The Department of Homeland Security Discloses How it Uses and Stores the Personal Information of Visa Applicants, Petitioners and Beneficiaries on the USCIS New Central Database

Data.jpgThe Department of Homeland Security, parent organization to the U.S. Citizenship and Immigration Service, has recently released a report that summarizes the technical methods for collection of data on visa applicants, petitioners and beneficiaries. The report summarizes the manner in which the USCIS collects and maintains data on all categories of immigration and naturalization applicants, including employment based petitioners, family based petitions, asylum and naturalization applications. This memo also breaks down the manner in which this information is used, including background checks for fraud, crimes of moral turpitude, and persons who are risks to public safety and national security.

All of the previously separate USCIS databases will be incorporated into Citizenship Immigration Data Repository (CIDR)

Citizenship Immigration Data Repository (CIDR) will unify all of the separate database that were used for different types of cases into one database. Prior to CIDR, databases for immigrants, asylums and naturalization candidates were kept in separate systems. Now, a USCIS officer will be able to search all of the immigration databases related to a particular person through one portal. Additionally, CIDR will allow USCIS officers to save searches. Finally, the CIDR system will save searches in a mirrored, classified format for use by the Department of Homeland security in case the DHS needs to investigate one of its own employees for fraudulent use of the system.

What does the USCIS use the information for?

The USCIS uses the information collected to perform background checks of the applicants and petitioners, for purposes of detecting internal fraud of its own employees, and for responding to requests for information about applicants and petitioners from various other governmental agencies. Information regarding visa petitioners, applicants and beneficiaries is cross referenced in the following ways:

  • FBI Fingerprint Background Check – Detects applicants who have an arrest record
  • FBI Name Check – Cross references the name given with law enforcement databases
  • TECS name check – Searches arrest records with focus on suspected terrorists, sex offenders and people of interest to the law enforcement community

The CIDR system is also a helpful tool for the USCIS to detect internal fraud in its own system. The CIDR system detects internal fraud in with a process that includes an alert made to the Chief Security Office, initial investigation and investigation of the research trail made by the USCIS employee in question that is saved in CIDR.
Finally, the CIDR system will be used in aiding the search for information regarding classified requests from other governmental agencies.

What are the privacy risks to the persons who the government has collected data on?

As the unified CIDR system is developed, a number of privacy risks have been identified and addressed in the DHS memo mentioned above. Firstly, there is a risk that in bringing together separate databases, each database with potential to contain information on the same individual, that the same individual will be created multiple times on the new database. Additionally, there is a risk that information on the wrong individual could be associated with another, different person in the data transfer. The USCIS plans to address this issue and correct any duplicative or erroneous data transfers on a case by case basis, reporting each error to tech support individually.
There is also the risk that the data collected may be used by law enforcement for inappropriate purposes. However, the USCIS is confident that the new system, which logs all searches, will reduce the use of immigration information by the government for inappropriate purposes. Previously all searches, whether classified or not, were conducted manually. There was no way to track who exactly had acceded the information. Now, all searches will be logged and any inappropriate viewing of an individual’s information will be tracked.

Retention of information

The USCIS has not stated how long it will retain information on individuals. The CIDR system will keep the log of a classified search request for five years.
Agencies that the DHS will share information with The USCIS shares an individual’s information on a need to know basis with other agencies under the DHS. These agencies include DHS Operations Center, Immigration and Customs Enforcement (ICE), CBP, U.S. Visitor and Immigrant Status Indicator Technology Program (US-VISIT). The DHS has stated that it will mitigate the risk of data being disclosed with other agencies that do not need the information through the CIDR system of controls. Additionally, DHS will mitigate misinterpretation of immigration data by providing other government agencies with a summary of the information that has been requested from an immigration perspective.

When information needs to be shared outside of the DHS, it is done on a classified network and need to know basis only. The DHS has reiterated that it does not share immigration information with other government agencies automatically.

Can an alien ask for access to the information on CIDR?

Aliens will not be permitted to obtain access to the information on the CIDR central system. However, FOIA requests may be made to get access to the information stored on the various systems that feed into CIDR. Additionally, requests to correct erroneous information within CIDR will not be entertained. However, if an alien needs to correct or update personal information, using the normal channels to do so should funnel into the CIDR database, which updates daily from information received on various documents asking for immigration benefits to corrections to errors informational errors, such as the I-102 form.