Appendix A: Detailed Procurement Analysis Methodology
A. Data Sources
We surveyed all ICE contracts from January 2008 to September 2021—40,715 unique ICE contracts, totalling 108,873 transactions.376 We downloaded ICE contract information from USAspending, the federal government’s “official source for spending data.”377 In cases where ICE closed out a surveillance contract during our review period without spending more money on it, we excluded the contract.
There are some limitations with the reliability of this dataset.378 For example, we do not have access to ICE’s actual payouts.379 We instead used USAspending data that tracks ICE’s promises to spend funds, which are known as obligations.380 For a closed contract, the total obligation should equal the real-world total ICE spent, but any open contract we reviewed might change in value. Furthermore, ICE provides its award spending data to the Federal Procurement Data System data, shared on USAspending, and agency mistakes can lead to misreported values.381 Our data is current as of September 2021.382
B. Methodology
1. Overview
To identify and analyze ICE spending on surveillance technologies, we reviewed ICE award transactions listed on USAspending, the official source of federal spending information.383 We identified ICE spending transactions that were likely for surveillance technologies and categorized them under six functionalities: geolocation, biometrics, data analysis, data brokers, government databases, and telecom interception.384
2. Identifying Surveillance Awards
We took two approaches to identifying surveillance awards. With the first approach, we started with a list of known surveillance tools and identified the ICE awards for those tools. With the second, we started with a set of ICE awards and looked into the ones that we suspected were for surveillance tools.
For our first approach, we assembled a list of known ICE surveillance vendors. We reviewed DHS/ICE’s Privacy Impact Assessments (PIAs) and System of Record Notices (SORNs), which are some of the only public-facing documents that DHS makes available about its initiatives. We downloaded each PIA and SORN from the DHS/ICE website archive and read the documents for mentions of technologies covered in our functionality categories. Almost none of the PIAs or SORNs related to a particular contract but rather gave general information of existing ICE initiatives, projects or programs (e.g., LeadTrac, RAVEN, VISA, etc). We later connected initiatives and programs to certain contracts through alternative means. We also gathered the names of known ICE surveillance vendors from reports published by organizations like NILC, Mijente, TechInquiry and Top10VPN.385 Lastly, we conducted keyword searches on search engines to identify names of other ICE surveillance programs and technologies.
For our second approach, we read through thousands of awards, flagging those that we suspected were related to surveillance functionalities.386 We flagged awards for software that contained surveillance-related keywords (e.g., “biometric”), awards that were labeled under a possibly surveillance-related category (i.e., had a product code for “Information Retrieval”) or had other fields that stood out. Then, we conducted online keyword searches of suspected surveillance contracts by their contract award number, the contracting companies, and the product or service provided. Those searches yielded company websites, media coverage and other information that helped us create a list of vendors and their surveillance products.
For any vendor that we identified as a surveillance vendor, we searched for its other ICE awards using its unique identifier, known as a DUNS number. We then reviewed each of the company’s ICE awards, adding awards that matched our functionality categories. In cases where the vendor predominately sells technology falling under a functionality, we included all its ICE awards in our list. Moreover, since ICE may make more than one transaction for any award, whenever any spending transaction associated with an award that was likely surveillance related, we included the entire award in our final list.
3. Categorizing Awards
Many ICE awards were for technologies that provided multiple surveillance functionalities. For example, ICE uses some technologies that cut across categories, such as cell-site simulators that intercept communications (telecom interception) to track people (geolocation).387 To decide on one functionality, we relied on a contract’s labeled product or service category. Contract awards are assigned codes from the North American Industry Classification System (NAICS), a federal standard for classifying businesses,388 and a Product Service Code (PSC), a Federal Procurement Data System (FPDS) standard for describing products and services.389 When analyzing the contracts that fell under our functionality categories, we noticed patterns in how NAICS and PSC codes were assigned. For example, FPDS assigned the PSC “Web-based Subscription” for many of the ICE contracts we categorized as data brokers. As a result, we treated the PSC code “Web-based Subscription” as a signal that an award may best belong under the data broker functionality.
4. Automated Contract Analysis
Our manual review of ICE transactions yielded an initial dataset of ICE surveillance transactions, but the approach was time-intensive. To evaluate more contracts and to find contracts we missed on our first pass, we trained a model to identify contracts with a high probability of being surveillance related. We then manually reviewed each contract flagged by the model. The model complemented our manual review and flagged vendors, products and services that we did not identify in our first pass, for reasons such as irregular spelling in the award description. Using the model to aid our process also allowed us to analyze a significantly larger number of contracts and identify more instances of ICE surveillance spending.
5. Standardizing Contractor Names
a. Removing duplicates
ICE often fails to keep to a standard when recording the names of recipients. For example, ICE may record the City of Philadelphia, a contractor, as “philadelphia city of,” “philadelphia, city of,” or simply “Philadelphia.” To standardize recipients’ names, we used Open Refine’s key collision algorithms to fuzzy-match and merge names.390 We then supplemented that automatic merge with manual corrections.
b. Listing Contractors by Their Parent Company
Attributing a contract to a vendor is not always straightforward. Some companies obscure their ICE contracts by providing services through shell or child companies. Companies also change names or acquire or merge with smaller companies. To disentangle this web, we refer to award recipients by their present-day parent company names, current as of October 2021. To connect vendors to their parent companies, we used a vendor mapping developed by TechInquiry.391
6. Calculating Total Spending
Our report tracks the cumulative amount ICE spent over 12 years. Because awards frequently do not record cumulative spending on the contract, we recalculated the running total values of all surveillance awards. To compute the running sum of an award’s value each year, we summed each award’s yearly transactions—the “federal action obligations” in a running sum.
