It’s not just the FBI that can’t seem to turn in its privacy-related paperwork on time. The FBI has pushed forward with its biometric database rollout — despite the database being inaccurate, heavily-populated with non-criminals, and without the statutorily-required Privacy Impact Assessment that’s supposed to accompany it. As of 2014, it hadn’t produced this PIA, one it had promised in 2012. And one that applied to a system that had been in the works since 2008.
Unsurprisingly, another federal law enforcement agency hasn’t felt too compelled to produce PIAs for privacy-impacting programs. As Joseph Cox reports for Motherboard, the DEA’s privacy paperwork is lagging far behind its intrusive efforts.
[T]he Drug Enforcement Administration did not carry out a Privacy Impact Assessment—a process which is typically designed to understand and minimize the privacy risks with a particular system or technology—when it bought and ultimately used malware from Italian surveillance company Hacking Team.
Hacking Team sells powerful malware and exploits, which very definitely screw with people’s privacy expectations — both the privacy they correctly (or incorrectly) believe they’re entitled to as well as their expectations of the government, which is supposed to keep citizens’ privacy expectations at the front of its mind. At least, everyone would like to believe the government is equally concerned about citizens’ privacy. That’s what these assessments are supposed to show: that the government has done what it can to minimize unwarranted intrusions.