Spotlight on Surveillance
October 2006:
Customs and Border Protection’s Automated System Targets U.S. CitizensEPIC’s “Spotlight on Surveillance” project scrutinizes federal government programs that affect individual privacy. For more information, see previous Spotlights on Surveillance. The Automated Targeting System, part of the Department of Homeland Security’s Customs and Border Protection, is under the Spotlight this month. For Fiscal Year 2007, President Bush has requested $1.94 billion for border security, which includes the Automated Targeting System.[1] The system was originally established to assess cargo that may pose a threat to the United States. Now the Department of Homeland Security proposes to use the system to establish a secret terrorism risk profile for millions of people, most of whom will be U.S. citizens. Simultaneously, it is seeking to remove Privacy Act safeguards for the database.
Source: U.S. Customs and Border Protection
The Automated Targeting System assigns a “risk assessment” to every person and container seeking to enter or exit the U.S. In Fiscal Year 2005, Customs and Border Protection “processed 431 million pedestrians and passengers, 121 million privately owned vehicles, and processed and cleared 25.3 million sea, rail, and truck containers,” according to Customs.
The Department of Homeland Security recently published a “Notice of Privacy Act system of records” for the Automated Targeting System (“ATS”), which it says “performs screening of both inbound and outbound cargo, travelers, and conveyances.”[2] ATS is associated with the Treasury Enforcement Communications System (“TECS”), a database containing “every possible type of information from a variety of Federal, state and local source.”[3] The new description of the database differs significantly from an earlier one. As recently as March, ATS was described as “a computerized model that [Customs and Border Protection] officers use as a decision support tool to help them target oceangoing cargo containers for inspection.”[4] It is unknown when ATS expanded from merely screening shipping cargo to scrutinizing land and sea travelers. On the same day as the Homeland Security notice about the proposal to use ATS to target individuals, the Senate Homeland Security and Governmental Affairs Committee asked the department for a briefing about ATS.[5]
According to the Department of Homeland Security, ATS assigns a “risk assessment,” which is essentially a terrorist risk rating, to all people “seeking to enter or exit the United States,” “engag[ing] in any form of trade or other commercial transaction related to the importation or exportation of merchandise,” “employed in any capacity related to the transit of merchandise intended to cross the United States border,” and “serv[ing] as operators, crew, or passengers on any vessel, vehicle, aircraft, or train who enters or exits the United States.”[6] This numbers in the hundreds of millions. In Fiscal Year 2005, Customs and Border Protection “processed 431 million pedestrians and passengers, 121 million privately owned vehicles, and processed and cleared 25.3 million sea, rail, and truck containers.”[7]
The Automated Targeting System’s terrorist risk profiles will be secret, unreviewable, and maintained by the government for 40 years. The profiles will determine whether individuals will be subject to invasive searches of their persons or belongings, and whether U.S. citizens will be permitted to enter or exit the country. Individuals will not have judicially enforceable rights to access information about them contained in the system, nor to request correction of information that is inaccurate, irrelevant, untimely or incomplete.[8]
This system is reminiscent of the now-defunct “Total Information Awareness” program, which sought to capture a person’s “information signature” so that the government could track potential terrorists and criminals involved in “low-intensity/low-density” forms of warfare and crime.[9] The goal of the system was to track individuals by collecting as much information about them as possible and using computer algorithms and human analysis to detect potential activity.[10] Although the public focused on the data collected for Total Information Awareness, a key part of the design, as described by John Poindexter, was the ability of the government to assign a secret terrorist rating to each individual.
Source: Democratic Staff of the House Committee on Homeland Security
“There are many gaps remaining in our port security. As some experts have noted, the current port security regime is a ‘house of cards,’ in which containers are often not inspected and the government does not truly know which containers are ‘high risk,’” according to an August 2006 report by the Democratic Staff of the House Committee on Homeland Security.
