ICE July 2020 Production Brennan Center DHS FOIA Social Media Monitoring

From: ~b)(6); (b)(7)(C) I
Sent: 12 Jul 2019 12:48:44 +0000

To: l(b)(6); (b)(7)(C)
Subject: Criminal and Administrative Immigration LE SMOUT Update
Attachments: Criminal and Administrative Immigration LE (IGP 07 12 2019).docx
I have attached my most recent updates to the Criminal and Administrative Immigration LE SMOUT.
S:\PrivRecOff\PB\Projects & Offices\Social Media lssues\Social Media Templates SMOUTs\Criminal and
Administrative Immigration LE (ERO HSI OPLA)\SMOUT 2019
fo)(6): (b\(7\/C\ I
Privacy Compliance Specialist, CIPP/G
Information Governance and Privacy (IGP)
U.S. Immigration & Customs Enforcement
Direct: (202) 73 (b)(6):
Main: (202} 73 ( b )(6):
2020-ICLl-00023 544
From: kb)(6); (b)(7)(C) I
Sent: 29 Aug 2019 11:50:16 +0000
To: ~b)(6); I
Subject: ERO social media white paper
Attachme nts: OU White Paper - Unattributed Browser licenses 08022019 track changes -
8.29.19).doc
Good Morningl(b)(6}; I
Find enclosed t he w hite paper with our maior questions regarding ERO's social media use. Like we
discussed last week, rt doesn't actually talk about what they are trying to do operationally (the whole
point of the white paper). They've stated they want it for fugrtive ops, but there are some references in
the white paper for detainee ops. I see the purpose, I just genuinely don't know if detainee officers
have the authority to ihvestigate outside a facility. So the things we need OPLA to answer:
(b)(7}( E)
!f h V fl\ · f h \ f7\fr.\
Privacy Analyst, J.D., CIPP/US/G
Office of Information Governance and Privacy
U.S. Immigration and Customs Enforcement
Desk: 202-732~
Mobile: 202-87 (b)(~): _
Main: 202-732 b)(6);
2020-ICLl-00023 606
Homeland ICE OCISO & Privacy Office
Addendum to Testing Authorization
Security FRRBMD
Page 1 of14
ADDENDUM TO TESTING AUTHORIZATION
Use this form to propose a change to an approved Proposal to Use Real Data.for Testing Appropriate uses of this
form are to make discrete modifications to the scope of the original approved testing authorization, for example, to
extend the dates of testing authorization, to obtain a refresh of the data not originally authorized, or to make minor
changes to the scope of tlze test data or the purposes In the event the proposed changes are deemed significnnt by the
Privacy Office or OCISO, the program may be required to submit a new Proposal to Use Real Data for Testing
Project Name: Financial Reporting Repository (FRR) / Business Management

Dashboard (BMD)
Original Authorization Date: 10/12/2011
Request Submitter: j(b)(6); (b)(7)(C) ~ 202~
'"='":--::--;::===,-----------------'
732j(b)(6}; I
Submission Date: 0 8/15/2 015
DESCRIPTION:
This is an addendum to the FRR Proposal to Use Real Data for Testing. The original determination date for
this proposal was J0/12/20) l. A first addendum was approved on 3/24/20)5 requesting an e;xtension of
the testing to 07/18/2017. This addendum is to expand the existing testing proposal to include additional
datasets for Business Management Dashboard (BMD). This addendum is not requesting an extension of
the testing period.
b)(5)
Version date: January 29, 2015
2020-ICLl-00023 614
Homeland ICE OCI SO & Pr ivacy Office
Security FRRBMD
Page 3 o/14
DETERMINATION
(To be completed by the ICE Privacy Office and OCIO IAD)
Privacy Office Reviewer: {b)(6}; {b)(? }(C) De termination Date: 09/11/2015

TAD Reviewer:
D Use of real or obscwed/masked data is not authorized testing may proceed using .utificial data
only
D Use of obscured/masked data is authorized, subject to any conditions below
~ A combination of real, unaltered data and/or obscured/masked data is authorized, subject to
any conditions below
D Use of real, unaltered data is authorized, subject to any conditions below
D Creation of a test dataset for long-term use is authorized, subject to any conditions below
CONDITIONS
~ Authorization is limited to the dataset as described in this questionnaire and accompanying

documentation. Any proposed expansion of the dataset, jn terms of the PII or the number or
sources of records for the test data, must be approved by the ICE Privacy Office & IAO
D All environments used for testing must have a valid Security Authorization (SA)
D Before testing begins, SA must be completed for these environments:
D Testing is authorized in a vendor environment that has a valid SA
~ Testing is not authorized in a vendor environment
D Additional data fields must be obscured or removed as specified below:
~ Upon completion of testing, test data must be destroyed and a certificate of destruction
completed and returned to the ICE Privacy Office by 8/1/2017 or D
no date specified
~ Authorization to use the test data described in the section above expires on 7/18/2017
Authorization must be renewed for testing to continue
~ The minimum level of suitability for test personnel is Public Trust (6C)
D Additional controls must be implemented, as follows:
~ Other conditions:
(1) OCIO Stakeholders and the ISSO will support scheduled risk assessments by IAD in bo th the
PCN Data Center and the subnet of FRR a nd BMD testing and development environments .
(2) While refreshin g the BMD datasets is authorized, this authorization is limi ted to the d ata.set
as defined at the time of this authorization. If any changes are made to the d atasets, s uch as
adding new d ata fields, th ose changes must first be coordrnated w ith the IAD and the ICE
Privacy Office before the test d ataset in datasets m ay be changed.
Versio n date: January 29, 2015
2020-ICLl-00023 61'6
Security FRRBMD
Page 4 o/14
(3) The project shall track the " test data must be destroyed" and "authorization to use the test
data" dates as an integral part of the project's schedule management
(4) Any requests for extension shall be referred to the ICE Privacy Office for review and
approval; change requests should be presented to the ICE Privacy Office by 06/06/2017; 6-
weeks prior to expiration of the authorized extension period defined in the condition section
above.
2020-ICLl-00023 617
Security FRRBMD
Page 5 o/14
ATTACH MENT A: LIST OF NEW DA TA FIELDS FOR TESTING
Data
Column N ame Comment
Source
b)(?)(E) The most current record if multiple records exist in an upload
The number corresponding to the pay period for which this document is
being processed
The century the pay period begins for the related record
The century the pay period begins processing for the related record
The Year the Pay period begins processing for the related record
The. code that identifies the type of action being processed

The surname by which the employee is known or designated on all official
transactions; This record is required to validate the connection linking the
employee to the appropriate detail position record
The employee's given name; This field is obfuscated and will not be displayed
in the non-production data set
The employee's middle name or initial; This field is obfuscated and will not
be displayed in the non-production data set
Number of characters for employee middle name
The gender of the employee

The date of employee's birth
The century of employee's birth
The year of employee's birth
The month of employee's birth
The day of employee's birth
Levels 06, 10, 13 or higher information is needed in positions 503-508
(Instructional Program), 624-627 (Date Degree Cert)
This code indicates whether or not the employee is entitled to veteran
preference based on military service that terminated honorably; This is used
in determining retention rights for RIF actions and procedural rights in
appeal cases, as in other areas where veteran preference if pertinent
The previous agency when an employee moves to another agency within the
same dept
The retention group (for reduction in force purposes) in which an employee
is placed, based on the type of appointment
The date from which services for annual leave ea ming and/or length of
service purposes is computed
The century year from which services for annual leave earning and/or length
of service purposes is computed
The year from which services for annual leave earning and/or length of
The calendar month from which services for annual leave earning and/or
length of service purposes is computed
The day from which services for annual leave earning and/or length of
This manages the order of records if multiple NOAC records exist within the
2020-ICLl-00023 618
Security FRRBMD
Page 6 of14
Data
Col umn Name Comment
Source I
b}(?)(E) same pay period
This is the first NOAC of an employee record
This is the second NOAC of an employee record
The not to exceed date shown on the personnel action (eg, appointments,
non pay status, etc)
The not to exceed century shown on the personnel action (eg, appointments,
The not to exceed year shown on the personnel action (eg, appointments,
The not to exceed month shown on the personnel action (eg, appointments,
The not to exceed day shown on the personnel action (eg, appointments,
The time basis an employee is scheduled to work
The effective date of the personnel action identified by the NOAC
The effective century of personnel data
The effective year of personnel data
The effective month of personnel data
The effective day of personnel data
The federal department that an employee is transferring from; or identify

the prior status of an employee who is transferring from an entity other than
another federal department
The federal department code that an employee is transferring from; or
identify the prior status of an employee who is transferring from an entity
other than another federal department
Provides by means of identifying, if the appointment is subject to limitation;
This code is utilized by the computer in its routines, which audits the
completeness and accuracy of data with respect to those appointments with
limitations; This code is one of the controlling factors for reporting
employees on the notification of expiration
The fixed hour amount of the appointment limitation
The fixed' number of days of the appointment limitation
The date on which the employee's service year begins
The century on which the employee's service year begins
The year on which the employee's service year begins
The month on which the employee's service year begins
The day on which the employee's service year begins
2020-IC Ll-00023 619

Security FRRBMD
Pa.ge 7 of14
Data
II Column Name Comment
Source I
b)(7)(E) A description of the official or classification title of the employee's position
The individual position number the employee is occupying
A code to indicate the nature of managerial, supervisory or non-supervisory
responsibility assigned to a position
A number assigned by the agency to identify the master record that is
connected to like individual positions
Race indicator from the employee text file This field is required to validate
employee workforce statistics
The first law, executive order, rule, regulation, or other basis that identifies
the legal authority for the first nature of action code that authorizes the
appointing officer to effect a personnel action on an employee
The second law, executive order, rule, regulation, or other basis that
identifies the legal authority for the first nature of action code that
authorizes the appointing officer to effect a personnel action on an
employee
The first law, executive order, rule, regulation, or other basis that identifies
the legal authority for the second nature of acti on code that authorizes the
appointing officer to effect a personnel action on an employee
The second law, executive order, rule, regulation, or other basis that
identifies the legal authority for the second nature of action code that
authorizes the appointing officer to effect a personnel action on an
employee
Describes the organizational or working title of the employee's position as
determined from the official or classification title
The agency assigned code established for the organizational structure
The pay basis for the salary the employee is receiving for the position held
The occupational series code the employee will retain during the period of
grade retention
Indicates the task to be performed by the employee
The grade as provided under the pay plan for the position
A specific salary within a grade, level, class, rank, or pay band
Identifies whether the employee is receiving a rate of pay other than the
regular rate for the position, and, if so, to identify the .legal and/or regulatory
basis therefore
The state or country where the position is located
The city code where the position is located
The county code where the position is located
The date when service creditable for retirement purpose:; began
The century when service creditable for retirement purposes began
The year when service creditable for retirement purposes began
The month when service creditable for retirement purposes began
The day when service creditable for retirement purposes began
The employee's service computation date for reduction -in-force {RIF)
purposes
The employee's service computation century for reduction -in-force {RIF)
purposes
The employee's service computation year for reduction -in-force (RIF)
Version date : January 29, 2015
2020-ICLl-00023 620
Security FRRBMD
Page 8 of14
Data
Column Name Comment
Source
(b)(?)(E) purposes
The employee's service computation month for reduction-in-force (RIF)
purposes
The employee's service computation day for reduction-in -force (RIF)
purposes
The date from which service is to be credited toward the employee's next
w ithin grade salary increase
The century from which service is to be credited toward the employee's next
The year from which service is to be credited toward the employee's next
The month from which service is to be credited toward the employee's next
wi thin grade salary increase
The day from which service is to be credited toward the employee's next
The starting date for the supervisory/managerial probationary period, or for
SES probationary period
The starting century for the supervisory/managerial probationary period, or
for SES probationary period
The starting year for the supervisory/managerial probationary period, or for
The starting month for the supervisory/managerial probationary period, or
for SES probationary period
The starting day for the supervisory/managerial probationary period, orfor
Indicates if the employee's position is in the competitive service, excepted
service, or Senior Executive Service
Indicates whether an employee is eligible for coverage by a bargaining unit,
and if covered, the specific bargaining unit
Identifies whether the employee is receiving retired or retained pay from
previous civilian or military service
Indicates whether the employee i s in a special employment program
Indicates, for budgetary purposes, whether the individual position is
permanent
Identifies whether the employee's appointment is subject to completion of a
year probationary (or trial) period and to show the commencing date of the
probationary period
Identifies commencing century of a probationary period, if any
Identifies commencing year of a probationary period, if any
Identifies commenc1ng month of a probationary period, if any
Identifies commencing day of a probationary peri od, if any
The date when the employee was most recently assigned to the current
grade
Version date : January 29, 2015
2020-ICLl-00023 621
Security FRRBMD
Page 9 of14
Data
Column Name Comment
Source I
b}(?)(E) The century when the employee was most recently assigned to the current
grade
The year when the employee was most recently assigned to the current
grade
The month when the employee was most recently assigned to the current
grade
The day when the employee was most recently assigned to the current grade
Identifies whether the employee is a veteran who served during the Vietnam
Era (8/6/64-5/7/75)
lndicates1f the action is to correct the employee's name
The number of hours a part-time employee is scheduled to work per pay
period
The type of appointment the employee has accepted
Identifies employees as belonging to a special category of pay processing not
accommodated in any other part of the Payroll/Personnel System; This code
enables certain operations to be performed which would not otherwise be
applicable to this type of employee
Identifies whether the employee is entitled to receive a cost of living
allowance (COLA) and/or post differential, in addition to the base salary
The monetary amount to be deducted - either per day or per period - from
the salary of an employee who is being furnished quarters, utilities, etc ("in
kind allowances")
Identifies whether the quarters deduction amount is to be a taxable/tax
exempt per day or per pay period deduction
Indicates whether the minimum pay and overtime provisions of the Fair
Labor Standards Act cover employee
Indicates the accounting station an employee is assigned to
Identifies the office an employee is assigned to

Identifies the number of AUO hours for an employee
Identifies the percent of AUO hours for an employee
Identifies the status of an employee
Identifies the accounting distribution for an employee
The first position of the accounting data, which represents the fiscal year
Appropriation to which the expenses are to be charged
Accounting levels to which the expenses are to be charged
Indicates what, if any, access personnel action was taken for this record
The date the personnel action is valid
The century the personnel action is valid
The year the personnel action is valid
The month the personnel action is valid
2020-ICLl-00023 622
Security FRRBMD
Page 10 of14
Data
Column Name Comment
Source I
b)(7)(E)
The day the personnel action is valid
The first 5 digrts of the employee's residence address zip code

The last 4 digits of the employee's residence address zip code
The employee's current military status
The employees EOD to agency date
The employees EOD to agency century
The employees EOD to agency year
The employees EOD to agency month
The employees EOD to agency day

The wage area the employee is assigned for location pay
The employee's location code
The employee's current status
The not to exceed date, if any, for the employees appointment
The not to exceed century for the employees appointment
The not to exceed year for the employees appointment
The not to exceed month for the employees appointment
The not to exceed day for the employees appointment
The nature of action code for an employee appointment

The code of the building an employee is assigned access to
The pay period the employee was granteq access
The authorizing code granting an employee access
The date an employee was granted access
The century an employee was granted access
The year an employee was granted access
The month an employee was granted access
The day an employee was granted access
The primary authorizer
The secondary authorizer
The requirement code for an employee identifying the retirement status of
an employee
The payment status code of the record for this employee
The last pay period an employee was paid
The begin date of the last pay period an employee was paid
The begin century of the last pay period an employee was pafd
The begin year of the last pay period an employee was paid
The begin month of the last pay period an employee was paid
2020-ICLl-00023 623
Addendum to Tes ting Authorization
Security FRRBMD
Page 11 o/14
Data
Col umn Name Comment
Source
b)(?)(E)
The begin day of the last pay period an employee was paid
The pay period a separation, if any, was processed

The century of the pay period a separation; if any, was processed
The year of the pay period a separation, if any was processed
Indicator to determine if the employee is allowed a quarterly amount review
Indicator to determine if the employee is allowed a quarterly rate review
Indicator to determine if the employee is allowed COLA increases

The HB plan assigned to an employee
The HB plan option assigned to an employee
The employee's current administrative leave balance
The employee's current sick leave balance
The employee's YTD adml nistrative leave used
The employee's YTD sick leave accrued
The employee's YTD sick leave used
The employee's YTD balance of comp time earned
The employee's YTD balance of comp time used
The employee's YTD admin hours used
The employee's YTD Military hours used

The employee's YTD Military days used
The employee's intern days used
The number of days an employee has completed of any assigned probation
The number of days until an employee reaches tenure for c-level
The time basis on whlch an employee is. scheduled to work Refers to type of
employment
The Office a detailed employee is assigned
The pay plan a detailed employee is assigned
The series a detail employee is assigned
The detail organization structure a detailed employee is assigned
Positions, which can be filled only by Presidential appointment with approval

of the Senate
A flag indicating an SFS0 was cut for an employee
Identifies the administrative or organizational title of a position
The order any consecutive detail records should be ordered
The MRN detail to which an employee is assigned

The department a detailed employee is assigned
The agency a detailed employee is assigned
The detail position number a detail employee is assigned
2020-ICLl-00023 624
Security FRRBMD
Page 12 of14
Data
Column Name Comment
Source I
b)(?)(E) The grade a detailed employee is assigned
The date a detailed is expected to expire
The century a detail is expected to expire
The year a detail is expected to expire
The month a detail is expected to expire
The day a detail is expected to expire
The alternate work schedule an employee is assigned

The earning limit code assigned to an employee
The appointment days worked by an appointed employee
The calendar days worked by an appointed employee
Identifies one of the seven major categories of an occupational series
Identifies if the AUO designation of employee changed
ldentlfies the projected amount of AUO used by the employee

The Com level code assigned to an employee
The number of days an employee worked on the payroll for this pay period
The date of the last AUO status change for the employee
The century of the last AUO status change for the employee
The year of the last AUO status change for the employee
The month of the last AUO status change for the employee
The day of the last AUO status change for the employee
The targeted date for promotion of an employee
The targeted centu ry for promotion of an employee
The targeted year for promotion of an employee
The targeted month for promotion of an employee
The targeted day for promotion of an employee
The base salary of an employee

The date an appointment is made effective
The century an appointment is made effective
The year an appointment is made effective
2020-ICLl-00023 625
Security FRRBMD
Page 13 o/14
Data
Column Name Comment
Source
b )(?)(E)
The month an appointment is made effective
The day an appointment is made effective

The date an employee is assigned to a position
The century an employee is assigned to a position
The year an employee is assigned to a position
The month an employee is assigned to a position
The day an employee is assigned to a position
The amount of YTD gross pay paid to the employee

This indicator is used by the agency to determine an employee is currently
active
This indicates if the employee has reached a position or compensation ceiling
This is the salutation title for an employee
This is the suffix for an employee name
This is a prefix for an employee name
This is the rate schedule salary that is adjusted for location based pay
This is the schedule salary per OPM guidance
This is the location code identifier for the location the employee is paid for
The is the percent schedule salary that is adjusted for location based pay
This is the amount of base pay paid to the employee
Indicates if a record is active or inactive
The target grade for the position
Indicated authorization for an appointment
Identifies those individual positions classified as Law Enforcement under the
Federal Employee Pay Comparability Act of 1990 (FEPCA)
The amount of administrative leave accrued year to date
The appointment limit total days
The appointment days remaining until limit is met
The number of calendar days elapsed since the employees tenure career
began
The date of an employee's last 6c investigation
The century of an employee's last 6c investigation
The year of an employee's last 6c investigation
The month of an employee's last 6c investigation
The day of an employee's last 6c investigation
The pay table assigned to an employee
The employees locality code
The date a point of increase was entered
The century a point of increase was entered
The year a point of increase was entered
2020-ICLl-00023 626
Security FRR BMD
Page 14 o/14
Da ta
Col umn Name Comme nt
Source
b)(?)(E)
The month a point of increase was entered
The day a point of increase was entered
The access type for a separated employee, if any
The fund type the employee is paid from

The amount per unit paid to an employee. This field is combined with hours
to determine the amount paid by object class
The object class assigned the detailed payroll transaction
The number of units paid to an employee. This field combined with amount
determines the amount paid by object class
The employee name associated with the payroll file
2020-ICLl-00023 627
From: kb)(6): (b)(7\(C)
Sent: 6 Nov 2019 16:06:20 +0000
To: l(b)(6); (b)(?)(C)I
Subject: FW: **DUE AT 12:30 - CONFIRM RECEIPT**FW: Review and Comment -P-
109932- U.S. Senator Kamala Harris writes to ICE re: Detainee Death at Otay Mesa Detention Center
ICATT:0045277
Attachments: 109932-11.05-Draft response to Sen Harris re death notifications (IGP
11.6.19).docx
Hey~(b)(6);
Find enclosed a tasker for your review. It's probably something you would want to look at. Basically
the question is if we are allowed to release information to next of kin when a detainee dies. I didn't see
a RU for next of kin, but I figure the privacy act doesn't apply to dead people, so we can release
anyways. Find enclosed my draft response.
Best,
Mobile: 202-870~(b)(6); l
FromJ b)/6\: (b)(7\(C\
Sent : Wednesday, November 6, 2019 10:37 AM
To:l(b)(6): {b){7){C)
l(b)(6\: (b)(7)(C\
Cc:Kb)(6); (b)(?)(C}
l(b)(6); (b)(7)(C)
Subje ct: RE: **DUE AT 12:30 - CONFIRM RECEIPT**FW: Review and Comment -P-109932- U.S. Senator
Kamala Harris writes to ICE re: Detainee Death at Otay Mesa Detention Cent er ICATT:0045277
Hey guys - just want to make sure someone's going to take this. Please let me know ASAP, due at
1230pm.
Best,
kb\(6): (b\(7)(C) I
Desk: 202-732~(b){6\I
fb)(6); (b)(7)(C)
From:kb)(6): (b)(?)(C)
Se nt: Wednesday, November 6, 2019 9:43 AM
To: kb)(6): (b)(7\(C)
l(b)(6); (b)(7)(C)
Cc: (b}(6); (b}(7) C)
(b)(6); (b)(?)(C)
Subje ct: **DUE AT 12:30 - CONFIRM RECEIPT**FW: Review and Comment -P-109932- U.S. Senator
2020-ICLl-00023 628
Kamala Harris writes to ICE re: Detainee Death at Otay Mesa Detention Center ICATT:0045277
Importance: High
Good Morning:
Tasking CL-Cor-P-109932 has been received by IGP. Please find a brief of the tasking below. '*NOTE:
PLEASE CONFIRM RECEIPT AND SPECIFY WHO WILL BE TAKING THE LEAD ON THIS TASKER. **
Folder: CL-Cor-P-109932
Received Date: 11/6/2019

Due Date: Wednesday 11/6/2019 12:30 PM
Clearance Level: Standard

IGP Assignees: Privacy
Tasking Description: U.S. Senator Kamala Harris writes to ICE re: Detainee Death at Otay
Mesa Detention Center
Tasking Request : Good morning, IGP:
Please review the following documents and clear NLT Wed. 11/6/19 at
12:30 p.m. EST:
"109932 Cover Letter.docx"
"109932-11.05-Draft response to Sen Harris re death

notifications.doe><''
To preserve version integrity, please do not change the file names.

Previous Assignees: ERO Corr
Current ICE Assignees: IGP
Additional Information: Additional documents attached for background purposes. This was
tasked to ERO, to "review the incoming email from Senator Kamala
Harris' s office regarding a recent detainee death at Otay Mesa
Detention Center."
Access Files: CL-Cor-P-109932 Assigned To I GP
Best,
kb)(6); (b)(7)(C)
Desk: 202-732 b)(6};
b)(6); (b)(7)(C)
2020-ICLl-00023 629
From: !CATT.Alert {b)(6}; (b)(7)(C)
Sent: Wednesday, November 6, 2019 9:28 AM
To: #ICEIGPTaskings ~.....
(b_)(_6)_; (_b_)(7
_)_(C_) _ _ _ ___.
Subject: Review and Comment -P-109932- U.S. Senator Kamala Harris writes to ICE re: Detainee Death
at Otay Mesa Detention Center ICATT:0045277
Hello IGP,
A Clearance has been assigned to you. Please accept in 1 day
Clearance Name: CL-Cor-P-109932 Assigned To IGP
Due Date: 11/06/2019 03:00 PM Eastern
Instructions:
Good morning , I GP:
Please r eview the fo l lowing documents and c l ear NLT Wed . 1 1/6/1 9 at
3 p . m . EST :
"109932 Cove r Letter . docx u
" 109932-11 . 05-Dra f t response to Se n Harris re death

notifications . docxu
To preserve version integrity , please do not change the file names .
Thank you .
Thank you.
2020-ICLl-00023 630
U.S. IMM IGRATION AND CUSTOMS E NFORCEMENT
U.S. Immigration and Customs Enforcement (b)(5)

Response to Senator Kamala Harris
October 24, 2019
b)(5)
ii....!- - - - - - - - - - - -~
i I
l,' ':'
I '
' J
I '
I
i
I
I
i
I
I
I
i
I
I
FOR Q.fl4Cbt.,L US.Ii: Q~lb¥ 11 I. r\ \~1 FNEQRCFMFNJ'

SENSITIVE
2020-ICLl-00023 631
From: Kb)(6); (b)(?)(C)
Sent: 14 Nov 2019 18:13:14 +0000
To: ~b)(6): (b)(7)(C) I
Subject: Appendix B matters
Attachments: 2019 DRAFT Media Release Memo (IGP 10 02 2019) CLEAN.docx
Here's the latest guideline on Appendix B, which is towards the end.
~b)(6); (b)(?)(C) I
Privacy Analyst
Immigration and Customs Enforcement
U.S. Department of Homeland Security
Desk: 202-73 b )(6);
Mobile: 202-897 (b)(6):
Main: 202-732 b)(6);
ft,. ',..,,,
2020-ICLl-00023 703
Homeland The Piivacy Ofticc
U.S. D<p11r1ment of Humelund Secun1y
Security WaBhing1on, DC 20528

103.235 (b)(6);
www. · H;.gov pnvac-y
Version date : .June 12, 2012

Page I of 8
OHS OPERATIONAL USE OF SOCIAL MEDIA

This template is used to assess the Departmen t's Ope ration al Use of Social Media,
consistent with Management Directi ve 110-01.
The OHS Privacy Office has created this template to determine privacy compliance with
Management Directive 110-01, Privacy Policy for Operatio11al Use of Social Media. For the purposes of tht:?
Management Directive and this template, ''Operational Use" means authorized use of social media to
collect personally identifiable information for the purpose of enhancing situational awareness,
investigating an individual in a criminal, civil, or administrative context, making a benefit determination
about a person, making a personnel determination about a Department employee, making a suitability
determination about a prospective Department employee, or for any other official Department purpose
that has the potential to affect the rights, privileges, or benefits of an individual. Operational use does n ot
.include the use of search engines for general Internet research, nor does it include the use of social media
for professional development such as training and continuing education or for facilitating internal
meetings. The following uses of social media are exempt from the Management Directive and are not
subject- to this requirement1:
a) Communications and outreach with the public authorized by the Office of Public Affairs
(covered by the existing PIAs: DI-IS/ALL/PIA-031 - Use of Social Networking Interactions
and Applications Communications/Outreach/Public Dialogue and DHS/ALL/PIA-036 -
Use of Unidirectional Social Media Applications);
b) The conduct of authorized inte lligence activities carried out by the Office of Intelligence
and Analysis, the intelligence and counterintelligence elements of the United States
Coast Guard, or any other Component perform.mg authorized foreign intelligence or
cou11terintellige11ce functions, in accorda11ce w ith the provisions of Executive Order
12333, as amended.
This template shall be used to document the process to be followed by all programs engaging in
ope.rational uses of social media~ to identify information technology systems, technologies, .rulemakings,
programs, or pilot projects that involve Pll and other activities that otherwise impact the privacy of
individuals as determined by the Chief Privacy Officer; and to assess whether there is a need for
additional Privacy Compliance Documentation. Components may appeal to the Deputy Secretary for
Homeland Security if there is disagreement over the OHS Privacy Office determination of privacy
complian ce for the operational use of social media.
• Gathering infonnalion by the Office of Operations Coordination and Pla1rning (OPS) to enhance situational awareness is exempt
from this requirement and is covered by the existing PIA; DHS/O PS/PIA-004/d \ · Publicly Avai lable Social Media Monjtming an d
Situational Awa reness Initiative Update.
2020-ICLl-00023 714
Homeland The Piivacy O fticc
Security Wa.~hing1on. DC 20528

