This week, Wired’s Danger Room blog reported on the FBI’s efforts to track Muslims in the United States using “geo-maps.” The maps, released in response to ACLU Freedom of Information Act (FOIA) requests, show that the FBI is tracking Muslims and mapping Muslim communities extensively and with little, if any, suspicion of criminal activities.
These practices are in direct contrast to language in agency materials EFF received from the FBI yesterday in response to a FOIA request. EFF sought information on how the agency uses geospatial and data visualization tools to investigate criminal, terrorist, and foreign intelligence threats and specifically sought information about the Bureau's use of enterprise software called iDX3. According to the FBI’s website, the Bureau has been using iDX3 to conduct real-time tracking of suspects and situations since at least 2009. The tool, originally developed by the National Geospatial-Intelligence Agency, helps the FBI to “analyze, visualize, and disseminate FBI surveillance data, maps, diagrams, charts, 2D/3D views of cities, and other associated datasets”—in effect it appears to be the meta map to the individual maps the ACLU received in response to its FOIA requests.
So far the FBI has only released 35 pages to EFF, and none of those pages explains iDX3’s capabilities or the specific types and kinds of data the FBI might be using iDX3 to map. However, the documents do show that at least someone at the Bureau was concerned that agents understand that “the most important thing to keep in mind is [data] collection must always start with a threat.”
In a “State of the NSB” (National Security Branch) column (pdf) included in the released documents, FBI Executive Assistant Director Arthur Cummings goes on to say, “Put another way, you need to draw on intelligence requirements to articulate what the threat is before you start mapping it” and “if you want to map just a specific category in the city’s population, you need to do it because intelligence indicates the threat can be found from within that defined community.”
Despite the clear subtext of this column—a concern that the FBI is using these tools in ways that violate Americans’ civil liberties—there is no indication that the Bureau has conducted any privacy impact assessments (PIAs) or produced a System of Records Notice (SORN), as they are required to do under the Privacy Act with any new type of data collection. In fact, one slide in an FBI presentation (pdf) on “GEOINT” (geospatial intelligence) mapping tools notes that the bureau still needs to “[d]evelop and implement Imagery Policy for the FBI.” Further, the FBI outright denied EFF’s request for copies of any PIAs or SORNs the Bureau might have developed on the tools, claiming these, if they exist, are protected by the deliberative process privilege.
From the Wired story and the records released to the ACLU, it appears the FBI has not been complying with the basic tenets in Mr. Cummings’ column. We hope to learn more —and write about more here—when the FBI releases the remaining documents in response to our FOIA request.
See below for the full set of documents.