According to the notice, ATS creates “risk assessments” for each person or item by “associat[ing] information obtained from CBP’s cargo, travelers, and border enforcement systems with a level of risk posed by each item and person as determined through the rule based query of the cargo or personal information accessed by ATS.”[11] A massive amount of information from many systems including the Treasury Enforcement Communications System, the Advance Passenger Information System, and travelers’ Passenger Name Record data, which includes address and payment data, itineraries and other travelers in the same party, will be analyzed under “criteria and rules developed by CBP” that are unknown to the public.[12] TECS has “5.3 billion records accessed 766 million times daily.”[13] ATS also will retain the risk assessments for 40 years, even assessments of people who are not considered a threat. Customs and Border protection says, “All risk assessments need to be maintained because the risk assessment for individuals who are deemed low risk will be relevant if their risk profile changes in the future, for example, if terrorist associations are identified.”[14]
Although individuals will not be able to view the terrorist profile rating that has been assigned by the government, the data and the risk assessment will be available to other federal agencies for a wide range of activities. According to the Privacy Act notice, Customs and Border Protection has identified 15 categories of “routine uses” of personal information to be collected and maintained in the program’s system of records. In one category, CBP anticipates disclosure to:
To appropriate Federal, State, local, tribal, or foreign governmental agencies or multilateral governmental organizations where CBP is aware of a need to utilize relevant data for purposes of testing new technology and systems designed to enhance border security or identify other violations of law.[15]
Another category allows disclosure to:
Federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license, where CBP believes the information would assist enforcement of civil or criminal laws.[16]
These categories are so broad as to be almost meaningless, allowing for potential disclosure to virtually any government agency worldwide for an array of actual or potential undefined violations.
Not only does Customs and Border Protection seek to broadly use ATS data, but it proposes to exempt the system from Privacy Act requirements that an individual be permitted access to personal information, that an individual be permitted to correct and amend personal information, and that an agency assure the reliability of personal information for its intended use.[17] When it enacted the Privacy Act in 1974, Congress sought to restrict the amount of personal information that federal agencies could collect and required agencies to be transparent in their information practices.[18]
Customs and Border Protection proposes to exempt ATS from all Privacy Act provisions guaranteeing citizens the right to access records containing information about them.[19] The Privacy Act provides, among other things, that:
· an individual may request access to records an agency maintains about him or her;[20]
· an individual may seek judicial review to enforce the statutory right of access provided by the Act,[21] and
· the agency must publish a notice of the existence of records in the Federal Register, along with the procedures to be followed to obtain access.[22]
The agency also seeks to exempt ATS from the Privacy Act requirements that define the government’s obligation to allow citizens to challenge the accuracy of information contained in their records, such as:
· an agency must correct identified inaccuracies promptly;[23]
· an agency must make notes of requested amendments within the records;[24] and
· an agency must establish procedures to handle disputes between the agency and individual as to the accuracy of the records.[25]
Source: U.S. Customs and Border Protection
Although individuals will not be able to view the terrorist profile rating that has been assigned by the government, the data and the risk assessment will be available to other federal agencies for a wide range of activities. Customs and Border Protection has identified 15 categories of “routine uses” of personal information to be collected and maintained in ATS.
Customs and Border Protection’s notice establishes a system that provides neither adequate access nor the ability to amend or correct inaccurate, irrelevant, untimely and incomplete records. “Generally, this system of records may not be accessed for purposes of determining if the system is a record pertaining to a particular individual” nor is it to be accessed “under the Privacy Act for the purpose of inspection,” the notice says.[26] In lieu of the judicially enforceable right of access provided by the Privacy Act, “general inquiries regarding ATS may be directed to the Customer Satisfaction Unit.”[27] In its Privacy Impact Assessment for ATS, Homeland Security states, “There is no procedure to correct the risk assessment and associated rules stored in ATS.”[28] Under the redress procedure to correct data in the source systems, such as TECS, a person must write to CBP Customer Satisfaction Unit in the Office of Field Operations.[29]
It is unknown how a person would know that there is incorrect information in ATS when the system can neither be accessed under the Privacy Act for inspection nor can it be accessed to determine if it includes an individual’s record. In fact, the only indication a traveler may have that the government is keeping records about him is if he is subjected to extra scrutiny, detained or arrested at the border.