703-235f(h \ (6 \·
www.dhs.gov/pl'ivacy
Version date: .June 12, 2012

Page 2 of 8

Please complete this form and send it to your Component Privacy Officer.
Upon receipt, your Component Privacy Officer and the OHS Privacy Office will review this
form and may request additional information.
SUMMARY INFORMATION
Date s ubmitted for review:

Name of Component: U.S. l mmigration and Customs Enforcement
Contact Information¥b)(6); (b)(7)(C) !Deputy Privacy Officer, (202) 732 j(b)(6); I

Kb_)_(6_);_ _~1Chief of Labor and Employment Law Divi sion
Counsel2 Contact Information:~
IT System(s) where social media data is stored: Gene.ral. Cotmse.l Electroni.c Management
System (GEMS), Joint Integrity Case Management System (JICMS), and Personnel Secu.rity
Activities Management System (PSAMS)/l ntegrated Security Management System (lSMS).
Applicable Privacy Impact Assessment(s) (PIA):
DHS/ICE/PTA-002(a) - General Counsel Electronic Management System (GEMS)
OHS/ ALL/PfA-00l(a) - Personnel Security Activities Management System

(PSAMS)/Integrated Security Management System (ISMS)
Applicable System of Records Notice(s) (SORN):
DHS/ALL-023 - OHS Personnel Security Management Records (PSAMS)
DHS/ICE-003 - General Counsel Electronic Management System (GEMS)
DHS/ALL-020 - DHS Internal Affairs Records
DHS/ALL-017 - DHS General Legal Records
1Counsel listed here mu.st certify that appropriate a uthority exists to engage in pa rticular operational activities involving social
media.
2020-ICLl-00023 715
Homeland The P,ivncy Ofti cc
U.S. D"f'11r1menl of Hmnelund Securhy
Security 103.23
W~., hingron. DC 20528
(b )(6);
www. is.gov pnvac-y
Version date: June 12, 2012

Page 3 of 8
SPECfFlC QUESTIONS
1. Describe the category of use for collecting personally identifiable information from social
media sources. Examples include: law enforcement intelligence, criminal investigations,
background investigations, administrative investigations, professional responsibility
investigations, benefit or empfoyment determinations1 oc situational awareness. If use does
not fit into one of these categories, please describe in full below. If your component has
multiple categories of use, please submit separate template for each category.
As the definition of social media in the OHS Instruction 110-01-001 Pri1.1acy Policy for the
Operational Use of Social Media (Privacy J:'olicy) is drafted broadly so as to likely include
general use of the Internet and as social m edia technology is ever changing and evolving, this
submission addresses ICE's use of the Internet, to include social media as defined in the
Privacy Policy.
TCE u ses the Internet, including social media, as defined in the Privacy Policy, for
administrative law enforcement purposes in an internal affairs context. This administrative
law enforcement use of the Internet, including social media, includes assisting in
investigating, gathering evidence, and gathering information on improper or potentially
improper activity by ICE or CBP employees or contractors.
This u se of the Internet, including social media, involves activities to gather infonnation such
as Internet searches, reviewing social media sites, monitoring chat rooms, and reviewing
comments posted on websites. This information is gathered and used by ICE agents,
attorneys, and support personnel in the same manner as information gathered from non-
Internet and non-social media sources such as i.nformation gathered in person, on the phone,
or through research of hard copy documents. Information gathered in this fashion may be
used in administrative investigations of employees or contractors of ICE and CBP.
2. Based on the operational use of social media listed above, please provide the appropriate
authorities.
• Ins pector General Act o f 1978, as amended. (Pub. L, 95-452, 92 Stat 1101 (1978)
• Homeland Secudty Act of 2002, as amended, Pub. L No. 107-296, 116 Stat. 2135 (2002)
• OHS Management Directive 0810.1, The Office of Inspector General
• OHS Delegation No. 7030.2, Delegation of Authority to the Assistant Secretary of U.S
a) Has Counsel listed above reviewed these authorities for privacy issues and
determined that they permit the Program to use social media for the listed operational
use?
cgjYes. ONo .
2020-ICLl-00023 716
Homeland The P,ivncy Ofticc
U.S. D<p11r1menl of Homelund se-,uritY
Security W~shingron. DC 2052~

703-235!fh ,rn,-
www.dhs.gov/plivacy
I

Page 4 of 8
3. ls this use of social media in development or operational?

D ln development. 1:8] Operational. Date first launched: lJnknown.
The InteTnet has been in use at ICE's legacy agencies since it was publicly available.
4. Please attach a copy of the Rules of Behavior that outline the requirements below.
See Memorandum from John Morton, Use of Public and Non-Public Online Information, June 28,
2012.
5. Please describe the Rules of Behavior in effect for the listed operational use of social media. If
users do NOT follow a particular Rule, please detail reasoning for not following that Rule:
a) Equipme11t. Use only government-issued equipment when engaging in the operationaJ
use of social media;
OYes. 1:8] No. If not, please explain:
The nature of adminish·ative law enforcement investigations may require
investigators to use non-government-issued equipment when engaging in
investigations. Investigators a t times find themselves in rapidly evolving situations
in the field that call for the use of adaptive measures. fn situations where
government-issued equipment is either not available, or is technologically
insufficient to perform the requiT-ed task at hand, investigators may need to rely on
non-government-issued equipment. However, ICE is currently working to provide
government-issued equipment so as to not requiTe the use of non-government-issued
equipment in these circumstances.
b) Email and accounts. Use onli.ne screen names or identities that ind icate an official DHS
affiliation and use DHS email addresses to open accounts used when engaging in social
media in the performance of their duties;
Because the activities described in Question 1 are for administrative law enforcement
purposes in an internal affairs context, the employees who engage in these activities will
not identify themselves as ICE or OHS personnel, or law enforcement personnel. This is
necessary to ensure the safety of law enforcement personnel, to avoid compromising law
enforcement operations, to prevent tipping off individuals who are sought by law
enforcement for violations of law, and to prevent disclosing litigation strategy and
tactics.
2020-ICLl-00023 717
U.S. D<p11r1ment of Hornelund Setur11y
Security Wa,qhingron. DC 20528

703-235-k b \/6 \:
!
Page 5 of 8
c} Public interaction. Access publicly available information th.rough sociaJ media only by
reviewing posted information without interacting with any individual who posted the
information;
IZ]Yes. D No. If not, p lease explain:
d) Pr-ivaci; settings. Respect individuals' pr•ivacy settings and access only information that is
publicly available;
0Yes. [gj No. If not, please explain:
Law enforcement personnel may not access restricted online sources or facilities absent
legal authority permitting entry into private space. Where legal authority exists, law
enforcement personnel may access restricted online information.
e) Pll collection: Collect the minimum Pll necessary for the proper performance of their
authorized duties except for systems subject to Final Rules for Exemption from certain
aspects of the Privacy Act;
0Yes. IZ] No. If not, p lease explain:
The applicable SORNs cited above are all exempted by Final Rules from the Privacy Act
(e)(1) requirement (5 U.S.C. § 552a(e)(1)), which normally limits agencies to collecting
only information about individuals that is relevant and necessary to accomplish a
purpose of the agency required by statute or Executive Order. The exemption from the
(e)(l) requirement is necessary to ensure the integrity oflaw enforcement investigations,
as more fully detailed in the Final Rules.
f) Pll safeguards. Protect PU as required by the Privacy Act (if applicable) and DHS privacy
policy;
IZ] Yes. D No. If not, please explain:

g) Documentation. Document operational use of social media, including date, site(s)
accessed, information collected and how it was used.
0Yes. ~ No. If not, please explain:
ICE's rules of behavior state that law enforcement personnel should retain the
information they access on the Internet, including social media, if they would have
retained that content had it been written on paper. These contents should be preserved
in a manner authorized by ICE procedures governing the preservation of electronic
communications.
2020-ICLl-00023 718
U.S. Depurtment of Homelund Security
Security Wa,qhin ton, DC 20528

103.235. b)(6 );
www. .is.gov pnvacy

Page 6 of 8
h) Traiuing. Users complete annual p1ivacy training which has been approved by
Component Privacy Officer (or Privacy Point of Contact) based upon h·aining materials
provided by the OHS Privacy Office. Training must include, at minimum: legal
authorities, acceptable operational uses of social media, access requirements, and
requirements for documenting operational uses of social media.
~Yes. D No. If not, please explain:
D Yes, employees sell-certify that they have read and understood their Component
Rules of Behavior.
~ Yes, Component Privacy Officers or PPOCs maintain a record of employee

attendance at privacy training that includes training on the Rules of BehavlOl'.
0 No. If not, please explain:
2020-ICLl-00023 719
Homeland The P,ivncy O fticc
Security Wa,qhingron. DC 20528

703-m •kh \ /n\·
www.dh;.gov/ptivacy

Page 7 of 8
OHS SOCIAL MEDIA DOCUMENTATION

(To be Completed by the OHS Privacy Office)
DATE reviewe d by th e OHS Privacy O ffice: 11/6/2012
NAME o f the OHS Privacy O ffic e Reviewer:~b)(6); (b)(7)(C)
OHS Privacy Of fice D etermination

~ Program has m e t requirements to u se social me dia for the stated authorized
operational purposes, and must continue compliance with the requirements above ,
D Program has not yet met requ irements to u tili ze social media for operational
purposes.
D Program authorities do not authorize operational use of social media.
D Rules of Behavior do not comply. <Please explain analysis.>
D Training required.
Additional Privacy compliance documentation is required:
~APIA js required.
~ Covered by existing PIA.
DHS/lCE/PlA-002(a) - General Counsel Electronic Management System

(GEMS)
DHS/ALL/PIA-001(a)- P ersonne l Security Activities Managemen t

System (PSAMS)/Integrated Security Management System (ISMS)
D New.
D Updated. <Please include the name and number of PIA to be updated
here.>
~ A SORN is required:
[gJ Covered by existing SORN.
Applicabl e Sys tem of Records N otice(s ) (SORN ):
DHS/ALL-023 - O H S Personnel Security Management Records (PSAMS)
2020-ICLl-00023 720
Homeland The Piivncy Office
U.S. Depurtment l>f Homelund Security
Security Washington, DC 20528

703-235!(b )(6 ):
www.dhs.gov/privacy
I
Page 8 of 8
DHS/lC E-003 - General Counsel Electronic Management System (GEMS)
OHS/ ALL-020 - OHS Tnterna l Affairs Records
OHS/ ALL-017 - OHS Genera l Lega l Records

D New.
D Updated. <Please include the name and number of SORN to be updated
here.>
OHS PRIVACY OFFICE COMMENTS

b)(5)
2020-ICLl-00023 721
Homeland The Piivncy O fticc
U.S. D<p11r1ment of Humelund Securi1y
Security W,i.~hing1on, DC 20528

703-23H h \ {R \·
www.dhs.gov/privacy
!

Page 1 of
11
DHS OPERATIONAL USE OF SOCIAL MEDIA

This template is used to assess the D epartment's Operational Use of Social Media,
Management Directive 110-01, Privacy Polie1; for Operational Use of Social Media. For the purposes of the
collect personally identifiable information for the purpose of enhancing sihiational awareness,
investigating an in.di vi.dual in a criminal, civil, or administrative conte.xt, making a benefit determination
that has the potential to affect the rights, privileges, or benefits of an individual. Operational use does not
include the use o.f search engines .for general Internet research, nor does it include the use o.f social media
.for professional development such as training and continuing education or for facilitating internal
meetings. The following uses o.f social media are exempt from the Management Directive and are not
subject to this requirement1:
(covered by the e.xisting PIAs: DHS/ALL/PIA-031 - Use of Social Networking Interactions
Use of Unidirectional Social Med ia Applications);
b) The conduct of authorized intelligence activities carried out by the Office of Intelligence
and Analysis, the .intelligence and counterintelligence elements oi the United States
Coast Guard, or any other Component performing authorized foreign intelligence or
counterintelligence functions, in accordance w ith the provisions of Executive Order
12333, as amended.
This template shall be used to document the process to be followed by a ll programs engaging in
operational uses of social media~ to identify information technology systems, technologies, .rulemakings,
programs, or pilot projects that involve PU and other activities that otherwise impact the privacy of
Homeland Security if there is disagreement over the DHS Privacy Office determination of privacy
compliance for the operational use of social media.
• Gathering infonnalion by the Office of Operations Coordination and Planning (OI'S) to enhance situational awareness is exempt
from this requirement and is covered by the existing PIA; DHS/OPS!PlA-004(dl · Publicly Avai lable Social Media Monjtming and
Situatio nal Awa reness Initiative Update.
2020-ICLl-00023 722

703-235-k b )(6 ):
!
Page 2 of
11

SUMMARY INFORMATION
Name of Component: U.S. Immigra tion and Customs Enforcement
Contact Information:l(b)(6); (b)(7){C) I Deputy Privacy Officer 1 (202) 732Kb)(6);
Counsel2 Contact Information :~b)(6); (b)(7)(C) !Chie f, Enforcement and Removal Operations
Division, OPLA; Kuyomars ''Q" Golparvar, Chief, Immigration Law and Pr actice Division,
OPLA.
IT System(s) where social media data is store d: TECS Case Management, Fugitive Case
M anagement System, Enforcement Integrated Database, and Alien Criminal Response
lnformation Management System
DHS/ICE/PIA-009 - Fugitive Case Management System (FCMS)
DHS/ICE/PIA-015 - Enforcement Integrated D atabase (EID)
DHS/ICE/PIA-020 - Alien Criminal Response Information Management System

(ACRl Me)
DHS/ICE-009 - External Investigations
DHS/ICE-007 - Alien Criminal Response Information Management (AOUMe) SORN
DHS/ICE-011 - Immigration and Enforcement Operational Records System (ENFORC E)

SORN
1Counsel listed here mu.st certify that a ppropriate authority exists to engage in pa rticular operational activities involving social
media.
2020-ICLl-00023 723
Homeland The Privncy Ofti cc
U.S. D"f'11r1menl of Homeh1rul se-,uritY
Security W~shingron. DC 2(152~

703-23.5 J/ h \(fi\·
!

Page4 of
11
SPECfFlC QUESTIONS
investigations, benefit or employment determinations, or situational awareness. If use does
As the definition of social media in the OHS lnstruction 110-01-001 Privacy Policy for the
Opera.tioHal Use of Soda/ Media (Privacy Policy) is drafted broadly so as to }jkely include
general use of the lnternet and as social media technology i.s ever changing and evolving, this
template addresses ICE's use of the Internet, to include social media as defined in the Privacy
Policy.
ICE uses the Internet, including social media as defined in the Privacy Policy, for criminal
and administrative immigration law enforcement purposes. (111is template does not address
the conduct of undercover operations in the context of criminal immigration law en forcement
investigations. Those activities aie covered by a separately submitted template that covers
undercover mvestigations only.) This immigration law enforcement use of the Internet
including social media, falls into the following three categories: (1) using the Internet,
including social media, to assist in locating, arresting, and adjudicating individuals who may
be amenable to removal under the Immigration and Nationality Act or are otherwise
suspected of violations of U.S. immigration law and assisting other law enforcement agencies
wlth investigations and adjudications related to individuals, (2) pre-operational, operational,
and situational awareness uses related to officer safety or threats to the public at-large, and
(3) to obtain information to assist in detennining whether to exercise prosecutorial discretion.
Categocy One: Basic Criminal and Administrative Enforcement of the Immigration and
Nationality Act
With regard to the use of the Internet, including social media, to locate and arrest
individuals, ICE officers, agents, attorneys, and support personnel routinely use a variety of
government and commercial databases to identify, locate, and arrest individuals who may be
amenable to rem.oval and meet ICE's current enforcement priorities. However, additional
in.fonnation not available in these databases is available on the Internet, including social
media. The use of the fntem et, i11cluding social media, will allow ICE to gather information
that assists in identifying, locating, and arresting indivjduals wanted for crimes and/or who
may be amenable to removal, and assisting other law enforcement agen cies with
investigations related to individuals where necessary and appropriate. 1t will also allow ICE
attorneys who represent the agency i n civil immigration proceedings before the Executive
Office for Immigration Review to conduct general and specific case research and preparation.
2020-ICLl-00023 725
Homeland The Piivncy Ofti cc
U.S. D"f'11r1menl of Humelund Se-•urhy
Security W~shingron, DC 20528

703-235-Vbl/6):
www.dh,.goV/pl'ivacy

Page 5 of
11
Category Two: Officer and Public Safety

ICE also uses the Internet, includjng social media, for pre"operational/operational/situational
awareness uses relating to officer safety or threats to the public at-large. Prior to conducting
tactical enforcement operations or otherwise initiating contact with a subject, ICE agents,
officers, or support personnel may collect information about the subject of the tactical
enforcement operation. This includes gathering information publicly available on the
Internet, including social media, such as firearms/weapons possession and
relatives/associates who may reside with him. This information assists agents and officers
with tactical planning activities such as: number o f agents and officers required for the
operation, any specialized equipment that may be necessary for the operation, and
intelligence on when and where the operation should be conducted for agent and officer
safety and tactical efficiency.
Category Three: Prosecutorial Discretion
Finally, lCE also uses the internet, including social media, to gather information related to the
possible exercise of prosecutorial discretion. Pursuant to Director Morton's Jtme 17, 2011
memorandum relating to the exercising of prosecutorial discretion, ICE law enforcement
personnel are expected to consider a number of factors when deciding whether to exercise
prosecutorial discretion in various situations. Some of these factors include: whether the
subject is a danger to the community or to national security, whether the subject is the
primary caregiver to a minor, or a person with a physical o.r mental disability, a subject's
educati.onaJ and military background, a subject's ties and contributions to the community,
whether the subject (or the subject's spouse) is pregnant or nursing, whether the subject or
subject's spouse suffers from severe mental or physical illness. These factors can be difficult
to ascei-tain using routine government and commercial databases and the use of the Internet
including social media serves as another tool to attempt to identify these unique factors.
Similarly, some of these same factors may also apply when setting conditions of release from
ICE custody. The Intem et, including social media, provides a source of information that can
be used to help detennine when it is appropriate to release an individual from ICE custody.
authorities.
• Homeland Security Act of 2002, as amended, Pub. L. No. 107-296, 116 Stat. 2135 (2002)
• Immigration and Nationality Act of 1952, as amended, U.S. Code Title 8
• OHS Delegation No. 7030,2, Delegation of Authority to the Assistant Secretary of U.S
Immigrntion and Customs Enforcement
• ICE Delegation No, 0001, Delegation of Authority to the Directors, Detention and Removal
and Investigations, and to Field Office Directors, Special Agents in Charge and Certain Other
Officers of the Bureau of Immigration and Customs Enforcement
• 8 C.F.R § 2.1, Authority of the Secretary of Homeland Security
2020-lCLl-00023 726
U.S. O"'f'11r1ment of Humelund Se-Wt\JI
Security 703 2
W~Bhingron. DC 20528
• ~~~~ }J,~}iuv,p,tvnty I
Page 6 of
11
determined that they perm.it the Program to use social media for the listed operational
use?
C8'.] Yes. 0No.

D In development. C8'.] Operational. Date first launched: Unknown.
The Internet has been in use at ICE's legacy agencies since it was publicly available. However,
the use of certain specific social media websites such as Facebook, YouTube, Twitter, MySpace,
and Hi5 have not yet been implemented but will be after adjudication of this Template by the
DHS Privacy Office.
2012.
a) Equipment. Use only government-issued equipment when engaging in the operational
0Yes. C8'.] No. If not, please explain:
11,e nature of immigration law enforcement investigations may require investigators
to use non-government-issued equipment when engaging in investigations.
Investigators at times find themselves in rapidly evolving situations in the :field that
call for the use of adaptive measures. 1n situations where government-issued
equipment is either not available, or is technologically insufficient to perform the
required task at hand, investigators may need to rely on non-government-issued
equipment. However, ICE is currently working to provide government-issued
equipment to all personnel so as to not require the use of non-government-issued
b) Email and accounts. Use onljne screen names or identities that indicate an official DHS
2020-ICLl-00023 727
U.S. D"'f'11r1menl of Humelund se-,urity
Security WaBhingron. DC 20528

103.235 (b )(6 );
www.· is.gov: pnvac-y

Page 7 of
11
Because the activities described in Question 1 are for immigration law enforcement
purposes, the employees w ho engage in these activities will not identify themselves as
lCE or OHS personnel, or law enforcement personnel. This is necessary to ensure the
safety of law en forcement personnel, to avoid compromising law en forcement
operations, to prevent tipping off individuals who are sought by law enforcement for
violations of law, and to prevent disclosing litigation strategy and tactics.
c) Public interaction. Access publicly available in.formation through social media only by
infonnation;

d) Privacy settings. Respect individuals' ptivacy settings and access only information that is
publicly available;
IZI Yes. D No. If not, p lease explain:

Law enforcement personnel may not access restricted onljne sources or facilities absent
legal authority permitting entry into private space.
e) PII collection: Collect the minimum PIT necessary for the proper performance of their
OYes. IZ] No. li not, please explain:
The applicable S0RNs cited above are all exempted by Final Rules from t he Privacy Act
(e)(l) requirement (5 U.S.C. § 552a(e)(l)), which normally Limits agencies to collecting
purpose of the agency required by statute oi: Executive Order. The exemption from the
(e)(1) requirement is necessary to ensure the integrity oflaw enforcement investigations,
f) PII safeguards. Protect PIT as required by the Privacy Act (if app.licable) and DHS privacy
policy;
IZ] Yes. D No. li not, p lease explain:

OYes. cg] No. If not, p lease explain:
2020-ICLl-00023 728
U.S. O"'f'11r1ment of Homelund Securi1y
Security Wa,qhing1on, DC 20528

703-235!fh \<B\ ·
www.dhs.gov/privacy

Page 8 of
11
ICE' s rules of behavior stated that law enforcement personnel should retain the
infonnation they access on the h1ternet, including social media, if they would have
communications.
h) Training. Users complete annual privacy training which has been approved by
Component Privacy Officer (or Privacy Point of Contact) based upon training materials
fZl Yes. D No. If not, p lease explain:
All ICE users will complete the necessary training when it is available.
Mechanisms are (or will be) in place to verify that user s have completed training.
D Yes, employees self-certify that they have read and understood their Componeot
Rules of Behavior.
[Zl Yes, Component Privacy Officers or PPOCs maintain a record of employee

attendance at privacy t raining th.at includes training on the RtLles of Behavior.
D No. If not, please explain:
2020-ICLl-00023 729
U.S. O"'f'11r1ment of Homelund Securi1y
Security Wa,qhingron, DC 20528

703-2351f h \(R\·

Page 9 of
11
DHS SOCIAL MEDIA DOCUMENTATION

(To be Completed by the DHS Privacy Office)
DATE reviewed by th e DHS Privacy Office: November 6, 2012
NAME of the OHS Privacy Office Reviewer:tb)(6); (b)(7)(C)
DHS Privacy Office Determination

[8JProgram h as m et requirem ents to u se social med ia for the stated authorized
operational purposes, and must continue compliance with the requirements above,
D Program has not yet met requirements to utilize social media for operational
purposes.
D iraining required.
DA P IA is required.
[8J Covered by existing PlA.
DHS/ICE/PIA-015 - Enforcement Integrated Database (EID)
DHS/ICE/PIA-020 - AJien Criminal Response Information Management

System (ACRI.Me)
D New.
here.>
D A SORN is required:
[8J Covered by existing SORN:
DHS/ICE-009 - · External Investigations
2020-ICLl-00023 730
U.S. Depurtment of Ht>melund Security
Security Wa.shington. DC 2{1528

103.2351r.., \ (~ , .
www.dhs.gov/pl"ivacy
I

Page JO of
11
DHS/ICE-007 - Alien Criminal Response Information Management

(ACRIMe) SORN
D HS/ICE-011 - lmmi.gratio1i and Enforcement Operational Records

System (ENFORCE) SORN
DHS/USCIS-ICE-CBP-001 - Alien File, Index, and National File Tracking

System SORN
D New.
D Updated. <Please include the name and nwnber of SORN to be updated
here.>

b)(5)
2020-ICLl-00023 731
U.S. O"'f'11r1ment of Humelund Securi1y
Security Wa,qhing1on, DC 20528

103.235 (b )(6 ):
www. is.gov pnvac-y

Page 1 of
11

This template is used to assess the D epartment's Ope rational Use of Social Media,
consistent with Management Directive 110-01.
subject to this requirement':
12333, as amended.
operational uses of social media~ to identify information technology systems, technologies, rulemakings,
• Gathering infonnalion by the Office of Operations Coordination and Planning (OPS) to enhance situational awareness is exempt
from this requirement and is covered by the existing PIA; DHS/OPS/PIA-004(dl · Publicly Avai lable Social Media Monjtming and
2020-ICLl-00023 733
Security Wa.shing1on, DC 20528

703-235~(b )(6 \:
www.dhs.gov/plivacy
!
Page 2 of
11

SUMMARY INFORMATION
Date submitted for review:
Name of Component: U.S. Immigration and Customs Enforcement
Contact Information: l(b)(6); (b)(7)(C) IDeputy Privacy Officer, (202) 732 b)(6);
f l,..\l~ \ f f "
Counsel 2 Contact Information:l(b)(6); (b)(7)(C) I

Chief, Homeland Security Investigations
Division, (202) 732 b)(6); (b)(7)(C) Chief, Enforcement and Removal Operations
D ivision, (202) 73 b)(6); _ ,
IT System(s) where social media data is s tored: TECS, ICE Child Exploitation Tracking
System (CETS), General Counsel Electronic Management System (GEMS), Personnel Security
Activities Management System (PSAMS)/lntegrated Security Management System (ISMS), Joint
Integrity Case Manage ment Sys tem (JICMS), Enforcement Integrated Database (E ID), and
FALCON Search & Analys is Sy stem (FALCON-SA).
DHS/ICE/PIA-017 - Immigration and Customs Enforcement Child Exploitation

Tracking System (ICE-CETS)
DHS/fCE/Pl A-032 - FA LCON Search & Analysis System (FALCON-SA)
DHS/ICE/PTA-002(a) - Gen e ral Counsel Electronic Management System (GEMS)
DHS/ALL/ PIA-0Ol(a) - Personnel Security Activ ities Management System

1Counsel listed here mu.st certify that a ppropriate authority exists to engage in particular op erational activities involving social
media.
2020-ICLl-00023 734
Homeland The Piivacy Office
U.S. O"J'urtment of Ht>melund Security
Security W~.~hington. DC 20528

103.23j(b )(6);
www.dhs.gov/ptivacy

Page3 of
11
DHS/ICE-006 - · lCE Intelligence Records System (HRS)
OHS/ICE 008 - Search, Arres t, and Seizure Record s
DHS/ALL-023 - OHS Pe rsonnel Security Management Records (PSAMS)
DHS/ICE-003 - General Counsel Elec tronic Management System (GEMS)
DHS/TCE-011 - Immi g ration Enforcement Operational Records System (ENFORCE)
DHS/ALL-020 - OHS In terna l Affairs Records
2020-ICLl-00023 735
U.S. D"f'11r1menl of H~meh1ruJ se-,un(Y
Security W~.,hing1on, DC 20528

703-235!rh \ / R \·
www.dh-s.gov/pl'ivacy
!

