DHS Officials Ousted After Resisting Secretive Policies to Withhold Surveillance Records

The Department of Homeland Security (DHS) has faced a significant internal upheaval this year as multiple career officials within Customs and Border Protection (CBP) were removed from their posts following their vocal opposition to new, restrictive policies regarding public transparency. According to sources familiar with the matter, these officials were reassigned after refusing to comply with directives to mislabel essential compliance documentation as "drafts," a maneuver designed to shield government surveillance technologies from scrutiny under the Freedom of Information Act (FOIA).

Since January, the agency has seen the departure or reassignment of several high-ranking personnel, including CBP’s top privacy officer and one of its two primary privacy branch chiefs. The director of the CBP FOIA office was similarly removed from their position last month. These individuals were tasked with ensuring that the expansive array of surveillance tools utilized by CBP—ranging from facial recognition software to biometric data collection—remains within the bounds of federal privacy law. Their removal marks a deepening divide between career civil servants and political leadership within the department over the extent to which the public may monitor the government’s technological reach.

The Catalyst: The Mobile Fortify Disclosure

The current internal friction traces its roots back to the fall of 2023, when a CBP FOIA officer authorized the release of a redacted Privacy Threshold Analysis (PTA). The document in question, which was subsequently obtained and published by 404 Media, provided the first formal public confirmation of "Mobile Fortify," a sophisticated facial recognition application utilized by federal agents.

PTAs are foundational documents in the federal administrative process. They serve as a mandatory questionnaire for any agency system that harvests or processes personal data. By filing a PTA, agencies are required to describe the basic mechanics of their surveillance systems and declare whether a more rigorous Privacy Impact Assessment is necessary.

The public disclosure of the Mobile Fortify PTA revealed significant details that had previously been obscured: the app captured faces and fingerprints without the explicit consent of the subjects; the database included US citizens and lawful permanent residents who were not the targets of investigations; and every image captured—regardless of whether it resulted in a "match"—was slated to be stored for up to 15 years. This level of granular surveillance, made possible by technologies often developed by third-party contractors, had remained hidden from the public until the document was released. The subsequent backlash from DHS political leadership served as the impetus for the new, restrictive policies now under fire.

Chronology of the Secrecy Directive

The tension culminated in December 2023, when the DHS Privacy Office issued a sweeping directive aimed at altering the legal status of compliance records. Under the new guidance, all future PTAs were required to bear a specific disclaimer, designating the documents as "pre-decisional, deliberative, and For Official Use Only."

The full text of the required disclaimer asserts that the documents are subject to "deliberative process privilege" and "attorney-client privilege," and mandates that they not be shared outside of authorized channels. The policy effectively treats completed, signed compliance forms as perpetual "drafts," which, under FOIA law, allows agencies to withhold "advisory opinions" or "recommendations" from public release.

Career officials who raised concerns regarding this policy argued that it was legally incoherent. They maintained that a document which has been finalized and signed by the relevant authorities cannot simultaneously be classified as a draft, nor can it be withheld under the deliberative process privilege once the agency has reached a final decision on a program’s implementation. The dissent led to a series of confrontations between the career staff and political appointees, ultimately resulting in the reassignments that have taken place throughout the current calendar year.

The Legal and Regulatory Conflict

The debate over the status of PTAs touches on the fundamental principles of the Freedom of Information Act. Ginger Quintero-McCall, an attorney at the Free Information Group and a former supervisory information law attorney at the Federal Emergency Management Agency (FEMA), has been a vocal critic of the DHS approach.

"This policy change is illegal," Quintero-McCall stated. "There is nothing in the FOIA statute—or any other statute—that allows the agency to categorically withhold Privacy Threshold Analyses."

Her perspective is supported by historical precedent. In 2015, the FBI released nearly 50 PTAs in response to a FOIA request, asserting that they were standard agency records rather than privileged internal deliberations. Furthermore, DHS’s own website hosted dozens of these documents as recently as September 2023. The abrupt cessation of these disclosures indicates a strategic pivot toward opacity. Internal communications reveal that the CBP FOIA division had intended to release a PTA regarding the use of Clearview AI—a controversial facial recognition tool—as recently as last month, but the release was blocked by department leadership.

Official Stance and Internal Contradiction

When asked for comment, a DHS spokesperson categorically denied the existence of a blanket policy to exempt PTAs from FOIA. "Any allegation that DHS adopted a policy making Privacy Threshold Analyses exempt from the Freedom of Information Act is FALSE," the spokesperson stated, adding that such records remain subject to the "same review applied to other agency records."

However, internal correspondence obtained by researchers and investigators suggests a starkly different reality. In a February 20 email, the department’s deputy FOIA chief, Catrina Pavlik-Keenan, provided explicit guidance to high-level officials, including Chief Privacy Officer Roman Jankowski and his deputy, James Holzer. The email contained a direct instruction: "PTAs are NOT supposed to be released at all."

This directive appears to be the logical outcome of a shift in authority initiated by Jankowski early in his tenure. Previously, the responsibility for signing off on privacy reviews rested with a headquarters official reporting directly to the Chief Privacy Officer. By delegating that authority downward, the department has created a framework where lower-level privacy officers are now under direct pressure to adopt the restrictive labeling policies that have drawn such significant internal and external criticism.

Broader Implications for Surveillance Oversight

The implications of this policy shift extend far beyond administrative record-keeping. Surveillance experts argue that the PTA is often the only window into the privacy impact of new government technologies.

"It is especially important that the public have access to these records when agency staff conclude there is no significant privacy impact," says Nathan Wessler, deputy director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project. "Because that ends the review process entirely, with no subsequent assessment ever prepared. If the public can’t see the PTA, we’ll never know about faulty reasoning that undervalues privacy threats, and that opens people up to violation of their rights."

The move to treat these documents as exempt suggests a desire by the agency to evade the democratic necessity of public oversight. By effectively walling off the documentation of how surveillance tools function, the agency limits the ability of the judiciary, civil society organizations, and the public to evaluate whether these tools violate constitutional protections.

Jeramie Scott, senior counsel at the Electronic Privacy Information Center (EPIC), emphasizes that FOIA was designed to foster transparency through narrow, case-by-case redactions, not through wholesale secrecy. "Career DHS Privacy officials were right to protest such a blanket move towards secrecy," Scott noted. "Withholding the records outright allows DHS to evade public scrutiny of its expanding surveillance operations, which are increasingly relying on technologies that touch upon fundamental civil liberties."

As the internal struggle at the Department of Homeland Security continues, the case highlights the ongoing tension between national security, technological modernization, and the public’s right to know. With the removal of key personnel who served as the final line of defense for privacy compliance, the path forward for transparency within the agency remains increasingly precarious. The conflict serves as a case study in how administrative labels can be used to re-interpret statutory requirements, ultimately narrowing the scope of government accountability in an era of unprecedented digital surveillance.