EPIC v. USCG - Nationwide Automatic Identification System

• Background |
• Legal Documents|
• FOIA Documents |
• News

Top News

• EPIC Calls on House to Protect Privacy at U.S. Seaports: EPIC submitted a statement to the House Homeland Security Committee in advance of a hearing on "Examining Physical Security and Cybersecurity at Our Nation's Ports." The Committee recently reported favorably "The Border Security for America Act," which would dramatically expand U.S. border surveillance, including a biometric exit data system at U.S. seaports. EPIC has expertise regarding maritime surveillance. EPIC pursued a Freedom of Information Act lawsuit against the Department of Homeland Security concerning the Nationwide Automatic Identification System, a system designed with the support the U.S. Coast Guard to promote boating safety that the DHS has transformed into a surveillance surveillance for monitoring vessels, including recreational vessels operated by U.S. citizens. In the letter to the House Committee, EPIC warned that "many of the techniques that are proposed to enhance border surveillance have direct implications for the privacy of American citizens." (Oct. 30, 2017)
• EPIC Successfully Obtains Boater Tracking Documents, Settles Case with Homeland Security : After successfully obtaining nearly 2,500 pages of documents concerning a controversial boater tracking program, EPIC has settled a Freedom of Information Act lawsuit with the Department of Homeland Security about the "Nationwide Automatic Identification Systems." According to the documents released to EPIC, the DHS believes that boaters have "no expectation of privacy with regard to any information transmitted" about the location of their boats. The documents also reveal that the agency fuses tracking data with other government data to develop detailed profiles on boaters. EPIC did not objet to the use of NAIS for marine safety; the concern is government surveillance. EPIC has also opposed a DHS plan to collect and maintain records on sea travelers. (Mar. 28, 2016)
More top news »
EPIC to Receive More Documents in Boater Surveillance Case » (Nov. 24, 2015)
This morning a federal judge in Washington, D.C. ordered the U.S. Coast Guard to release to EPIC, within sixty days, additional documents on the "National Automated Identification System,' a controversial boater tracking program that EPIC is investigating. According to documents previously obtained by EPIC, the Department of Homeland Security believes that boaters have "no expectation of privacy with regard to any information transmitted" on the Automated Identification System. The documents also reveal that the DHS fuses AIS data with other government data to develop detailed profiles on boaters. EPIC has previously expressed support for AIS to promote maritime safety, but warned that the NAIS system exceeds this purpose. In January, EPIC expects to receive contracts and privacy impact assessments that were previously withheld.
EPIC Obtains Documents on Boater Tracking Program » (Oct. 30, 2015)
In response to an EPIC FOIA lawsuit, the U.S. Coast Guard has released documents relating to a controversial boater tracking program, NAIS (National Automated Information System). According to the documents obtained by EPIC, boaters have "no expectation of privacy with regard to any information transmitted on AIS." They also reveal that the agency fuses AIS data with other intelligence data to develop detailed profiles on boaters. The agency has transferred AIS data, which is subject to the Privacy Act, to at least 75 federal, state, local, and private entities. EPIC is anticipating the release of additional documents.
EPIC Sues Coast Guard, DHS for Information on Boater Tracking Program » (Sep. 20, 2015)
EPIC has sued the U.S. Coast Guard and the Department of Homeland Security to obtain information on a federal government program to track and record the location of boaters. According to EPIC, the DHS intends to transfer the data from the Nationwide Automatic Identification System to federal and state agencies, as well as foreign governments. "The NAIS program exceeds the stated purpose of marine safety and constitutes an ongoing risk to the privacy and civil liberties of mariners across the United States," wrote EPIC in the FOIA lawsuit. The boating community has expressed concern over the tracking program. A previous FOIA request from EPIC to the agency went unanswered. Press Release - EPIC v. CG, DHS, No, 15-1527.

