The Automated Targeting System (ATS) is a security and DHS
tracking program that mines a vast amount of data to create a “risk assessment” on hundreds of millions of citizen and non-citizen alike, a label that will follow them for the rest of their lives, as the data will be retained for 40 years. This program represents a monumental change that will have profound effects on Americans’ privacy.
The Automated Targeting System, part of the Department of Homeland Security‘s Customs and Border Protection, was originally established to assess cargo that may pose a threat to the United States. Now the Department of Homeland Security proposes to use the system to establish a secret terrorism risk profile for millions of people, most of whom will be U.S. citizens. Simultaneously, it is seeking to remove Privacy Act safeguards for the database.
The Department of Homeland Security recently published a “Notice of Privacy Act system of records” for the ATS, which it says “performs screening of both inbound and outbound cargo, travelers, and conveyances.” ATS is associated with the Treasury Enforcement Communications System (TECS), a database containing “every possible type of information from a variety of Federal, state and local source.” The new description of the database differs significantly from an earlier one. As recently as March, ATS was described as “a computerized model that [Customs and Border Protection] officers use as a decision support tool to help them target oceangoing cargo containers for inspection.” It is unknown when ATS expanded from merely screening shipping cargo to scrutinizing land and sea travelers. On the same day as the Homeland Security notice about the proposal to use ATS to target individuals, the Senate Homeland Security and Governmental Affairs Committee asked the department for a briefing about ATS.
DHS seeks “routine use” exemptions from the agency’s Privacy Act obligations regarding its disclosures of individuals’ personal information. Congress has ordered all executive agencies to disclose, upon any data subject’s request, an accurate accounting of “the date, nature, and purpose of each disclosure of a record [regarding that data subject] to any person or to another agency.” Congress has also mandated that agencies “inform any person or other agency about any correction or notation of dispute made by the agency [about the accuracy of a data subject’s records].” However, DHS seeks to circumvent these requirements, arguing that compliance could “reveal investigative interest” on the part of DHS. The agency alleges that such a revelation would “present a serious impediment to law enforcement efforts and/or efforts to preserve national security.” But DHS proffers no evidence for this claim.
Vague national security and law enforcement concerns vindicate neither the government’s secretive collection of personal information nor subsequent disclosures through Watchlist Service (WLS) between agencies and government personnel. Without specific justifications linked to the WLS program, the agency is not authorized to evade the meaningful safeguards Congress designed to ensure accuracy and legality of government recordkeeping. The Senate Report from 1974 emphasizes that “it is fundamental to the implementation of any privacy legislation that no system of personal information be operated or maintained in secret by a Federal agency.
76 FR 39315 Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-030 Use of the Terrorist Screening Database System of Records (federalregister.gov)
According to the Department of Homeland Security, ATS assigns a “risk assessment,” which is essentially a terrorist risk rating, to all people “seeking to enter or exit the United States,” “engaging in any form of trade or other commercial transaction related to the importation or exportation of merchandise,” “employed in any capacity related to the transit of merchandise intended to cross the United States border,” and “serving as operators, crew, or passengers on any vessel, vehicle, aircraft, or train who enters or exits the United States.” This numbers in the hundreds of millions. In Fiscal Year 2005, Customs and Border Protection “processed 431 million pedestrians and passengers, 121 million privately owned vehicles, and processed and cleared 25.3 million sea, rail, and truck containers.”
The Automated Targeting System’s terrorist risk profiles will be secret, and unreviewable. The profiles will determine whether individuals will be subject to invasive searches of their persons or belongings, and whether U.S. citizens will be permitted to enter or exit the country. Individuals will not have judicially enforceable rights to access information about them contained in the system, nor to request correction of information that is inaccurate, irrelevant, untimely or incomplete.
The Automated Targeting System was created to screen shipping cargo, but it has many problems even completing that mission. An August 2006 report from the Democratic Staff of the House Committee on Homeland Security gave both port and border security low marks. For port security, the department’s grade is a C-/D+. “There are many gaps remaining in our port security. As some experts have noted, the current port security regime is a ‘house of cards,’ in which containers are often not inspected and the government does not truly know which containers are ‘high risk.'” More resources are needed. “Current staffing shortages at foreign seaports participating in CSI are resulting in thirty-five percent of ‘high risk’ containers not being inspected before they are shipped to the U.S.” In fact, 75 percent “of our ports do not have the ability to screen a container for dirty bombs or nuclear weapons,” according to the report.
EPIC has highlighted the problems inherent in passenger profiling systems in previous testimony and comments. In testimony before the National Commission on Terrorist Attacks Upon the United States (more commonly known as “the 9/11 Commission“), EPIC President Marc Rotenberg explained, “there are specific problems with information technologies for monitoring, tracking, and profiling. The techniques are imprecise, they are subject to abuse, and they are invariably applied to purposes other than those originally intended.”
> ACLU Comments to DHS
> ACLU FOIA Request
> ACLU / Privacy International Letter to European privacy commissioners on the “Automated Targeting System”
> ACLU / Privacy International Letter to Franco Frattini, European Commission, on the “Automated Targeting System”
> DHS ATS Privacy Assessment (PDF)
> Federal Register Privacy Act Notice extending public comment period 12/8/06
> Federal Register Privacy Act on Automated Targeting System 11/2/06