Page4 of
11
SPECfFlC QUESTIONS
As the definition of social m edia in the OHS lnstruction 110-01-001 Privacy Policy for the
Operational Use of Social Media (Privacy Policy) is drafted broadly so as to Jjkely include
general use of the lnternet and as sodaI media technology is ever changing and evolving, this
Privacy Policy,
lCE uses the internet, including social media as defined in the Privacy Policy, for criminal
law en forcement purposes. (TI1is submission does not address the conduct of undercover
operations in the context of criminal law enforcement investigations. Those activities are
covered by a separately submitted document that covers undercover .investigations only.)
This criminal law enforcement use of the Internet, including social media, falls into the
following three categories: (1) using the Internet, including social media, to assist in locating,
arresting, and adjudicating fugitives and assisting other law enfm-cement agencies with
investigations and adjudications related to the fugitive, (2) using the Internet, including social
media, to assist i11 investigating, gathering evidence, and gathering criminal intelligence on
criminal and potential criminal activity, and (3) pre-operational, operational, and situation al
awareness u ses related to officer safety or threa ts to the public at-large.
Category One: Locating, Arresting, and Adjudicating Fugitives
With regard to the use of the Internet, including social media, to locate and arrest fugitives
and criminals, ICE officers, agents, attorneys, and support personnel routinely use a variety
of government and commercial databases to identify, locate, and arrest fugitives. These
individuals could include members of the public or employees or contractors of ICE and CBP
suspected of committing crimes or other forms of misconduct. However, additional
infonnation not avaiJable in these databases is available on the Internet, including social
media. The use of the Internet, including social media, w ill allow ICE to gather information
that assists in .id entifyin g, locating, and arresting fugitives wanted for c1im es and assisting
other law enforcem ent agencies with identifying, locating, and arresting fogitives.
Category Two: Criminal Investigations and Law Enforcement InteJligence
ICE also uses the Internet, including social media, to assist in investigating, gathering
evidence, and gathering law enforcement .intelligence on criminal and potential criminal
2020-ICLl-00023 736
U.S. D"f'11r1ment of Homeh1ruJ se-,urilJI
Security Wash,ngron. DC 20528

103.23s.1(h\f n \· 1
www.dh; .gov/pl'ivncy

Page 5 of
11
activity. This use of the Internet, including social media, involves activities to gather
information such as internet searches, reviewing social media sites, monjtoring chat rooms,
and reviewing comments posted on websites. This information is gathered and used by ICE
officers, agents, attorneys, and support personnel in the same manner as information
gathered from non-lnternet and non-social m edia sources such as information gathered in
person, on the phone, or through research of hard copy documents. Information gathered in
this fashion may be used in criminal investigations of members of the public or employees or
contractors of ICE and CBP.
Category Three: Officer and Public Safety
ICE a lso uses the Internet, including social media, for pre-operational/operational/situational
tactical enforcement operations or otherwise injtiating contact with a subject, ICE agents,
officers, and support personnel may collect in fonnation about the subject of the tactical
enfoTcement operation. This information gathering includes information available on tbe
Internet, including social m edia, such as firearms/weapons possession and
relatives/associates who may reside with them. This infonnation assists officers with tactical
planning activities such as: number of officers required for the operation, any specialized
equipment that may be necessary for the operation, and intelligence on when and where the
operation should be conducted for officer safety and tactical efficiency.
2. Based on the operational use of social media Jisted above, please provide the appropriate
authorities.
• Homeland Security Act of 2002, as amended, Pub. L No. 107-296, 116 Stat. 2135 (2002)
• 19 U.S.C. § 1589a, Enforcement authority of customs officers
• 8 U.S.C § 1357, Powers of immigTation officers and employees
use?
cg] Yes. ONo.
3. Is this use of social media in development or operationaJ?

D ln development. ~ Operational. Date first launched: Unknown.
The Internet has been in use al ICE's legacy agencies since it was publicly available.
2020-ICLl-00023 737
U.S. D<p11r1ment of Homelund Se-•urhy
Security Wa.qhingron. DC 20528

703-235-f b )(6 }:
www.dh~.gov/ptivacy
!
Page 6 of
11
See Memorandum from Jolm Morton, Use of Public and Non-Public Online Information, June 28,
2012.
OYes. ~ No. U not, please explain:
The nature. of criminal investigations may require investigators to use n on-
govemment-issued equipment when engaging in criminal investigations.
Investigators at times find themselves in rapidly evolving situations in the field that
call for the use of adaptive meas1.Lres. In situations where governm.e nt-issued
required task at hand, investigators may need to rely on n on-government-issued
equipment so as to not require the use of non-government-issued equipment in these
circumstances.
b) Email and accounts. Use online screen names or identities that indicate an official DHS
affiliation and use DHS email addresses to open ac:counts used when engaging in social
OYes. ~ No. Cf not, please explain:
Because the activities described in Question 1 are for criminal law enforcement purposes,
the employees who engage. in these activities will not identify themselves as ICE or DHS
personnel, or law enforcement personnel. This is necessary to ensure the safety of law
enforcement personnel, to avoid compromising law enforcement operations, to prevent
tipping off indiv.iduals who are sought by law enforcement for violations of law, and to
prevent disclosing litigation strategy and tactics.
c} Public interaction. Access publicly available information through social media only by
information;
~Yes. D No. Cf not, p lease explain:
d) Privacy settings. Respect individuals' privacy settings and access only information that is
publicly availablei
OYes. ~ No. If not, p lease explain:
2020-ICLl-00023 738
U.S. D"f'11r1ment of HQroehtrul Se-Wt\JI
Security W~.shing1on, DC 2(1528

703-235l{bl(6 ):
www.dh~.gov/ptivncy
!

Page 7 of
11
Law enforcement personnel may not access restricted onl.i.ne sources or facilities absent
legal authority permitting entry i:nto private space. Where legal authority exists, law
enforcement perso1mel may access reshicted online information.
e) PJI collectio11: Collect the minimum PH necessary for the proper p erformance of their
aspects of th e Privacy Act;
0Yes. [gj No. U not, please explain:
The applicable SORNs cited above are all exempted by Final Ru.I.es from the Privacy Act
(e)(1) requirement (5 U.S.C § 552a(e)(l)), which normally limits agencies to collecting
(e)(l ) requirement is necessary to ensw-e the integrity of law enforcement investigations,
as more folly detailed in the Final Rules.
f) PJI safeguards. Protect PIT as requ ired by the Privacy Act (if applicable) and DHS privacy
policy;
[gl Yes. D No. U not, please explain:

g) Documentation. Document operationaJ use o.f social media, including date, site(s)
accessed, infmmation collected and how it was used.
0Yes. 12s] No. li not, please explain:
lCE's rules of behavior state that law enforcement personnel should retain the
infonnation they access on the. h1temet, including social media, if they woul d have
communications.
h) Training. Users complete annual privacy training whkh has been approved by
provided by the DHS Privacy Office. Training must include, at minimum: legal
12s] Yes. D N o. 1f not, p lease explain:

D Yes, employees self-certify that they have read and understood their Component
Rules of Behavior.
2020-ICLl-00023 739
Homeland The Privacy O ftice
U.S. Department of Homehmd Security

703-235 !rh \{~ \ ·
www.dhs.gov/privacy
!

Page 8 of
11

attendance at privacy training that includes training on the Rules of Behavior.
D No. U not, p lease explain:
2020-ICLl-00023 740
Homeland The P,i vncy O fticc
U.S. D<p11r1ment of H\>melund Securi1y
Security Wa.~hingron, DC 20528

703-235fh )(R \·
www.dh,.gov/pl'ivacy

Page 9 of
11

(To be Complete d by the DHS Privacy Office)
DATE revi e we d by th e DHS Privacy O ffice: 11/6/2012
NAME of the OHS Privacy O ffi ce Reviewerj(b)(6); (b)(7)(C)
DHS Privacy Office D e te rmination

[8JProgram has m et requirements to use social media for the stated authorized
D Program has not yet met requ irements to u tilize social media for operational
purposes.
[8J A P IA is required.
[8J Covered by existing P IA
DHS/ICE/PIA-017 - Immigration and Customs Enforcement Child
Exploitation Tracking System (ICE-CETS)
DHS/ICE/PIA-032 - FALCON Search & Analysis System (FALCON-SA)
DHS/lCE/PlA-002(a) - General Com1sel Electronic Ma.n agement System

(GEMS)
DHS/TCE/PIA-020 - Enforcem en t Integrated Database (EID)
O HS/ ALL/PJA-0Ol(a) - Personnel Security Activities Management

D New.
D Updated. <Please include the name and number of PlA to be updated
here.>
2020-IC Ll-00023 7 41
U.S. D<p11rtment of H1>melund Security

103.2351, 1-. , t~ ,.
www.dhs.gov/privacy
I

Page JO of
11
~ A SORN is requfred:
[8J Covered by existing SORN.
DHS/ICE-006 - IC E lntelligence Records Sys tem (HRS)
OHS/ICE 008 - Search, Arrest, and Seizure Record s
DHS/ALL-023 - DHS Personnel Security Management Records (PSAMS)
DHS/lCE-003 - Gen eral Counsel Electronic Management System (GEMS)
DHS/ICE-0ll - Immigration Enforcement Operation al Records System

(ENFORCE)
OHS/ ALL"020 - DHS Internal Affairs Records

D New.
here.>

b)(5)
2020-ICLl-00023 742
U.S. O"'f'11r1ment of Humelund Securi1y
Security Wa.~hing1nn, DC 20528

10J-mj(b )(6 ):
I
Page I of 8

This template is used to assess the D epartmen t's Ope ration al Use of Social Media,
12333, as amended.
This template shall be u sed to document the process to be followed by all programs engaging in
ope.rational uses of social media~ to identify information technology systems, technologies, .rule.makings,
individuals as determined by the C hief Privacy Officer; and to assess whether there is a need for
additional Privacy Compliance Documentation. Components may app eal to the Deputy Secretary for
from this requirement and is covered by the existing PIA; DHS/O PS/PIA-004/d \ · Publicly Avai lable Social Media Monjtming an d
2020-ICLl-00023 744
U.S. O"'f'lirtment of Humelund Security

703-235!rh 1/ fil ·
www.dhs.gov/privacy
!

Page 2 of 8

SUMMARY INFORMATION
Date s ubmitted for review: October 12, 2012

Name of Component: U .S. Immig ra tio n and Customs Enforcement
Contact Information: kb)(6); (b)(?)(C) IDeputy Privacy Officer, (202) 732-f b)(6ll
Counsel2 Contact Information: l(b}(6); (b)(?)(C) ~ Chief of Staff, (202) 732 j\~)(~);_I
IT System(s) where soda) media data is stored: Non e
Applicable Privacy Impact Assessment(s) (PIA): None
OHS/ ALL-017 - Department of Homeland Securi ty General Lega l Record s
OHS/ALL-004 - General Information Technology Access Account Records System

(GITAARS)
OHS/ALL-025 - Department of Home land Security Law Enforcement Authority in

Su pport of the Protection of Property Owned, Occupied, or Secured by the Department
of H omeland Security
1Counsel listed here mu.st certify that appropriate authority exists to engage in particular operational activities involving social
media.
2020-ICLl-00023 745
U.S. D<p11r1menl of Humelund se-,urilJI
Security W~sh ingron, DC 2()52R

103.235.k h \ln)·
www.dh~.gov/pti.vacy

Page 3 of 8
SPECfFlC QUESTIONS
media sources. Examples include: law enforcement intelligence, criminal inv estigations,
investigations, benefit or empfoyment determinations1 oc s ituational awareness. If use does
As the definition of social media in the OHS Instruction 110-01-001 Prhiacy Policy for the
Operational Use of Social M.edia (Privacy l:'olicy) is drafted broadly so as to likely include
gen eral use of the Internet and as social m edia technology is ever changing and evolving, this
template addresses lCE's use of the Internet, to include social media as defined in the Privacy
Policy.
TCE uses the Tntemet, including social media, for general research purposes. Use of the
Tntemet, including social media, for general research purposes includes: (1) using the
Internet, including social media, for legal purposes such as researching individuals or
organizations who may be .involved in lawsuits or other legal actions with ICE, judges
adjudicating cases involving ICE, opposing counsel for cases involving ICE, and legal blogs
and other online forums where legal issues of interest to ICE may be discussed; (2) using the
Internet, including social media, to assist in gathering information on individuals who may
meet w ith lCE officials to prepare lCE officials for those meetings; (3) using the Internet,
induding social media, to assist in gathering information on individuals who are suspected
of attempting to hack into ICE systems, and (4) other general Internet, including social media,
research.
Category One: Legal Uses
Most of ICE attorneys and support personnel's use of th e [ntemet, including social media, is
addressed in the four ICE Social Media Templates addressing: (1) Criminal and
Adm.inistrative Immigration Law Enforcement, (2) Criminal Law Enforcement, (3)
Undercover Criminal Law Enforcement, and (4) Administrative Law Enforcement. With
regard to the use of the Internet, including social media, for other legal purposes, ICE
attorneys and support personn el may view certain legal biogs such as SCOTUSblog3 to keep
informed on legal issues relevant to ICE. During the review of these sites, personally
identifiable information, genetalJy limited to an it:1dividual's name, may be viewed and jn
some cases recorded if relevant to a discussion or legal issue (wheth er author of a blog entry
or individual mentioned in the blog), Further, while excluded from the definition of
Operational Use, ICE attorneys and support personnel may also conduct general Internet
research to find information on parties participating in litigation with ICE and jud ges
3
SCOTUSblog is a ,legal blog focusing on discussions of recent developments in U.S. Supreme Court jurisprudence.
2020-ICLl-00023 746
U.S. D<p11r1menl of H11melund se-,urity
Security W~.,hingron, DC 2052~

703-235ifh\/R \·
!

Page 4 of 8
adjudicating cases involving ICE. For example, labor and employment attomeys may search
the b1ternet to find relevant information on employees against whom allegations of
misconduct have been made ot who are otherwise involved in litigation against fCE.
Category Two: Meeting Preparations
ICE also uses the Internet, including social media, to research individuals with whom ICE
employees may be meeting. For example, if the ICE Directo.r is meeting with the head of the
Virginia State Police, ICE employees may search on the Internet to gather biographical
information, news reports, or other publicly available ,i nformation on the head of the Virginia
State Police so as to provide briefing materials to the Director. During these searches
information may be pulled from public biogs and other publicly available online discussions.
Category Three: Security Operations Center
TCE also uses the Internet, including social media, to research individuals who are suspected
of attempting to compromise ICE system integrity. Tn these instances the TCE Security
Operations Center (SOC) performs searches in the process of performing cyber-incident
investigations. During the course of incident response, SOC personnel sometimes will
attempt to identify who may be attempting to hack ICE systems. To gain as much
information as possible about the potential hacker, SOC personnel will investigate using
major search engines and social media websites.
Category Four: General Research
Finally, ICE also uses the Internet, including social media, for geneTal researd1 purposes
including researching individuals providing training to ICE so as to gather information on
their background. This general Internet research is excluded from the definition of
Operational Use but included here for transparency.
2. Based on the operational use of social media listed above, please provide the approp-riate
authorities.
• Homeland Security Act of 2002, as amended, Pub. l. No. 107-296, 116 Stat. 2135
• Federal Information Security Management Act of 2002 (FISMA) (codified at 44 U.S.C. §
3541 et seq.)
• DJ-IS Delegation No. 7030.2, Delegation of Authority to the Assistant Secretary of U.S
• DHS Management Directive 140-01 Information Technology System Security
• DHS Sensitive Systems Policy Directive 4300A.
2020-ICLl-00023 747
U.S. D"'f'11r1ment of Homelund se-..,uritY
Security Wa.i hingron. DC wsn

703·235trh \/ R\·
www.dh, .gov/plivacy

Page 5 of 8
use?
[gjYes. 0No.

D In development. [ZI Operational. Date first launched: Unknown.
The Internet has been in use at legacy agency since it was publicly available.
4. Please attach a copy of the Rules of Behavior that out1ine the requireJnents below.
See Memorandum from John Morton, Use of Public Online Information for Non-Law
Enforcement Work-Related Activities.
5. Please describe the Rules of Beha~or in effect for the listed operational use of social media. If
[gj Yes. D No. If not, please explain:
b) Email and accounts. Use onJine screen names or identities that indicate an official DHS

c) P!!blic interaction. Access publicly available information through social media only by
information;

d) Privacy settings. Respect individuals' p rivacy settings and access only information thatis
publicly available;
D No. U not, please explain:

2020-ICLl-00023 748
U.S. O"'f'11r1ment of Homelund Secun1y
Security Wdshing1nn. DC 20528

703-23J( b )(6 ) : (b )(?)(C )
www.dhs.gov/privacy
I
Page6 of 8
[Z] Yes. D No. If not, please explain:
f) Pll safeguards. Protect PU as required by the Privacy Act (if applicable) and OHS privacy
policy;
[Z] Yes. D No. If not, p lease explain:
g) Dornnze11tntio11. Document operational use of social media, including date, site(s)

accessed, information collected and how .it was used.
0Yes. [Z] No. 1f not, please explain:
ICE employees should retain the contents of their use of the Internet, including social
media, if they would have retained that content had it been written on paper. These
contents should be preserved in accordance with office procedures in a manner
authorized by the relevant records schedule.
Component Privacy Officer (or Privacy Point of Con tact) based upon training materials
authorities, acceptable operational uses of social media, access requiremen ts, and
[gjYes. D No. If not, p lease explain:

D Yes, employees self-certify that they h ave read and understood their Component
Rules of Behavior.
[gj Yes, Component Privacy Officers or PPOCs maintain a record of employee

attendance af privacy training that includes b·aini.ng on the Rules of Behavior.
D No. Lf not, p lease explain:
2020-ICLl-00023 749
U.S. D"'f'11r1ment of Hurnelund Securi1y
Security Washi
103.23
10
(b )(6);
.
www.dhs.gov/plivacy
2052

Page 7 of 8

DATE reviewed by the OHS Privacy Office: November 1, 2012

NAME of the OHS Privacy Office Reviewer: l(b)(6); (b)(7)(C)
OHS Privacy Office Determination

[2J Program has met requirements to use social media for the stated authorized
operational purposes, and must continue compliance with the requirements above.
D Program has not yet met requirements to utili ze social medi.a for operational
purposes.
D Program authorities do not authorize operational use of social m edia.
0 A PIA is required.
D Covered by existing PIA.
0 New.
D Updated. <Please i n.elude the name and number of PIA to be updated
here.>
rgj A SORN is required:
DHS/ALL-017 - Department of Homeland Security General Legal Records
DHS/ALL-004 - General Information Technology Access Accoun t Records System

(GITAARS)
OHS/ ALL-025 - Departme nt of Homeland Securi ty Law Enforcement Authority in

Support of the Protection of Property Owned, O ccupied, or Secured by the Department
of Homeland Security
0New.
here.>
2020-ICLl-00023 750
U.S. D"'f'11r1ment of Homelund Security
Security Wa.~hington, DC 2Vi28

703-23l(b )(6);
www.dhs.goV/pl"ivacy
I
Page 1 of
]()

This template is used to assess the D epartmen t's Operational Use o f Social Media,
consistent w ith Management Directive 110-01.
investigating an in.di vi.dual in a criminal, civil, or administrative context, making a benefit determination
(covered by the existing PIAs: DHS/ALL/PIA-031 - Use of Social Networking Interactions
counterintelligence functions, in accordance with the provisions of Executive Order
12333, as amended.
from this requirement and is covered by the existing PIA; DHS/OPS/PIA-004(dl - Publicly Avai lable Social Media Monjtming and
2020-ICLl-00023 752
U.S. D"'f'11r1ment of Humelund Security
Security W~shington. DC 20528

703·2* b)(6):
www.dhs.gov/plivacy
I
Page 2 of
10

SUMMARY INFORMATION
Contact Informationj(b)(6); (b)(7)(C) !Deputy Privacy Officer, (202) 73*b)(6);
Counsel 2 Contact Information:Kb)(6); (b)(7)(C). !Chief, Home land Security In vestigations

Division, (202) 73* b)(6!; _, I
IT System(s) where social media data is stored: TECS, ICE Child Exploitation Tracking
System (CETS), General Com,sel Electronic Management System (GEMS), Personnel Security
Integrity Case Management System (JlCMS), Enforcement Integrated Database (EID), and
FALCON Search & Analys is System (FALCON-SA).
Applicable Privacy Impact Assessment(s) (PIA) :

DHS/ICE/PlA-032 - FALCON Search & Analysis System (FALCON-SA)
DHS/ICE/PfA-002(a) - General Counsel Electronic Management System (GEMS)
DHS/ ICE/PfA-020 - Enforcement Integrated Database (EID)
DHS/ALL/PIA-0Ol(a) - Personnel Security Activities Management System

Applicable System of Reco.rds Notice (s) (SORN):
DHS/lCE-009 - External Investigations
1Counsel listed here rnwt certify that appropriate authority exists to engage in particular operational activities involving social
media.
2020-ICLl-00023 753
Homeland The Piivncy Office
U.S . Dep:utment l>f Ht>melund Security
Security Wa.shington. DC 20528

103.23J( b )(6):
www.dhs.gov/privacy

Page3 of
10
DHS/lCE-006 - lCE intelligence Records System (HRS)
DHS/ICE-008 - Search, Arrest, and Seizure Records
DHS/ICE-011 - Immigration Enforcement Operational Records System (ENFORCE)
DHS/ALL-020 - DHS lnternal Affairs Records
2020-ICLl-00023 754
U.S. D<p11r1menl of H11melund Securil)I
Security 703 2
•
Wa,, h ington, DC 20528
l~Jb~tgM,p1tvnty I
Page4 of
10
SPECfFlC QUESTIONS
As the definition of social media in the OHS Instruction 1)0-01-001 Privacy Policy for the
Opera.tio1ial Use of Social Media (Privacy Policy) is drafted broadly so as to }jkely include
general use of the ln ternet and as social media technology i.s ever changing and evolving, this
Policy.
With the enachnent of the Homeland Security Act of 2002, Congress authorized ICE to
conduct certified undercover investigative operations to obtain evidence or information
concerning violations of laws enforced by ICE and stemming from the authorities of its
Legacy agencies, the U.S. Customs Service (USCS) and the Immigration and Naturalization
Service (INS). Within ICE, investigations are only conducted by the Homeland Security
Investigations (HSI) component and the Office of Professional Responsibility (OPR). The
authority to certify undercover operations has been delegated to the Executive Associate
Director of HSI and the Assistant Director for OPR. HSI and OPR may also engage .in limited
use of social media, when authorized, if an investigation does not otherwise warrant being
placed under a certified m,dercover operation. These activities are detailed i:n the templates
addressing Criminal Law Enforcement and Administrative Law Enforcement.
Undercover activities and operations are undertaken for numerons potential objectives that
include: (1) determining if a v iolation of law has occurred or is in progress; (2) identifying
specific violations of law; (3) identifying cTiminal violators, conspirators, and their
methodologies; (4) disrupting and/or dismantling criminal organizations; (5) locating the
violation sites and equipment tJSed; (6) locating assets for seizure and forfeiture; (7) obtaining
evidence for prosecution; (8) determining the safest and most advantageous time to make
ar.rests, execute search warrants, and make seizures; (9) identifying witnesses and
cooperating individuals; (10) identifying associations between conspirators; (11) checking the
reliability of sources of infonnation and cooperating defendants; and (12) gathering
intelligence that allows ICE management to evaluate threats, reallocate resources, and
organize enforcement activity. ICE may collect personally identifiable information ftom or
about individuals over the Internet, including via social media sites.
The nature of undercover operations often requires an ICE-HSI or OPR criminal investigator
to appear to be engaged in a criminal enterprise and to befriend or become business
2020-ICLl-00023 755
U.S. D"f'11r1menl of Homeh1rul se-,uri\JI
Security W~.i hingron. DC 2(152~

703-23S!(h) /R)·
!

Page 5 of
]()
associates with potential violators. This is crucial to the successful integration of undercover
operatives with those who comm.it illegal acts. As part of a certified undercover investigation
or operation, when authorized, W1dercov er operatives may participate in activities that
would constitute a crime under fed eral, state, or local law. This otherwise illegal activity
includes, for example, the purch ase of stolen or co11traband goods, the purchase of illegal
and/or fraudulent immigration documents, and U1e controlled delivery of drugs or other
contraband that wm not enter the commerce of th e United States. ICE-HSl and 0PR review
and authorize, as appropriate, requests to engage in various otherwise illegal activities in
furtherance of undercover operations. ln the course of carry ing ont these authorized
undercover activities, ICE-HSI or 0PR criminal inv estigators may collect personally
identifiable information using the Internet. Any of these activities may take place in part
over the Internet, to include social media.
As the "rules'' for undercover operations are different than non-undercover law enforcen1ent
work, and may require agents to engage in activities that would otherwise be considered
prohibited or unauthorized, the rules of behavior for undercover criminal investigations are
different than for non-undercover in vestigations.
authorities.
USCS was vested with the authority to conduct certified undercover operations through the Anti-
Drug Abuse Act o.f 1986, which enacted 19 U.S.C. § 2081; INS received similar authority through
the Illegal Immigration Reform and Immigrant Respornibility Act of 1996, specifically 8 U.S.C. §
1363a. With the enactment of the Homeland Security Act of 2002, these statutory authorities
transferred to the newly created Department of Homeland Security (OHS) and were delegated to
the Assistant Secretary of ICE in OHS Delegation Number 7030.2, "Delegation of Authority to the
Assistant Secretary for U.S. lmmigration ai1d Customs Enforcement,'' and further redelegated to
the Directors of 0 1 and 0PR in ICE Delegation Order 04-002 entitled, "Authority to Certify the
Exemption of Undercover Operations From Certain Laws Within U.S. Immigration and Customs
Enforcem ent." TCE-HST and 0PR criminal jnvestigators are granted their enforcem ent authority
in 8 U.S.C. § 1357 and 19 U.S.C. § 1589a.
a) • Has Counsel listed above reviewed these authorities for privacy issues and
use?
[g'.]Yes. ONo.
3. Is this use of social media in development or operational?

D In development. cg:] Operational. Date first launched: Unknown.
The Internet has been in use at lCE's legacy agencies since it was publicly available.
2020-ICLl-00023 756
U.S. D<p11r1menl of Homelund Security
Security W~shingmn. DC 20528

703-23.5!rh \(6 ,.
!

