ICE Leaked These Asylum Seekers' Personal Information. A Court Just Dismissed Their Lawsuit.

In November 2022, Immigration and Customs Enforcement (ICE) accidentally posted the names, birthdates, nationalities, and detention locations of over 6,000 migrants to the agency's website. Forty-nine affected migrants sued Acting ICE Director Patrick J. Lechleitner and other government officials over the data leak—but last week, the U.S. District Court for the District of Columbia dismissed their suit.

The 49 migrants came to the U.S. to seek asylum, with many of them fleeing "gang violence, government retaliation, and persecution on the basis of protected grounds," noted last week's opinion. All of them were eventually detained by ICE. Then, in late November 2022, an ICE employee allegedly uploaded the personal information of 6,252 migrants—some of whom were in ICE custody at the time, and some who once were—to the agency's website, available for anyone to view or download. It was on the site for about five hours.

"We know the 20 columns of personal data about each victim were downloaded six times from [internet service providers] that ICE refuses to disclose to Congress or to the victims of the  breach," said Curtis Lee Morrison, partner and attorney at Morrison Urena and the lead attorney representing the asylum seeker plaintiffs, in a statement.

That lack of transparency complicates the plaintiffs' immigration cases, notes Ellyn Jameson, staff attorney at the Capital Area Immigrants' Rights Coalition, which filed an amicus brief in support of the plaintiffs. "The plaintiffs face an uphill battle in proving that this breach increases the danger they face because our government has staunchly refused to reveal to them who accessed their information," she explains.

Some of the plaintiffs hail from repressive countries, such as Nicaragua and Venezuela, making it all the more risky for their personal information to be released. "The plaintiffs are justifiably afraid that the persecutors they already feared, including foreign governments, will be better able to locate or retaliate against them as a result of this information becoming public," says Jameson. One notable example of the fallout happened last December, when the Department of Homeland Security (DHS) "inadvertently tipped off the Cuban government…that some of the immigrants the agency sought to deport to the island nation had asked the U.S. for protection from persecution or torture," the Los Angeles Times reported.

The plaintiffs sought financial remedies, as well as "accommodations…so that their asylum and withholding claims can be considered or reconsidered in light of the data breach, with the presumption of risk created by the data breach being presumed." District Judge Royce C. Lamberth, in dismissing the suit, noted "the gravity of ICE's alleged failure to safeguard the data of vulnerable people in its custody."

The court ruled that the plaintiffs lacked Article III standing "to seek injunctive or declaratory relief because they have not alleged an ongoing or future violation of their rights by defendants." The court also held that their money damages claims under the Administrative Procedure Act, the Accardi doctrine, and the Due Process Clause are "barred by sovereign immunity because Congress has not consented to such suits."

"The victims may not have been persecuted or tortured due to the data breach yet, but the likelihood of those outcomes has increased due to ICE's conduct," says Morrison. "And the increased likelihood of those outcomes means [increased] anxiety and emotional distress for all the victims."

"In my view, that's injury," he continues. "To the Biden administration apparently, not so much."

Federal regulation mandates that the identities of asylum seekers be kept private. In an emailed statement, an ICE spokesperson noted that the release was "a breach of policy" and the agency is "taking all corrective actions necessary" to rectify it. An official told Axios last November that the government planned to contact those who had downloaded the migrants' information and request that they delete it. It also temporarily paused deportations for affected migrants.

Hannah Cartwright, executive director of Mariposa Legal, says that "ICE's response has been the barest of bare minimums." The agency "has refused to release information publicly about the scope of the breaches, refused to respond to [Freedom of Information Act (FOIA)] requests, and taken a hard-line defensive posture in the litigation of these ongoing cases in immigration court," she explains.

Immigration lawyers and advocacy groups tell Reason that they intend to keep pushing for transparency and solutions for the affected migrants. Immigrant Legal Defense, an immigration legal services nonprofit, filed a FOIA request last month seeking information from ICE and DHS about agency communications and the identities of those who accessed migrants' data. That request is pending.

"This decision sadly leaves the plaintiffs without much recourse, either in their immigration proceedings or their personal lives," says Jameson. "They entrusted our government with sensitive personal information as part of their efforts to receive protection here in the U.S., and our government simply did not handle that information with the care it deserved."