by Casey J. Bastian

The U.S. Department of Homeland Security (“DHS”) operates U.S. Immigration and Customs Enforcement (“ICE”). In turn, ICE oversees the subagency Homeland Security Investigations (“HSI”). Since 2019, HSI has used its administrative subpoena powers to request bulk financial records from Western Union and Maxitransfers Corporation (“Maxi”). The result is HSI having received over 6.2 million financial transaction records, the overwhelming majority of which represent legal, private transactions and customer identification information.

In January 2022, Senator Ron Wyden of Oregon contacted HSI about ceasing this practice, and HSI seemingly complied. On March 8, 2022, Sen. Wyden sent a letter requesting an investigation of HSI to Dr. Joseph V. Cuffari, the Inspector General of DHS. U.S. Customs and Border Protection (“CBP”), another subagency of DHS, had previously been reprimanded for abusing its statutory authority in this exact manner. As DHS is seemingly unable to provide adequate oversight, an investigation is necessary to “determine whether HSI’s surveillance of Americans was consistent with DHS policy, statutory law, and the United States Constitution,” according to Sen. Wyden.

In Sen. Wyden’s request letter to DHS, it is noted that the Senior DHS officials previously admitted the “organization had used its customs summons authority under 19 U.S.C. § 1509 — a type of administrative subpoena — to conduct bulk surveillance of Americans’ financial records.”

HSI’s involvement in a surveillance program intended to gather bulk financial records comes after a similar effort by the Arizona Attorney General (“AG”) began in 2006. The AG attempted to use its administrative subpoena authority to gather similar data from Western Union. A state court of appeals ruled that the AG’s use of subpoena power in this manner may violate the Fourth Amendment and exceeds the AG’s statutory authority.

In February 2010, the AG reached a settlement with Western Union over allegations of money laundering. As part of that settlement, Western Union was required to cease in-court challenges to the AG’s subpoenas and turn over bulk transaction data. A second settlement between the AG and Western Union regarding money laundering was reached in January 2014. That settlement agreement resulted in the creation of the Transaction Record Analysis Center (“TRAC”) and extended the bulk data collection for five years. TRAC is a non-profit organization that facilitates unfettered access by law enforcement to the collected bulk data.

As a result, Western Union provided millions of records of its customers’ financial activity between February 2010 and July 2019 to TRAC and the AG. This transaction data included every single money transfer exceeding $500 to or from Arizona, California, New Mexico, Texas, and Mexico. During this time, dozens of smaller money transfer companies voluntarily turned bulk records over to TRAC as well. TRAC provides access to this financial data to “hundreds of federal, state, and local law enforcement agencies, who are able to query and use this data without any kind of court supervision.”

The settlement agreement between the AG and Western Union expired in 2019, but Western Union continued to provide bulk records to TRAC in cooperation with HSI’s Phoenix office. HSI had taken the lead in issuing subpoenas to Western Union. In 2021, Maxi began receiving customs summonses from HSI as well. Sen. Wyden noted that “HSI’s use of its custom authority in this manner is highly problematic for several reasons.”

In 2017, DHS had been previously advised of the limits of its summons authority. CBP’s Office of Professional Responsibility (“OPR”) found that CBP had abused the same authority in an attempt to identify a Twitter user who had criticized the agency. CBP also used its subpoena authority in drug-smuggling investigations, something not allowed by policy. HSI is currently violating the statute because it is only allowed to seek records that are “relevant” to an investigation. This does not authorize bulk records collection.

Another notable issue is that HSI directed recipients of the subpoenas to provide the records directly to TRAC. HSI essentially outsourced the data processing and hosting of bulk surveillance to an organization outside of the federal government. This practice raises security and privacy protection concerns and is inconsistent with DHS and HSI policies. As this is a continuing problem within DHS, Sen. Wyden alleged it indicates weakness in the central supervision within DHS. Another problem is that HSI either refused or failed to receive approval from the DHS Office of General Counsel, the DHS Office for Civil Rights and Civil Liberties, the ICE Office of the Principal Legal Advisor, or the ICE Office of Information Governance and Privacy.

When HSI forced Western Union, Maxi, and other money transfer companies to comply, this violated the privacy of their already at-risk customer base. These money transfer businesses are utilized mainly by low-income, minority, and immigrant communities – an issue that opponents of HSI’s conduct claim can cause “real-world harms” to such users. When the financial and identification records are exposed in such a way, domestic abuse survivors, asylum seekers, and human rights activists can become endangered.

This is not limited to DHS and its subagencies either. The Department of Justice Inspector General criticized the Drug Enforcement Agency in 2019 when it conducted the bulk collection of phone records. The National Security Agency was also criticized for issuing similar summonses to telecommunications providers. The U.S. Court of Appeals for the Second Circuit called the acquisition of so many records that were not “relevant” a practice that was “unprecedented and unwarranted.” ACLU v. Clapper, 785 F.3d 787 (2d Cir. 2015).

Some recommendations to address these violations include conducting the internal DHS investigation as requested by Sen. Wyden. And as every record in the TRAC seemingly was illegally collected, they must all be destroyed, both from TRAC and any other agency possessing copies of the information. Financial transaction companies must stop acquiescing to these subpoenas; these are merely requests, not warrants. Finally, strong consumer protection privacy legislation must be passed into law. We must protect everyone, but especially the most vulnerable among us, from abusive government tactics. 

Source: eff.org; 3/8/222 Request Letter to DHS IG from U.S. Sen. Ron Wyden

Subscribe today

Already a subscriber? Login