Page 6 of
]()
4. Please attach a copy of the Ru.les of Behavior that outline the requirements below.
2012.
users do NOT follow a particular Ru.le, please detail reasoning for not following that Ru.le:
IZJ Yes. D No. If not, p lease explain:

b) Email and accounts. Use online screen names or identities that indicate an official OHS
affiliation and ttse OHS email addresses to open accounts used when engaging in social
Because the activities d escribed in Question 1 are fo1· undercover investigative purposes,
the employees who engage in these activities have assumed an undercove r identity and
therefore will not identify themselves as ICE or OHS personnel, or law enforcement
personnel in general. This is necessary to ensure the safety of law enforcement
personnel, to avoid compromising undercover law enforcement operations, and to
prevent tipping off individuals who are sought by law enforcement for violations of law.
c) Public interaction. Access publicly available in.formation through sociaJ media only by
information;
0Yes. IZ] No. If not, please expla in:
The nature o f undercover criminal investigations may resultin agents inte racting with
individuals who use sociaJ media sites. This interaction only takes place during
a uthorized undercover investigations.
publicly available;
0Yes. iZ] No. 1i not, please explain:
Law enforcement perso1mel may not access restricted o njjne sources or facilities absent
enforcem ent personnel may access restricted online information.
2020-ICLl-00023 757
U.S. O"'f'11r1ment of Humelund Setur11y
Security Wa,qhing1nn. DC 2(1528

703-235-Vb lf6 ):
www.dhs.gov/pti.vacy
!
Page 7 of
]()
e) PII collecHon: Collect the minimmn PU necessary for the proper performance of their
0Yes. 0 No. If not, please explain:
The applicable SORNs cited above are all exempted by Pinal Ru I.e s from the Privacy Act
(e)(1) requirement (5 U.S.C. § 552a(e)(l)), which normally limits agencies to collecting
(e)(l) requirement is necessary to ensure the integrity of law enforcement investigations,
f) Pll safeguards. Protect PU as required by the Privacy Act (if applicable) and OHS ptivacy
policy;
0Yes. D No. If n ot, please explain:

g) Documentation. Documen t operational u se of social media, including date, site(s)
accessed, jnformation collected and how it was used.
0Yes. 0 No. U not, please explain:
ICE's rules of behavior state that law enforcement personnel should retain information
they access on their use of the Internet, including social media, if they would have
comm uni cations.
h) Training. Users complete annual privacy training w hich has been approved by
Component Privacy Officer (or Privacy Point of Coutact) based upon training materials
provided by the OHS Privacy Office. Training must include, at minimum; legal
cgjYes. D No. If not, please explain:
Rules of Behavior.
0 Yes, Component Privacy Officers or PPOCs maintain a record of empl oyee

attendance at privacy t raining that includes training on the Rules of Behavior.
D No. If n ot, please explaiT1:
2020-ICLl-00023 758
U.S. D"'f'11r1ment of Homelund Securi1y
Security Washingl<)n, DC 20528

103.23 (b)(6 );
www. is.gov pnvac-y

Page 8 of
10

DATE reviewed by th e DHS Privacy Office: 11/6/2012
NAME of the OHS Privacy Office Reviewer:fb)(6); (b)(?)(C)
DHS Privacy Offi ce Determination

[8J Program h as met requiremen ts to use social med ia for the stated auth o rized
operational purposes, and m ust continue compliance wi th the requirements above,
D Program h as not yet met requirements to utilize social media for operational
purposes.
[8J A PIA is required.
[8J Covered by existing PIA.
DHS/IC E/PI A-032 - FALCON Search & Analysis System (FALCON-SA)
DHS/lCE/Pl A-002(a) - General Com1sel Electronic Ma.n agement System

(GEMS)
DHS/TCE/PIA-020 - En forcem ent Integrated Da ta base (EID)
OHS/ ALL/PJA-0Ol (a) - Personnel Security Activities Management

System (PSAMS)/In tegrated Security Man agement System (ISMS)
0New.
D Updated. <Please inc.lude the name and number of PlA to be u pdated
here.>
[8J A SORN is required:
2020-ICLl-00023 759
U.S. Depurtment of Humelund Security
Security W~.1hing1nn. DC 20528

703-23.1(b \(6 \:
www.dhs.gov/plivacy

Page 9 of
10
OHS/ICE-009 - External Investigations
OHS/ICE-008 - Search, Arrest, and Se izure Records
OHS/ ALL-023- OHS Personnel Security Management Records (PSAMS)
OHS/ICE-003 - General Counsel Electronic Management System (GEMS)
DHS/ICE-011 - Immigration Enforcement Operational Records Sy stem

(ENFORCE)
OHS/ALL-020 - OHS Internal Affai rs Records

0New.
here.>

b)(5)
2020-ICLl-00023 760
From: l(b)(6); (b)(7}(C) I
Sent: 22 Jul 2019 20:38:38 +0000
To: ~b)(6); (b)(7)(C)
Cc: l
I(.._b-'-'
)(__,
6 ).....,
; (__,b )-'-
(7-'-'
){_
C)'--______,Ikb)( 6 ): I
Subject: ICE SMOUTs
Attachments: Social Media Documents, Authentic8 Security Overview.pdf
Hello Xb)(6);
As ctiscussed, attached please find an email which includes all the ICE Social Mectia Operational
Use Templates (SMOUTs), as well as DHS Directive and Instructions on operational use of
social media.
The SMOUTs were used by DHS Privacy to find out the operational purposes for which ICE
needs to access social media, and to determine whether those uses are authorized under DHS
policies. Most relevant to ERO 's operational use of social media is the 'Criminal and Admin
Inunigration LE' SMOUT. I've identified below portions of this SMOUT that may help CIU in
framing a document explaining ERO 's intended use of SILO to surveille publicly-available
social media sites.
b)(S)
2020-ICLl-00023 762
b)(5)
Please let me know if you have any questions about the above. Thank yout
l(b)(6); (b)(7}(C )
Associate legal Advisor
Enforcement and Removal Operations Law Division
Office of the Principal Legal Advisor
(Desk) 202-732*b)(6); I
(IPhone) 202-787~
l(b)(6 }; (b)(7 }(C}
-ATTORNEY/CLIENT PRIVILEGE --- ATTORNEY WORK PRODUCT ---
2020-ICLl-00023 763
This communication and any attachments may contain confidential and/or sensitive attorney/client
privileged information or attorney work product and/or law enforcement sensitive information. It is not
for release, review, retransmission, dissemination, or use by anyone other than the intended recipient.
Please notify the sender if this email has been misdirected and immediately destroy all originals and
copies. Furthermore do not print, copy, re-transmit, disseminate, or otherwise use this information.
Any disclosure of this communication or rts attachments must be approved by the Office of the Principal
Legal Advisor, U.S. Immigration and Customs Enforcement. This document is for INTERNAL
GOVERNMENT USE ONLY and may be exempt from disclosure under the Freedom of Information Act, 5
USC§§ 552(b)(S), (b)(7).
2020-ICLl-00023 764
From: ~b)(6); (b)(7)(C)
Sent: 17 Dec 2012 12:11:04-0500
To: l(b)(6); I
Subject: Social Media Documents
Attachments: OHS Directive 110-01, Privacy Policy for Operational Use of Social Media
(Signed).pdf, OHS Instruction 110-01-001, Privacy Policy for Operational Use of Social Media
(Signed) .pdf, SMOUT, ICE - Administrative Law Enforcement, 20121106 PRIV Final.pdf, SMOUT, ICE -
Criminal and Ad min Immigration LE, 20121106 PRIV Final.pdf, SMOUT, ICE - Criminal Law Enforcement,
20121106 PRIV Final.pdf, SMOUT ICE - General Non-LE Use 20121101 PRIV final.pdf, SMOUT, ICE -
Undercover Criminal Law Enforcement, 20121106 PRIV Final.pdf
Kb)(6);
Attached are the relevant documents. These include the directive and instruction and ICE's templates
(SMOUTS) addressing TCE's five categories of operational use of social media. ERO's activities in this
case are likely covered under both Criminal Law Enforcement and Criminal and Administrative
Immigration Law Enforcement
l(b)(6); (b)(7)(C) I
Deputy Privacy Officer
Chief of Staff for Privacy & Records
Department of Homeland Security
500 12th Street SW, Mail Stop 5004, Washington, DC 20536
Phone: 202-732lrh\t~,1Fax: 202-732-4263 j Email:..,..
kb-)(,-
6.,...
);....,..
(b-)=(7..,...
)(,- C.,....
) ------,
( E_) _ _ _ _ _ _ _ _ _~
For help with privacy questions, visit our website on the l CE Intranet: !~(b_)_(7_)~
2020-ICLl-00023 765
DHS Directives System
Directive Number: 110-01
Revision Number: 00
Issue Date: 6/8/2012
PRIVACY POLICY FOR
OPERATIONAL USE OF SOCIAL
MEDIA
I. Purpose
This Directive establishes privacy policy for operational use of social media by the
Department of Homeland Security (OHS or Department).
II. Scope
This Directive applies throughout OHS regarding the access to and collection, use,
maintenance, retention, disclosure, deletion, and destruction of Personally Identifiable
Information (PII) in relation to operational use of social media, with the exception of
operational use of social media for: (a) communications and outreach with the public
authorized by the Office of Public Affairs; (b) situational awareness by the National
Operations Center; (c) situational awareness by Components other than the National
Operations Center, upon approval by the Chief Privacy Officer following completion of a
Social Media Operational Use Template; and (d) the conduct of authorized intelligence
activities carried out by the Office of Intelligence and Analysis, the intelligence and
counterintelligence elements of the United States Coast Guard, or any other
Component performing authorized foreign intelligence or counterintelligence functions,
in accordance with the provisions of Executive Order 12333, as amended. This
Directive does not apply to the Office of the Inspector General; however, the OIG will
comply with the spirit of the Directive.
Ill. Authorities
A. Public Law 107-347, !!E-Government Act of 2002," as amended, Section
208 [44 U.S.C. § 3501 note]
B. Title 5, United States Code (U.S.C.), Section 552a, "Records Maintained

on Individuals" [The Privacy Act of 1974, as amended]
C. Title 6 U.S.C. Section 142, "Privacy officer"
- 1-
Directive # 110-01
Revision # 00
2020-ICLl-00023 766
D. Title 44, U.S.C., Chapter 35, Subchapter Ill, "Information Security" [The
Federal Information Security Management Act of 2002, as amended (FISMA)]
E. Delegation 13001 , "Delegation to the Chief Privacy Officer"
IV. Responsibilities
A. The Chief Privacy Officer is responsible for establish.ing, overseeing the
implementation of, and issuing guidance and providing training on OHS privacy
policy for operational use of social media; and ensuring, in coordination with
Component heads, Component Privacy Officers, and Privacy Points of Contact
(PPOCs), that the Department follows OHS privacy policy, privacy laws
applicable to OHS, and federal government-wide privacy policies on operational
use of social media.
B. Component Heads are responsible for: determining that their respective

Components' intended operational use of social media is legally authorized prior
to use; establishing guidelines for determining which employees are permitted to
utilize social media for operational purposes during the performance of their
duties; implementing OHS privacy policy and procedures for operational use of
social media as established by the Chief Privacy Officer; ensuring adherence to
OHS privacy policy by employees who use social media for operational
purposes; ensuring adherence to applicable records retention schedules; and
coordinating with the Office of the Chief Procurernent Officer to ensure that
Component contracts for activities that involve the operational use of social
media include appropriate language requiring that Department contractors follow
OHS privacy policy and this Directive.
V. Policy and Requirements

A. The Department engages in operational use of social media only as
authorized by OHS privacy policy, privacy laws applicable to OHS, applicable
federal government-wide policies, and other applicable statutory authorities.
B. The Chief Privacy Officer determines privacy policy and standards for the
Department's operational use of social media consistent with Directive 047-01 ,
Privacy Policy and Compliance; oversees compliance with OHS privacy policy,
privacy laws applicable to OHS, and federal government-wide policies as they
relate to the operational use of social media; and provides privacy guidance and
training to OHS personnel regarding operational use of social media. Component
heads work with the Chief Privacy Officer to ensure that Department operational
activities using social media follow OHS privacy policy and procedures, thereby
enhancing the overall consistency of privacy protections across OHS.
- 2-
Directive# 110-01
R-evision # 00
2020-ICLl-00023 767
VI. Questions
Address any questions or concerns regarding this Directive to the DHS Privacy Office.
afael Borras Date

Under Secretary for Management
-3-
Directive# 110-01
Revision # 00
2020-ICLl-00023 768
DHS Directives System
Instruction Number: 110-01-001
Revision Number: 00
Issue Date: 6/8/2012
PRIVAc·y POLICY FOR
OPERATIONAL USE OF SOCIAL
MEDIA
I. Purpose
This Instruction implements Department of Homeland Security (OHS) Directive 110-01 ,
Privacy Policy for Operational Use of Social Media.
II. Scope
This Instruction applies throughout OHS regarding the access to and collection, use,
maintenance, retention , disclosure, deletion, and destruction of Personally Identifiable
Information (PII) in relation to operational use of social media, with the exception of
operational use of social media for: (a) communications and outreach with the public
authorized by the Office of Public Affairs; (b) situational awareness by the National
Operations Center; (c) situational awareness by Components other than the National
Operations Center, upon approval by the Chief Privacy Officer following completion of a
Social Media Operational Use Template; and (d) the conduct of authorized intelligence
activities carried out by the Office of Intelligence and Analysis, the intelligence and
counterintelligence elements of the United States Coast Guard, or any other
Component performing authorized foreign intelligence or counterintelligence functions,
in accordance with the provisions of Executive Order 12333, as amended. This
Instruction does not apply to the Office of the Inspector General; however, the OIG will
.comply with the spirit of the Instruction.
Ill. References
A. Public Law 107-347, "E-Government Act of 2002," as amended, Section
208 (44 U.S.C. § 3501 note]
B. Title 5, United States Code (U.S.C.), Section 552a, "Records maintained

on individuals" [The Privacy Act of 1974, as amended]
C. Title 6, U.S.C., Section 142, "Privacy officer''
D. Title 44, U.S.C., Chapter 35, Subchapter nl, "Information Security" [The
Federal Information Security Management Act of 2002, as amended (FISMA)]
- 1-
Instruction # 110-01 -001
Revision # 00
2020-ICLl-00023 769
E. Title 6, C.F.R., Chapter 1, Part 5, "Disclosure of records and information"
F. Directive 047-01 , "Privacy Policy and Compliance"
G. OHS Sensitive Systems Policy Directive 4300A
H. Privacy-related memoranda issued by the Office of Management and

Budget, including:
1. 0MB Memorandum 10-22, "Guidance for Online Use of Web

Measurement and Customization Technologies'' (June 25, 2010)
2. 0MB Memorandum 10-23, "Guidance for Agency Use of Third-

Party Websites and Applications" (June 25, 2010)
3. 0MB Memorandum 07-16, "Safeguarding Against and Responding

to the Breach of Personally Identifiable Information" (May 22, 2007)
4. 0MB Memorandum 06-20, "FY 2006 Reporting Instructions for the

Federal Information Security Management Act and Agency Privacy
Management" (July 17, 2006)
5. 0MB Memorandum 06-19, "Reporting Incidents Involving

Personally Identifiable Information and Incorporating the Cost for Security
in Agency Information Technology Investments" (July 12, 2006)
6. 0MB Memorandum 06-15, "Safeguarding Personally Identifiable

Information" (May 22, 2006)
7. 0MB Circular No. A-130, "Transmittal Memorandum #4,

Management of Federal Information Resources" (November 28, 2000)
I. Privacy policy guidance and requirements issued (as updated) by the

Chief Privacy Officer and published on the Privacy Office website, including:
1. Privacy Policy Guidance Memorandum 2008-02, OHS Policy

Regarding Privacy Impact Assessments (December 30, 2008)
2. Privacy Policy Guidance Memorandum 2008-01 , The Fair

Information Practice Principles: Framework for Privacy Policy at the
Department of Homeland Security (December 29, 2008)
3. Handbook for Safeguarding Sensitive Personally Identifiable

Information at OHS (March 2012)
-2-
Instruction# 110-01 -001
Revision # 00
2020-ICLl-00023 770
IV. Definitions
A. Counsel means the Office of the General Counsel attorney, from either the
Immediate Office of the General Counsel or component counsel, assigned to
provide legal advice to the component covered by this Instruction.
B. Fair Information Practice Principles means the policy framework

adopted by the Department in Directive 047-01 , Privacy Policy and Compliance,
regarding the collection, use, maintenance, disclosure, deletion, or destruction of
Personally Identifiable Information.
C. Individual means a natural person, including a United States citizen,

Legal Permanent Resident, visitor to the United States, alien, DHS employee, or
DHS contractor.
D. Operational Use means authorized use of social media to collect

personally identifiable information for the purpose of enhancing situational
awareness, investigating an individual in a criminal, civil, or administrative
context, making a benefit determination about a person, making a personnel
determination about a Department employee, making a suitability determination
about a prospective Department employee, or for any other official Department
purpose that has the potential to affect the rights, privileges, or benefits of an
individual. Operational use does not include the use of search engines for
general Internet research, nor does it include the use of social media for
professional development such as training and continuing education or for
facilitating internal meetings.
E. Personally Identifiable Information (PII) means any information that

permits the identity of an individual to be directly or indirectly inferred, including
other information that is linked or linkable to an individual.
For example, when linked or linkable to an individual, such information includes a

name, Social Security number, date and place of birth, mother's maiden name,
Alien Registration Number, account number, license number, vehicle identifier
number, license plate number, device identifier or serial number, internet protocol
address, biometric identifier (e.g., facial recognition photograph, fingerprint, iris
scan, voice print) , educational information, financial information, medical
information, crim inal or employment information, information created specifically
to identify or authenticate an individual (e.g., a random generated number).
F. Privacy Compliance Documentation means any document required by

statute or by the Chief Privacy Officer that supports compliance with DHS privacy
policy, procedures, or requirements, including but not limited to the Social Media
Operational Use Template (Template), Privacy Impact Assessments (PIAs),
System of Records Notices-(SORNs): Notices of Proposed Rulemaking for
- 3-
Revision # 00
2020-ICLl-00023 771
Exemption from certain aspects of the Privacy Act (NPRM), and Final Rules for
Exemption from certain aspects of the Privacy Act.
G. Privacy Compliance Review {PCR) means both the OHS Privacy Office
process to be followed and the document designed to provide a constructive
mechanism to improve a OHS program's ability to comply with assurances made
in existing Privacy Compliance Documentation including Privacy Impact
Assessments (PIAs), System of Records Notices (SORNs) and/or formal
agreements such as Memoranda of Understanding or Memoranda of Agreement.
H. Privacy Impact Assessment (PIA) means both the OHS Privacy Office
process to be followed and the document required whenever an information
technology (IT) system, technology, rulemaking, program, pilot project, or other
activity involves the planned use of PII or otherwise impacts the privacy of
individuals as determined by the Chief Privacy Officer. A PIA describes what
information OHS is collecting, why the information is being collected, how the
information will be used, stored, and shared, how the information may be
accessed, how the information will be protected from unauthorized use or
disclosure, and how long it will be retained. A PIA also provides an analysis of
the privacy considerations posed and the steps OHS has taken to mitigate any
impact on privacy. As a general rule, PIAs are public documents. The Chief
Privacy Officer may, in coordination with the affected component and the Office
of the General Counsel, modify or waive publication for security reasons, or to
protect classified, sensitive, or private information included in a PIA.
I. Program Manager means the OHS employee who is responsible for the
planning and operation of a OHS program.
J. Situational Awareness means information gathered from a variety of

sources that, when communicated to emergency managers and decision makers,
can form the basis for incident management decisi•on making..
K. Social Media means the sphere of webs ites, applications, and web-based
tools that connect users to engage in dialogue, st,are information and media,
collaborate, and interact. Social media take many different forms, including but
not limited to web-based communities and hosted services, social networking
sites, video and photo sharing sites, biogs, virtual worlds, social bookmarking,
and other emerging technologies. This definition does not apply to internal
Department intranets or applications.
L. Social Media Operational Use Template (Template) means the

document that describes the current or proposed category of operational uses(s)
of social media, identifies the appropriate authorities for the current or proposed
category of use(s), describes what PII, if any, is collected (and from whom), and
how that information is used. The Template is used to identify information
technology systems, technologies, rulemakings, programs, or pilot projects that
-4-
Revision # 00
2020-ICLl-00023 772
involve coHecting PII from social media for the proposed category of use(s) and
to assess whether there is a need for additional Privacy Compliance
Documentation. Templates are initially reviewed and adjudicated by the Chief
Privacy Officer, and every three years thereafter for accuracy.
M. System Manager means the OHS employee identified in a System of
Records Notice who is responsible for the operation and management of the
system of records to which the System of Records Notice pertains.
N. System of Records Notice {SORN) means the official public notice of a

OHS system of records as required by the Privacy Act of 1974 (as amended).
The SORN identifies (1) the purpose for the system of records , (2) the individuals
covered by information in the system of records , (3) the categories of records
maintained about individuals, (4) the source of the records and (5) the ways in
which the information is generally shared by the Department. The SORN also
provides notice of the mechanisms available for individuals to exercise their
Privacy Act rights to access and correct the PII that OHS maintains about them.
V. Responsibilities
A. All DHS employees are responsible for complying with Directive 110-01 ,
with privacy policies and procedures issued by the Chief Privacy Officer, and with
applicable Component policies on operational use of social media and for
protecting PII from unauthorized use or disclosure.
B. Chief Information Officer is responsible for providing web technology

services, security, and technical assistance for the operational use of social
media within the Department.
C. Counsel is responsible for:
1. Providing advice to Program Managers or System Managers, as

appropriate, to ensure that appropriate authority exists to engage in
categories of operational use of social media before Component
employees engage in those uses, and to ensure that the Template
generally documents that authority; and
2. Providing legal guidance to the Component Privacy Officers or

PPOCs and Program Managers or System Managers, as appropriate, in
the drafting of Rules of Behavior for operational use of social media.
D. Component Privacy Officers are responsible for:
1. Maintaining an accurate accounting of all Component categories of

operational use of social media using the Template to identify collection
and use of PII, and any other attendant privacy impacts, and ensuring
-5-
Revision # 00
2020-ICLl-00023 773
Components implement OHS privacy policy with respect to the operational
2. Coordinating with Program Managers or System Managers, as

appropriate, together with the Chief Privacy Officer and counsel to
complete a Template and any other required Privacy Compliance
Documentation (1) for all proposed categories of operational use of social
media, and (2) for any changes to the categories of operational use of
social media;
3. Developing and reviewing Component policies and directives

related to operational use of social media, and Component Rules of
Behavior consistent with the adjudicated Template, to ensure compliance-
with OHS privacy policy, privacy laws applicable to OHS, and federal
government-wide privacy policies;
4. Overseeing Component privacy training for operational use of

social media and providing educational materials, consistent with privacy
training for operational use of social media developed by the Chief Privacy
Officer.
5. Reviewing documentation required in Section VI. D.8 to ascertain

compliance with this Instruction as needed; and
6. Collaborating with the Chief Privacy Officer in conducting Privacy

Compliance Reviews.
E. Privacy Points of Contact (PPOCs) are responsible for assuming the

duties of Component Privacy Officers in Components that do not have Privacy
Officers.
F. Program Managers, or System Managers, as appropriate, are

responsible tor:
1. Coordinating with the Component Privacy Officer or PPOC to

ensure that privacy is appropriately addressed when proposing,
developing, implementing, or changing any operational use of social
media;
2. Coordinating with the Component Privacy Officer or PPOC and

counsel to prepare drafts of the Template and, as appropriate, all Privacy
Compliance Documentation required when proposing, developing, or
implementing or changing any category of operational use of social media;
3. Monitoring the design, deployment, operation, and retirement of

programs involving the operational use of social media to ensure that the
- 6-
Instruction# 110-01-001
Revision # 00
2020-ICLl-00023 774
use of PII, if any, is limited to those uses described in the Privacy
Compliance Documentation;
4. Ensuring oversight mechanisms are built into the design of

programs and systems involving the operational use of social media;
5. Coordinating with the Component Privacy Officer or PPOC to

establish administrative, technical, and physical controls for storing and
safeguarding PII consistent with OHS privacy, security, and records
management requirements to ensure the protection of PII from
unauthorized access, disclosure, or destruction in the course of
operational use of social media; and
6. Supporting the Component Privacy Officer or PPOC in developing

and implementing privacy procedures and job-related privacy training to
safeguard PII in operational uses of social media.
VI. Content and Procedures

A. Authority to Engage in Operational Use of Social Media: Program
Managers and System Managers consult with counsel to ensure that appropriate
authority exists to engage in categories of operational use of social media before
Component employees engage in those activities.
B. Privacy Compliance Documentation: Before engaging in, or contracting

for, new or modified categories of operational use of social media (which as
defined includes investigatory purposes), Program Managers and System
Managers, in consultation with Component Privacy Officers or PPOCs and
counsel complete a Template to document the authortty and purpose(s) of those
uses as well as a description of those uses, and to determine whether al! of the
Rules of Behavior discussed in Section VI.D of this Instruction will apply to the
particular uses(s) covered by the Template. Templates are submitted to the
Chief Privacy Officer for a prompt review and determination as to whether a new
or updated PIA or SORN is required. Templates are also completed to document
categories of operational use of social media in existence prior to this Instruction
to ensure compliance with this Instruction. Once a Template is approved for a
category of operational use, a Template 1s not required for additional use of
social media within that category unless there is a material modification of the
Rules of Behavior applicable to that category. Components may appeal to the
Deputy Secretary of Homeland Security if there is a disagreement over the OHS
Privacy Office determination of privacy compliance for the operational use of
social media.
C. Access: OHS employees who are granted access to use social media by
their Component heads renew their access authority annually, consistent with
-7-
Revision # 00
2020-ICLl-00023 775
annual training requirements. Access is contingent upon an employee's
successfully completing privacy training for operational use of social media.
0. Rules of Behavior: Component Privacy Officers or PPOCs, in coordination

with counsel and Program Managers, or System Managers as appropriate, draft
Rules of Behavior for operational use of social media (either separately or as part
of a broader policy document) and submit them with the Template to the Chief
Privacy Officer for review and approval. Personnel granted access to use social
media certify annually that they have read and understand the Component Rules
of Behavior. Where certification is not practicable, Component Privacy Officers
and PPOCs maintain records of employee attendance at privacy training that
includes training on Rules of Behavior.
Rules of Behavior include requirements for operational use of social media and
the consequences of failure to adhere to those requirements. Where a federal
policy establishes guidelines that apply to a Component's operational use of
social media, the Component's Rules of Behavior incorporate that policy and that
fact is noted in the Template. Unless otherwise noted in the Template
adjudication process, the Rules of Behavior provide, at a minimum , that OHS
employees:
1. Use social media for operational purposes only when activities ·are
authorized by statute, executive order, regulation , or policy;
2. Use only government-issued equipment, government accounts, and

only government email addresses when engaging in the operational
3. Use online screen names or identities that indicate an official OHS

affiliation and use OHS email addresses to open accounts used
when engaging in social media in the performance of their duties;
4. Access publicly available information through social media only by

reviewing posted information without interacting with any individual
who posted the information;
5. Respect individuals' privacy settings and access only information

that is publicly available unless the individual whose information the
employee seeks to access has given consent to access it;
6. Collect the minimum PII necessary for the proper performance of

their authorized duties;
7. Protect PII as required by the Privacy Act and OHS privacy policy;
and
-8-
Revision # 00
2020-ICLl-00023 776
8. Document operational use of social media, including date, site(s)
accessed, information collected, and how it was used in the same
manner that the Department would document information collected
from any source in the normal course of business. For instance,
where information obtained through authorized operational use of
social media is used in whole or in part to make decisions regarding
an individual's rights, benefits or privileges, employees document
that fact in relevant records.
E. Privacy Training: Component Privacy Officers or PPOCs tailor privacy

training for the operational use of social media to Component-specific needs,
based upon training materials provided by the Chief Privacy Officer. Completion
of this privacy training is a prerequisite for obtaining access to social media for
operational use. Upon completion of this training, employees will certify that they
have read and understand their Component's Rules of Behavior. Where
certification is not practicable, Component Privacy Officers and PPOCs maintain
records of employee attendance at privacy training that includes training on
Rules of Behavior. Employees also complete refresher training and recertify they
have read and understand their Component's Rules of Behavior annually
thereafter. Privacy training content includes, at a minimum, legal authorities,
acceptable operational uses of social media, access requirements, applicable
Rules of Behavior, and requirements for documenting operational uses of social
media.
F. Retention of PII: Component Program Managers or System Managers

where appropriate, maintain PII collected through authorized operational uses of
social media in the applicable Privacy Act system of records in accordance with
approved records retention schedules.
G. Privacy Compliance Reviews (PCR): The Chlef Privacy Officer, in

collaboration with Component Privacy Officers or PPOCs, conducts PCRs of
approved operational uses of social media periodically, at the sole discretion of
the Chief Privacy Officer, to ascertain compliance with OHS privacy policy and
legal authorities. PCRs may include a determination as to whether the Privacy
Compliance Documentation for a particular operational use of social media is
accurate and up to date.
H. Implementation: Measured from the date Directive 110-01 and this

Instruction are signed and posted on OHS Connect:
1. the Chief Privacy Officer provides baseline training to the

Components within 45 days, and
- 9-
Revision # 00
2020-ICLl-00023 777
2. Components complete implementation of this Instruction, including
obtaining approval from the Chief Privacy Officer of Templ,ates for
categories of operational use of social media in existence prior to
this Instruction, within 120 days, except that Components c::omplete
training of all pertinent employees within 165 days.
VII. Questions
Address any questions or concerns regarding these Instructions to the OHS Privacy
Office or to the relevant Component Privacy Officer or PPOC.
~Cd!;( _J&M- ~. MaryEtlenCaltahan ~ Date

Chief Privacy Officer
- 10 -
Instruction# 1 '10-01-001
Revision # 00
2020-ICLl-00023 778
U.S. O"'f'11r1ment of Humelund Secun1y
Security W~.1hing1on. DC 2052R

703-23.'i-ll!,.., re ,.
www.dhs.gov/privacy

Page I of 8

This template is used to assess the D epartmen t's Operationa l Use of Social Media,
consistent with Management D irective 110-01.
include the use of search engines for general Internet research, nor does it include the use of social media
and Ap plications Communications/Outreach/Pu blic Dialogu e and DHS/ALL/PIA-036 -
Use of Unidirectional Social Media Application s);
12333, as amended.
from this requirement and is covered by the existing PIA; DHS/OPS/PIA-004/d\ - Publicly Avai lable Social Media Monjtming and
2020-ICLl-00023 779
Security Wa,qhing1on. DC 2052R

703-235-k h \/R\·
www.dhs.gov/privacy
!

