The Freedom of Information Act requires U.S. Immigration and Customs Enforcement (ICE) to disclose deidentified data that would enable greater public oversight of the agency while protecting the privacy of immigrants and others, EFF argued in an amicus brief filed last month in federal court.
The case, ACLU v. ICE, centers on a request by the American Civil Liberties Union (ACLU) to obtain data from ICE databases that show how ICE arrests, classifies, detains, and deports individual immigrants. The databases link this information to particular individuals based on a unique identifier, known as an “A-number,” that ICE assigns to people. An A-number connects the thread of records on each of ICE’s interactions with an individual, giving a look into how the agency is targeting and treating individuals over time. However, disclosing someone’s A-number to the public could invade their privacy by linking this immigration history to them.
To get a better picture of ICE’s activities over time without disproportionately invading individuals’ privacy, ACLU requested that the agency replace each A-number with a new, unique identifier in the released records. A federal district court in New York denied ACLU’s request, ruling that FOIA did not require ICE to substitute deidentified values for A-numbers. ACLU appealed to the U.S. Court of Appeals for the Second Circuit.
EFF’s brief argues that ACLU’s proposed solution “is a vital—and sometimes the only—way to protect legitimate privacy concerns while ensuring that FOIA remains a robust tool for transparency and accountability.” EFF’s brief explains that ACLU’s proposal is effectively a form of redaction because it removes the identifying information in each A-number while keeping the “relational information” that connects individual records in ICE’s database.
Courts have always balanced FOIA’s primary goal of transparency with privacy by releasing records in redacted and modified forms. This is especially important for public oversight of the databases that have proliferated and grown at all levels of government. EFF’s brief discusses many examples, such as the Department of Homeland Security’s HART database. This database stores fingerprints, face and iris scans, and other sensitive information on immigrants and a recent Privacy Impact Assessment found several flaws with its privacy protocols. EFF filed amicus briefs in other cases requesting government database records in privacy-protecting forms, such as aggregate data.
The brief also describes how many other courts have rightly approved redaction methods to public records even when the redactions modify the underlying data. The California Supreme Court, for example, suggested substituting unique identifiers for license plate numbers in a request, co-litigated by EFF, for records on police use of automated license plate readers. In another context, government agencies often blur video records to prevent identification of people captured in the video while providing the recording’s context.
When courts apply it properly, FOIA is a powerful tool for the public to protect privacy and watchdog government abuse of massive databases. That is why EFF’s brief urged the appellate to uphold ACLU’s substitution procedure to “ensure that FOIA can help the public understand the scope of the government’s actions without intruding on the privacy of individuals whose data is found in government records systems.”
The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. Visit https://www.eff.org