Source: U.S. Coast Guard

Background

On May 29, 2015, EPIC submitted a FOIA request to the United States Coast Guard (USCG) for records related to the Nationwide Automatic Identification System (NAIS). NAIS is a surveillance network that collects and processes information about vessels in coastal and territorial waters. Transceivers located near 58 U.S. ports and 11 U.S. costal areas (see a partial list) gather information from vessels equipped with the Automatic Identification System (AIS), a ship-to-ship collision avoidance system used worldwide.

Source: International Maritime Organization

A ship equipped with AIS broadcasts a regular stream of voiceless data, including the vessel’s name, course, speed, classification, call sign, registration number, and Maritime Mobile Service Identity. Most vessels over 65 feet that operate in U.S. waters are required to carry AIS, and owners of smaller craft can also opt to use it.

Once NAIS transceivers receive AIS data from a vessel, that information is stored, processed, and transmitted to the USCG and other agencies and entities. The system currently receives about 92 million AIS messages a day from 12,700 unique vessels.

Source: U.S. Coast Guard

NAIS relied mostly on existing infrastructure when it was first rolled out in 2006, but working with Northrop Grumman, the USCG has set up permanent transceivers capable of collecting data from out to 50 nautical miles. Using satellite data, the USCG intends to expand coverage out to 2,000 nautical miles.

NAIS is advertised as a tool to "improve[e] maritime security, marine and navigational safety, search and rescue, and environmental protection services." However, the system also poses a significant threat to privacy.

The USCG has said, for example, that information collected through NAIS is "combined with other government intelligence and surveillance information to form a holistic, over-arching view of maritime traffic." What this practice entails is not fully known. The USCG has not divulged the specific agencies and entities to which it discloses real-time data, nor has it explained how such data is stored, analyzed, or combined with other intelligence.

The USCG has also indicated that NAIS data is used to "detect[] anomalies, monitor[] suspicious vessels, and pinpoint[] the location of potential threats." This raises questions as to how anomalies, suspicious vessels, and potential threats are identified; who makes such identifications; and what effect these designations carry.

On March 28, 2016, after successfully obtaining nearly 2,500 pages of documents on NAIS, EPIC settled its FOIA case against the Coast Guard and the DHS. All NAIS documents obtained by EPIC can be found below under "Freedom of Information Act Documents."

EPIC’s Interest

EPIC has a strong interest in open government. EPIC frequently makes use of the Freedom of Information Act to obtain information from the government about surveillance and privacy policy. Public disclosure of this information improves government oversight and accountability. It also helps ensure that the public is fully informed about the activities of government. EPIC routinely files lawsuits to force disclose of agency records that impact critical privacy interests.

EPIC opposes government databases of personal data that fail to comply with federal privacy laws. The Privacy Act of 1974 requires all federal agencies that maintain a system of records to publish the details of such record systems in the Federal Register. The publication must describe the intended uses of the system, the policies and practices governing the records, and the procedures agencies must follow to give individuals access to their records. The E-Government Act of 2002 requires agencies to perform Privacy Impact Assessments (“PIA”). PIAs are required when “developing or procuring information technology that collects, maintains, or disseminates information that is in an identifiable form” or “initiating a new collection of information” that contains identifiable information. The USCG and DHS have not published a Systems of Record Notice (“SORN”), as required by the Privacy Act of 1974, or Privacy Impact Assessments (“PIA”), required by the E-Government Act of 2002, regarding the NAIS.

The boating community is also alarmed about the NAIS program. Ralph Naranjo, a widely regarded mariner, author, and former Vanderstar Chair at the U.S. Naval Academy, expressed dismay that “a sailor’s Good Samaritan effort to share location data will automatically enroll them in a data bank that tracks all of their movements.” In comments to the USCG regarding the agency’s dissemination of NAIS data, BoatU.S., “the nation’s largest organization of recreational boaters,” said that NAIS “raises questions as to who might wish to use [the] data and to what end,” and urged the agency to “narrowly confine the use of [the] data for safety and homeland security purposes.”