Page 2 of 8

SUMMARY INFORMATION

Contact Information:Kb)(6); (b)(?)(C) p eputy Privacy Officer, (202) 732~(b)(6): !

Counsel2 Contact Information: l(b
,__-')"""
{6-')'--
:_ __.!Chief of Labor and Employment Law Divi sion
IT System(s) where social media data is stored: Gene_ral. Cou.nse.l Elect.roni.c Management
System (GEMS), Joint Integrity Case Management System (JICMS), and Personnel Secu.rity
Activities Management System (PSAMS)/lntegrated Security Management System (lSMS).
OHS/ICE/PTA-002(a) - General Counsel Electronic Management System (GEMS)
OHS/ ALL/PfA-00l(a) - Personnel Security Activities Management System

OHS/ALL-020 - DHS Internal Affairs Records
OHS/ALL-017 - DHS General Legal Records
1Counsel listed here mu.st certify that appropriate authority exists to engage in particular operational activities involving social
media.
2020-ICLl-00023 780
U.S. D<p11r1ment of Humelund St-Wt\JI
Security W~., h ingron. DC 2(152R

703-235·k h \/R\'
www.dhs.goV/pl'ivacy

Page 3 of 8
SPECfFlC QUESTIONS
As the definition of social media in the OHS Instruction 110-01-001 Pri1.1acy Policy for the
Operational Use of Social Media (Privacy J:'olicy) is drafted broadly so as to likely in clude
gen eral use of the Internet an d as social m edia technology is ever changing and evolving, this
subm ission addresses ICE's use of the Internet, to include social media as defined in the
Privacy Policy.
TCE u ses the Internet, including social media, as d efined in the Privacy Policy, for
administrative law enforcemen t purposes in an internal affairs context. This administrative
law enforcemen t use of the Internet, inclu ding social media, includes assisting in
investigating, gathering evidence, and gathering information on improper or potentially
improper activity by ICE or CBP employees or contractors.
This u se of the Internet, including social media, involves activities to gather infonnation such
as l.ntemet searches, reviewing social media sites, monitoring chat room s, and reviewin g
comments posted on websi tes. This information is gathered and used by ICE agents,
attorneys, and s upport p ersonnel in the same manner as information gathered from non-
Internet and non-social media sources such as i.nformation gathered in person, on the phone,
or through research of hard copy documents. Information gathered in this fashion may be
used in administrative investigations of employees or contractors of ICE and C BP.
authorities.
• Inspector General Act of 1978, as amended . (Pub. L, 95-452, 92 Stat. 1101 (1978)
• Homeland Secud ty Act of 2002, as amended, Pub. L No. 107-296, 116 Stat. 2135 (2002)
• OHS Managem en t Directive 0810.1, The Office of Inspector General
Immigration and Customs Enforcemen t
u se?
cgjYes. ONo .
2020-ICLl-00023 781
U.S. D<p11r1menl of Homelund se-,uritY
Security W~.shingron, DC 2(1528

703-235-tr h\f~ \-
www.dhs.gov/pti.vacy

Page 4 of 8

D ln development. 1:8] Operational. Date first launched: lJnknown.
The InteTnet has been in use at ICE's legacy agencies since it was publicly available.
2012.
a) Equipme11t. Use only government-issued equipment when engaging in the operationaJ
The nature of adminish·ative law enforcement investigations may require
investigators to use non-government-issued equipment when engaging in
investigations. Investigators a t times find themselves in rapidly evolving situations
in the field that call for the use of adaptive measures. fn situations where
government-issued equipment is either not available, or is technologically
insufficient to perform the requiT-ed task at hand, investigators may need to rely on
non-government-issued equipment. However, ICE is currently working to provide
government-issued equipment so as to not requiTe the use of non-government-issued
b) Email and accounts. Use onli.ne screen names or identities that indicate an official OHS
affiliation and use OHS email addresses to open accounts used when engaging in social
Because the activities described in Question 1 are for administrative law enforcement
purposes in an internal affairs context, the employees who engage in these activities will
not identify themselves as ICE or OHS personnel, or law enforcement personnel. This is
necessary to ensure the safety of law enforcement personnel, to avoid compromising law
enforcement operations, to prevent tipping off individuals who are sought by law
enforcement for violations of law, and to prevent disclosing litigation strategy and
tactics.
2020-ICLl-00023 782
U.S. D<p11r1ment of Humelund Setur11y
Security W~.1hing1on. DC 2(1528

103.235kh ,rfn·
www.dhs.gov/pl'ivncy
I

Page 5 of 8
c} Public interaction. Access publicly available information th.rough sociaJ media only by
reviewing posted information w ithout interacting with any individual who posted the
information;
IZ]Yes. D No. If not, please explain:
d) Pr-ivaci; settings. Respect individuals' pr•ivacy settings and access only information that is
publicly available;
0Yes. [gj No. If not, please explain:
Law enforcement personnel may not access restricted online sources or facilities absent
enforcement personnel may access restricted online information.
e) Pll collection: Collect the minimum Pll necessary for the proper performance of their
The applicable SORNs cited above are all exempted by Final Rules from the Privacy Act
(e)(1) requirement (5 U.S.C. § 552a(e)(1)), which normally limits agencies to collecting
(e)(l) requirement is necessary to ensure the integrity oflaw enforcement investigations,
f) Pll safeguards. Protect PU as required by the Privacy Act (if applicable) and DHS privacy
policy;
IZ] Yes. D No . If not, please explain:

g) Documentation. Documen t operational use of social media, including date, s ite(s)
0 Yes. ~ No. If not, please explain:
ICE's rules of behavior state that law enforcement personnel should retain the
communications.
2020-ICLl-00023 783
U.S. Depurtment of Hllmelund Security
Security Wa,qhington. DC 20528

703-235!fh \ (6 \·
www.dhs.gov/privacy

Page 6 of 8
h) Traiuing. Users complete annual p1ivacy training which has been approved by
Component Privacy Officer (or Privacy Point of Contact) based upon h·aining materials
provided by the OHS Privacy Office. Training must include, at minimu m: legal
~Yes. D No. If not, please explain:
D Yes, employees sell-certify that they have read and understood their Component
Rules of Behavior.

attendance at privacy training that includes training on the Rules of Behavlm.
0 No. If not, p lease explain:
2020-ICLl-00023 784
U.S. D<p11r1ment of Homelund Secun1y
Security Wa., hing1nn. DC 20528

703·235fb)(6 \:
www.dhs.gov/privacy

Page 7 of 8

DATE reviewed by the OHS Privacy Office: 11/6/2012
NAME of the OHS Privacy Office Reviewer: fb)(6); (b)(7)(C)

~ Program has m e t requirem ents to u se social me dia for the stated authorized
operational purposes, and must continue compliance with the requirements above ,
purposes.
~APIA js required.
~ Covered by existing PIA.
DHS/lCE/PlA-002(a) - General Counsel Electronic Management System

(GEMS)
DHS/ALL/PIA-001(a)- P ersonne l Securi ty Activities Management

System (PSAMS)/Integrated Security Managem ent System (ISMS)
D New.
here.>
~ A SORN is required:
[gJ Covered by existing SORN.
2020-ICLl-00023 785
U.S. Depur1ment vf Ht>melund Security
Security Washington. DC 20528

103.23s~n ·" "'' ·
www.dhs.gov/privacy
I

Page 8 of 8
D HS/lC E-003 - General Counsel Electronic Management System (GEMS)
DHS/ALL-020 - OHS Tnternal Affairs Records
DHS/ ALL-017 - OHS Genera l Legal Records

D New.
here.>

b)(5)
2020-ICLl-00023 786
U.S. D<p11r1ment of Homelund Securi1y
Security Wa,qhing1on, DC 2{1528

703-235!(b)(6):

Page 1 of
11

This template is used to assess the D epartmen t's Operational Use of Social Media,
12333, as amended.
• Gathering infonnalion by the Office of Operations Coordination and Planning (OI'S) to enhance situatio nal awareness is exempt
from this requirement and is covered by the existing PIA; DHS/OPS!PlA-004(dl - Publicly Avai lable Social Media Monjtming and
Situatio nal Awa reness Initiative Update.
2020-ICLl-00023 787
Homeland The Piivncy Ofticc
Security Wa.~hing1on, DC 20528

103.m Jrn,rn,
www.dhs.gov/privacy
I

Page 2 of
11

SUMMARY INFORMATION
Contact Information: j(b)(6); (b)(7)(C) !Deputy Privacy Officer1 (202) 732i (b)(6);
Counse l2 Contact Information : l(b)/6): (b)(7)(C) I

Chie f, Enforcement and Removal Operations
Division, OPLA; ~b)(6); (b)(7)(C) I
Chief, Immigration Law and Pr actice Division,
OPLA.
IT System(s) whe re social me dia data is stored: TECS Case Management, Fugitive Case
Management System, Enforcement Integrated Database, and Alien Criminal Response
lnformation Management System
Applicable Privacy Impact Assessment(s ) (PIA):
DHS/ICE/PIA-020 - Alien C riminal Response Information Management System

(ACRl Me)
Applicabl e S ystem of Records N otice (s ) (SORN):
DHS/ICE-007 - Alien Criminal Response Information Management (AOUMe) SORN
DHS/ICE-011 - Immigration and Enforcement Operational Records System (ENFORCE)

SORN
1Counsel listed here mu.st certify that a ppropriate authority exists to engage in particular operational activities involving social
media.
2020-ICLl-00023 788
Homeland The Privacy O ffice
U.S. Department of Homeland Security

703-235fo ) (6 \ :
www.dhs.gov/privacy

Page3 of
11
DHS/USCIS-ICE-CBP-001 - Alien File, Index, and National File Tracking System SORN
2020-ICLl-00023 789
Homeland The Privncy O fticc
U.S. D"f'11r1ment of HoroeJ11ruJ Se-Wt\JI
Security W~., hing1on. DC 2(152~

703-235l(h 1fn)·
www.dhs.gov/privacy
!

Page4 of
11
SPECfFlC QUESTIONS
As the definition of social media in the OHS lnstruction 110-01-001 Privacy Policy f or the
Opera.tioHal Use of Soda/ Media (Privacy Policy) is drafted broadly so as to }jkely include
general use of the ln ternet and as social media technology i.s ever changing and evolving, this
Policy.
ICE uses the Internet, including social media as defined in the Privacy Policy, for criminal
and administrative immigration law enforcement purposes. (111is template does not address
the conduct of undercover operations in the context of criminal immigration law enforcement
investigations. Those activities aie covered by a separately submitted template that covers
undercover mvestigations only.) This immigration law enforcement use of the Internet
including social media, falls into the following three categories: (1) using the Internet,
including social media, to assist in locating, arresting, and adjudicating individuals who may
be amenable to removal under the Immigration and Nationality Act or are otherwise
suspected of violations of U.S. immigration law and assisting other law enforcement agencies
wlth investigations and adjudications related to individuals, (2) pre-operational, operational,
and situational awareness uses related to officer safety or threats to the public at-large, and
(3) to obtain information to assist in detennining whether to exercise prosecutorial d iscretion.
Categocy One: Basic Criminal and Administrative Enforcement of the Immigration and
Nationality Act
With regard to the use of the Internet, including social media, to locate and arrest
individuals, ICE officers, agents, attorneys, and support personnel routinely use a variety of
government and commercial databases to identify, locate, and arrest individuals who may be
amenable to rem.oval and meet ICE' s current enforcement priorities. However, additional
in.fonnation not available in these databases is available on the Internet, including social
media. The use of the fntem et, i11cluding social med ia, will allow ICE to gather information
that assists in identifying, locating, and arresting indivjduals wanted for crimes and/or who
may be amenable to removal, and assisting other law enforcemen t agen cies with
investigations related to individuals where necessary and appropriate. 1t will also allow ICE
attorneys who represent the agency i n civil immigration proceedings before the Executive
Office for Immigration Review to conduct general and specific case research and preparation.
2020-ICLl-00023 790
U.S. D<p11r1ment of Homelund Se-..•uritY
Security W~shington. DC 20528

103-235!fn V R\'

Page 5 of
11
Category Two: Officer and Public Safety

ICE also uses the Internet, includjng social media, for pre"operational/operational/situational
officers, or support personnel may collect information about the subject of the tactical
enforcement operation. This includes gathering information publicly available on the
relatives/associates who may reside with him. This information assists agents and officers
with tactical planning activities such as: number o f agents and officers required for the
operation, any specialized equipment that may be necessary for the operation, and
intelligence on when and where the operation should be conducted for agent and officer
safety and tactical efficiency.
Category Three: Prosecutorial Discretion
Finally, lCE also uses the internet, including social media, to gather information related to the
possible exercise of prosecutorial discretion. Pursuant to Director Morton's Jtme 17, 2011
prosecutorial discretion in various situations. Some of these factors include: whether the
subject is a danger to the community or to national security, whether the subject is the
primary caregiver to a minor, or a person with a physical o.r mental disability, a subject's
educati.onaJ and military background, a subject's ties and contributions to the community,
whether the subject (or the subject's spouse) is pregnant or nursing, whether the subject or
subject's spouse suffers from severe mental or physical illness. These factors can be difficult
to ascei-tain using routine government and commercial databases and the use of the Internet
including social media serves as another tool to attempt to identify these unique factors.
ICE custody. The Intemet, including social m edia, provides a source of information that can
be used to help detennine wh en it is appropriate to release an individual from ICE custody.
authorities.
• H omeland Security Act of 2002, as amended, Pub. L. No. 107-296, 116 Stat. 2135 (2002)
• Immigration and Nation ality Act of 1952, as amended, U.S. Code Title 8
• OHS Delegation No. 7030,2, Delegation of Authority to the Assistant Secretary of U.S
ImmigTation and Customs Enforcement
• ICE Delegation No, 0001, Delegation of Authority to the Directors, Detention and Removal
• 8 C.F.R § 2.1, Authority of the Secretary of Homeland Security
2020-lCLl-00023 791
U.S. D"f'11r1ment of Hornelund Se,.,urilJI
Security Wa.shingron, DC 2052R

703-23.5lfh V ~ \ -
www.dhs.gov/plivacy
!

Page 6 of
11
determined that they perm.it the Program to use social media for the listed operational
use?
C8'.] Yes. 0No.

D In development. C8'.] Operational. Date first launched: Unknown.
The Internet has been in use at ICE's legacy agencies since it was publicly available. However,
the use of certain specific social media websites such as Facebook, YouTube, Twitter, MySpace,
and Hi5 have not yet been implemented but will be after adjudication of this Template by the
DHS Privacy Office.
2012.
11,e nature of immigration law enforcement investigations may require investigators
to use non-government-issued equipment when engaging in investigations.
Investigators at times find themselves in rapidly evolving situations in the :field that
call for the use of adaptive measures. 1n situations where government-issued
required task at hand, investigators may need to rely on non-government-issued
equipment to all personnel so as to not require the use of non-government-issued
b) Email and accounts. Use onljne screen names or identities that indicate an official OHS
2020-ICLl-00023 792
U.S. D<p11r1ment of Humelund se-,uri\JI
Security W~., hingron. DC 2(152~

703-23511h \/&::\-
I

Page 7 of
11
purposes, the employees who engage in these activities will not identify themselves as
lCE or OHS personnel, or law enforcement personnel. This is necessary to ensure the
safety of law enforcement personnel, to avoid compromising law enforcement
c) Public interaction. Access publicly available in.formation through social media only by
.reviewing posted information without interacting with any individual who posted the
infonnation;

d) Privacy settings. Respect individuals' ptivacy settings and access only information that is
publicly available;
IZI Yes. D No. If not, please explain:
Law enforcement personnel may not access restricted onljne sources or facilities absent
legal authority permitting entry into private s pace.
OYes. IZ] No. li not, please explain:
The applicable S0RNs cited above are all exempted by Final Rules from the Privacy Act
(e)(l) requirement (5 U.S.C. § 552a(e)(l)), which normally Limits agencies to collecting
purpose of the agency required by statute oi: Executive Order. The exemption from the
(e)(1) requirement is necessary to ensure the integrity oflaw enforcement investigation s,
f) PII safeguards. Protect PIT as required by the Privacy Act (if app.licable) and DHS privacy
policy;
IZ] Yes. D No. li not, please explain:

OYes. cg] No. If not, please explain:
2020-ICLl-00023 793
Security W~.~hing1on, DC 2{1528

703-235·f b )(6}:
www.dh~.gov/pti.vacy
!
Page 8 of
11
ICE's rules of behavior stated that law enforcement personnel should retain the
infonnation they access on the h1ternet, including social media, if they would have
in a manner authorized by ICE procedures governin g the preservation of electronic
communications.
proyjded by the OHS Privacy Office. Training must includ e, at minimum: legal
fZl Yes. D No. If not, p lease explain:
All ICE users w ill complete the necessary training when it is available.
Mechanisms are (or will be) in place to verify that user s have completed training.
D Yes, employees self-certify that they have read and understood their Componeot
Rules of Behavior.
[Zl Yes, Component Privacy Officers or PPOCs maintain a record o f employee

attendance at privacy t raining th.at includes training on the RtLles of Behavior.
2020-ICLl-00023 794
Security Wa.~hingron, DC 20528

703-235-ir h \In \·
www.dhs.gov/privacy
!

Page 9 of
11

(To be Complete d by the DHS Privacy Office)
DATE revi e we d by th e DHS Privacy O ffice: N o vemb er 6, 2012
NAME of the OHS Privacy O ffi ce Reviewer:j(b)(6); (b)(7)(C)
DHS Privacy Office D e te rmination

[8JProgram has m e t requirem ents to u se social me dia for the s tated authorized
D Program has not yet met requ irements to u tilize social media for operational
purposes.
DA P IA is required.
[8J Covered by existing PlA.
DHS/ICE/PIA-020 - AJien Criminal Response Information Management

System (ACRI.Me)
D New.
here.>
D A SORN is required:
DHS/ICE-009 - · External Investigations
2020-ICLl-00023 795
U.S. Depurtment of Homelund Security
Security W~.qhington. DC 20:\28

103.235 ( b )(6 ):
www. is.gov pnvacy

Page JO of
11
DHS/ICE-007 - Alien Criminal Response Information Management

(ACRIMe) SORN
D HS/ICE-011 - lmmigratio1i and Enforcement Operational Records

System (ENFORCE) SORN
DHS/USCIS-ICE-CBP-001 - Alien File, Index, and National File Tracking

System SORN
D New.
D Updated. <Please include the name and nwnber of SORN to be updated
here.>

b)(5)
2020-ICLl-00023 796
Security Washing1on, DC 20528

703-235-k h \ / R\·
www.dhs.gov/plivacy
!

Page 1 of
11

Thi s template is used to assess the D e partment's Ope rational Use o f Social Media,
consis tent with Manageme nt Directi ve 110-01.
investigating an in.di vi.dual in a criminal, civil, or administrative context, making a benefit determination
that has the potential to affect the rights, privi leges, or benefits of an individual. Operational use does not
12333, as amended.
from this requirement and is covered by the existing PIA; DHS/OPS/PIA-004(dl - Publicly Avai lable Social Media Monjtming and
2020-ICLl-00023 798
Security Wa.~hing1nn. DC 20528

103.23s.fo \fn,.
www.dhs.gov/pt'ivncy
1

Page 2 of
11

SUMMARY INFORMATION
Contact Information: j(b)(6}; (b)(7)(C) j Deputy Privacy Officer, (202) 732tb)(6); I

Counsel 2 Contact Information: b)(6); (b)(7)(C) Chie f, Homeland Security In vestigations
Division, (202) 732 b}(6); (b}(7)(C) Chief, Enforcement and Removal Operations
Division, (202) 732 (b)(6};
/L '\ F""7 \fr,.\
System (CETS), General Counsel Electronic Management System (GEMS), Personnel Security
Activities Management System (PSAMS)/Integrated Security Management System (ISMS), Joint
Integrity Case Management Sys tem (JICMS), Enforcement Integrated Database (EID), and
Applicable Privacy Impact Assessment(s) (PIA) :

DHS/fCE/PlA-032 - FA LCON Search & Analy sis System (FALCON-SA)
DHS/ICE/PTA-002(a) - Gen e ral Counsel Electronic Management Sys tem (GEMS)
DHS/ALL/ PIA-0Ol(a) - Personnel Security Activ ities Management System

1Counsel listed here m u.st certify tha t a ppropriate a uthority exists to engage in pa rticular op erational acti vi ties invo lving social
media.
2020-ICLl-00023 799
U.S. Depurtment of H1>melund Security
Security Washini:ton. DC 20528

703-235f h \/RV
www.dhs.gov/ptivacy
!

Page3 of
11
DHS/ICE-006 - · lCE Intelligence Records System (HRS)
OHS/ICE 008 - Search, Arres t, and Seizure Record s
DHS/ICE-003 - General Counsel Elec tronic Management System (GEMS)
DHS/TCE-011 - Immi g ration Enforcement Operational Records System (ENFORCE)
DHS/ALL-020 - OHS Internal Affairs Records
2020-ICLl-00023 800
U.S. D<p11r1ment of Horoeh1ruJ se-,uritY
Security W~shington. DC 2(152~

703-235-f h )(n)·
!

Page4 of
11
SPECfFlC QUESTIONS
As the definition of social media in the OHS lnstruction 110-01-001 Privacy Policy for the
Operational Use of Social Media (Privacy Policy) is drafted broadly so as to Jjkely include
general use of the lnternet and as sodaI media technology is ever changing and evolving, this
Privacy Policy,
lCE uses the internet, including social media as defined in the Privacy Policy, for criminal
law enforcement purposes. (TI1is submission does not address the conduct of undercover
operations in the context of criminal law enforcement investigations. Those activities are
covered by a separately submitted document that covers undercover investigations only.)
This criminal law enforcement use of the Internet, including social media, falls into the
following three categories: (1) using the Internet, including social media, to assist in locating,
arresting, and adjudicating fugitives and assisting other law enfm-cement agencies with
investigations and adjudications related to the fugitive, (2) using the Internet, including social
media, to assist i11 investigating, gathering evidence, and gathering criminal intelligence on
criminal and potential criminal activity, and (3) pre-operational, operational, and situational
awareness uses related to officer safety or threats to the public at-large.
Category One: Locating, Arresting, and Adjudicating Fugitives
With regard to the use of the Internet, including social media, to locate and arrest fugitives
and criminals, ICE officers, agents, attorneys, and support personnel routinely use a variety
of government and commercial databases to identify, locate, and arrest fugitives. These
individuals could include members of the public or employees or contractors of ICE and CBP
suspected of committing crimes or other forms of misconduct. However, additional
infonnation not avaiJable in these databases is available on the Internet, including social
media. The use of the Internet, including social media, w ill allow ICE to gather information
that assists in .i dentifying, locatin g, and arresting fugitives wanted for c1im es and assisting
other law enforcement agencies with identifying, locating, and arresting fogitives.
Category Two: Criminal Investigations and Law Enforcement InteJligence
ICE also uses the Internet, including social media, to assist in investigating, gathering
evidence, and gathering law enforcement .intelligence on criminal and potential criminal
2020-ICLl-00023 801
U.S. D"f'11r1ment of HQroeh trul Se-Wt\JI
Security W~.shing1on. DC 2(1528

703-235l{bl(6 ):
www.dh~.gov/ptivncy
!

Page 5 of
11
activity. This use of the Internet, including social media, involves activities to gather
information such as internet searches, reviewing social media sites, monjtoring chat rooms,
and reviewing comments posted on websites. This information is gathered and used by ICE
officers, agents, attorneys, and support personnel in the same m anner as information
gathered from non-ln ternet and non-social media sources such as information gathered in
person, on the phone, or through research of hard copy documents. Information gathered in
this fashion may be used in criminal investigations of members of the public or employees or
contractors of ICE and CBP.
Category Three: Officer and Public Safety
ICE a lso uses the Internet, including social media, for pre-operational/operational/situational
officers, an d support personnel may collect infonnation about the subject of the tactical
enfoTcement operation . This in formation gathering includes information available on tbe
relatives/associates who may reside with them. This infonnation assjsts officers with tactical
planning activities such as: number of officers required for the operation, any specialized
equipment that may be necessary for the operation, and intelligence on when and where the
operation should be conducted for officer safety and tactical efficiency.
2. Based on the operational use of social media Jisted above, please provide the appropriate
authorities.
• Homeland Security Act of 2002, as amended, Pub. L No. 107-296, 116 Stat. 2135 (2002)
• OHS Delegation No. 7030.2, Delegation of Authori ty to the Assistan t Secretary of U.S
Imm igration an d Customs Enforcement
• 19 U.S.C. § 1589a, Enforcement authority of customs officers
• 8 U.S.C § 1357, Powers of immigTation officers and employees
use?
cg] Yes. ONo.
3. Is this use of social media in development or operationaJ?

