With the Deferred Action for Childhood Arrivals (DACA) program formally rescinded (with a six-month implementation delay), there have been a lot of questions about whether the databases created for the program - as well as state and local support programs - could ultimately be used against DACA recipients. Last November, one DACA recipient predicted just that situation in an unsuccessful plea to former President Barack Obama to delete the database, and now the issue is likely to play out across states and municipalities throughout the United States.
The repurposing of databases beyond initial intended uses - even when those intentions come with multiple reassurances, as was the case with the DACA database - is not new, and has become a particular flashpoint as digitization means databases can be repurposed with surprising speed or in surprising ways.
A decade ago, for example, gun registration databases were a fairly common public record, but after news organizations started mapping out where gun owners lived, most states were pressured to changing the laws to bar disclosure. Cynthia Fernandez reported on how controversial and complicated something as simple as a dog registration database could be.
The consequences of misused databases can be dire: Census Bureau data was used by the Secret Service to assist in Japanese internment during World War II, and the Engine Room examined other historical occurrences where government databases were used for a variety of historic atrocities - and that was before the advent of modern computing.
The Sunlight Foundation put together a good guide on best practices for sensitive data collection, with key pillars of limiting collection, improving storage practices, and improving oversight of data sharing.
To better understand how the DACA registration database is being and could be used, and how the data is or isn’t protected, I’ve filed a request for related materials, and filed additional requests with state and local agencies regarding how they plan to share or restrict the usage of the data they collect on DACA recipients and others living in the United States without authorization.
Already, some local agencies have been making drastic changes to what they do and don’t keep: New York City, for example, recently won a lawsuit allowing it to destroy records related to its municipal ID program, over the objections of some state lawmakers. In Utah, there are reports that ICE may already be accessing information on applicants to both its Utah Driver License and Driver Privilege Card programs, the latter of which was specifically created for undocumented immigrants.
It’s also possible to get a sense of what the risks are by looking at materials that are already proactively published. The Department of Homeland Security has a fairly robust reading room of Privacy Impact Assessments (PIAs), legally required impact reports that identify what is being stored, risks, related databases, and other key points about a given database. The latest USCIS DACA PIA was updated in April 2014.
These documents can be useful for identifying other records worth requesting. The original PIA states, for example, that any external sharing outside of DHS is done on a need-to-know basis, and only for purposes “consistent with the original purpose for which the information was collected.” It also outlines the kinds of Memorandums of Understanding these kinds of information sharing agreements entail.
I’ve tagged the requests “DACA database”. If you can think of other databases we should be asking for, clone one of my requests, tweak it and file, or send me an email at email@example.com.