Without notifying the public, federal agents for the past four years have assigned millions of international travelers, including Americans, computer-generated scores rating the risk they pose of being terrorists or criminals.
The travelers are not allowed to see or directly challenge these risk assessments, which the government intends to keep on file for 40 years.
The scores are assigned to people entering and leaving the United States after computers assess their travel records, including where they are from, how they paid for tickets, their motor vehicle records, past one-way travel, seating preference and what kind of meal they ordered.
The program’s existence was quietly disclosed earlier in November when the government put an announcement detailing the Automated Targeting System, or ATS, for the first time in the Federal Register, a fine-print compendium of federal rules. Privacy and civil liberties lawyers, congressional aides and even law enforcement officers said they thought this system had been applied only to cargo.
The Homeland Security Department notice called its program “one of the most advanced targeting systems in the world.” The department said the nation’s ability to spot criminals and other security threats “would be critically impaired without access to this data.”
Still, privacy advocates view ATS with alarm. “It’s probably the most invasive system the government has yet deployed in terms of the number of people affected,” David Sobel, a lawyer at the Electronic Frontier Foundation, a civil liberties group devoted to electronic data issues, said in an interview.
Government officials could not say whether ATS has apprehended any terrorists. Customs and Border Protection spokesman Bill Anthony said agents refuse entry to about 45 foreign criminals every day based on all the information they have. He could not say how many were spotted by ATS.
A similar Homeland Security data-mining project, for domestic air travelers — now known as Secure Flight — caused a furor two years ago in Congress. Lawmakers barred its implementation until it can pass 10 tests for accuracy and privacy protection.
In comments to the Homeland Security Department about ATS, Sobel said, “Some individuals will be denied the right to travel and many the right to travel free of unwarranted interference as a result of the maintenance of such material.”
Sobel said in the interview the government notice also raises the possibility that faulty risk assessments could cost innocent people jobs in shipping or travel, government contracts, licenses or other benefits.
The government notice says ATS data may be shared with state, local and foreign governments for use in hiring decisions and in granting licenses, security clearances, contracts or other benefits. In some cases, the data may be shared with courts, Congress and even private contractors.
“Everybody else can see it, but you can’t,” Stephen Yale-Loehr, an immigration lawyer who teaches at Cornell Law school, said in an interview.
But Jayson P. Ahern, an assistant commissioner of Homeland Security’s Customs and Border Protection agency, said the ATS ratings simply allow agents at the border to pick out people not previously identified by law enforcement as potential terrorists or criminals and send them for additional searches and interviews. “It does not replace the judgments of officers,” Ahern said in an interview Thursday.
Ahern said ATS was first used to rate the risk posed by travelers in the late 1990s, using personal information about them voluntarily supplied by air and cruise lines. A post-9/11 law vastly expanded the program, he said. It required airline and cruise companies to begin in 2002 sending the government electronic data in advance on all passengers and crew entering or leaving the country.
This targeting system goes beyond traditional border watch lists, Ahern said. Border agents compare arrival names with watch lists separately from the ATS analysis.
In a privacy impact assessment posted on its Web site this week, Homeland Security said ATS is aimed at discovering high-risk individuals who “may not have been previously associated with a law enforcement action or otherwise be noted as a person of concern to law enforcement.”
Ahern said ATS does this by applying rules derived from the government’s knowledge of terrorists and criminals to the passenger’s travel patterns and records.
For security reasons, Ahern declined to disclose any of the rules, but a Homeland Security document on data-mining gave an innocuous example of a risk assessment rule: “If an individual sponsors more than one fiancee for immigration at the same time, there is likelihood of immigration fraud.”
In the Federal Register, the department exempted ATS from many provisions of the Privacy Act designed to protect people from secret, possibly inaccurate government dossiers. As a result, it said travelers cannot learn whether the system has assessed them. Nor can they see the records “for the purpose of contesting the content.”
Toby Levin, senior adviser in Homeland Security’s Privacy Office, noted that the department pledged to review the exemptions over the next 90 days based on the public comment received. As of Thursday, all 15 public comments received opposed the system outright or criticized its redress procedures.
The Homeland Security privacy impact statement added that “an individual might not be aware of the reason additional scrutiny is taking place, nor should he or she” because that might compromise the ATS’ methods.
Nevertheless, Ahern said any traveler who objected to additional searches or interviews could ask to speak to a supervisor to complain. Homeland Security’s privacy impact statement said that if asked, border agents would hand complaining passengers a one-page document that describes some, but not all, of the records that agents check and refers complaints to Custom and Border Protection’s Customer Satisfaction Unit.
Homeland Security’s statement said travelers can use this office to obtain corrections to the underlying data sources that the risk assessment is based on. “There is no procedure to correct the risk assessment and associated rules stored in ATS as the assessment … will change when the data from the source system(s) is amended.”
“I don’t buy that at all,” said Jim Malmberg, executive director of American Consumer Credit Education Support Services, a private credit education group. Malmberg noted how hard it has been for citizens, including members of Congress and even infants, to stop being misidentified as terrorists because their names match those on anti-terrorism watch lists.
Homeland Security, however, is nearing an announcement of a new effort to improve redress programs and the public’s awareness of them, according to a department privacy official, who requested anonymity because the formal announcement has not been made.
The department says that 87 million people a year enter the country by air and 309 million enter by land or sea. The names of passengers and for all flights and ships entering and leaving are entered into the system for an ATS analysis, Ahern said. He also said the names of vehicle drivers and passengers are entered when they cross the border and Amtrak is voluntarily supplying passenger data for trains to and from Canada.
Ahern said that border agents concentrate on arrivals more than on departures because their resources are limited.
“If this catches one potential terrorist, this is a success,” Ahern said.
On the Net:
DHS privacy impact statement: http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_cbp_ats.pdf