With the stroke of a pen, the new Administration has erased an important principle — and one that I am proud to have supported and implemented during my service at the Department of Homeland Security during the Bush Administration: the extension of Privacy Act coverage to non-U.S. persons for data about them held by the federal government. This means that both U.S. and non-U.S. persons could request to see the information DHS held on them, such as details from an immigration application, details of a citizen’s comings and goings from the country, and interactions with the government.
While this is a pretty wonky issue that resonates most with folks who’ve worked on policy and systems in the federal government, the message this action sends is clear: people who don’t hold a U.S. passport or current green card are not entitled to the same dignity as those of us who do.
To me, that’s frankly shocking. And not only because I’m incredibly proud of the work I did at the U.S. Department of Homeland Security (and the U.S. Department of Commerce), and my service to this great country, but because in my life, I’ve been both a person who holds a U.S. passport, and a person who has not. And my dignity, my worth as a human being, at least to my mind, did not change. But according to this new Administration, these basic rights hinge on citizenship, and should be denied to all others.
The creation of secret databases is one of the many hallmarks of a totalitarian regime, and should not be tolerated.
It is an age-old privacy principle, and a principle of government accountability and restraint by its own people, that there shall be no secret databases. The creation of secret databases — the amassing of power, of knowledge of this sort — is one of the many hallmarks of a totalitarian regime, and should not be tolerated. But on a less lofty note, it’s also both operationally and individually unmanageable and inefficient.
When I was at Homeland Security, the privacy office worked with the divisional agencies, particularly their IT and systems experts, and learned that many, if not all, data systems contained the information of both “U.S. persons” and “non-U.S. persons.” Under the Privacy Act, it is true that only “U.S. persons” are entitled to the full coverage – including access to these records and redress if those records are incorrect. However, in practical reality, it is operationally inefficient to bifurcate these databases into two separate systems, or to create policies and procedures for the relatively minimal percentage of record requests (compared to the vast number of records held) to deprive non-U.S. persons of their information. Further, it is often the non-U.S. person – the applicant for asylum or legal permanent residence or citizenship – who most needs to see their records, to correct them, or to access relevant information in a legal procedure because documents may be lost, and sometimes in harrowing circumstances. It also fails the fundamental standards of fairness, openness, decency, and respect for human dignity, which are hallmarks of the America that I know, that I came to as an immigrant.
Ultimately, this is about human dignity and the right to access our records that are in government databases in the United States and around the world.
Beyond these fundamental concerns, this is also profoundly bad for American business. At a time when the international dialogue on privacy, data, and technology expansion is fraught, this is a clear shot across the bow of our trading partners and allies, stating that the United States will not adhere to even the most moderate and conventional human rights norms in the data privacy space. This puts at risk the fragile Privacy Shield agreement on cross-border data flows that is essential to American businesses large and small.
Ultimately, this is about human dignity and the right to access our records that are in government databases in the United States and around the world. As the rest of the free world does, the United States government should afford all persons the basic tenets of privacy and human dignity equally, including access and redress under the Privacy Act regardless of that person’s current status as citizen or visitor. This executive order denies those basic rights.