Customs and Border Protection Internal Affairs Subject of Scathing DHS Privacy Report

James F. Tomsheck
James F. Tomsheck

AntiPolygraph.org has received a previously unpublished report of investigation (934 kb PDF) by the U.S. Department of Homeland Security Privacy Office into an information-sharing program operated by the U.S. Customs and Border Protection Office of Internal Affairs (CBP IA), headed by CBP Assistant Commissioner James F. Tomsheck.1

The report, by DHS Chief Privacy Officer Mary Ellen Callahan, is dated 18 July 2012 and documents gross violations of DHS privacy policy by Tomsheck in connection with a pilot program whereby CBP IA shared personal information on CBP employees with the FBI. The project “came to be known as the SAR Exploitation Initiative Pilot (SAREX Pilot or Pilot).”2

The ostensible purpose of this project was for CBP IA to “enhance CBP IA’s Background Investigation (BI)/Periodic Review (PR) process by leveraging the FBI’s supposed ability to conduct federated searches of law enforcement databases.” CBP IA provided personal information on over 3,000 employees to the FBI, but received, “informally,” from the FBI information on only 9 or 10 individuals.3

Callahan’s investigation “revealed a lack of oversight by CBP IA leadership to ensure that DHS policies governing the sharing of [personally identifiable information] were adhered to in conducting” the information sharing pilot program” and “found an apparent blatant disregard for concerns raised by the [Office of Inspector General] and CBP IA staff who questioned the legal authority for, and privacy implications of, the Pilot.”

Callahan also notes, among other things:

…During my meeting with the Assistant Commissioner [James F. Tomsheck] on April 26, 2012, the Assistant Commissioner seemed to believe that CBP IA’s mission exempts it from following applicable privacy law and DHS privacy policy. I believe this attitude is likely to result in a culture of non-compliance in CBP IA. On May 10, 2012, the Assistant Commissioner told me that CBP IA is already engaging in such activities outside the Pilot. It is critical, therefore, that steps be taken now to ensure that any current or future sharing of PII by CBP IA complies with applicable law and DHS policy, and that CBP counsel and the CBP Privacy Officer are consulted prior to implementation of any such projects….

AntiPolygraph.org invites commentary.

  1. Tomsheck’s office appears to be the lead agency in Operation Lie Busters, a criminal investigation evidently targeting the teaching of polygraph countermeasures. []
  2. The acronym “SAR” is not defined in the report. []
  3. The CBP polygraph unit’s summary of significant admissions obtained during polygraph examinations, which reveals the existence of Operation Lie Busters, mentions that “ten applicants for law enforcement positions within CBP were identified as receiving sophisticated polygraph Countermeasure training in an effort to defeat the polygraph requirement.” It is not clear whether these might be the individuals on whom the FBI informally provided information. []

One thought on “Customs and Border Protection Internal Affairs Subject of Scathing DHS Privacy Report”

  1. Once again more proof that DHS/CBP executives think of themselves as above the law. No wonder DHS morale is among the worst in federal service. CBP is now facing having to pay millions in backpay to CBP Officers for their failure to schedule officers with consecutive off days in compliance with the law. This type of maleficence has occurred since the creation of DHS.

Leave a Reply

Your email address will not be published.