D ln development. ~ Operational. Date first launched: Unknown.
The Internet has been in use al ICE's legacy agencies since it was publicly available.
2020-ICLl-00023 802
Homeland The P,i vncy Ofti cc
U.S. D<p11r1menl of Humelund se-,uri\JI
Security Wa.shingron, DC 2(152~

703-23.5 J/ h \/R\·
www.dhs.gov/pl'ivncy
!

Page 6 of
11
See Memorandum from Jolm Morton, Use of Public and Non-Public Online Information, June 28,
2012.
users do NOT follow a particular Rule, p lease detail reasoning for not following that Rule:
OYes. ~ No. U not, please explain:
The nature. of criminal investigations may require investigators to use n on-
govemment-issued equipment when engaging in criminal investigations.
Investigators at times find themselves in rapidly evolving situations in the field that
call for the use of adaptive meas1.Lres. In situations where governm.e nt-issued
required task at hand, investigators may need to rely on n on-government-issued
equipment so as to not require the use of non-government-issued equipment in these
circumstances.
b) Email and accounts. Use online screen names or identities that indicate an official DHS
affiliation and use OHS email addresses to open ac:counts used when engaging in social
media in the performance of tl1eir duties;
OYes. ~ No. Cf not, please explain:
Because the activities described in Question 1 are for criminal law enforcement purpose~
the employees who engage. in these activities will not identify themselves as ICE or DHS
personnel, or law enforcement personnel. This is necessary to ensure the safety of law
enforcement personnel, to avoid compromising law enforcement operations, to prevent
tipping o.ff individuals who are sought by law enforcement for violations of law, and to
prevent disclosing litigation strategy and tactics.
c} Public interaction. Access publicly available information through social media only by
information;
~Yes. D No. Cf not, p lease explain:
publicly availablei
OYes. ~ No. If not, p lease explain:
2020-ICLl-00023 803
U.S. Doplfr1menl of Ht•mehtrul s.-..,url\JI
Security Wa., hingron, DC 2Vi 2~

703.23]( h\{6 )·
!

Page 7 of
11
Law enforcement personnel may not access restricted onl.ine sources or facilities absent
legal authority permitting entry i:nto private space. Where legal authority exists, law
enforcement perso1mel may access reshicted online information.
e) PJI collectio11: Collect the minimum PH necessary for the proper performance of their
0Yes. [gj No. U not, please explain:
The applicable SORNs cited above are all exempted by Final Ru.I.es from the Privacy Act
(e)(1) requirement (5 U.S.C § 552a(e)(l)), which normally limits agencies to collecting
(e)(l ) requirement is necessary to ensw-e the integrity of law enforcement investigations,
as more folly detailed in the Final Rules.
f) PJI safeguards. Protect PIT as required by the Privacy Act (if applicable) and DHS privacy
policy;
[gl Yes. D No. U not, please explain:

g) Documentation, Document operationaJ use o.f social media, including date, site(s)
accessed, infmmation collected and how it was used.
0Yes. 12s] No. li not, please explain:
lCE' s rules of behavior state that law enforcement personnel should retain the
infonnation they access on the h1temet, including social media, if they would have
communications.
h) Training, Users complete annual privacy training whkh has been approved by
12s] Yes. D No. 1f not, p lease explain:

Rules of Behavior.
2020-ICLl-00023 804
Homeland The Privacy O ftice
U.S. Department of Homehmd Security
Security Washington, DC 2(1528

703-23.l rh 1rn1·
www.dhs.gov/plivacy

Page 8 of
11

2020-ICLl-00023 805
Security Washingron. DC 20528

703·231 fh \ IP. \ ·
www.dhs.gov/plivacy

Page 9 of
11

DATE reviewed by the DHS Privacy Office: 11/6/2012
NAME of the OHS Privacy Office Reviewer:

[8JProgram has m e t requirem ents to u se social me dia for the s tated authori zed
purposes.
DHS/ICE/ PIA-017 - Immigration and Custom s Enforcement Child
DHS/ICE/ PIA-032 - FALCON Search & Analysis System (FALCON-SA)
DHS/lCE/ PlA-002(a) - General Com1sel Electronic Ma.n agement System

(GEMS)
DHS/ TCE/ PIA-020 - Enforcem en t Integrated Database (EID)
O HS/ ALL/ PJA-0Ol(a) - Personnel Security Activities Management

D New.
D Updated. <Please include the name and number of PlA to be updated
here.>
2020-ICLl-00023 806
U.S. D"'f'11r1ment of Homelund Security
Security Washing1on. DC 20528

703-231(h \In\·

Page JOof
11
~ A SORN is requfred:
[8J Covered by existing SORN.
DHS/ICE-006 - IC E lnte lligence Records Sys tem (HRS)
OHS/ICE 008 - Search, Arres t, and Seizu re Record s
DHS/ICE-009 - Ex ternal Investigations
DHS/ALL-023 - DHS Per sonnel Security M anagement Records (PSAMS)
DHS/l CE-003 - Gen eral Counsel Electronic Man agement System (GEMS)
DHS/ICE-0ll - Immigration Enfor cement O pera tion al Records Sys tem

(ENFO RCE)
O HS/ ALL"020 - DHS In terna l Affairs Record s

D New.
D Updated. <Please include the name and n umber of SORN to be up dated
here.>

b)(5)
2020-ICLl-00023 807
Security Washing1on, DC 20528

103. 23 (b )( 6 ):
www. .is.gov pn vacy

Page I of 8

This template is used to assess the Departmen t's Ope ration al Use of Social Media,
that has the potential to affect the rights, privileges, or benefits of an individual. Operational u se does n ot
meetings. The following uses of social media are exempt from the Managem ent Directive and are not
b) The conduct of authorized inte lligence activities carried out by the Office of Intelligence
12333, as amended.
programs, or pilot projects that involve Pll and other activities that otherw ise impact the privacy of
individuals as d etermined by the C hief Privacy Officer; and to assess whether there is a need for
additional Privacy Compliance Documentation. Components may app eal to the Deputy Secretary for
compliance for the operational use o f social media.
• Gather ing infonnalion by the Office of Operations Coordination and Pla1rning (OPS) to enhance situational awareness is exempt
from this requirement and is covered by the existing PIA; DHS/O PS/PIA-004/d \ - Publicly Avai lable Social Media Monjtming an d
2020-ICLl-00023 809
U.S. O"'f'11rtment of H\>melund Security
Security W11shington. DC 2052R

703-235-0780.pia@dhs.gov
www.dhs.gov/privacy

Page 2 of 8

SUMMARY INFORMATION
Date s ubmitted for review: October 12, 2012

Name of Component: U.S. Imm ig ra tion and Customs Enforcement
Contact Informatio n j(b)(6); (b)(7)(C) IDeputy Privacy Officer, (202) 732 (b)(6); / 1..\ /'7\ l
Counsel2 Contact Information: ~b)(6); (b)(7 )(C) f hief of Staff, (202) 73 I b)(6);
L.. \ /""1 \ , ,-.. ,
IT System(s) where soda] media data is stored: None
Applicable Privacy Impact Asse ssment(s ) (PIA ): None
Applicable System of Records N otice (s) (SORN ):
OHS/ ALL-017 - Department of Homeland Securi ty G en eral Lega l Record s
OHS/ALL-004 - General Information Technology Access Account Records System

(GITAARS)
OHS/ALL-025 - Department of Homeland Security Law Enforcement Authority in

Su pport of the Protection of Property Owned, Occupied, or Secured by the Department
of H omeland Security
1Counsel listed here mu.st certify that a ppropriate authority exists to engage in particular operational activities involving social
media.
2020-IC Ll-00023 810

U.S. D"f'11r1menl of Homelund se-,uritY
Security Wa.,h ingron. DC 20528

703-23.j(h \In\·
www.dhs.gov/pl"ivacy
!

Page 3 of 8
SPECfFlC QUESTIONS
As the definition of social media in the OHS Insh1.1ction 110-01-001 Prhiacy Policy for the
Operational Use of Social M.edia (Privacy l:'olicy) is drafted broadly so as to likely include
general use of the Internet and as social m edia technology is ever changing and evolving, this
Policy.
TCE uses the Tntemet, including social media, for general research purposes. Use of the
Tntemet, including social media, for general research purposes includes: (1) using the
Internet, including social media, for legal purposes such as researching individuals or
organizations who may be .involved in lawsuits or other legal actions with ICE, judges
adjudicating cases involving ICE, opposing counsel for cases involving ICE, and legal blogs
and other online forums where legal issues of interest to ICE may be discussed; (2) using the
Internet, including social media, to assist in gathering information on individuals who may
meet with lCE officials to prepare lCE officials for those meetings; (3) using the Internet,
induding social media, to assist in gathering information on individuals who are suspected
of attempting to hack into ICE systems, and (4) other general Internet, including social media,
research.
Category One: Legal Uses
Most of ICE attorneys and support personnel's use of th e Internet, including social media, is
addressed in the four ICE Social Media Templates addressing: (1) Criminal and
Adininistrative Immigration Law Enforcement, (2) Criminal Law Enforcement, (3)
Undercover Criminal Law Enforcement, and (4) Administrative Law Enforcement. With
regard to the use of the Internet, including social media, for other legal purposes, ICE
attorneys and support personnel may view certain legal biogs such as SCOTUSblog3 to keep
informed on legal issues relevant to lCE. During the review of these sites, personally
identifiable information, generalJy limited to an it:1dividual's name, may be viewed and jn
some cases recorded if relevant to a discussion or legal issue (whether author of a blog entry
or individual mentioned in the blog), Further, while excluded from the definition of
Operational Use, ICE attorneys and support personnel may also conduct general Internet
research to find information on parties participating in litigation with ICE and judges
3
SCOTUSblog is a ,legal blog focusing on discussions of recent developments in U.S. Supreme Court jurisprudence.
2020-ICLl-00023 811
U.S. D"f'11r1ment of Homelund Securi\JI
Security W~., hingt<1n, DC 2tl528

703-235l{b)/6 ):
www.dh, .gov/pl'ivacy
!
Page 4 of 8
adjudicating cases involving ICE. For example, labor and employment attomeys may search
the b1ternet to find relevant information on employees against whom allegations of
misconduct have been made ot who are otherwise involved in litigation against fCE.
Category Two: Meeting Preparations
ICE also uses the Internet, including social media, to research individuals with whom ICE
employees may be meeting. For example, if the ICE Directo.r is meeting with the head of the
Virginia State Police, ICE employees may search on the Internet to gather biographical
information, news reports, or other publicly available ,i nformation on the head of the Virginia
State Police so as to provide briefing materials to the Director. During these searches
information may be pulled from public biogs and other publicly available online discussions.
Category Three: Security Operations Center
TCE also uses the Internet, including social media, to research individuals who are suspected
of attempting to compromise ICE system integrity. Tn these instances the TCE Security
Operations Center (SOC) performs searches in the process of performing cyber-incident
investigations. During the course of incident response, SOC personnel sometimes will
attempt to identify who may be attempting to hack ICE systems. To gain as much
information as possible about the potential hacker, SOC personnel will investigate using
major search engines and social media websites.
Category Four: General Research
Finally, ICE also uses the Internet, including social media, for geneTal researd1 purposes
including researching individuals providing training to ICE so as to gather information on
their background. This general Internet research is excluded from the definition of
Operational Use but included here for transparency.
2. Based on the operational use of social media listed above, please provide the approp..-iate
authorities.
• Homeland Security Act of 2002, as amended, Pub. l. No. 107-296, 116 Stat. 2135
• Federal Information Security Management Act of 2002 (FISMA) (codified at 44 U.S.C. §
3541 et seq.)
• DJ-IS Delegation No. 7030.2, Delegation of Authority to the Assistant Secretary of U.S
• DHS Management Directive 140-01 Information Technology System Security
• DHS Sensitive Systems Policy Directive 4300A.
2020-ICLl-00023 812
U.S. D"f'11r1ment of Humelund Se-,ur1ty
Security W~., hing111n. DC 20528

703-235l{b)l6 ):
www.dh;.gov/pl"ivacy
l
Page 5 of 8
use?
[gjYes. 0No.

D In development. [ZI Operational. Date first launched: Unknown.
The Internet h as been in use at legacy agency since it was publicly available.
4. Please attach a copy of the Rules of Behavior that out1ine the requireJnents below.
See Memorandum from John Morton, Use of Public Online Information for Non-Law
Enforcement Work-Related Activities.
5. Please describe the Rules of Beha~or in effect for the listed operational use of social media. If
use o f social media;
b) Email and accounts. Use onJine screen names or identities that indicate an official DHS

c) P!!blic interaction. Access publicly available information through social media only by
rev iewing posted information without interacting with any individual who posted the
information;
D No. If not, p lease explain:

d) Privacy settings. Respect individuals' privacy settings and access only information thatis
publicly available;

e) PII collection: Collect the minimum PIT n ecessary for the proper performance of their
2020-IC Ll-00023 813

U.S. O"'f'11r1ment of Homelund Secur11y
Security W~shing1on, DC 20528

703-234{b )(6 ):
www.dhs.gov/plivacy
I
Page 6 of 8
f) Pll safeguards. Protect PU as required by the Privacy Act (if applicable) and OHS privacy
policy;
g) Dornnze11tntio11. Document operational use of social media, including date, site(s)

accessed, information collected and how .it was used.
0Yes. [Z] No. 1f not, please explain:
ICE employees should retain the contents of their use of the Internet, including social
media, if they would have retained that content had it been written on paper. These
contents should be preserved in accordance with office procedures in a manner
authorized by the relevant records schedule.
authorities, acceptable operational uses 0£ social media, access requirements, and
.requirements for documenting operational uses of social media.
[gjYes. D No. If not, please explain:

Rules of Behavior.
[gj Yes, Component Privacy Officers or PPOCs maintain a record of employee

attendance af privacy training that includes b·aining on the Rules of Behavior.
D No. Lf not, p lease explain:
2020-ICLl-00023 814
Security W~shing1on. DC 20sn

703-23. (b \/ 6 l:
www. is.gov pn vacy

Page 7 of 8

DATE reviewed by the OHS Privacy Office: November 1, 2012

NAME of the OHS Privacy Office Reviewer: l(b)(6); (b)(7)(C)

[2J Program has met requirements to use social media for the stated authorized
D Program has not yet met requirements to utili ze social medi.a for operational
purposes.
D Program authorities do not authorize operational use of social m edia.
0 A PIA is required.
D Covered by existing PIA.
0 New.
D Updated. <Please in.elude the name and number of PIA to be updated
here.>
rgj A SORN is required:
DHS/ALL-017 - Department of Homeland Security General Legal Records
DHS/ALL-004 - General Information Technology Access Account Records System

(GITAARS)
OHS/ ALL-025 - Departme nt of Homeland Security Law Enforcement Authority in

Support of the Protection of Property Owned, Occupied, or Secured by the Department
of Homeland Security
0New.
here.>
2020-IC Ll-00023 815

Security W~shing1on, DC 20528

103.234(b )(6 );
www.dhs.gov/plivacy

Page 1 of
]()

This template is used to assess the D epartment's Ope rational Use of Social Media,
12333, as amended.
from this requirement and is covered by the existing PIA; DHS/OPS/PIA-004(dl · Publicly Avai lable Social Media Monjtming and
2020-ICLl-00023 817
Security Wa.1hing1on. DC 20528

703·235!(h \ (n \ ·
!

Page 2 of
10

SUMMARY INFORMATION
Contact Informationi(b)(6); (b)(7)(C)
Counsel 2 Contact Information:~b)(6); (b)(7)(C) I Chief, Homeland Security In vestigations

Division, (202) 732~b)(6); I
System (CETS), General Com,sel Electronic Management System (GEMS), Personnel Security
Integrity Case Management System (JlCMS), Enforcement Integrated Database (EID), and

DHS/ICE/PlA-032 - FALCON Search & Analysis System (FALCON-SA)
DHS/ICE/PfA-002(a) - General Counsel Electronic Management System (GEMS)
DHS/ICE/PfA-020 - Enforcement Integrated Database (EID)
DHS/ALL/PIA-0Ol(a) - Personnel Security Activities Management System

Applicable System of Reco.rds Notice(s) (SORN):
DHS/lCE-009 - External Investigations
1Counsel listed here rnwt certify that appropriate authority exists to engage in pa rticular operational activities involving social
media.
2020-IC Ll-00023 818

U.S. Dep:utment vf Homelund Security

703·235!(b )(6);
www.dhs.gov/pnvacy

Page3 of
10
DHS/lCE-006 - lCE intelligence Records Sy stem (HRS)
DHS/ICE-008 - Search, Arrest, and Se izure Records
DHS/ICE-011 - Immigration Enforcement Operational Records System (ENFORCE)
DHS/ALL-020 - DHS lnternal Affairs Records
2020-ICLl-00023 819
U.S. D"'f'11r1menl of Humelund se-,uri\JI
Security W~shingron. DC 20528

703·231{b }( 6 ):
www.dh,.goV/pl"ivacy
!
Page4 of
10
SPECfFlC QUESTIONS
As the definition of social media in the OHS Instruction 1)0-01-001 Privacy Policy for the
Opera.tio1ial Use of Social Media (Privacy Policy) is drafted broadly so as to }jkely include
general use of the ln ternet and as social media technology is ever changing and evolving, this
Policy.
With the enachnent of the Homeland Security Act of 2002, Congress authorized ICE to
conduct certified undercover investigative operations to obtain evidence or information
concerning violations of laws enforced by ICE and stemming from the authorities of its
Legacy agencies, the U.S. Customs Service (USCS) and the Immigration. and Naturalization
Service (INS). Within ICE, investigations are only conducted by the Homeland Security
Investigations (HSI) component and the Office of Professional Responsibility (OPR). The
authority to certify undercover operations has been delegated to the Executive Associate
Director of HSI and the Assistant Director for OPR. HSI and OPR may also engage in limited
use of social media, when authorized, if an investigation does not otherw ise warrant being
placed under a certified m,dercover operation. These activities are detailed i:n the templates
addressing Criminal Law Enforcemen t and Adm inistrative Law Enforcement.
Undercover activities and operations are undertaken for numerons potential objectives that
include: (1) determining if a v iolation of law has occurred or is in progress; (2) identifying
specific violations of law; (3) identifying cTiminal violators, conspirators, and their
methodologies; (4) disrupting and/or dismantling criminal organizations; (5) locating the
violation sites and equipment tJSed; (6) locating assets for seizure and forfeiture; (7) obtaining
evidence for prosecution; (8) determining the safest and most advantageous time to make
ar.rests, execute search warrants, and make seizures; (9) identifying witnesses and
cooperating individuals; (10) identifying associations between conspirators; (11) checking the
reliability of sources of infonnation and cooperating defendants; and (12) gathering
intelligence that allows ICE management to evaluate threats, reallocate resources, and
organize enforcement activity. ICE may collect personaily identifiable information ftom or
about individuals over the Internet, including via social media sites.
The nature of undercover operations often requires an ICE-HSI or OPR criminal investigator
to appear to be engaged in a criminal enterprise and to befriend or become business
2020-ICLl-00023 820
U.S. D"f'11r1menl of Homeh1ruJ se-,uri\JI
Security W~shing1nn. DC 20528

703-231,h \(6 \·
!

Page 5 of
]()
associates with potential violators. This is cruciaJ to the successfuJ integration of undercover
operatives with those who comm.it illegal acts. As part of a certified u ndercover investigation
or operation, when authorized, W1dercover operatives may participate in activities that
would constitute a crime u n der federal, state, or local law. This otherwise illegal activity
includes, for example, the purchase of stolen or co11traband goods, the p urchase of illegal
and/or fraudulent immigration documents, and U1e controlled delivery of drugs or other
contraband that wm not enter the com merce of the United States. ICE-HSl and 0PR review
and authorize, as ap propriate, requests to engage in various otherwise illegal activities in
furtherance of undercover operations. In the course of carrying ont these authorized
undercover activities, ICE-HSI or 0PR criminal investigators may collect personally
identifiable information using the Internet. Any of these activities may take place in part
over the Internet, to include social media.
As the "rules'' for undercover operations are different than non-undercover law enforcen1ent
work, and may require agents to engage in activities that would otherwise be considered
prohibited or unauthorized, the rules of behavior for undercover criminal investigations are
different than for non-undercover investigations.
authorities.
USCS was vested with the authority to conduct certified undercover operations through the Anti-
Drug Abuse Act o.f 1986, which enacted 19 U.S.C. § 2081; INS received similar authority through
the Illegal Immigration Reform and Immigrant Respornibility Act of 1996, specifically 8 U.S.C. §
1363a. With the enactment of the Homeland Security Act of 2002, these statutory authorities
transferred to the newly created Department of Homeland Security (OHS) and were delegated to
the Assistant Secretary of ICE in OHS Delegation Number 7030.2, "Delegation of Authority to the
Assistant Secretary for U.S. lmmigration ai1d Customs Enforcement,'' an d further redelegated to
the Directors of 0 1 and 0PR in ICE Delegation Order 04-002 entitled, "Authority to Certify the
Exemption of Undercover Operations From Certain Laws Withi n U.S. Imm igration an d Customs
En forcem ent." TCE-HST and 0 P R crimin al jn vestigators are granted their enforcement authority
in 8 U.S.C § 1357 and 19 U.S.C § 1589a.
a) • Has Counsel listed above revi ewed these authorities for privacy issues and
use?
[g'.]Yes. ONo.

D In development. cg:] Operational. Date first launched: Unknown.
The Internet has been in use at lCE' s legacy agencies since it was publicly available.
2020-ICLl-00023 821
U.S. D<p11r1menl of Humelund Se.uritY
Security W~., hington, DC 2Vi 28

10J-m l(b )(6 );
www.dhs.gov/pti.vncy
I
Page 6 of
]()
4. Please attach a copy of the Ru.les of Behavior that outline the requirements below.
2012,
users do NOT follow a particular Rule, please detail reasoning for not following that Ru.le:
IZJ Yes . D No. If not, p lease explain:

b) Email and accounts. Use online screen names or identities that indicate an official OHS
affiliation and ttse OHS email addresses to open accounts used w h en engaging in social
Because the activities d escribed in Ques tion 1 are fo1· undercover investigative purposes,
the employees who engage in these activities have assumed an undercove r identity and
therefore will not identify themselves as ICE or OHS personnel, or law enforcement
personnel in general. This is necessary to ensure the safety of law enforcement
personnel, to avoid compromising undercover law enforcement operations, and to
prevent tipping off individuals who are sought b y law enforcement for violations of law.
c} Public interaction. Access publicly available in.formation through sociaJ media only by
information;
0Yes. IZ] No. If not, please explain:

The nature o f undercover criminal investigations may resultiri age nts inte racting with
individuals who use sociaJ media sites. This interaction only takes place during
authorized undercover investigations.
publicly available;
0Yes. IZ] No. 1i not, please explain:
Law enforcement perso1mel may not access restricted o njjne sources or facilities absent
legal authority permitting entry into private space . Where legal authority exists, law
enforcem ent personnel may access restricted onlin e inform ation.
2020-ICLl-00023 822
U.S. D"f'11r1menl of Humelund Secur11y
Security Wa.,hingron. DC 2052R

103. 23 (b )(6);
www. is.gov pnvac-y

Page 7 of
]()
e) PII collecHon: Collect the minimmn PU necessary for the proper performance of their
authorized d uties except for systems subject to Final Rules for Exemption from certain
0Yes. 0 No. If not, please explain:
The applicable SORNs cited above are all exempted by Pinal Rul,es from the Privacy Act
(e)(1) requirement (5 U.S.C. § 552a(e)(l)), which normally limits agencies to collecting
f) Pll safeguards. Protect PU as required by the Privacy Act (if applicable) and OHS ptivacy
policy;
0Yes. D No. If not, please explain:

accessed, jn forma tion collected and how it was used.
0Yes. 0 No. U not, please explain:
ICE's rules of behavior state that law enforcement personnel should retain information
they access on their use of the Internet, including social media, if they would have
comm uni cations.
Component Privacy Officer (or Privacy Point of Coutact) based upon training materials
provided by the OHS Privacy Office. Training must include, at minimum; legal
cgjYes. D No. If not, please explain:
Rules of Behavior.
0 Yes, Component Privacy Officers or PPOCs maintain a record of empl oyee

D No. If not, please explaiT1:
2020-ICLl-00023 823
U.S. D<p11r1ment of Humelund Secur11y
Security Wa.1hing1nn. DC 20528

703-2351/h \(R \ ·
www.dhs.gov/privacy
!

