Dell Cameron Security Mar 10, 2026 2:23 PM DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned. Photograph: SAUL LOEB; Getty Images Save this story Save this story The US Department of Homeland Security removed multiple career Customs and Border Protection officials from their roles this year after they objected to orders to mislabel records about surveillance technologies and block their release under the Freedom of Information Act , WIRED has learned. Since January, DHS leaders have reassigned two of the top officials responsible for ensuring that CBP technologies comply with federal privacy law, according to multiple sources with knowledge of the situation. These sources were granted anonymity because they fear government retribution. The reassignments followed December orders from the DHS Privacy Office to treat routine compliance forms as legally privileged, and to label signed privacy assessments as “drafts” exempt from disclosure under federal records law. Those removed include CBP’s top privacy officer and one of the agency’s two privacy branch chiefs. The director of CBP’s FOIA office was also removed last month. DHS ordered the new secrecy rules, sources say, after a CBP FOIA officer lawfully released a redacted privacy assessment, triggering backlash from DHS political leadership. The document—known as a Privacy Threshold Analysis, or PTA—was obtained by 404 Media last fall, providing the only formal government record of Mobile Fortify , a previously hidden face recognition app. PTAs are a required compliance form, a questionnaire that describes the basic mechanics of new government systems that use or harvest personal data. It also records whether privacy officers approved the system or ruled the government was legally required to look closer at how it impacts people’s privacy. In the case of Mobile Fortify, the public learned from the released PTA that DHS had acknowledged the app would capture people’s faces and fingerprints without their consent; that US citizens and lawful permanent residents would inevitably be among those photographed; and that every image taken, regardless of whether it matched anyone, would be stored for up to 15 years. Labeling the document a “draft” would ostensibly bolster the agency’s ability to bury such revelations using an exception in FOIA that protects “advisory opinions” and “recommendations.” Sources say the privacy officials removed from their posts saw the tactic as legally incoherent, arguing that a completed compliance form could not be simultaneously signed and considered a draft. "This policy change is illegal,” says Ginger Quintero-McCall, an attorney at the public interest law firm Free Information Group, and former supervisory information law attorney at the Federal Emergency Management Agency, a DHS component. "There is nothing in the FOIA statute—or any other statute—that allows the agency to categorically withhold Privacy Threshold Analyses.” Quintero-McCall says she witnessed retaliation on the job firsthand before leaving the government last year. “It would not surprise me at all to learn that the administration reassigned employees who objected to this illegal policy of secrecy.” A DHS spokesperson told WIRED on Monday, “Any allegation that DHS adopted a policy making Privacy Threshold Analyses exempt from the Freedom of Information Act is FALSE.” Internal emails show otherwise. On December 3, the DHS Privacy Office announced a "major change" that required all future PTAs to carry a disclaimer marking them exempt from public release. The disclaimer reads in full: “This is a draft document that is pre-decisional, deliberative, and is designated For Official Use Only. It is subject to the deliberative process privilege and attorney client privilege. It is not to be released, shared, or distributed outside of authorized channels without prior consultation and approval from the Department of Homeland Security Privacy Office. Unauthorized disclosure may result in administrative, civil, or criminal penalties.” Got a Tip? Are you a current or former government employee who wants to talk about US immigration enforcement or public records laws? We'd like to hear from you. Using a nonwork phone or computer, contact the reporter securely on Signal at dell.3030. CBP privacy officers, such as the ones reassigned, have not historically signed off on privacy reviews. Under previous administrations, that responsibility rested with a headquarters official working directly for the department’s chief privacy officer. The current chief privacy officer, Roman Jankowski, delegated that authority downward in one of his first acts in office, as WIRED previously reported . DHS’s spokesperson assured WIRED that when the forms are requested under FOIA, they are subject to “the same review applied to other agency records.” But internal emails indicate a blanket prohibition on their release: “PTAs are NOT supposed to be released at all,” the department’s deputy FOIA chief, Catrina Pavlik-Keenan, wrote in a February 20 email to, among others, Jankowski and his deputy, James Holzer. The federal government has broadly conceded that FOIA requires the disclosure of these records. The FBI, for instance, has implicitly acknowledged that PTAs are ordinary agency records. In a 2015 case, it released nearly 50 of them—withholding only 12 pages after swearing in court that they were genuine drafts. DHS’s own website shows it published at least dozens of PTAs last year before ceasing in September. Internal emails show CBP’s FOIA division planned to release another PTA last month concerning the face recognition tool Clearview AI, but DHS blocked it. “It is especially important that the public have access to these records when agency staff conclude there is no significant privacy impact,” says Nathan Wessler, deputy director of the American Civil Liberties Union's Speech, Privacy, and Technology Project, “because that ends the review process entirely, with no subsequent assessment ever prepared.” “If the public can't see the PTA, we'll never know about faulty reasoning that undervalues privacy threats,” he says, “and that opens people up to violation of their rights.” Jeramie Scott, senior counsel at the Electronic Privacy Information Center, says that FOIA requires narrow redactions over wholesale secrecy and that withholding the records outright would allow DHS to evade public scrutiny of its expanding surveillance operations. “Career DHS Privacy officials were right to protest such a blanket move towards secrecy,” he says. You Might Also Like In your inbox: Our biggest stories , handpicked for you each day What a Google subpoena response looks like—courtesy of the Epstein files Big Story: The undersea cable that made the global internet possible Everyone speaks incel now Replay: Livestream on the hype, reality, and future of EVs Dell Cameron is an investigative reporter from Texas covering privacy and national security. He's the recipient of multiple Society of Professional Journalists awards and is co-recipient of an Edward R. Murrow Award for Investigative Reporting. Previously, he was a senior reporter at Gizmodo and a staff writer for the Daily ... Read More Senior Reporter, National Security Topics privacy surveillance immigration Department of Homeland Security Freedom of Information Act Customs and Border Protection face recognition Read More DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies Homeland Security aims to combine its face and fingerprint systems into one big biometric platform—after dismantling centralized privacy reviews and key limits on face recognition. All the Ways Big Tech Fuels ICE and CBP A WIRED analysis shows that ICE and CBP have collectively spent at least $515 million on products from Microsoft, Amazon, Google, and Palantir in the last few years alone. How Federal Agencies Got Caught Up in Trump's Anti-Immigration Crusade WIRED spoke with workers across seven government agencies—from the IRS to HUD—about how their work has been contorted to support ICE and other immigration efforts. Anthropic Hits Back After US Military Labels It a ‘Supply Chain Risk’ Anthropic says it would be “legally unsound” for the Pentagon to blacklist its technology after talks over military use of its artificial intelligence models broke down. Social Security Workers Are Being Told to Hand Over Appointment Details to ICE The recent request goes against decades of precedent and puts noncitizens at further risk of immigration enforcement actions. Here’s What a Google Subpoena Response Looks Like, Courtesy of the Epstein Files The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data. Anthropic Sues Department of Defense Over Supply-Chain-Risk Designation The Claude chatbot developer says the Trump administration overstepped by escalating a contract dispute into a federal ban on the company’s technology. Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars. CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’ US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet. Inside the Homeland Security Forum Where ICE Agents Talk Shit About Other Agents Forum members have discussed their discomfort with mass deportation efforts, debate how federal agents have interacted with civilians, and complain about their working conditions. ICE Is Crashing the US Court System in Minnesota Petitions demanding people get the ch