U.S. senators are vowing to investigate the Department of Homeland Security's newly disclosed system for assigning risk assessments to all travelers trying to enter or leave the United States.
On the last day for public comment about the Automated Targeting System, Sens. Patrick Leahy, D-Vt., who will chair the Judiciary Committee, and Susan Collins, R-Maine, chair of the Homeland Security Committee, are promising to look into the program.
ATS uses information about travelers to determine whether they are likely to be criminals or terrorists. According to DHS, the program covers everyone trying to enter or exit the United States by land, sea, or air.
It is not clear when the federal government expanded the program from one that covered ocean cargo to one that covers people. DHS published a notice in the Federal Register in November that gave people until Dec. 4 to comment on the program. Opponents have cited internal documents stating that DHS said the program would be instituted Monday unless it received comments that "resulted in a contradictory determination," but critics say they believe it is already in effect.
Leahy, who co-authored a data privacy and security bill that cleared the Judiciary Committee but did not make it to the floor for a vote, indicated that the program is one of several efforts the new Congress will scrutinize.
"The recent revelation that, since 9/11, the U.S. government has been assigning terror scores to millions of law-abiding Americans who travel across our borders, without their knowledge, highlights the danger of government use of technology to conduct widespread surveillance of our daily lives without proper safeguards for privacy," he said through a prepared statement. "It is simply incredible that the Bush Administration is willing to share this sensitive information with foreign governments and even private employers, while refusing to allow U.S. citizens to see or challenge their own terror scores. Data banks like this are overdue for oversight, and that is going to change in the new Congress."
Privacy advocates, including the Electronic Privacy Information Center and the Electronic Frontier Foundation, are trying to delay the program, saying travelers have no way of knowing what information is retained about them, or whether the information is accurate or up to date. They say the program's exemption from the Privacy Act also means that travelers will not be able to refute or correct inaccurate information, which could result in increased security checks or prohibitions on entering or leaving the country.
"The government is preparing to give millions of law-abiding citizens 'risk assessment' scores that will follow them throughout their lives," says EFF senior counsel David Sobel. "If that wasn't frightening enough, none of us will have the ability to know our own score, or to challenge it. [DHS] needs to delay the deployment of this system and allow for an informed public debate on this dangerous proposal."
The government plans to store the information for up to 40 years, even for people not deemed a risk, because the assessments could change. The information could be shared with government agencies, contractors, and grantees to enforce criminal or civil laws, according to DHS documents.
"This system is reminiscent of the now-defunct "Total Information Awareness" program, which sought to capture a person's 'information signature' so that the government could track potential terrorists and criminals involved in 'low-intensity/low-density' forms of warfare and crime," EPIC argued in a statement. "The goal of the system was to track individuals by collecting as much information about them as possible and using computer algorithms and human analysis to detect potential activity. Although the public focused on the data collected for Total Information Awareness, a key part of the design, as described by John Poindexter, was the ability of the government to assign a secret terrorist rating to each individual."
DHS says it needs the program to protect national security and terrorist attacks. DHS Secretary Michael Chertoff told the Federalist Society's Annual Lawyers Convention on Nov. 17, that the department would be inundated with requests for information and requests for corrections if the contents of the database could be publicized. The information is deemed classified.
DHS published a privacy impact assessment, as required by law. It said that officers would review the information before acting on it, that the database would be password-protected, and that those with access to the data would receive training on protecting it.
EFF is critical of that assessment. "Among the many details absent from its Federal Register notice, the agency has failed to describe the consequences that might result from a 'risk assessment' score (possibly derived from inaccurate or incomplete information) indicating that an individual poses a 'security threat,'" EFF wrote in a letter to DHS. " In short, the ATS is precisely the sort of system that Congress sought to prohibit when it enacted the Privacy Act of 1974."
Critics are also trying to extend the comment period for the program. Members of the European Parliament are also discussing whether it violates previous agreements with the United States regarding the protection of its citizens' personal data.