The **U.S. Department of Homeland Security (DHS)** is under scrutiny after allegedly removing career **Customs and Border Protection (CBP)** officials who raised concerns about the mislabeling of surveillance technology records and the obstruction of **Freedom of Information Act (FOIA)** requests. Since January, two top officials responsible for ensuring CBP technologies comply with federal privacy law have been reassigned, according to sources who wish to remain anonymous due to fear of retaliation. These reassignments reportedly followed orders from the **DHS Privacy Office** in December to treat routine compliance forms as legally privileged and label signed privacy assessments as "drafts" exempt from disclosure under federal records law. ## The Allegations The removed officials include CBP's top privacy officer and one of the agency's two privacy branch chiefs. The director of CBP's FOIA office was also reportedly removed last month. Sources claim that these actions were taken after a CBP FOIA officer lawfully released a redacted privacy assessment, triggering backlash from DHS political leadership. This assessment, known as a **Privacy Threshold Analysis (PTA)**, was obtained by *404 Media* last fall and provided the only formal government record of **Mobile Fortify**, a previously undisclosed face recognition app. PTAs are compliance forms that describe the basic mechanics of new government systems that use or harvest personal data. They also document whether privacy officers approved the system or deemed further review necessary. In the case of Mobile Fortify, the released PTA revealed that DHS acknowledged the app would capture faces and fingerprints without consent, impacting both U.S. citizens and lawful permanent residents, with images stored for up to 15 years. Labeling such documents as "drafts" would allow the agency to potentially withhold them under a FOIA exception protecting "advisory opinions" and "recommendations." However, sources say the reassigned privacy officials viewed this tactic as legally unsound, arguing that a completed compliance form cannot simultaneously be considered a draft. ## Legal Concerns "This policy change is illegal,” says Ginger Quintero-McCall, an attorney at the public interest law firm **Free Information Group**, and former supervisory information law attorney at the **Federal Emergency Management Agency (FEMA)**, a DHS component. "There is nothing in the FOIA statute—or any other statute—that allows the agency to categorically withhold Privacy Threshold Analyses.” Quintero-McCall suggests she has witnessed retaliation for objecting to similar policies in the past. A DHS spokesperson told WIRED, “Any allegation that DHS adopted a policy making Privacy Threshold Analyses exempt from the Freedom of Information Act is FALSE.” However, internal emails appear to contradict this statement. On December 3, the DHS Privacy Office announced a "major change" requiring all future PTAs to carry a disclaimer marking them exempt from public release. The disclaimer reads: > “This is a draft document that is pre-decisional, deliberative, and is designated For Official Use Only. It is subject to the deliberative process privilege and attorney client privilege. It is not to be released, shared, or distributed outside of authorized channels without prior consultation and approval from the Department of Homeland Security Privacy Office. Unauthorized disclosure may result in administrative, civil, or criminal penalties.” ## Broader Implications While CBP privacy officers have not historically signed off on privacy reviews, that responsibility was delegated downward by the current chief privacy officer, **Roman Jankowski**. DHS maintains that when forms are requested under FOIA, they are subject to standard review. However, internal emails suggest a blanket prohibition on their release. "PTAs are NOT supposed to be released at all,” wrote **Catrina Pavlik-Keenan**, the department’s deputy FOIA chief, in a February 20 email to Jankowski and his deputy, James Holzer. The federal government has generally acknowledged that FOIA requires the disclosure of these records. The **FBI**, for example, released nearly 50 PTAs in a 2015 case, withholding only 12 pages after claiming they were genuine drafts. DHS's own website published dozens of PTAs last year before ceasing in September. Internal emails show CBP planned to release a PTA concerning the face recognition tool **Clearview AI** last month, but DHS blocked it. "It is especially important that the public have access to these records when agency staff conclude there is no significant privacy impact,” says Nathan Wessler, deputy director of the **American Civil Liberties Union's** Speech, Privacy, and Technology Project. “If the public can't see the PTA, we'll never know about faulty reasoning that undervalues privacy threats, and that opens people up to violation of their rights.” Jeramie Scott, senior counsel at the **Electronic Privacy Information Center**, emphasizes that FOIA requires narrow redactions, not wholesale secrecy, and that withholding the records would allow DHS to evade public scrutiny of its expanding surveillance operations. "Career DHS Privacy officials were right to protest such a blanket move towards secrecy,” he concludes.