Automated Targeting System
Introduction
The Automated Targeting System, part of the Department of Homeland Security’s Customs and Border Protection, was originally established to assess cargo that may pose a threat to the United States. Now the Department of Homeland Security proposes to use the system to establish a secret terrorism risk profile for millions of people, most of whom will be U.S. citizens. Simultaneously, it is seeking to remove Privacy Act safeguards for the database.
The Department of Homeland Security recently published a “Notice of Privacy Act system of records” for the Automated Targeting System (“ATS”), which it says “performs screening of both inbound and outbound cargo, travelers, and conveyances.” ATS is associated with the Treasury Enforcement Communications System (“TECS”), a database containing “every possible type of information from a variety of Federal, state and local source.”] The new description of the database differs significantly from an earlier one. As recently as March, ATS was described as “a computerized model that [Customs and Border Protection] officers use as a decision support tool to help them target oceangoing cargo containers for inspection.” It is unknown when ATS expanded from merely screening shipping cargo to scrutinizing land and sea travelers. On the same day as the Homeland Security notice about the proposal to use ATS to target individuals, the Senate Homeland Security and Governmental Affairs Committee asked the department for a briefing about ATS.
According to the Department of Homeland Security, ATS assigns a “risk assessment,” which is essentially a terrorist risk rating, to all people “seeking to enter or exit the United States,” “engag[ing] in any form of trade or other commercial transaction related to the importation or exportation of merchandise,” “employed in any capacity related to the transit of merchandise intended to cross the United States border,” and “serv[ing] as operators, crew, or passengers on any vessel, vehicle, aircraft, or train who enters or exits the United States.” This numbers in the hundreds of millions. In Fiscal Year 2005, Customs and Border Protection “processed 431 million pedestrians and passengers, 121 million privately owned vehicles, and processed and cleared 25.3 million sea, rail, and truck containers.”
The Automated Targeting System’s terrorist risk profiles will be secret, unreviewable, and maintained by the government for 40 years. The profiles will determine whether individuals will be subject to invasive searches of their persons or belongings, and whether U.S. citizens will be permitted to enter or exit the country. Individuals will not have judicially enforceable rights to access information about them contained in the system, nor to request correction of information that is inaccurate, irrelevant, untimely or incomplete.
The Automated Targeting System was created to screen shipping cargo, but it has many problems even completing that mission. An August 2006 report from the Democratic Staff of the House Committee on Homeland Security gave both port and border security low marks. For port security, the department’s grade is a C-/D+. “There are many gaps remaining in our port security. As some experts have noted, the current port security regime is a ‘house of cards,’ in which containers are often not inspected and the government does not truly know which containers are ‘high risk.'” More resources are needed. “Current staffing shortages at foreign seaports participating in CSI are resulting in thirty-five percent of ‘high risk’ containers not being inspected before they are shipped to the U.S.” In fact, 75 percent “of our ports do not have the ability to screen a container for dirty bombs or nuclear weapons,” according to the report.
EPIC has highlighted the problems inherent in passenger profiling systems in previous testimony and comments. In testimony before the National Commission on Terrorist Attacks Upon the United States (more commonly known as “the 9/11 Commission”), EPIC President Marc Rotenberg explained, “there are specific problems with information technologies for monitoring, tracking, and profiling. The techniques are imprecise, they are subject to abuse, and they are invariably applied to purposes other than those originally intended.”
The Automated Targeting System mines a vast amount of data to create a “risk assessment” on hundreds of millions of people per year, a label that will follow them for the rest of their lives, as the data will be retained for 40 years. Yet the system is deeply flawed, and the funds spent turning ATS into a citizen profiling program would be better spent in perfecting its cargo screening process, so that port security can be stronger than a “house of cards.”
News Items
- Collecting of Details on Travelers Documented. Washington Post, Sept. 22, 2007.
- U.S. government tracking travel habits. UPI, Sept. 21, 2007.
- U.S. Airport Screeners Are Watching What You Read. Wired News, Sept. 20, 2007.
- Department of Homeland Security, Press Release: Statement by Homeland Security Chief Privacy Officer Hugo Teufel III on the Privacy Act System of Records Notice for the Automated Targeting System, Aug. 3, 2007.
- White House Edits to Privacy Board’s Report Spur Resignation. Washington Post, May 15, 2007.