Homeland Security Secretary Michael Chertoff recently discussed the citizens’ right to redress in cases where they are mistakenly listed as “threats” on the Transportation Security Administration’s “no-fly lists.” He said, “we don’t conduct court hearings on this” because “first of all, almost all the information is classified; second, because I'm quite sure that the 19 hijackers, if we could replay history, would have contested being on a no-fly list, and we're not about to let them do that; and third, because we would be inundated with proceedings.”[30] Secretary Chertoff is correct: if citizens had the right to sue to ensure that their records are correct, that they are not mistakenly given terrorist “risk assessments,” then the department would be inundated – and innocent citizens would be cleared of the “threat” label. People have had to suffer the consequences of false identifications under the no-fly lists. Last year, the director of the Transportation Security Administration’s redress office revealed that more than 30,000 people who are not terrorists have asked the Transportation Security Administration to remove their names from the lists since September 11, 2001.[31] Now, with the redress problem for air travelers still unresolved, the Department of Homeland Security is proposing to dramatically expand the secret profiling of American citizens.
If the Department of Homeland Security is allowed to exempt the ATS from the Privacy Act requirements, then the agency would not ensure the reliability of the data, provide citizens with access to their personal data, or opportunities to correct inaccurate or incomplete data.[32] These are significant failures, as the Government Accountability Office (“GAO”) reported in March that there are questions about the accuracy and reliability of ATS risk assessments. The office’s review of ATS showed that CBP “currently does not have reasonable assurance that ATS is effective,” testified Richard M. Stana, Director of Homeland Security and Justice Issues at the Government Accountability Office, at a Senate committee hearing in March.[33] Stana also questioned the accuracy and reliability of ATS risk assessments. “CBP does not yet have key internal controls in place to be reasonably certain that ATS is providing the best available information to allocate resources for targeting and inspecting that are the highest risk and not overlook inspecting containers that pose a threat to the nation.”[34] These criticisms remain even after a 2004 GAO review suggested improvements to the system.
The Automated Targeting System was created to screen shipping cargo, but it has many problems even completing that mission. An August 2006 report from the Democratic Staff of the House Committee on Homeland Security gave both port and border security low marks. For port security, the department’s grade is a C-/D+. “There are many gaps remaining in our port security. As some experts have noted, the current port security regime is a ‘house of cards,’ in which containers are often not inspected and the government does not truly know which containers are ‘high risk.’”[35] More resources are needed. “Current staffing shortages at foreign seaports participating in CSI are resulting in thirty-five percent of ‘high risk’” containers not being inspected before they are shipped to the U.S.”[36] In fact, 75 percent “of our ports do not have the ability to screen a container for dirty bombs or nuclear weapons,” according to the report.[37]
EPIC has highlighted the problems inherent in passenger profiling systems in previous testimony and comments.[38] In testimony before the National Commission on Terrorist Attacks Upon the United States (more commonly known as “the 9/11 Commission”), EPIC President Marc Rotenberg explained, “there are specific problems with information technologies for monitoring, tracking, and profiling. The techniques are imprecise, they are subject to abuse, and they are invariably applied to purposes other than those originally intended.”[39]
The Automated Targeting System mines a vast amount of data to create a “risk assessment” on hundreds of millions of people per year, a label that will follow them for the rest of their lives, as the data will be retained for 40 years. Yet the system is deeply flawed, and the funds spent turning ATS into a citizen profiling program would be better spent in perfecting its cargo screening process, so that port security can be stronger than a “house of cards.”
[1] Department of Homeland Security, Budget-in-Brief Fiscal Year 2007 (Feb. 6, 2006) available at http://www.dhs.gov/xlibrary/assets/Budget_BIB-FY2007.pdf and http://www.epic.org/privacy/surveillance/spotlight/0806/dhsb07.pdf.
[2] Department of Homeland Security, Notice of Privacy Act system of records, 71 Fed. Reg. 64543 (Nov. 2, 2006) [hereinafter “ATS Privacy Act Notice”] available at http://edocket.access.gpo.gov/2006/06-9026.htm.
[3] Department of the Treasury, Notice of Privacy Act system of records, 66 Fed. Reg. 52983, 53029 (Oct. 18, 2001) available at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2001_register&docid=f:18ocn2.pdf.
[4] Richard M. Stana, Director, Homeland Security and Justice Issues, Government Accountability Office, Testimony at a Hearing on Neutralizing the Nuclear and Radiological Threat: Securing the Global Supply Chain (Part Two) Before the Subcom. on Investigations of the S. Comm. on Homeland Security and Governmental Affairs, 109th Cong. (Mar. 30, 2006) [hereinafter “GAO Testimony on ATS”] available at http://www.gao.gov/new.items/d06591t.pdf.
