Article illustration 1

For over two decades, privacy advocates have questioned the Department of Homeland Security’s expansive domestic surveillance powers. Now, a leaked internal memo obtained via FOIA request by the Brennan Center for Justice and shared with WIRED exposes a critical security failure: From March to May 2023, the DHS’s Homeland Security Information Network-Intelligence (HSIN-Intel) platform was misconfigured, accidentally granting "everyone" access to restricted intelligence instead of authorized personnel only.

The Anatomy of a Systemic Failure

HSIN-Intel serves as a nerve center for sharing sensitive—but unclassified—intelligence across the FBI, National Counterterrorism Center, local law enforcement, and fusion centers. The misconfiguration exposed 439 intelligence reports to tens of thousands of unauthorized HSIN users, including:
- Disaster response teams with no intelligence clearance
- Private sector contractors
- Foreign government personnel

According to the memo, unauthorized accesses totaled 1,525 incidents. Shockingly, 46 accesses came from non-U.S. citizens, while 518 originated from private sector accounts. Nearly 40% of exposed material involved cybersecurity threats, including state-sponsored hacking campaigns targeting U.S. infrastructure. One highlighted report detailed protests against Atlanta’s police training facility, documenting tactics like Molotov cocktail use—data ripe for exploitation.

“DHS advertises HSIN as secure... but this incident raises questions about how seriously they take information security,” warned Spencer Reynolds of the Brennan Center. “Thousands gained access to information they were never supposed to have.”

Oversight in Crisis

Despite DHS downplaying the incident as “minimal to low impact,” the memo’s author contested this assessment, noting the exposure of Americans’ personally identifiable information (PII) and recommending retraining on PII protocols. The timing exacerbates concerns: The Trump administration gutted DHS’s 150-person civil liberties oversight office, and current reform bills—like the Strengthening Oversight of DHS Intelligence Act—contain loopholes allowing unchecked data sharing.

Jeramie Scott of the Electronic Privacy Information Center framed the stakes: “This implicates all of us. We’re talking about an agency doing domestic intelligence with virtually no transparency. If this happened under Biden, what breaches might be hidden today?”

The incident underscores a dangerous pattern: Agencies collecting vast surveillance data lack the infrastructure to secure it. With foreign actors accessing U.S. threat analyses and domestic protest details, the breach isn’t merely embarrassing—it’s a geopolitical vulnerability. As legislative reforms stall, the question isn’t if another misconfiguration will occur, but whether citizens will ever be told.

Source: WIRED