Page 8 of
10

DATE reviewed by th e DHS Privacy Office: 11/6/2012
NAME of the OHS Privacy Office Reviewer: ~b)(6); (b)(7)(C)

[8J Program has me t requirements to u se social me dia for the s tated authorized
operational purposes, and must continue compliance wi th the requirements above,
purposes.
DHS/ICE/PIA-032 - FALCON Search & Analysis System (FALCON-SA)
DHS/lCE/PlA-002(a) - General Com1sel Electronic Ma.n agement System

(GEMS)
DHS/ TCE/PIA-020 - Enforcem ent Integrated Database (EID)
OHS/ ALL/PJA-0Ol(a) - Personnel Security Activities Management

0New.
D Updated. <Please inc.Jude the name and number of PlA to be updated
here.>
[8J A SORN is required:
2020-ICLl-00023 824
Homeland The Piivacy Office
U.S. O"J'urtment of Homelund Security
Security Woshin ton, DC 20528

103.235 (b)(6 );
www.dhs.gov/plivacy

Page 9 of
10
OHS/ICE-009 - External Investigations
O HS/ICE-008 - Search, Arrest, and Seizure Records
OHS/ALL-023 - OHS Personnel Security Management Records (PSAMS)
OHS/ICE-003 - General Counsel Electronic Management System (GEMS)
DHS/ICE-011 - lmrnigration Enforcement Operational Records System

(ENFORCE)
O HS/ALL-020 - OHS In terna l Affairs Records

0New.
here.>

b)(S)
2020-ICLl-00023 825
From: !(b)(6\: (b\(7 \(C\
Se nt: 10 Sep 2019 13:24:25 +0000
To: I
l(b)(6); (b)(7)(C)
Subje ct: FW: ERO social media white paper
"Some time later, a Johnson City police officer named Thomas Garrison, using an undercover account,
sent Farrad "a friend request on Facebook." R. 71 (Trial Tr. Vol. I at 81, 90-91) (Page ID #679, 688-89).
After Farrad "accept[ed] 865*865 the friend request," US v. Farrad, 895 F.3d 859 (6th Cir. 2018).
https ://scholar.google .com/scholar case ?case=9622776040984860897&q=re lated: sriNfqSsxHcJ :scholar.
google.com/&hl=en&as sdt=0,9&as ylo=2019&scioq=social+and+media+and+%22terms+of+use%22+a
nd+%221aw+enforcement%22
From:Kb)(6); (b)(7)(C)
Se nt: Monday, September 9, 2019 10:39 AM
Tof b)(6); (b)(7)(C)
Subject: RE: ERO social media white paper
Thanks!
Best
(b )(6);
/ 1,,.\/7 \ / r,\
Mobile: 202-870Kb)(6); I
From;kb)(6); (b )(7)(C)
Sent: Monday, September 9, 2019 10:38 AM
To: fo)(6\: (b)(7\(C)
Subje ct: FW: ERO social media white paper
Not sme if you've seen this:
"United States v. Robison, No. l 1CR380 DWF/TNL, 2012 WL 1110086, at *1-2 (D. Minn. Mar.
16, 2012) (noting that law enforcement created fake online identity
and became Facebook friends with defendant, "which permitted [the govermnent] to view [the
defendant's] name and photo on his Facebook account"); United States v. Phillips,
Criminal No. 3:06-CR-47, 2009 WL 1918931 , at *7 (N.D. W. Va. July 1, 2009) (noting that the
government 'created an undercover user profile on www.myspace.com')," available at,
https ://scholarship.richmond.edu/cgi/viewcon tent.cgi ?article= 13 80&context=j o lt and
https: //scholarsbank.uoregon .edu/xmlui/bitstream/handle/1794/225 66/J ones201 7.pdf?seguence=
l &isAllowed=y
https://www.clddd.ca/documents/phasetwo/Soclaf Media Surveillance and Law Enforcement.pdf

and https://www.wsj.com/a rticles/pol ice-on Ii ne-im pe rsonatio ns-raise-concerns-1421895089
2020-ICLl-00023 827
FromKb )(6); (b)(7)(C)
Sent : Friday, September 61 2019 12:22 PM
Tol(b)(6 ); (b ){7)(C)
Subject: FW: ERO social media white paper
This is where I found the OIG report cited below, https://www.wired.com/story/dhs-social-media-

imm igrants-green-ca rd/
k h \(~ \ · ( h \f7 \(('~

Informat ion Governance and Privacy (IGP)
Direct: (202) 73 b )(6 );
Main: (202) 732 b\(7\(
From: l(b)(6 \: (b)(7HC \

Sent: Friday, September 6, 2019 12:19 PM
To: kb\(6\: (b\(7\(C\
You may have already seen this:
"Additionally, ICE independently began a pilot to use social media screening during the visa issuance
process. However, these pilots, on which DHS plans to base future department-wide use of social media
screening, lack criteria for measuring performance to ensure they meet their objectives. Although the
pilots include some objectives, such as determining the effectiveness of an automated search tool and
assessing data collection and dissemination procedures, it is not clear DHS is measuring and evaluating
the pilots' results to determine how well they are performing ... ln August 2016, ICE independently began
a pilot to screen the social media activity...ln our opinion, a clearly defined performance evaluation is
essential to determining whether, how, and when to integrate pilot activities into overall efforts and will
enable the Department to implement a more effective social media screening program"
https.//www .oig.dhs.gov/sites/default/files/assets/2017 /OIG-17-40-Febl7.pdf
" .... However, upon discovering the lack of performance measures in USCIS' and ICE's pilots for social
media screening for immigration benefits, we adjusted our scope and reviewed DHS' social media task
force and DHS' use of pilots to help create a social media screening program. Although we reviewed DHS
policies relevant to social media screening, including DHS Instruction Number 110-01-001, Privacy Policy
for Operational Use of Social Media, we could not evaluate specific policies and procedures for the pilots
because they had not been written." https://www.oig.dhs.gov/sites/defau1t/files/assets/2017/01G-17-
40-Feb17.pdf
https://www.nextgov.com/policy/2019/09/dhs-using-fake-social-media-profiles-investigate-
immigrants/159606/
2020-ICLl-00023 828
https://www.uscis.gov/sites/default/files/files/nativedocuments/Delegation to Conduct Certain Law
Enforcement Activities.pdf
From :kb)(6); (b)(?)(C)

Sent: Thursday, September 5, 2019 4:50 PM
To: l(b)(6); (b)(?)(C)
Memorandum from John M011on, "Use of Public and Non-Public Online Information for Law
Enforcement Personnel" (June 28, 2012):
Undercover Communications. Law enforcement personnel communicating online with witnesses,
subjects, or victims must disclose their affiliation with law enforcement when ICE guidelines would
require such disclosure if the communication were taking place in person or over the teleghone. law
enforcement personnel may communicate online under a non-identifying name or fictitious identity if
ICE guidelines and rocedures would authorize such communications in the hysical world. For
purposes ofiCE undercover guidelines, each discrete conversation online constitutes a separate
undercover activity or contact, but such a conversation may comprise more than one transmission
between the law enforcement personnel and another person.
https://insight.ice.dhs.gov/mgt/igp/Documents/pdf/law-enforcement-online-policy.pdf
"Moreover, federal law enforcement agents communicating on line with witnesses, subjects, or victims
must disclose their affiliation with law enforcement when DHS guidelines would require such disclosure
if the communication were taking place in person or over the telephone - they may communicate
online under a non-identifying name or fictitious identity if DHS guidelines and procedures would
authorize such communications in the physical world ."
https://www.dhs.gov/news/2012/02/15/written-testimony-priv-house-homeland-security-
su beam m ittee-cou nterterrorism-a nd https://www .govi nfo.gov/content/pkg/CH RG-
112hh rg76514/htm I/CH RG-112hh rg76514. htm
See, e.g., Online Investigative Principles for Federal Law Enforcement Agents (Department of Justice,
1999) and Civil Liberties and Privacy Guidance for Intelligence Community Professionals: Properly
Obtaining and Using Publicly Available Information (Office of the Director of National Intelligence,
2011).
https://www.dni.gov/fi1es/documents/CLP0/CLP0%20Publication Publicly%20Available%201nformation
July%202011%20-%20Public%20Release%20Version.pdf
Vb)(6): I
U.S. Im migration & Customs Enforcement
Direct: (202) 73 (b)(6);
M ain: (202) 73 (b)(?)(C
2020-ICLl-00023 829
From: ~(b)(6); (b)(7)(C)
To:l(b)(6); (b)(7)(C)
Cc:_
Thanks, this is really helpful!
If you want to do a quick survey of other DHS programs and social media PIAs and send the links in a
consolidated email, that would be great. No specific due date, but if one of you has the bandwidth to
take that on, it would really help our forthcoming document.
I
l(b)(6): (b )(7)(C)
Acting Privacy Officer
Desk: 202-732 (b)(6);
Mobile: 202-701 b)(6};
Main: 202-732j(b)/6): I
From:Kb)(6}; (b)(7}(C)
Se nt: Thursday, September 5, 2019 4:01 PM
To: kb)(6); (b)(7}(C}
I don't know if you saw this, but USCIS published a PIA for their use of fictitious accounts. It may be a
(b \(7\(E\
https :ljwww.dhs.gov/sites/default /files/publications/privacy-pi a-uscis-013-01-f dns-iuly2019 0 .odf
Mobile: 202-870~(b)(6);
From:l(b)(6); (b)(7)(C)
To:l(b)(6); (b)(7)(C)
Hi l(b)(6);
Some responses to your comments in the attached. Essentially, I'm mainly concerned w ith ERO's
authority to create a fake profile and how we would get around the Terms of Service of certain social
media providers. See my other responses to your questions regarding ERO's general mission/authority
and we can confirm our question w ith ERO.
2020-ICLl-00023 830
l(b }{6);
Desk: 202-732l(b l(6): I
Mobile: 202-70lkb)(6\'. I
Main: 202-732!(b)(6):I
From:l(b)(6); (b)(7)(C)
Se nt: Thursday, August 29, 2019 7 :50 AM
To: f b)(6): (b)(7)(C)
Subje ct: ERO social media white paper
Good Morning!(b)(6\:
Find enclosed the white paper with our major questions regarding ERO's social media use. Uke we
discussed last week, it doesn't actually talk about what they are trying to do operationally (the whole
point of the white paper). They've stated they want it for fugitive ops, but there are some references in
the white paper for detainee ops. I see the purpose, I just genuinely don't know if detainee officers
havet • · · •1 ••• '.-·• •••• ···•·'.•·····••,:.•.···
1.
2.
I
kb )(6t (b H7)(C)
Privacy Analyst, J.D.1 CIPP/US/G
Office of lnformatlon Governance and Privacy
Desk: 202-732~/h\te:.1-I
Mobile: 202-870{ b\C6}1
Main: 202-732~/h\/R\·I
2020-ICLl-00023 831
From: l(b)(6); (b)(7)(C)
Sent: 10 Sep 2019 08:53:41 -0400
To: kb )(6): (b )(7)(C) I
Subject: Information Copy from or MGMT Workflow # 1185104
(Service 1185104) (Intranet Quorum IMA007207360)
For review. please find OHS lnstrnction 262-11 -004, Revision 00, "Withholding of Personnel's Personally
l<lentitiable fnformation from Disclosure" (Attachment 1). The comment sheet is Attachment 2. The
comments are due by September 20, 2019. Thanksl/b)(6): I
Kb)(6); (b )(7)(C)
2020-ICLl-00023 832
From: kb)(6); (b)(7)(C)I
Sent: 6 Sep 2019 16:18:32 +0000
To: Kb)(6); (b)(7)(C)I
"Additionally, ICE independently began a pilot to use social media screening during the visa issuance
process. However, these pilots, on which DHS plans to base future department-wide use of social media
screening, lack criteria for measuring performance to ensure they meet their objectives. Although the
pilots include some objectives, such as determining the effectiveness of an automated search tool and
assessing data collection and dissemination procedures, it is not clear DHS is measuring and evaluating
the pilots' results to determine how well they are performing ... ln August 2016, ICE independently began
a pilot to screen the social media activity... ln our opinion, a clear ly defined performance evaluation is
essential to determining whether, how, and when to integrate pilot activities into overall efforts and will
enable the Department to implement a more effective social media screening program"
https://www .oig.dhs.gov/sites/default/files/assets/2017/OIG-17-40-Febl7 .pdf
" .... However, upon discovering the lack of performance measures in USCIS' and ICE's pilots for social
media screening for immigration benefits, we adjusted our scope and reviewed DHS' social media task
force and DHS' use of pilots to help create a social media screening program. Although we reviewed DHS
policies relevant to social media screening, including DHS Instruction Number 110-01-001, Privacy Policy
for Operational Use of Social Media, we could not evaluate specific policies and procedures for the pilots
because they had not been written." https://www.oig.dhs.gov/sites/default/files/assets/2017 /OtG-17-
40-Feb17.pdf
https://www.nextgov.com/policy/2019/09/dhs-using-fake-social-media-profiles-investigate-
immigrants/159606/
https;//www.uscis.gov/sites/default/flles/fi les/nativedocuments/Delegation to Conduct Certain Law

Enforcement Activities.pdf
From: !lb)/6\: /b)/7 \IC\

To:l(b)(6); (b)(7)(C)
Memorandum from John Morton, "Use ofPublic and Non-Public On.line Information for Law
Enforcement Personnel" (June 28, 2012):
Undercover Communications. Law enforcement personnel communicating on.line with witnesses,
subjects, or victims must disclose their affiliation with law enforcement when £CE guidelines would
require such disclosure if the communication were takingJ?,lace in person or over the tele hone. Law
enforcement personnel may communicate online under a non-identifying name or fictitious identity i ·
ICE guidelines and procedures would authorize such communications in the physical world. For
purposes ofiCE undercover guidelines, each discrete conversation ouline constitutes a separate
2020-ICLl-00023 833
undercover activ ity or contact, but such a conversation may comprise more than one transmission
between the law enforcement personnel and another person.
l(b)(7)(E)
"Moreover, federal law enforcement agents communicating on line with witnesses, subjects, or victims
must disclose their affiliation with law enforcement when DHS guidelines would require such disclosure
if the communication were taking place in person or over the telephone - they may communicate
online under a non-ident ifying name or fictitious identity if DHS guidelines and procedures would
authorize such communications in t he physical world ."
https ://www.dhs.gov/n ews/2012/02/ 15 /written-testimony-priv-ho use-homeland-security-
subcorn m ittee-co unterterrorisrn-and https ://www.govinfo.gov/content/pkg/CHRG-
112hhrg76514/htmI/CH RG-112hhrg76514.htm
See, e.g., Online Investigative Principles for Federal Law Enforcement Agents (Depart ment of Justice,
1999) and Civil Liberties and Privacy Guidance for Intelligence Community Professionals: Properly
Obtaining and Using Publicly Available Information (Office of the Director of National Intelligence,
2011).
https://www.dni.gov/fi1es/documents/CLPO/CLP0%20Publication Publicly%20Available%20Information
July%202011%20-%20Public%20Release%20Version.pdf
l/b)(6): /b)(7)/C)!
Direct: (202) 73 b)(6);
Main: (202) 732 b)(7)(
From:kb)/6): /b)/7)(C)
To:l(b)(6); (b)(7)(C)
Cc:~
, -----------------~
Thanks, this is really helpful!
If you want to do a quick survey of other DHS programs and social media PIAs and send the links in a
consolidated email, that would be great. No specific due date, but if one of you has the bandwidth to
take that on, it would really help our forthcoming document.
~?~~~~:,~. I
Desk: 202-732Kb)(6); I
Mobile: 202-701 /b)/6):
Main: 202-732 (b)(6);
2020-ICLl-00023 834
From :!(b\(6\: (b\(7 ){C )
Sent : Thursday, September 5, 2019 4:01 PM
To t b)(6); (b)(?)(C ) I
I don't know if you saw this, but USCIS published a PIA for their use of flctitious accounts. It may be a
good template for our Social Media PIA and to backstop ERO and HSI creating fake accounts.
https://www.dhs.gov/sites/default/files/publ icatio ns/orivacy-pi a-uscis-013-01-fdns-july 2019 0. pdf
Best,
(b )(6):
I L \ l '"? \ fr "'.
Mobile: 202-870Kb)(6); I
From : l(b)(6): (b)(7)(C)

Se nt: Thursday, September 5, 2019 12:24 PM
To:l(b)(6); (b)(7)(C)
H1 !(b)(6):
Some responses to your comments in the attached. Essentially, I' m mainly concerned with ERO's
authority to create a fake profile and how we would get around the Terms of Service of certain social
media providers. See my other responses to your questions regarding ERO's general mission/authority
and we can confirm our question with ERO.
!rh){fl)·
Desk: 202-732-Rfil@]
Mobile: 202-701f b)(6); I
Main: 202-73~(b)(6)I
From:kbH6): (b)(7)(C)
Sent: Thursday, August 29, 2019 7:50 AM
To f b)(6): (b)(?)(C)
Subject: ERO social media white paper
Good Morningllhvrn· I
Find enclosed the white paper with our major questions regarding ERO's social media use. Like we
discussed last week, it doesn't actually talk about what they are trying to do operationally (the whole
point of the white paper). They've stated they want it for fugitive ops, but there are some references in
the white paper for detainee ops. I see the purpose, l just genuinely don't know if detainee officers
have the authority to investigate outside a facility. So the things we need OPLA to answer:
Kb)(5)
2020-ICLl-00023 835
From: l(b)(6); (b)(?)(C)
Sent: 25 Nov 2019 13:09:20 +0000
To: Kb)(6); (b)(?)(C) I
Subject: FW: Protective Markings on FOUO vs LES
FYI. I checked this with some people in the FOIA section and they said the same thing.
Best,
~b)(6);
Mobile: 202-870f ~~~~~~ I

From: OPLA-GILD {b)(6): (b)(?)(C)
Sent: Friday. November 22. 2019 4:11 PM
To: ~b)(6); (b)(?)(C)
Subject: RE: Protective Markings on FOUO vs LES
b)(5)
-
Feel free to give me a call with any other questions!
Associate Legal Advisor

Government Information Law Division
Office of the PrincipaJ Legal Advisor
(202)732~(b)(6);1..,_Kb_.__.
)(--"6)-'-'
; (~b)..,_
(7"""-'
)(~C"-
) ------'
***WARNI NG***ATTORNEY /CLIENT PRIVILEGE'"'* ATTORNEY WORK PRODUCP''*

This document may contain confidential a11d/or sensilive attomey/clienr privileged information or attorney work product and is
not for releast:, rt:vit>w. n:.tTan~mission, disst:mimuinn or use by anyone other th.in the intt:nded rei.:ipit:nt. Please notify the senuer
if 1his message has been misdirected and immediately destroy all oiiginals and copies. Any disclosl1re of this document must be
approved by lhe Office of the Principal Legal Advisor, U.S, lmmigralion & Cu~toms Enforcement. This document is for
INTERNAL GOVERNMENT USE ONLY and may be exempt from disclosure Ullder the freedom of Information Art. 5 USC~
552(b)(5). (b)(7}.
From: Vh V R\ · f h \f7\t r.\

Sent: Friday, November 22, 2019 2:03 PM
To: OPLA-GILD 4'.b)(6): (b)(?)(C) I
Subject: Protective Markings on FOUO vs LES
Good Afternoon,
2020-ICLl-00023 837
(b)(6); (b)(7)(C)
-
Thanks for the help!
llb)(6): /b)(7)/C) I
Privacy Analyst, J.D., CIPP/US/G
Desk: 202-732 b)(6);
/1-
Mobile: 202-8 b)(6):
Main: 202-732tb)(6);
2020-ICLl-00023 838
From: I
j(b)(6); (b)(7)(C)
Sent: 10 Jul 2019 15:39:36 +0000
To: I
!(b)(6) ; (b)(7)(C}
Subject: FW: SMOUTs
Attachments: Criminal and Administrative Immigration LE (IGP 07 10 2019).DOCX
Hil(b)(6):
I made some edits before we talk later today (attached). S:\PrivRecOff\PB\Projects & Offices\Social
Media lssues\Social Media Templates SMOUTs\Criminal and Administrative Immigration LE (ERO HSI
OPLA)\SMOUT 2019
Best,
Kb}(6); (b}(7)(C)
From:kb)(6): (b)(7)(C)
Sent: Wednesday, July 10, 2019 8:24 AM
To: Kb)(6); (b)(7)(C)
Subject: FW: SMOUTs
b)(6); (b)(7)(C); (b)(5)
Best,
Kb)(6); (b)(7)(C) I
Mobile: 202-870~(b)(6); I
From:l(b)(6): (b)(7)(C)
Sent: Tuesday, July 9, 2019 4 :50 PM
To:l(b)(6); (b)(7)(C)
Subject: RE: SMOUTs
Sounds good. Thanks.
Vb\16 \: I
2020-ICLl-00023 839
From:kb\(6 \: (b\(7 )(C\
Sent: Tuesday, July 9, 2019 4:49 PM
To:l(b)(6); (b)(7)(C)
Subject: RE: SMOUTs
Heyl(b)(6):
There are quite a few updates needed for the LE SMOUT, let' s get together sometime tomorrow and
run it down.
Best,
l(b)(6);
Mobile: 202-87d (b)(6);
From:kb)(6); (b)(7)(C)
Sent: Tuesday, July 9, 2019 1:05 PM
To:l(b)(6); (b)(7)(C)
l'b)(6); (b)(7)(C)
Subject: RE: SMOUTs
Hi All,
Just a reminder, during the course of this social media project, if you find that any of the program offices
come back with social media update(s) that pertain to the SMOUTs please keep me in the loop as I am
tasked w ith updating the attached SMOUTs.
Thanks,

Direct: (ZOZ) 732f h\(n)!
Main: (ZOZ) 73:l!(b\/6 )!
From: i(b)/6 \: (b)/7\(C)

Sent: Thursday, June 13, 2019 8 :17 AM
To: kh \fn \· lh\f7 \fr.\
fb)(6); (b)(7)(C)
Cc: l(b)(6): (b)(7\(C\

Subject: RE: SMOUTs
Hi all,
2020-ICLl-00023 840
During the course of this social media project if you find that any of the program offices come back with
social media update(s) that pertain to the SMOUTs please keep me in the loop as I am tasked w rth
updating the attached SMOUTs.
l(b)(6): (b)(7)(C) I
Direct: (202) 732-~
Main: (202) 732 b)(6);
.... \/7 \I
From: l(b)(6); (b)(7){C)

Sent: Friday, June 7, 2019 3 :23 PM
To: ~b)(6): (b)(7)(C)
rb)(6); (b)(7)(C)
Subject: SMOUTs
S:\PrivRecOff\PB\Projects & Offices\Social Media lssues\Social Media Templates SMOUTs
2020-IC Ll-00023 841

Homeland The P,ivocy Office
U.S. D,1purtment ofH0111el.tnd S~curity

'202-343fh\ / f,\·
www.dhs.gov/privacy
!
Version date: JuJy 24, 2012

Page I r~f9

This template is used to assess the Department's Operational Use of Social Media,
Management Directive 110-01, Privaci; Policy for Operatiowzl Use of Social Media. For the purposes of the
Management Directive and this template, "Operational U se" means authorized use of social media to
that has the potential to affect the rights, privi leges, or benefits of an individual. Operational use does not
.i nclude the use o.f search engines .for general Internet research, nor does it include the use of social media
meetings. The following uses of social media are exem pt from the Management Directive and are not
subject to this requirement 1:
a) Communications and oub:each with the public authorized by the Office of Public Affairs
and Applications Commmucations/Oub·each/Public Dialogue and DHS/ALL/PlA-036 -
Use of Unidirection al Social Med ia Applications);
b) The conduct of authorized intelligence activities carried out by the Office of Inte lligence
and Analysis, the intelligence and cow1terintelligence elements of the United States
Coast Guard, or any other Component performing authorized foreign inteUigence or
counterintelligence functions, in accordance vvith the provisions of Executive Order
12333, as amended.
This template shall be used to document the process to be followed by all programs engaging in
operational uses of social media; to identify information technology systems, teclmologies, rulemakings,
ind ividuals as determined by the Chief Privacy Officer; and to assess whether there is a need for
1 Gathering informatfon by ll1e Office of Operations Coordination and Planning {OPS) to enhance situational awareness is exempt
from this requirement and is covered by the existjng PIA: DHS/OPS/PIA-004/dl - Publicly Available Social. Media Monitoring and
Situational Awareness Tniti• tive Update.
2020-ICLl-00023 842
Homeland The P1ivacy Office
U.S. o,,purtment ofH0111el.rnd s~curity
Security Washington. DC' 20528

202-343 • (b)(6);
www. is.gov prtvacy
Version date: July 24, 2012

Page 2 ,~{9

SUMMARY INFORMATION

Name of Component: U.S. Immigration and Customs Enforcem ent
Contact Information1(b)(6); (b)(7)(C) ~ cting Privacy Officer, (202) 732 ~~~~~t"'
CounseF Contact Information : Adam Loiacono, Chief, Enforcement and Re moval operations
Law Div ision, OPLA; l(b}(6); (b}(7)(C) IChief, Government Information Law Div ision, OPLA
IT System(s) where social media data is stored: ICE Investigative Case Management (1CM),
LeadTrac System, Fugitive Case Manageme nt System, Enforcement Integrated Database, and
Alien Criminal Res ponse Information Management System
DHS/IC E/PIA-011 - Visa Security Program Tracking System (VSPTS-Net)
DHS/ICE/PIA-020 - Alien Criminal Res ponse Information Management System

(ACRIMe)
DHS/ICE/PIA-044 - leadTrac System
DHS/ICE/PIA-045 - ICE Investigative Case Management (ICM)
Applicable Syste m o f Records Notice(s) (SORN): <Please enter the SORN name(s) and
number(s).>
1 Counsel listed here must certify that appropriate authority exists to engage in particular operational activities involving social media.
2020-ICLl-00023 843
Homeland The P,i vacy Office
U.S. Dopurtmeoi of Homeland S~curity
Security W~.~hinQton. DC 20528

202-343~( b }{6 );
www.dh, ,goV/privacy

Page 6 r~f9
• ICE Delegation No. 0001, Delegation of Authority to the Directors, Detention and Removal and
Investigatio11s, and to Field Office rnrectors, Special Agents in Charge and Certain Other
• 8 C.F.R. § 2.1, Authority of the Secretary of Homeland Security
use?
[SJ Yes. ONo.
ls this use of social media in development or operational?
D In development. [SJ Operational. Date first launched: Unknown
Please attach a copy of the Rules of Behavior that outline the requirements below.
See Memorandum from John Morton, Use of Public and Non-Public Online !,,formation, June 28, 2012.
Please describe the Rules of Behavior in effect for the listed operational use of social media. If users
do NOT follow a particular Rule, please detail reasoning for not following that Rule:
b) Equipment. Use only government-issued equipment when engaging in the operational
OYes. [SJ No. If not, please explain:
Because the activities described in Question 1 axe for immigration law enforcement
purposes, U1e employees who engage u1 these activities will not identify themselves as
ICE or OHS personnel, or law enforcement personnel. This is necessary to ensure the
viola.tion s of law, and to preve11t d isclosing litiga.tio11 strategy and tactics.
c) Email and accounts. Use online screen names or identities that indicate an official OHS
OYes. [SJ No. If not, please explain:
2020-ICLl-00023 847
Homeland The P,ivacy Office
U.S, De1purtmenl of Ho111el.tnd S~curity
Security W~.qhington. DC' 20528

202-34l (h HR,.
www.dh; ,gov/pri.vacy

Page 7 ,~f9
ICE or OHS personnel, or law enfoi-cement personnel This is necessary to ensure the
operations, to prevent tipping off individuals who are sought by law en forcement for
violations of law, ai1d to prevent d isclosing litigation strategy and tactics.
d) Public interaction. Access publicly available information through social media only by
information;
t2J Yes. D No. If not, please explain:

e) Privacy settings. Respect individuals' privacy settings and access only information that is
publicly available;
t2J Yes. D No. If not, please explain:
f) PU collection: Collect the minimum PU necessary fot: the proper perfonnance of their
authorized du ties except for systems subject to Final Ru !es for Exemption from certain
OYes. t2J No. Ji not, please explain:
(e)(l) requirement (5 U.S.C. § 552a(e)(l)), which normally limits agencies to collecting
g) Pll safeguards. Protect PIT as required by tl;ie Privacy Act (if applicable) and OHS privacy
policy;

h) Documentation. Document operational use of social media, including date, site(s)
accessed, information collected and how it was used in the same manner as the
component would document information collected from any source in the normal course
of business.
OYes. t2J No. If not, please explain:
ICE's rules of behavior stated that law enforcement personnel should retain the
information they access on the Internet, including social m edia, if they would have
retained that content had it been written on paper. These contents should be preserved in
2020-ICLl-00023 848
Homeland The P,ivocy Office
U.S. o,,purtment of H0111el.1nd S~curity

202-343J(b)(6 ):
www.dhs.gov/privacy
I
Page 8 ,~{9
a manner authorized by lCE procedures governing the preservation of elech·onic

communications.
i) Tmilling . Users complete am1Ual privacy training which has been approved by
authorities, acceptable operational uses of social media, access reguirements, and
reguirernents for documenting operational uses of social media.
rg) Yes. D No. If not, please explain:

Mechanisms are (or will be) in place to verify that users have completed training.
Rules of Behavior.
rg) Yes, Component Privacy Officers or PPOCs maintain a record of employee

2020-ICLl-00023 849
Homeland The P,ivacy Office
U.S. o,,purtment of H0111eh1nd S~curity
Security Washlng1on. DC' 20528

'202-343~( b )(6 \:
www .dhs.gov/privacy
!
Page 9 ,~{9

DATE reviewed by the OHS Privacy Office:
NAME of the OHS Privacy Office Reviewer: <Please enter name of reviwer.>

D P rogram has met requirements to use social media £or the stated authorized
operational purposes, and must conti_nue compliance with the regujrements above.
D Program h as n o t yet met re quirements to utili ze social media for operational
purposes.
D Rules of Behavior do n ot comply. <Please explain analysis.>
Additional Privacy compliance dommentation is reqwred:
DA PIA is required.
D Covered by existing PlA. <Please include the name and number of PIA
here.>
D New.
here.>
0 A SORN is required:
D Covered by existing SORN. <Please include the name and number of
SORN here.>
D New.
here.>
2020-ICLl-00023 850
From: l(b)(6); (b)(7)(C)
Sent: 8 Oct 2019 15:44:56 +0000
To: kb )(6): (b )(7)(C) I
Subject: NSU Open Source
Attachme nts: NSU Open Source Rules of Behavior (KC 10.01.19) - Final.docx, SMOUT, ICE -
Criminal and Admin Immigration LE, 20170103, PRIV Final.pdf, PTA ICE- HSI NSU OST - Draft
10082019.docx
Kb)(6);
I was recently named the Team Lead for the new Open Source Pro·ect at NSU so I am in the proces-s of
finalizing our SOP and Rules of Behavior. After talking to b)(6); {b)(7)(C) and !(b){6): (b )(7 \CC\ 11
know they have worked with you to get most of the heavy lifting complete. I believe the PTA and
SMOUT are looking good-to-go but we made some minor tweaks to the ROB based on your suggestions.
Would you mind taking a look at our latest version of the ROB? If everything looks good, I can get this
blessed off by NSU leadership this week and begin refining our SOP and start training.
Thanks for your help and patience.
Very Respectfully,
Kb)(6); (b)(7)(C) I
National Security Unjt
Homeland Security Investigations
Desk: 571-468,Kb\fn\· I
Cell: 404-41 b)(6);
(b)(6); (b)(7)(C)
2020-ICLl-00023 859
Homeland The Privacy Office
U.S. Depannwnt or HomeJ,md Security
Security Washif\g1on. IX 20528