[5] Ellen Nakashima and Spencer S. Hsu, U.S. Plans to Screen All Who Enter, Leave Country, Wash. Post, Nov. 3, 2006.
[6] Id.
[7] W. Ralph Basham, Commissioner, Customs and Border Protection, Department of Homeland Security, Statement at a Hearing on Customs Budget Authorizations & Other Customs Issues Before the Subcom. on Trade of the H. Comm. on Ways & Means, 109th Cong. (July 25, 2006) available at http://waysandmeans.house.gov/hearings.asp?formmode=view&id=5160.
[8] See discussion, infra.
[9] EPIC’s page on Total Information Awareness, http://www.epic.org/privacy/profiling/tia/.
[10] According to Under Secretary of Defense for Acquisition, Logistics, and Technology Edward C. “Pete” Aldridge, “The purpose of TIA would be to determine the feasibility of searching vast quantities of data to determine links and patterns indicative of terrorist activities.” Question and Answer Response by Joint Staff and Under Secretary of Defense for Acquisition, Logistics, and Technology Edward C. “Pete” Aldridge at DoD Press Conference, DoD News Briefing—ASD(PA) Clark and Adm. Gove, Nov. 20, 2002 available at http://www.defenselink.mil/transcripts/2002/t11202002_t1120asd.html.
[11] ATS Privacy Act Notice, supra note 2 at 64544.
[12] Id.
[13] National Research Council of the National Academies, Transportation Research Board, Cybersecurity of Freight Information Systems: A Scoping Study 69 (2003) available at http://trb.org/publications/sr/sr274.pdf.
[14] ATS Privacy Act Notice, supra note 2 at 64546.
[15] Id. at 64545.
[16] Id.
[17] Id.
[18] S. Rep. No. 93-1183 at 1 (1974).
[19] ATS Privacy Act Notice, supra note 2 at 64545.
[20] 5 U.S.C. § 552a(d)(1).
[21] 5 U.S.C. § 552a(g)(1).
[22] 5 U.S.C. §§ 552a(e)(4)(G), (e)(4)(H), (f).
[23] 5 U.S.C. § 552a(d)(2)(B), (d)(3).
[24] 5 U.S.C. § 552a(d)(4).
[25] 5 U.S.C. § 552a(f)(4).
[26] ATS Privacy Act Notice, supra note 2 at 64546.
[27] Id.
[28] Department of Homeland Security, Customs and Border Protection, Privacy Impact Assessment for the Automated Targeting System 19 (Nov. 22, 2006) available at http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_cbp_ats.pdf.
[29] Id.
[30] Michael Chertoff, Secretary of Homeland Security, Remarks at the Federalist Society's Annual Lawyers Convention, Nov. 17, 2006 available at http://www.dhs.gov/xnews/speeches/sp_1163798467437.shtm.
[31] Anne Broache, Tens of thousands mistakenly matched to terrorist watch lists, CNet News.com, Dec. 6, 2005.
[32] The Department of Homeland Security is seeking exemptions under §552a(j)(2) and (k)(2). ATS Privacy Act Notice, supra note 2 at 64545.
[33] GAO Testimony on ATS, supra note 4 at 5.
[34] Id. at 5-6.
[35] Democratic Staff of the H. Comm. on Homeland Security, 109th Cong., The State of Homeland Security 2006: Annual Report Card on the Department of Homeland Security ii (Aug. 2006) available at http://hsc-democrats.house.gov/SiteDocuments/20060814122421-06109.pdf.
[36] Id. at 5.
[37] Id.
[38] See EPIC’s pages on Passenger Profiling, http://www.epic.org/privacy/airtravel/profiling.html; Secure Flight, http://www.epic.org/privacy/airtravel/secureflight.html; and EPIC’s Spotlight on Surveillance about Registered Traveler (October 2005), http://www.epic.org/privacy/surveillance/spotlight/1005/.
[39] Marc Rotenberg, President, EPIC, Prepared Testimony and Statement for the Record of a Hearing on Security & Liberty: Protecting Privacy, Preventing Terrorism Before the National Commission on Terrorist Attacks Upon the United States (Dec. 8, 2003) available at http://www.epic.org/privacy/terrorism/911commtest.pdf.
EPIC Spotlight on Surveillance Page | EPIC Privacy Page | EPIC Home Page