7. Limitations
a. Undercounting contracts
By erring on the side of caution, we may have undercounted ICE’s surveillance contracts. Even after significant research, we were unable to make out whether some contracts had a categorizable surveillance purpose. For example, we excluded an ICE purchase of “scanners”392 because the vendor sells both image scanners and fingerprint scanners.
b. Overcounting contracts
We also may have overcounted surveillance awards as a consequence of ICE’s opaque reporting practices. ICE seldom discloses enough information to tell what the agency is purchasing or how its agents will use it. For example, ICE described one purchase as “required for electronic surveillance operations.”393 Not only is the award ambiguous, but the vendor sells many kinds of surveillance technologies, including those our report does not track.394
c. Third-party contractors
Our review does not disentangle providers from third-party vendors. For example, we listed a HART contract acquiring Amazon Web Services under the third-party vendor awarded the contract.395
- 376. ICE as an Awarding Agency - Fiscal Year 2008 - 2021, https://www.usaspending.gov/search/?hash=78b38388cb2a2618d0fcce25b2ddbae5
- 377. USAspending, About, https://www.usaspending.gov/about. Last accessed 2022-04-18.
- 378. WatchBlog, USAspending.Gov Contains a Treasure Trove of Information, But How Reliable Is It?, WatchBlog: Official Blog of the U.S. Government Accountability Office (Aug. 13, 2020), https://blog.gao.gov/2020/08/13/usaspending-gov-contains-a-treasure-trove-of-information-but-how-reliable-is-it/.; U. S. Government Accountability Office, Data Act: Quality of Data Submissions Has Improved but Further Action Is Needed to Disclose Known Data Limitations, https://www.gao.gov/products/gao-20-75 (last visited Jun. 21, 2021). See also Jack Poulson, Reports of a Silicon Valley/Military Divide Have Been Greatly Exaggerated, TechInquiry (July 7, 2020), https://techinquiry.org/SiliconValley-Military/ (“While FPDS is the definitive source for US federal procurement data, it is known to have numerous shortcomings, such as inconsistencies and and inaccuracies in award amounts, slow and incomplete uploads from contract officers (including 90 day delays for DoD procurement), and corrections frequently taking place years after the signing data.”).
- 379. USAspending gathers its data from the Federal Procurement Data System (FPDS) which shares no data on ICE’s actual payouts or outlays. As a result, ICE’s outlays are not included in awards data. See Analyst’s Guide to Federal Spending Data, USAspending Data Lab, https://datalab.usaspending.gov/analyst-guide/ (last visited Jun. 21, 2021).
- 380. An obligation is “a promise made by the government to spend funds.” Id.
- 381. See Poulson, supra note 378.
- 382. See Appendix B.
- 383. USAspending, https://www.usaspending.gov/.
- 384. We decided on these categories as we looked at ICE surveillance contracts and noticed common surveillance functionalities procured by ICE.
- 385. See, e.g., National Immigration Law Center, Glossary at a Glance: Immigration Databases, Information Sharing Systems, and Case Management Systems (Aug. 2021), https://www.nilc.org/wp-content/uploads/2018/01/databases-glossary.pdf; Mijente, National Immigration Project & Immigrant Defense Project, Who’s Behind ICE?: The Tech and Data Companies Fueling Deportations (2018), https://mijente.net/wp-content/uploads/2018/10/WHO’S-BEHIND-ICE_-The-Tech-and-Data-Companies-Fueling-Deportations-_v1.pdf; Simon Migliano & Samuel Woodhams, ICE Surveillance Technology Spending Report, Top10VPN (Feb. 2, 2021), https://www.top10vpn.com/research/ice-surveillance-contracts/.
- 386. Any given contract may have multiple transactions associated with it. Whenever we flagged any transaction as relating to surveillance functionality, we flagged the entire contract.
- 387. See Electronic Frontier Foundation, Street-Level Surveillance (Aug. 28, 2017), https://www.eff.org/pages/cell-site-simulatorsimsi-catchers.
- 388. U.S. Census Bureau, North American Industry Classification System (Jan. 5, 2022), https://www.census.gov/naics/.
- 389. U.S. General Services Administration, Federal Procurement Data System Product and Services Codes (PSC) Manual (Oct. 2010), https://www.acquisition.gov/sites/default/files/manual/October%202020%20PSC%20Manual.pdf; See also FPDS, FPDS-NG FAQs, https://beta.fpds.gov/wiki/index.php/FPDS-NG_FAQs.
- 390. OpenRefine Documentation, Cluster and edit, https://docs.openrefine.org/manual/cellediting#cluster-and-edit. Last accessed 2022-04-18.
- 391. Jack Poulson, Vendor to Parents, https://gitlab.com/tech-inquiry/gov-contract-embeddings/-/blob/fc0e4eda2e8ae05fac8a698117c746a551713847/data/vendor_to_parents.json.
- 392. USAspending, Contract Summary: NCS Technologies Incorporated, https://www.usaspending.gov/award/CONT_AWD_HSCETE12J00279_7012_HSHQDC07D00028_7001.
- 393. USAspending, Contract Summary: DTC Communications, Inc., https://www.usaspending.gov/award/CONT_AWD_HSCEMD12F00070_7012_DJD11C0002_1524.
- 394. Cobham, Product Quick Guide (Feb. 2014), https://www.cobham.com/media/1078613/Cobham_TCS_QuickGuide_Mar14.pdf.
- 395. USAspending, Contract Summary: Four Points Technology, L.L.C., https://www.usaspending.gov/award/CONT_AWD_70RCSA20FR0000097_7001_HSHQDC13D00003_7001.