703-235kb )(6 );
www.dh, .gov/pitvacy

Page 1 of
12

This template is used to assess the Department's Opera tional Use of Social Media,
The OHS P1i vacy Office has created this template to determine privacy compliance with
Management Directive 110-01, Privacy PolietJ for Operational Use of Social Media. For the purposes of the
Management Directive and this template, "Operational Use'' means authorized use of social media to
collect personally identifiable information for the purpose of enh ancing situational awareness,
include the use of search engines for general Internet research, nor does it include the use of social media
for professional development snch as training and continuing education or for facilitating internal
meetings. The foUowmg uses of social media are exempt fro m the Management Directive and are not
subject to this requirement!:
a) Communications and oulTeach with the public authorized by the Office of Public Aifairs
(covered by the existing PIAs: DHS/ALL/PIA-031 - Use of Social Networki.ng Interactions
and Applications Communications/Outreach/Public Dialog:ue and DHS/ALL/PJA-036 -
and Analysis, the .intelligence and counterintelligence elements of the United States
counterintelligence functions, in accordance with t he provisions of Executive Order
12333, as amended.
This tern.plate shall be used to document the process to be followed by all programs engaging in
operational uses of social media; to identify information technology systems, technologies, rulemakings,
programs, or pilot projects that involve Pll and other activi ties that otherwise impact the privacy of
ad ditional Privacy Compliance Documentation. Components may appeal to the Depu ty Secreta ry for
compliance for the operational u se of social media.
• Gathering information by the Office of Operations Coordination and Planning (OPS) to enhance situational awareness is exempt
frorn this requirement a nd is covered by the existing PIA, IJHS/OPS/PLA· 004(d) • Publiclv AvaUable Soc:ia.l Media Monito.1ing an.d
Si!·uational Awareness Initiative Update.
2020-ICLl-00023 862
U.S. Depanmen1 oO-LomeJ,md Security
Security Washir1g1on. IX 2/)528

,03.231(b )(6):
www.dh, .gov/pitvacy

Page 2 of
12

Please complete this form and send it to you r Componer1t Privacy Officer.
Upon receipt, your Component Privacy Officer and the DHS Privacy Office will rev iew this
form a nd may request additional information.
SUMMARY INFORMATION
Date submitted for review: December 5, 2016
Name of Component: U.S Immigration and Customs Enforcement
I
Contact Information: l(b)(6); (b)(7}(C) Privacy Officer, (202) 732J~?(~); . I
Counsel2 Contact Information: Adam Loiacono, Chief, Enforcement and Removal operations
Law Division, OPLA; j(b)(6); (b)(7)(C) I
(A) Chief, Government Information Law Division,
OPLA
IT System(s) where social media data is stored: TECS Case Management, Fugitive Case
Management System, Enforcement Integrated Database, and Alien Criminal Response
Information Management System
DHS/ICE/PIA-011 - Visa Security Program Tracking System (VSPTS-Net)
DHS/ICE/PIA-020 - Alien Criminal Response Information Management System

(ACRIMe)
DHS/ICE-007 - Alien Criminal Response Information Management (ACRIMe) SORN
• Counsel 1.isted here must certify that appropriate authority exists to engage in particular ope(aHonal activities in volving social
media.
2020-ICLl-00023 863
Homeland The Pfivacy O f_fice
U.S. Depaliment of liomel,md Security
Security WashiT1g1on. DC 20528

703-23~ (h \ ff'\\ ·
www.dhs .gov/prlvacy
!

Page 3 of
12
DHS/ ICE-011 - Immigration and Enforcement Operational Records System

(ENFORCE) SORN
DHS/ICE-012 - Visa Security Program (VSP) SORN
DHS/USCIS-ICE-CBP-001 -Alien File, Index, And National File Tracking System SORN
2020-ICLl-00023 864
U.S. D•p~linwnt or HomeJ,md Security
Security Washif\g1on. DC 20528

703-235i(b }(6 ):
www.dhs.gov/privacy
I
Page4 of
12
SPECIFIC QUESTIONS
1. Describe the category of use for coJlecting personally identifiable information from social
investigations, benefit or employment determinations, or s ituational awareness. If use does
As the definition of social media in the OHS Insb·uctiun 110-01-001 Privacy Policy for the
Operational Use of Social Media (Privacy Policy) is drafted broadly so as to likely include general
use of the Internet and as social media technology is ever changing and evolving, this template
addresses lCE's use of the Internet, to include social media as defined in the Privacy .Policy.
ICE uses the Internet, including social media as defined jt1 the Privacy Policy, for criminal and
administrative immigration law enforcement purposes. (This template does not address the
conduct of undercover operations in the context of criminal immigration law enforcement
investigations. Those activities are covered by a separately submitted template that covers
undercover investigations only.) This immjgration law enforcement use of the Internet including
social media, falls into the following four categories: (1) using the Internet, including social
media, to assist in locating, arresting, and adjudicating individuals who may be amenable to
removal under the Immigration and Nationality Act or are otherwise suspected of violations of
U.S. immigration law and assisting other law enforcement agencies with investigations and
adjudications related to individuals, (2) identify individuals who may be inadmissible to the
United States under the Immigration and Nationality Act, (3) pre-operational, operational, and
situational awareness uses related to officer safety or threats to the public at-large, and (4) to
obtain information to assist in d etermining whether to exercise prosecu torial discretion.
Category One: Basic Criminal and Administrative Enforcement of the Immigration and
Nationality Act
With regard to the use of the Internet, including social media, to locate and arrest individuals,
ICE officers, agents, attorneys, and support personnel routinely use a variety of government and
comm ercial databases to identify, locate, and arrest individuals who may be amenable to removal
and meet ICE's current enforcement priorities. However, additional ·information not available in
these databases is available on the Internet, including social media. The use of the Internet,
including social media, will allow ICE to gather information that assists in identifying, locating,
and arresting individuals wanted for crimes and/or who may be amenable to removal, and
assisting other law enforcement agencies with investigations related to individu.a ls where
necessary and appropriate. It will also allow ICE attorneys who represent the agency in civil
2020-ICLl-00023 865
Homeland The Privacy Of-fice
U.S. D•p~linwn1 ,•rHumeJand Se~urlty
Security Washff1810 n. IX 20528

,03.231( b lf 6 ):
www.J hs.gov/pnvacy

Page 5 of
12
immigration proceedings before the Executive Office for Immigration Review to conduct gelleraJ
and specifi c case research an d preparation.
Category Two: Inadmissibility Recommendations unde.r the Immigration and Nationality Act
ICE also uses the Intemet, iricluding social media, to iden tify iridividuals who may be
inadmissible to the United States under the lmmigration aJ1d Nationality Act. As a function of the
Visa Security Program, ICE makes recommendations to the Department of State on the issuance
and status of non-immigrant visas. ICE may collect information about non-immigrant visa
applicants and their associated points of contact listed on their v isa application in order to make
these recommendations. This includes gathering information publicly available on the Internet,
including social media, before and after visa approval. ICE may also collect information about
non-immigrant visa holders. If derogatory information about a non-immigrant visa ho lder is
w1covered, in.formation m ay be sh ared with the Department of State and/or forwarded to the
appropriate ICE Homeland Security Investigations field office for appropriate action depending
on whether the non-immigrant visa h older has entered the United States.
Category Three: OfficeT and Public Safety
ICE also uses the Internet, includin g social media, for pre-operational/operational/situational
tactical enforcement operations or otherwise initiating contact with a subject, ICE agents, officers,
or support personnel may collect it,fonnation about the subject of the tactical enforcement
operation. This includes gathering information publicly available on the Internet, i ncluding social
media, such as fireanns/weapons possession and relatives/associates who may reside with him.
This information assists agents an d officers with tactical planning activities su ch as: number of
agents and officers required for the operation, any specialized equ ipment that may be necessary
for the operation, and intelligence on when and where the operation should be conducted for
agent and officer safety and tactical efficiency.
Category Four: Prosecutorial Discretion
Finally, ICE also uses the Internet, including social media, to gather .information.related to the
possible exercise of prosecutorial discretion. Pursuant to Director Morton' s Jw,e 17, 2011
prosecutoriaJ discretion in various situations. Some of these factors include: whether the
subject is a dan ger to the community or to national security, whether the subject is the
primary caregiver to a minor, or a person wi th a physical or mental disability, a subject's
edu cational and military background, a subject's ties and contributions to the community,
whether tbe subject (or the subject's sp ouse) is pregnant or nursing, whether the subject or
subject's spouse suffers from severe mentaJ or physical illness. These factors can be difficult
to ascertain using routine goven1ment and commercial databases and the use of the Internet
2020-ICLl-00023 866
U.S. D•p~Jimen1 or liomeJand Security
Security Washing1on. IX 20528

,03.23_ (b )(6);
www. 1s.gov/pn vacy

Page 6 of
12
including sociaJ media serves as another tool to attempt to idehtify these unique factors.
ICE custody. The Internet, including social media, p rovides a source of information that can
be used to help determine when it is appropriate to release an individual from ICE custody.
authorities.
• Homeland Security Act of 2002, as amended, Pub. L. No. 107-296, 116 Stat. 2135 (2002)
• Immigration and Nationality Act of 1952, as amended, U.S. Code Title 8
• TCE Delegfltion No. 0001, Delegation of Authority to th,e Dfrectors, Detention an d Removal
• 8 C.F.R. § 2.1, Authority of the Secretary of Homeland Security
use?
~Yes. O No.
D Tn development. ~ Operational. Date first launched: Unknown
2012.
users do NOT follow a particular Rule, please detail reasoning for not fol1owing that Rule:
a) Eq11ipme11f. Use only government-issued equipment when engaging in the operational
use of social rned~a;
D Yes. ~ No. If not, please explain:
purposes, tl1e employees who engage in tl1.ese activities will not identify themselves
as ICE or OHS pernom1.el, or law enforcement personnel. This .is necessary to ensure
the safety of law enforcement personnel, to avoid compromising law enforcement
operations, to prevel1t tipping off individuals who are sought by law enforcement for
2020-ICLl-00023 867
U.S, Dep~n ment of HomeJ,md Security
Security Washif181on. IX 2/)528

703-23lf h l / F\, -
www.dh~.gov/prlvacy

Page 7 of
12
b) Email and accounts. Use online screen names or identities that indicate an officia.l DHS
media ln the perfonnance of their duties;
O Yes. ISi No. U not, please explain:
ICE or OHS personnel, or law enforcement personnel. This is necessary to ensure the
violations of law, and to p revent disclosing litigation sh·ategy and tactics.
c) Public interaction. Access publicly available information through social m edia only by
information;
ISi Yes. D No. U not, please explain:
publicly available;
ISJYes. D No. If not, please explain:
Law enforcement personnel may not access restricted online sources or facilities absen t
legal authority permitting enh·y into private space.
e) Pl/ collection: CoUect the minimum Pll necessary for the proper performance of their
authorized duties except for systems subject to Final Rvles for Exemption from certain
OYes. IZI No. U not, pl ease explain:
(e)(l ) requirement (5 U.S.C. § 552a(e)(1)), which normally l.imits agencies to collecting
(e)(1) requirement is necessary to ensure the integrity of law enforcement investigations,
f) PIT safeguards. Protect PIT as required by the Privacy Act (if applicable) and OHS privacy
policy;
ISi Yes. D No. If not, p lease explain:
2020-ICLl-00023 868
U.S. Depalimen1 of HomeJ,md Security
Security Washiru;1on. IX 2/)528

,03.231(b )(6 );
www.dhs.g0Vl1ln vac-y

Page 8 of
12

accessed, in formation collected an d how it was used.
0Yes. ['gJ No. If not, please explain:

lCE's rules of behavior stated that law enforcement personnel should retain th~
retained that content had it been written on paper. These contents should be preserved in
a manner authorized by lCE procedures governing the preservation of electronic
communications.
authorities, acceptable operational u ses of social media, access requirements, and
['gJ Yes. D No. If not, please explain:
Mechanisms are (or will be) in place to verify that users have completed training.
Rules of Behavior.
['gJ Yes, Component Privacy Officers or PPOCsmaintain a record of employee

2020-lCLl-00023 869
U.S. Depalinwnt of HomeJ,md Security
Security Washif\g1on. DC 20528

703-235!( b }(6 ):
www.dhs.gov/privacy
!
Page 9 of
12

DATE reviewed by the OHS Privacy Office: January 3, 2017
NAME of the OHS Privacy Office Reviewer:f b)(6); (b)(?)(C)
DESIGNATION
This program is covered by the following Privacy Impact Assessm e nt and Privacy Act
System of Records Notice:
PIA: DHS/ICE/PIA-009 Fugitive Case Managem ent System (FCMS)

DHS/ICE/PIA-015 Enforcement Integrated Database (EID)
DHS/ICE/PfA-011 Visa Security Program Tracking System (VSPTS-Net)
DHS/ICE/PIA-020 Alien Cri min al Response Information Management System (ACRIMe)
SORN: DHS/USClS/ICE/CBP-001 Alien File, Index, and National FHe Tracking System of
Records, November 21, 2013, 78 FR 69864
DHS/ICE-007 Alien CriminaI Response information Man agement System, February 14,
2013, 78 FR 10623
DHS/ICE-009 External Investigations, Janu ary 5, 2010, 75 FR 404
DHS/TCE-01 1 Criminal Arrest Records and Tmmigtation Enforcemen t Record s (CA RIBR)
System of Records, October 19, 2016, 81 FR 72080
DHS/ICE-012 Visa Security Program (VSP), Sep tember 30, 2009, 74 FR 50228
1. Category of Use:
D Law Enforcemen t Intelligence;
[gj Criminal law en forcement investigations;
D Background investigations;
D Profession al responsibility investigations;
D Ad ministrative or benefit determinations (including .fraud detection);
D Situational awareness; and
2020-ICLl-00023 870
Homeland The Privacy Of6ce
U.S. Dep~Iiment or liomeJand Security
Security Washing1on. IX 20528

,03-23 (b)(6);
WW\\' , - 1s.g,1~ prwacy

Page JO of
12
D Other. <Please explain "other" category of use here.>
2. Has Component Counsel reviewed and determined that there is authority to engage in the
above Category of Use?
~ Yes. D No.
3. Rules of Behavior Content: (Check all items that apply.)

a. Equipment.
~ Users must use government-issued equipment. Equipment may be non-
attributable and may not resolve back to DHS/US IP address.
D Users must use government-issued equipment. Equipment must resolve
back to DHS/US fP address.
b. Email and accounts.
~ Users do not have to use government email addresses or official DHS

accounts online.
0 Users must use government em.ail addresses or official DHS accouf1ts on line.
c. Public interaction.
D Users m ay interact with individuals online in relation to a specific law

enfor,cernent investigation.
~ Users may NOT interact with individuals on.line.
d. Privacy settings.
D Users may disregard privacy settings.

~ Users must respect individu al privacy settings.
e. PII storage:
~ PII is maintained in an exempted Privacy Act System of Records.
Please list applicable SORN here: DHS/USCIS/ICE/CBP-001 Alien File,

Index, and National FiJe Tracking System of Records, November 21,
2013, 78 FR 69864; DHS/lCE-007 Alien Criminal Response Information
Management System, February 14, 2013, 78 FR 10623; DHS/lCE-009
2020-ICLl-00023 871
Homeland The Privacy Of-fice
U.S. Depanment or HomeJ,md Security
Security Washing1o n. IX 20528

703-23j(h\/6\· ( h \(7 \(C: j
www.dhs.gov/privacy

Page 11 of
12
External Investigations, January 5, 2010, 75 FR 404; DHS/ICE-011

Criminal Arrest Records and Immigration Enforcement Records
(CARTER) System of Records, October 19, 2016, 81 FR 72080; DHS/ICE-
012 Visa Security Program (VSP), September 30, 2009, 74 FR 50228
D PIT .is maintained in a Privacy Act Systems of Records.

Please list applicable SORN here:
f. PII safeguards.
rgj PII is protected as required by the Privacy Act and OHS privacy policy.
D Only a minimal amount of PII is collected and safeguarded, consistent with

DHS/OPS-004 - Publicly Available Social Media Monitoring and Situational
Awareness Initiative.
g. Documentation.
D Users must appropriately document their use of social media, and collection
of information from social media website.
D Documentation is not expressly required.

rgj ICE's rules of behavior stated that law enforcement personnel should retain
the information they access on the Internet, including social media, if they would
have retained that content had it been written on paper.
h. Training.
rgj All users must complete annual privacy training that has been approved by
Component Privacy Officer. Training includes:
~ Legal authorities;
rgj Acceptable operational uses of social media;

rgj Access requirements;
D Applicable Rules of Behavior; and
rgj Requirements for documenting operational uses of social media.
2020-ICLl-00023 872
Homeland The Privacy O ffice
U.S. Depannient or f-lomeJ,md Security
Security Washif\g1on. IX 2052.8

703-23lfh \(f'\\·
www.dhs .gov/prlvacy
!

Page 12 of
12
IZ] Mechanisms are (or will be) in place to verify that users have completed
training.
D Yes, employees self-certify that they have read and unders tood their
Compo.ne.nt Rules of Behavior.
IZ] Yes, Component Privacy Officers or PPOCs maintain a record of

employee attendance at privacy training that includes training on the
Rules of Behavior.
D No, certification of training completion cannot be verified.

IZ] Program has met requirements to use social medi a for the stated authorized
pLLrposes .
D Rules of Behav ior do not comply. <Please explain analysis.>
D A PIA is required .
D New.
0 Updated.
0 A SORN is required:
D New.
0 Updated.

(b)(5)
2020-ICLl-00023 873
Security Page 1
nos
o/2
ADDENDUM TO TESTING AUTHORIZATION
Use this form to propose a change to an approved Proposal to Use Real 0(J.la for Testing. Appropriate uses of this
form are to make discrete modifications to the scope of the original approved testing ll'Uthorization, for example, to
extend the dates of testing authorization, to obtain a teftesh of the data not originally authorized, or to make minor
changes to the scope of the test data or the purposes. In the event the proposed changes are deemed significant by the
Privacy Office or OCISO, the program may be required to submit a new Proposal to Use Real Data for Testing.
Project Name: ICE Integrated Decision Support (IIDS) System
Original Authorization Date: 6/28/2017

Dates of Any Addenda: 3/17/2016; 9/22/2016; 2/28/2017
Request Submitter: Kb)(6); (b)(7)(C)
Submission Date: 5/28/2018
DESCRIPTION
Describe specifically the proposed changes to the scope of the testing authorization, Lisi what sections of the
a11tJwrization will be affected, and how. Explain why the change is required (e.g., more time needed due to
llnexpected delays).
The IID$ ITPM is requesting an additional twelve (12) months to complete the testing. This
extends the approved testing date to 5/28/2018.
Since OCIO Infrastructure plan to build a security compliant IIDS future environment on the
p795 in DCl which provides exceptional performance, massive scalability and bandwidth to
efficiently and concurrently support a full range of complex, mission-critical applications for
legacy and OBIEE environment. Therefore, IIDS team needs more testing to ensure the
environment is suitable for the applications.
DETERMINATION
Determination: Approved with Conditions

l?tivacy Office Reviewer: (b)(6); {b)(7)(C) De tennina tion Date: 6/27/2017
OCISO Reviewer:
COMMENTS
r b)(5)
Version date: Janu·ary 29, 2015
2020-ICLl-00023 882
Homeland ICE 000 OCIS0 & ICE Privacy and Records Office, Pri vacy Branch
Proposal to Use Real Data for Testing
Security Page 1 o/21
PROPOSAL TO USE REAL DATA FOR TESTING
Complete this Testing Questionnaire when there is a need to requ est permission to u se real data, whether
in original or altered form, to test an IT system/project at ICE.
"Real data" means data from a production system, vendor, or public records, or any other dataset which
a system and contains data about real individuals, matters, or cases, would be real data. A set of public
records that was pttrchased from a vendor for u se in testing would also be real data.
The JCE Privacy and Records Office, Privacy Branch and ICE Ofnce of the Chjef Information Officer,
Office of Chief Tnfonnation Secunty Officer {OCTSO) \-vi)] u se this form to determine wh ether to authorize
the u se of real data for testing and u nder what conditions. The goal is to erisure that risks to privacy aiid
security are minimized while allowing needed tests to proceed, If you are unsure if the test dataset is real
data, please contact the Privacy Branch.
lnstructio11s: Return this completed form to the Privacy Branch and the 0OS0 emaH addresses below.
P lease include a copy of the .Independent Test Plan. The Privacy Branch will coordinate with OCISO and
the final determination will be reflected on the last page of this form. The form will be returned to you in
PDF when final The requestor and System ISSO a.re responsible for uploading the document into Xacta
and the ICE Electronic Lifecycle Management System s (ELMS).
Contact Points:
P1i.vacy Branch oaso

202-73 (b)(6); fb)(6); (b)(?)(C)
(b)(6); (b)(7)(C)
Recommendations: To limit review time, please be su re to follow these tips:
(b)(5)
Vt•rsion date: July 25, 2014
2020-ICLl-00023 884
ICE 000 OCIS0 & ICE Privacy and Record5 Office, Pri vacy Branch
Page 2 o/ 21
SECTION 1: Basic Information
DATE submitted to Privacy Branch: 11/04/2016
JT Sys tem/Project From Which the Tes t Data Originates:
Name/version: Federal Financial Management System (FFMS)
Wha t PIA(s) describes this system/ project and the data being used for testing?
DHS/ALL/PIA-053 DHS Financial Management Systems
What SORN(s ) covers the data in this system/project and the data being us ed for tes ting?
b)(5)
System Ow ner (ICE Office ): Chief Financial Officer (CFO)

Sub-O ffice, if applicable: Office of International Affairs: Office of Financial Management (OFM)
Primary O CIO POC

N ame: !(b)(6);
Title: Security Assurance Manager
D HS Email address: l/b\(6): /b\(7)/C\ I
Phone num ber: (202) 732f b)(6)j
Alternate OCIO POC (** Dele gate for Primary O CIO POC unless otherwise designated)
Name: Kb)(6); (b)(7)(C) I
Title: Chief, Secmity Assmance
DHS Email address: (b)(6); (b)(7)(C)
Phone number: (202) 732 b)(6);
System Owner POC ( ** Pleas e e n s ure this POC i s a w are of this propos al)
N ame: l(b)(6); (b)(7)(C) I
Title: Acting Director, Office of Assurance and Compli ance
DH S Em ail address: i{!b:!..!lis6Ll.·w(!!.b~~~ ,__ _ __ j
' (b)(6)·
P hone number: (202) 73 (h\f?)f(;)
Version date: July 25, 2014
2020-ICLl-00023 885
ICE 000 OCISO & ICE Privacy and Records Office, Privacy Branch
Page3 o/21
System ISSO
Name: l(b)(6); (b)(7)(C)
Title: ISSO
DHS Email address: kb )(6); (b)(7)(C)
Phone number: (202) 403-1@@1
FRR POC
Name: l(b)(6); (b)(7)(C~
Title: TTPM
DHS Email address: b)(6); (b)(7 )(C)
Phone number: (202) 732 .b~(~\ _.
Requester POC
Name: Kb)(6); (b)(7)(C)
Title: Program Manager, OFM
OHS Email address: b)(6); (b)(7)(C)
Phone number: (202) 904 b)(6);
Data Owner POC (** Please identify the data owners or their delegated representative for all sources
of the production data or any other real data)
Name: Kb)(6); (b)(7)(C) I
Title: Assistant Director, Data and Technology
DHS Email address: l(b)(6): (b)(7)(C) I
Phone number: (202) 732f b)(6); I
OCISO Reviewer
Name:
Title:
DHS Email address:
Phone number:
Privacy Branch Reviewer

Name: !lb\/6 \: /b\/7 \/C\
Title: Privacy Compliance Specialist
DHS Email address: ~b)(6); (b)(7)(C)
Phone number: (202) 732~~b)(6)1
Provide a brief description for the purpose of the proposed testing:

b)(5)
Version d~te: July 25, 2014
2020-ICLl-00023 886

ICE July 2020 Production Brennan Center DHS FOIA Social Media Monitoring

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ICE July 2020 Production Brennan Center DHS FOIA Social Media Monitoring

Uploaded by

Copyright:

Available Formats

From: ~b)(6); (b)(7)(C) I

Sent: 12 Jul 2019 12:48:44 +0000

ADDENDUM TO TESTING AUTHORIZATION

Project Name: Financial Reporting Repository (FRR) / Business Management

Version date: January 29, 2015

Privacy Office Reviewer: {b)(6}; {b)(? }(C) De termination Date: 09/11/2015

~ Authorization is limited to the dataset as described in this questionnaire and accompanying

Versio n date: January 29, 2015

Version date: January 29, 2015

ATTACH MENT A: LIST OF NEW DA TA FIELDS FOR TESTING

The. code that identifies the type of action being processed

Number of characters for employee middle name

The gender of the employee

Version date: January 29, 2015

The effective date of the personnel action identified by the NOAC

The effective century of personnel data

The effective year of personnel data

The effective month of personnel data

The effective day of personnel data

The federal department that an employee is transferring from; or identify

The fixed' number of days of the appointment limitation

The date on which the employee's service year begins

The century on which the employee's service year begins

The year on which the employee's service year begins

The month on which the employee's service year begins

The day on which the employee's service year begins

Version date: January 29, 2015

2020-IC Ll-00023 619

Version date : January 29, 2015

Identifies commencing century of a probationary period, if any

Identifies commencing year of a probationary period, if any

Identifies commenc1ng month of a probationary period, if any

Identifies commencing day of a probationary peri od, if any

Version date : January 29, 2015

Indicates the accounting station an employee is assigned to

Identifies the office an employee is assigned to

Appropriation to which the expenses are to be charged

Accounting levels to which the expenses are to be charged

The date the personnel action is valid

The century the personnel action is valid

The year the personnel action is valid

The month the personnel action is valid

Version date: January 29, 2015

The first 5 digrts of the employee's residence address zip code

The employees EOD to agency month

The employees EOD to agency day

The not to exceed century for the employees appointment

The not to exceed year for the employees appointment

The not to exceed month for the employees appointment

The not to exceed day for the employees appointment

The nature of action code for an employee appointment

Version date: January 29, 2015

The pay period a separation, if any, was processed

Indicator to determine if the employee is allowed a quarterly amount review

Indicator to determine if the employee is allowed a quarterly rate review

Indicator to determine if the employee is allowed COLA increases

The employee's YTD admin hours used

The employee's YTD Military hours used

The number of days until an employee reaches tenure for c-level

The Office a detailed employee is assigned

The pay plan a detailed employee is assigned

The series a detail employee is assigned

The detail organization structure a detailed employee is assigned

Positions, which can be filled only by Presidential appointment with approval