Matthew Kozma, President Trump’s pick to run the Department of Homeland Security’s Office of Intelligence and Analysis (I&A), told senators last week that the agency is sometimes justified to “to access private communications. That claim should set off an alarm bell: Under long-standing rules, I&A may collect information only when its officers are either (1) openly identified as the government or (2) obtaining material available to the public. Anything else, such as covert infiltration of private chats, is illegal.
During the same hearing, Senator Ron Wyden pressed Kozma, asking whether it was “ever okay” for I&A staff to “misrepresent themselves to get into private chat rooms and other private communications?” While Kozma agreed that it was generally not appropriate for I&A agents to do so, he claimed there were “certain exceptions” that necessitated “alternative representations” of agents’ identities.
This stance contradicts testimony by Kozma’s predecessor, who told Congress in 2024 that I&A’s social media intelligence officers “can only collect publicly available information and cannot misrepresent themselves to access certain chat rooms or types of communications.” When Wyden asked Kozma in written questioning if he agreed, Kozma dismissed the statement as a “remark made by a prior administration official.”
Plainly put, Kozma is wrong. It would be clearly illegal for I&A officers to use fake identities to enter group chats and the like where they could target protestors and activists. I&A’s own 2017 guidelines – required by Executive Order 12333, which empowers and regulates the activities of U.S. intelligence agencies – allow its officers to collect intelligence in only two ways: overtly, meaning they must identify themselves as government agents, or from publicly available information, which is information that is widely accessible to the public, including in an open meeting or accessible online. Information that is not public and available only through covert means of collection is off limits to I&A officers. That prohibition explicitly also covers personnel “detailed” to I&A from other agencies.
Instead, Kozma now says he sees two situations in which I&A officers could hide their identities to access private communications. First, he says I&A may go undercover to “access information critical to thwarting terrorism or other attacks against America.” Second, Kozma says there are “certain exceptions to the cases we discussed in order to protect individuals who may be detailed to I&A that would be in a covered status.”
Yet loopholes for covert identity protection or “critical” information simply do not exist, nor have they been recognized in any administration since George W. Bush first specified how I&A may collect intelligence in a 2008 update to Executive Order 12333. Furthermore, when Congress imposed some limitations on I&A in 2023, it did not create any exceptions of the type referenced by Kozma.
Limits on I&A’s collection methods are critical because its activities come with few other safeguards. I&A’s mandate is broad, ranging from countering domestic terrorism and addressing undefined “significant threats” to “economic security, public health, or public safety.” Agency guidelines allow officers to collect, retain, and disseminate information about speech and associations protected by the First Amendment when the collecting officer says it furthers one of those missions.
The office’s track record shows the danger of how this power can be abused. In 2020, the office deployed officers to Portland, Oregon, where they built dossiers on racial justice protestors and wrote intelligence reports on journalists. I&A’s lawyers have asserted that people vandalizing confederate monuments threatened homeland security. I&A’s officers have monitored student protestors and people discussing abortion law and elections online, on the theory such talk could lead to terrorism. And they have produced questionable reports on Atlanta-based environmentalists and given these reports to Georgia authorities who then used them as a basis for a politicized RICO indictment.
The collapse of internal oversight at DHS—already weak—has further created vulnerabilities. Its exact status in turmoil, the Department’s civil rights office is either headed toward elimination or a greatly reduced staff, with its ability to review intelligence activities in serious question. Potentially the only DHS entity that would remain to check I&A’s operations is its internal intelligence oversight office, subordinate to the position Kozma will fill if confirmed.
On Tuesday, news broke that I&A reportedly plans to cut up to 75% of its staff. The personnel most likely to be let go include the agency’s own oversight and governance officials. Meanwhile, I&A has stated that it will retain its collections officers—those who work with state and local law enforcement to gather intelligence.
Kozma’s claims that I&A officers could covertly break into private electronic communications are alarming, though it is not clear the unlawful operations are happening today. Activists—who have long been targeted by I&A—regularly use private electronic channels to communicate. They are under particular scrutiny now thanks to government efforts to suppress criticism with federal law enforcement, National Guard takeovers, immigration law, and more.
Kozma’s comfort with covert entry into private chats should alarm Congress before it votes. Given these risks and I&A’s history, the public, Congress, and the media should be watchful, and insist that the agency’s domestic intelligence practices be sunset, rather than expanded.
The post Incoming DHS Intelligence Lead Promotes Unlawful Activities appeared first on Just Security.