Privacy watchdogs attack traveler profiling system

WASHINGTON — Privacy advocates and business travelers Friday called on the federal government to scrap a Department of Homeland Security data-mining program that creates terrorism-risk assessments for every traveler entering or leaving the United States.

Incoming Senate Judiciary Chairman Sen. Patrick Leahy, D-Vt., pledged greater scrutiny of such projects. "Data banks like this are overdue for oversight," he said. "That is going to change in the new Congress."

The Automated Targeting System (ATS), which has evaluated millions of Americans without their knowledge, began as a means of screening cargo but quietly was expanded in recent years to screen travelers and create risk profiles that will be retained for 40 years.

Customs officials say the program is necessary to protect the American public.

Travelers are not allowed to see or directly challenge these risk assessments, and some or all data in the system can be shared with state, local and foreign governments for use in hiring, contracting and licensing decisions. Courts and even private contractors can obtain data under certain circumstances.

"It is simply incredible that the Bush administration is willing to share this sensitive information with foreign governments and even private employers, while refusing to allow U.S. citizens to see or challenge their own terror scores," Leahy said. This system "highlights the danger of government use of technology to conduct widespread surveillance of our daily lives without proper safeguards for privacy."

How it works

Almost every person entering and leaving the United States by air, sea or land is assessed based on an analysis of their travel records and other data, including their name, date of birth, where they live, flight itineraries, credit-card information, how they paid for tickets, their motor-vehicle records, past one-way travel, seating preference and what kind of meal they ordered. A customs inspector's interview notes on a traveler also can be included.

Officials said the system works by applying rules learned from experience with the activities and characteristics of terrorists and criminals to traveler data. But they would not describe in detail the format in which border agents see the results or in which the databases store the results of risk assessments.

Government officials also would not say whether the Automated Targeting System (ATS) has apprehended any terrorists. Federal agents turn back about 45 foreign criminals a day at U.S. borders, but it's unclear how many were spotted by ATS, Customs and Border Protection spokesman Bill Anthony said.

The Associated Press

Concerns spread beyond Congress.

"I have never seen anything as egregious as this," said Kevin Mitchell, president of the Business Travel Coalition, an advocate for business travelers. It's "evidence of what can happen when there isn't proper oversight and accountability."

The program, which singles out travelers for extra attention by customs officials, first was revealed days before the Nov. 7 elections in a Washington Post story published by The Seattle Times, after a notice describing it appeared in the Federal Register. Reaction was muted until The Associated Press reported on the issue Thursday.

Air passengers have been scrutinized for risks for 10 years, while assessments of some land-border crossers have been conducted for about two years, a Customs and Border Protection official said.

In comments filed Friday with Homeland Security, of which the customs agency is a part, the ACLU urged an end to the program.

"How come we never heard about it before?" said Barry Steinhardt, director of the ACLU's Technology and Liberty Project. "The fact that they've been doing it for 10 years, under what authority?"

David Sobel, senior counsel for the Electronic Frontier Foundation, said he believes the program's existence without earlier notice violates the 1974 Privacy Act.

"I don't see the logic of collecting massive amounts of information on millions of innocent citizens in the name of locating a small number of suspected terrorists," he said. It was unclear to experts why Homeland Security recently made the program's existence public. Some weren't even certain from the Federal Register filing whether the program was a proposal or already in operation.

Homeland Security spokesman Jarrod Agen confirmed that ATS is an existing program and sought to downplay any controversy about something that isn't new.

He said the program's placement in the Federal Register Nov. 2 was a good-government impulse on the agency's part.

"Because the department is relatively new ... we are making sure the public has an idea of how our systems function," he said. "This is a case of us taking the lead and getting that information out in the public realm so people can know how we collect and screen data."

Privacy experts who have dealt with the department scoffed at that explanation.

"That's positively Orwellian," the ACLU's Steinhardt said. "DHS is the most closed agency in the federal government. The notion that they're transparent and would come forward because of their great respect for transparency is laughable."

Customs officials expressed exasperation with the call to abandon the program. "How do they expect us to determine who's safe and who's at risk?" asked Patrick Jones, an agency spokesman. "We have over 1 million people coming into the country every day, and our job is to protect the American public from people who might want to harm the American public."

A separate proposal to conduct risk assessments on air passengers, called CAPPS II, raised so much controversy in 2004 that it was derailed, and a successor program has stalled.

To some privacy advocates, the ATS project seemed a resurrection of the Defense Department program known as Total Information Awareness. In that program, federal officials sought to mine the consumer and banking records of millions of Americans to discern patterns that might point to certain individuals as possible terrorists. The congressional and public outcry after details emerged in late 2002 killed the program, at least publicly.

"What's going on here is the terrorist scoring of U.S. citizens which really should have been left on the shelf after TIA was canned," said Mark Rotenberg, executive director of the Washington, D.C.-based Electronic Privacy Information Center.

Jayson Ahern, a Customs and Border Protection assistant commissioner, said the agency intends to eventually enter data for all border-crossers in the ATS database.

Ahern said travelers are screened for risk based on "assumptions" that he would not disclose. Those deemed potentially risky would be flagged for follow-up, he said. The system does not assign a numeric score or color code, he said.

"When you look at all the [risk] factors, it just kicks it out that this person is a target for follow-up," Ahern said. In other words, he said, "somebody's targeted or not."

Government officials asserted that creating a vast database over time on travelers — including those who are law-abiding — will help analysts build models of normal and suspicious behavior. Ahern said there are 309 million land and sea border crossings and 87 million air border crossings each year — more than 95 percent for lawful reasons.

Compiled from The Washington Post, The Associated Press and the Chicago Tribune