EPIC also has a strong interest in domestic surveillance. In 2013, EPIC sought—and later obtained—records revealing many of the capabilities of JLENS, a blimp-based U.S. Army surveillance system set to be deployed over Washington, DC. Also in 2013, EPIC testified before the Texas State Assembly on a privacy bill for telephone location data. EPIC's testimony discussed GPS tracking and the need for clear rules governing location surveillance that satisfy Fourth Amendment standards, as well as the importance of public reporting and accountability.

EPIC has a particular interest in the impact of new surveillance technologies that have the capacity to enable warrantless, pervasive mass surveillance of the public by law enforcement agents. Justice Sonia Sotomayor addressed pervasive government surveillance of the sort performed with NAIS in a concurring opinion in U.S. v. Jones. Justice Sotomayor agreed with Justice Alito's conclusion that "at the very least, 'longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.'" Justice Sotomayor went even further, noting that "cases involving even short-term monitoring ... require particular attention" because the "Government can store such records and efficiently mine them for information years into the future .... GPS monitoring is cheap ... proceeds surreptitiously, [and] it evades the ordinary checks that constrain abusive law enforcement practices: 'limited police resources and community hostility.'" Justice Sotomayor expressed concerns that the Government's use of such technology might chill "associational and expressive freedoms," and that it may be inappropriate to entrust "to the Executive, in the absence of any oversight from a coordinate branch, a tool so amenable to misuse." Finally, Justice Sotomayor addressed the most pressing issue threatening Fourth Amendment protections: the third party doctrine, which states that "an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties." Justice Sotomayor noted that "[t]his approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks."

Legal Documents (EPIC v. USCG et al., Case No. 15-1527)

EPIC’s Freedom of Information Act Request

On May 29, 2015, EPIC submitted a FOIA request seeking:

• All technical specifications, progress reports, and statements of work associated with the NAIS contract between the Department of Homeland Security/USCG and Northrop Grumman;
• All USCG policies and procedures for the collection, storage, analysis, use, retention, and deletion of data obtained through NAIS;
• All policies and procedures concerning the sharing of real-time NAIS data with other agencies, governments, non-governmental entities, and individuals;
• All records detailing the agencies, governments, non-governmental entities, and individuals with whom real-time data has been disclosed and how often it has been disclosed with them; and
• All civil rights & civil liberties impact assessments of NAIS, whether prepared by the Office for Civil Rights and Civil Liberties or another unit.

Freedom of Information Act Documents

• EPIC’s FOIA Request to the U.S. Coast Guard (May 29, 2015)
• EPIC’s FOIA Appeal to the U.S. Coast Guard (July 7, 2015)
• Documents Produced
• First Production (received Oct. 30, 2016)
• Information Sharing Policy
• Interface Design Description
• Operational Requirement Documents
• NAIS Information Recipients
• Privacy Impact Assessments (received Jan. 25, 2016)
• Third and Final Production (received Feb. 5, 2016)
• 2011 Progress Reports
• 2012 Progress Reports
• 2013 Progress Reports
• 2014 Progress Reports
• 2015 Progress Reports
• Technical Specifications

Privacy Act Documents

• System of Records Notice, Maritime Awareness Global Network (MAGNET), 73 FR 28143 (May 15, 2008).
• Final Rule for Privacy Act Exemptions, 73 FR 56924 (September 30, 2008).

News Items

• Linda Chiem, Privacy Watchdog Sues Coast Guard For Boat Monitoring Docs, Law360 (Sept. 21, 2015)
• Northrop Grumman Delivers Maritime Safety and Security System to U.S. Coast Guard, Nasdaq GlobeNewswire (July 23, 2012)
• Ralph Naranjo, Is AIS Chipping Away at Our Freedoms?, Practical Sailor (Feb. 2011)