The Department of Homeland Security’s chief privacy officer wants to make privacy less of an afterthought by designing systems with technologies to protect the confidentiality and integrity of information in the first place.
Lynn Parker Dupree said DHS Secretary Alejandro Mayorkas “has been very clear about the importance of addressing privacy up front, and has been very deliberate on including the privacy office early and often in policy discussions.”
The privacy office has been at the center of discussions around how to protect the health of the DHS workforce during COVID-19, initiatives to combat domestic violent extremism and the use of emerging technologies like biometrics, Dupree said.
Dupree was appointed DHS chief privacy officer in March 2021 after a brief stint as director of governance and controls in the Data Ethics and Privacy Office at Capital One. Between 2014 and 2020, she held numerous positions at the Privacy and Civil Liberties Oversight Board, including as its Executive Director. She previously worked at the DHS privacy office during the Obama administration.
“One of the things I would like to do is really begin to include privacy in technical designs,” Dupree said in an interview. “A lot of our privacy mitigations happen after a technology is developed. But I have been really working with academia and technologists to figure out how we can build tools that actually enhance privacy.”
The privacy office will host a workshop this June to present privacy researchers with specific DHS use cases “that could be solved with privacy enhancing techniques,” according to Dupree. She specifically mentioned cryptographic techniques and other “secure computing methodologies” as potential enhancements.
The DHS privacy office and privacy officers at DHS subcomponents review contracts for privacy requirements. She said her team is working with the DHS chief information officer, the agency’s science and technology arm, and the procurement directorate on incorporating new privacy enhancements.
She acknowledged the “unique” concerns around the use of biometrics, especially tests that have shown facial recognition is less accurate at identifying persons of color. The office publishes Privacy Impact Assessments to provide notice of how DHS is identifying and mitigating privacy risks.
“We will make sure that there are mechanisms in place to mitigate those risks,” Dupree said regarding potential inaccuracies and biases in biometrics technologies.
But lawmakers remain concerned about agencies’ use of facial recognition. In a Feb. 10 letter to Mayorkas, five Democrats from the House and Senate requested that DHS components end their use of facial recognition products, including those provide by Clearview AI.
“Use of increasingly powerful technologies like Clearview AI’s have the concerning potential to violate Americans’ privacy rights and exacerbate existing injustices,” the letter states.
The Secret Service, Immigration and Customs Enforcement and Customs and Border Protection have used Clearview AI’s products, according to an August 2021 Government Accountability Office report.
“I think the department is always trying to be responsive to the needs of the Congress and the department will respond back through our Office of Legislative Affairs,” Dupree said when asked about the letter.
Dupree also said she’s focused on improving DHS’s engagement with external privacy stakeholders, including advocates in academia and civil society. Last year, she organized a meeting between Mayorkas and privacy advocates.
“While the advocacy community and the department may not always be aligned, these engagements really do bring a diversity of opinions into the discussion that ultimately serve to improve our decision making processes,” she said.
Dupree said she’s also looking to “reinvigorate” the DHS Data Privacy and Integrity Advisory Committee, which advises the agency on privacy and technology.
The committee is set to meet on Tuesday, Feb. 22, where it will provide “written guidance on best practices to ensure the effective implementation of privacy requirements for information sharing across the DHS enterprise,” according to a Federal Register notice.
DHS also made a big dent in its Freedom of Information Act requests backlog last year. Dupree said the agency ended fiscal year 2021 with a backlog of 25,102 requests, a 10-year low for an agency that receives the most FOIA requests across government.
“We’re using some automation to help process routine requests so that we can focus our actual manpower on the complex requests,” said Dupree, who is also DHS’s Chief FOIA Officer.
DHS received an average of about 250,000 requests annually since 2009, according to a DHS FOIA Backlog reduction plan released in March 2020.
The majority of the backlog has been related to immigration records, with requests to CBP, ICE, U.S. Citizenship and Immigration Services, and the Office of Biometric Identity Management accounting for 92 percent of the backlog in FY-18, according to the reduction plan.
During the pandemic, Dupree said her office has provided support to components like CBP, ICE and USCIS to help them process FOIA requests.
“We just tried to increase efficiency as much as possible, and that shifting of resources really paid off,” Dupree said.