacy and due process concerns result­ing from other home­land secur­ity oper­a­tions, such as inform­a­tion collec­tion by the National Secur­ity Agency, pale by compar­ison.” As the admin­is­tra­tion turns its focus toward domestic terror­ism in the wake of the Janu­ary 6 insur­rec­tion, and far-right viol­ence in partic­u­lar, it must take care in deploy­ing DHS’s signi­fic­ant resources not to simply recycle prac­tices that jeop­ard­ize histor­ic­ally targeted communit­ies and indi­vidual privacy.

Begin­ning a decade ago, for instance, the Obama admin­is­tra­tion began to entrench Coun­ter­ing Viol­ent Extrem­ism (CVE) initi­at­ives. Programs in this mold recruited community lead­ers, social work­ers, teach­ers, and public health providers, purportedly to help identify people who were at risk of becom­ing viol­ent extrem­ists. Instead, these efforts broadly painted members of Amer­ican Arab and Muslim communit­ies as terror­ists and every­day polit­ical activ­ism and reli­gious prac­tices as signs of viol­ence. While Pres­id­ent Biden prom­ised during the elec­tion that he would scrap such programs, his admin­is­tra­tion has instead doubled down on this same basic approach, fund­ing efforts that direct the public to report supposedly suspi­cious activ­ity or beha­vi­ors – includ­ing vaguely defined indic­at­ors such as having a griev­ance, being socially isol­ated, or behav­ing unusu­ally – to the police or to “threat assess­ment” teams involving law enforce­ment. These programs, which are run out of DHS’s new Center for Preven­tion Programs and Part­ner­ships (CP3), are essen­tially a repack­aging of the repu­di­ated CVE programs that relied on unscientific criteria to flag poten­tial threats, even if they do not overtly target margin­al­ized communit­ies.

In addi­tion, some reports of suspi­cious activ­ity will be dissem­in­ated to “fusion centers,” products of the post-9/11 push to super­charge inform­a­tion-shar­ing and surveil­lance coordin­a­tion between federal, state, and local govern­ments and the private sector. These centers were roundly criti­cized in a bipar­tisan 2012 U.S. Senate invest­ig­a­tion that found they had “yiel­ded little, if any, bene­fit to federal coun­terter­ror­ism intel­li­gence efforts” while releas­ing reports that were useless or corros­ive of civil liber­ties. More recent events do not inspire confid­ence that much has changed: last year, one fusion center was caught distrib­ut­ing fake posts by right-wing activ­ists as evid­ence of poten­tial viol­ence at anti-police brutal­ity demon­stra­tions, while others were found to have monitored racial justice organ­izers and protests. Never­the­less, DHS and DOJ guidelines encour­age fusion centers to assess terror­ism risk by draw­ing on a pleth­ora of extraneous sources, from social service providers and public health depart­ments to hospit­als and phone and inter­net providers.

Between the threat assess­ment frame­work and the involve­ment of fusion centers, issues unre­lated to public safety threats – a fight between class­mates, for instance, or a mental health condi­tion requir­ing care – will be elev­ated to often unac­count­able law enforce­ment bodies, thereby under­min­ing efforts by social service and health providers to get people the help they may need. Moreover, these unre­li­able threat indic­at­ors are likely to be tain­ted by well-docu­mented racial and reli­gious biases that dispro­por­tion­ately identify Muslims and indi­vidu­als of color as posing a threat.

In the travel and immig­ra­tion screen­ing context, too, the Depart­ment fuses reams of dispar­ate and unre­li­able inform­a­tion to conduct risk assess­ments, an opaque process that purports to determ­ine who might pose a threat among both foreign trav­el­ers and Amer­ic­ans. To facil­it­ate this process, DHS uses auto­mated tools that pull from a broad list of data­sets, includ­ing detailed passen­ger inform­a­tion submit­ted by airlines, license plate data, DMV records, law enforce­ment and intel­li­gence inform­a­tion, visa and immig­ra­tion enforce­ment records, and social media data. Some tools incor­por­ate data sets tain­ted with bias, such as NSEERS, a defunct Bush-era registry for Arab men. In the past, border agents have even added notes on books carried by trav­el­ers, docu­ment­ing First Amend­ment-protec­ted activ­ity.

