A U.S. Coast Guard Investigative Service (CGIS) records management service has not only been collecting data and information on its own personnel, but of other Federal employees and members of the public.
The Department of Homeland Security (DHS) publicly released a private document on Aug. 8 stating that CGIS’s web-cased electronic case records management system, known as the Field Activity Case Tracking System (FACTS), captures, relates, and analyzes “information about the professional investigative activities of CGIS special agents.”
However, the document also states that FACTS also “collects personally identifiable information (PII) from DHS personnel, employees of other Federal agencies and members of the public.”
CGIS initially created FACTS to centrally and digitally store information previously paper-based and geographically dispersed. The system “records all CGIS law enforcement actions and investigations, including activities supporting background investigations of CGIS applicants, internal affairs investigations and administration, and investigations resulting from complaints to the [DHS] Office of Inspector General.”
Despite the largely internal investigative purposes of CGIS’s operations and FACTS, the document said that the system maintains the following information on “Coast Guard military and civilian employees, merchant mariner personnel, and civilians”:
- Names, dates of birth, home addresses, email addresses, phone numbers, marital status and Social Security numbers;
- Phone call reports;
- Unique case IDs and case types;
- Physical characteristics– such as race or ethnicity– and biometric data;
- Military branch, status, and rank, as well as employee identification numbers;
- Forensic reports of investigation;
- IP addresses;
- Certificate and license numbers, driver’s licenses, state IDs, and passport information;
- Financial information;
- FBI case numbers and civil or criminal history information;
- Medical record information; and
- Training records, transportation worker identification credential numbers, and vessel or vehicle identifiers.
The document further highlighted that because FACTS data is entered on an ad hoc basis, “there is a risk that FACTS may contain more information than is necessary to meet the needs of a given investigation,” flagging that individuals’ information– whether pertinent to an investigation or not– may be collected and stored in FACTS.
Further, CGIS’s system has “a risk that individuals may not be aware their information is contained within FACTS or understand how the Coast Guard uses the information collected about them,” further underscoring the opaque nature of the system and how it not only collects information through lawful searches, but “other non-consensual means” as well.
Information on FACTS is also prone to “unauthorized access to or inappropriate use or disclosure of, information contained” in its database, making individuals’ data on the system vulnerable to breaches or other risks.