- Closing the Door at the Ports. US News & World Report, Dec. 31, 2006.
- DHS defends border terror scoring system. United Press International, Dec. 27, 2006.
- Homeland Security official: Travelers don’t get terror ‘scores.’ Reuters, Dec. 21, 2006.
- Remarks of Stewart Baker, Assistant Secretary for Policy, Department of Homeland Security, at the Center for Strategic and International Studies, Washington, D.C. Dec. 19, 2006.
- Travel groups oppose U.S. risk assessment system. Associated Press, Dec. 14, 2006.
- EU questions US over new air data system. EU Observer, Dec. 14, 2006.
- Press release, Franco Frattini, European Commissioner responsible for Justice, Freedom and Security, “Data protection and transfer of PNR data,” Dec. 13, 2006.
- European officials seek answers on use of passenger data. Congress Daily, Dec. 13, 2006.
- Opinion: Improper ‘risk assessments.’ Macon Telegraph, Dec. 11, 2006.
- Opposition to DHS traveler screening program mounts. National Journal’s Technology Daily, Dec. 11, 2006.
- Travelers assigned terrorism risk rating. Associated Press, Dec. 10, 2006.
- Homeland Security said to defy ban. United Press International, Dec. 9, 2006.
- Traveler Data Program Defied Ban, Critics Say. Washington Post, Dec. 9, 2006.
- Chertoff: Traveler screening program wasn’t a secret. National Journal, Dec. 8, 2006.
- Airline “Risk Assessment”: Defending the Right to Snoop. Time, Dec. 8, 2006.
- Traveler Risk System May Violate Ban. Associated Press, Dec. 8, 2006.
- DHS Passenger Scoring Illegal? Wired News, Dec. 7, 2006.
- Press Release, Sen. Patrick Leahy (D-Vt.), Reaction To Report That The Government Is Assigning Terror Scores To Travelers, Dec. 1, 2006.
- U.S. Plans to Screen All Who Enter, Leave Country. Washington Post, Nov. 3, 2006.
Resources
- Department of Homeland Security, Notice of Privacy Act system of records (Aug. 6, 2007)
- Department of Homeland Security, Notice of proposed rulemaking (Aug. 6, 2007)
- Department of Homeland Security, Response to Public Comments to the November 2006 Rulemaking (pdf) (Aug. 3, 2007)
- Department of Homeland Security, Privacy Impact Assessment for the Automated Targeting System (ATS) (pdf) (Aug. 3, 2007)
- Department of Homeland Security, Press Release: Statement by Homeland Security Chief Privacy Officer Hugo Teufel III on the Privacy Act System of Records Notice for the Automated Targeting System (Aug. 3, 2007)
- The Identity Project
- Cato Institute, Policy Analysis: Effective Counterterrorism and the Limited Role of Predictive Data Mining (Dec. 11, 2006)
- Professor Anita Ramasastry, Homeland Security’s Automated Program of Risk Assessments for Travelers: Why It Fails to Sufficiently Protect Individual Privacy (Dec. 7, 2006)
- Security Expert Bruce Schneier, American Authorities Secretly Give International Travellers Terrorist “Risk” Score (Dec. 1, 2006)
- Department of Homeland Security, Notice of Privacy Act system of records (Nov. 2, 2006)
- H.R. 5441, the “Department of Homeland Security Appropriations Act, 2007” (Oct. 4, 2006)
- EPIC Spotlight on Surveillance “Customs and Border Protection’s Automated System Targets U.S. Citizens” (Oct. 2006)
- EPIC’s page on Passenger Profiling
- EPIC’s page on EU-US Airline Passenger Data Disclosure
- EPIC’s page on Air Travel Privacy
- EPIC’s page on Secure Flight
Comments Filed on the Automated Targeting System
- EPIC, In Response to August 2007 Rulemaking (PDF) (Sept. 5, 2007)
- Miss. Rep. Bennie G. Thompson, Chairman-Designate of the U.S. House of Representatives Homeland Security Committee (PDF) (Dec. 29, 2006)
- EPIC, 29 organizations and 16 privacy and technology experts (PDF) (Dec. 4, 2006)
- Identity Project (PDF) (Dec. 4, 2006), supplemental comments (PDF) (Dec. 29, 2006)
- ACLU (HTML) (Dec. 1, 2006)
- Electronic Frontier Foundation (PDF) (Nov. 30, 2006)