Exposés of Trans­port­a­tion Secur­ity Admin­is­tra­tion (TSA) risk assess­ment programs depict a depart­ment run amok. In one program, Screen­ing of Passen­gers by Obser­va­tion Tech­niques (SPOT), later rebranded as the “Beha­vi­oral Detec­tion and Analysis Program,” offi­cials flagged trav­el­ers as poten­tial secur­ity threats on the basis of innoc­u­ous beha­vior such as whether they were wear­ing “improper attire for the loca­tion” or gazing down. TSA officers admin­is­ter­ing the program repor­ted that it enabled racial profil­ing, and the program was the subject of multiple crit­ical GAO and DHS Inspector General reports, which found that the major­ity of TSA’s indic­at­ors were not empir­ic­ally suppor­ted and the agency had not determ­ined the effect­ive­ness of the program. Though TSA has stopped this stand-alone beha­vi­oral detec­tion effort, it appears that aspects of the program have been incor­por­ated into general TSA activ­it­ies.

Another TSA risk assess­ment program, “Quiet Skies,” iden­ti­fies incom­ing inter­na­tional passen­gers (includ­ing Amer­ic­ans) based on routine beha­vi­ors like fidget­ing, sweat­ing, using the bath­room, or convers­ing with fellow passen­gers; once flagged, armed federal air marshals may board their flights to observe them. TSA offi­cials disclosed to Congress that 5,000 US citizens – none of whom were ulti­mately deemed suspi­cious or requir­ing further scru­tiny – had been monitored in a single six-month period, and the DHS Inspector General issued a scath­ing audit that docu­mented DHS’s extens­ive fail­ures to follow basic processes.

Social media is also an emer­ging fron­tier of broad-scale surveil­lance both abroad and domest­ic­ally. The Obama admin­is­tra­tion star­ted using social media to screen people coming to the U.S., a prac­tice signi­fic­antly expan­ded by former Pres­id­ent Trump’s Muslim Ban. Since 2019, for instance, the State Depart­ment has collec­ted social media iden­ti­fi­ers from about 15 million people who apply for U.S. visas annu­ally. These are shared with DHS and access­ible through its risk assess­ment plat­forms, and the Depart­ment continu­ously monit­ors select visa hold­ers’ social media during their time in the coun­try. Domest­ic­ally, DHS’s Office of Intel­li­gence & Analysis (I&A) is respond­ing to the Janu­ary 6 insur­rec­tion by rolling out an initi­at­ive to identify online “narrat­ives” that they believe are likely to incite viol­ence, as well as to identify people who may be suscept­ible to these narrat­ives based on their social media beha­vior.

There is little proof, however, that social media screen­ing is an effect­ive threat detec­tion tool. DHS’s own internal tests examin­ing the util­ity of social media to screen people coming to the U.S. suggest that offi­cials found it of little use in identi­fy­ing national secur­ity concerns, and that it was diffi­cult to under­stand the context or to ascer­tain the reli­ab­il­ity of what they were review­ing. The Depart­ment ulti­mately concluded that “mass social media screen­ing” was a waste of resources. In addi­tion, earlier this year, the White House office that reviews federal regu­la­tions rejec­ted a proposal by DHS to follow the State Depart­ment’s lead in collect­ing social media iden­ti­fi­ers because the Depart­ment had not “adequately demon­strated the prac­tical util­ity of collect­ing this inform­a­tion.” And I&A’s intel­li­gence gath­er­ing and dissem­in­a­tion process has had a poor track record of protect­ing civil rights and liber­ties, rais­ing concerns about its foray into social media monit­or­ing.

Moving forward, poli­cy­makers should learn from the exper­i­ences of the last twenty years. None of the DHS-led programs described above have a docu­mented track record of provid­ing secur­ity bene­fits. Yet their ill-conceived meth­ods persist, and continue to be expan­ded, in current policy. Indeed, the effect­ive­ness and poten­tial impact of these programs was never mean­ing­fully considered – or, in some cases, was even ignored as the programs were rolled out. Before imple­ment­ing new initi­at­ives, DHS must empir­ic­ally valid­ate their util­ity using concrete assess­ment criteria and account for impacts on privacy, civil rights, and civil liber­ties. To ensure this happens, DHS should bring its Offices of Privacy and Civil Rights and Civil Liber­ties into the fold at the outset of the policy design process, give them a voice in whether programs should be imple­men­ted and not simply how, and direct them to regu­larly audit programs that go into effect. DHS should also halt support for efforts that have not been demon­strated to work, includ­ing the viol­ence preven­tion programs, fusion centers, and broad-scale social media surveil­lance initi­at­ives discussed above.

Comment­at­ors will continue to discuss whether DHS should be restruc­tured or elim­in­ated. In the mean­time, there are ample steps that the Secret­ary and Congress should take to ensure that the Depart­ment enters this decade by taking a new approach: meas­ur­ing effect­ive­ness, enga­ging only in empir­ic­ally proven meth­ods, and dedic­at­ing itself to robust protec­tion of civil rights and civil liber­ties.