Homeland Security’s Automated Targeting System
A number of people have recently discussed the Automated Targeting System - a database system maintained by the Bureau of Customs and Border Protection (BCP) which retains data about, among other things, travelers who enter or leave the United States, along with various data about the travelers. The data retained includes, allegedly, meal preferences.
More details are available in the Federal Register notice published on November 2, 2006.
It turns out that the docket number published in the notice is incorrect, which makes it tough for people to read others’ comments about the system, or to comment on it. The correct docket number is DHS-2006-0060, as discovered by phik - comments can be read or added at http://www.regulations.gov.
The comments received when I read them were, with a few exceptions, likely to be ineffective. They were of the “You guys should not implement this new program because the government is stupid and can’t be trusted!” variety.
I am not going to argue that the government is not stupid, or that it can be trusted, but the above is not an especially persuasive approach.
First off, as should be clear from reading the Federal Register notice, the program is not new. The Federal Register notice - and the accompanying Privacy Impact Assessment - reveal that this database has been maintained for several years now, and the notice is intended to update the required disclosures about federal databases.
Of course, the fact that this has been going on for years doesn’t mean that it’s the right thing to do - it just means that arguments which begin with “You shouldn’t start doing this!” immediately reveal the author as out of touch with the basic facts regarding the program .. and if the author of the comments is confused about those facts, it’s very easy to dismiss their opposition as uninformed rantings in reaction to imaginary problems.
Also unfortunate is the siren’s song of wholesale rejection of keeping any sort of list regarding bad people and/or airline passengers. While that approach may be philosophically attractive, it’s politically a nonstarter, especially after the 9/11 blamefest whereby Democrats blame 9/11 on Republicans, Republicans blame 9/11 on Democrats, progressives blame 9/11 on whatever the opposite of progressives are (libertarians?), and vice versa.
Pretty much everyone seems ready to blame 9/11 on the government somehow, saying that if only someone had kept a list of Bad People, and somehow the airlines - or someone else - had looked up the names of all airline passengers against the Bad People list, well, then we wouldn’t have had 9/11.
It’s really tough to make a list of Bad People, and it’s really tough to make private parties (like airlines) check passenger lists check against the Bad People list .. especially without also creating problems such as false positives, where people like Ted Kennedy, nuns, and babies end up on the Bad People (a/k/a No Fly or selectee) list .. and without turning the Bad People list into some sort of giant blacklist that lets the government turn off someone’s ability to function in modern society.
But those practical problems don’t seem to have deterred people from calling for “the government” to “do something” to prevent “another 9/11″ .. so we end up with garbage like the ATS, which is unlikely to prevent terrorism, but is likely to create annoying and difficult-to-fix problems for people over the next several decades.
So it’s politically impractical to suggest that DHS and BCP should abandon their attempts to create a Bad People list, because that’s exactly what the public, Congress, and the intelligence and law enforcement communities are demanding that they do.
As a practical matter, we’re left with arguing about the implementation of the Bad People list.
This particular model doesn’t strike me as an especially good one. In particular, there are a number of elements that are poorly considered-
- Data is retained in the system for up to 40 years
- Individuals have no right to inspect the data kept about them
- Individuals have no right to challenge or correct false or misleading data
We’ve had something like 40 years’ experience with consumer credit files and consumer credit reporting - a records system which is supposed to drop information after only 7 to 10 years, and where individuals do have a right to inspect and a limited right to correct mistakes. That 40 years’ experience has shown that almost every individual’s record contains inaccuracies, and that a significant number of individuals’ records contain substantial inaccuracies.
Further, it should be clear to anyone who cares to pay attention that identity theft - which is deeply tied to the creation and maintenance of incorrect information about individuals’ actions, purchases, travel, residences, and so forth - is presently a significant problem, and there is no reason to expect that the identity theft problem will get better in following years. I’d be amazed if there’s anyone familiar with the issues who doesn’t think the problem is going to get much worse.
So - in the face of what can only be described as a deeply flawed implementation of a much simpler system with a much shorter lifetime, greater opportunities to correct errors, and much less catastrophic consequences for failure - DHS is essentially recreating that flawed implementation, but without any of the safeguards present in the current model. (Those safeguards, frankly, are gutless and virtually useless - but they’re a lot stronger than what’s available under the DHS ATS model.)
But wait - that’s not the only big problem with the ATS system.
Not only does the ATS system seem designed to collect and maintain a giant library of mistaken information - and not only are the individuals tracked by the system unable to meaningfully investigate the information used against them - the DHS’ rules allow the unverified data to be shared with effectively everyone BUT the individual who is the subject of the records.
The rules for the ATS system allow DHS to share the data with, among others-
- Federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license, where CBP believes the information would assist enforcement of civil or criminal laws
- Federal, state, local, tribal, or foreign governmental agencies maintaining civil, criminal, or other relevant enforcement information or other pertinent information, which has requested information relevant or necessary to the requesting agency’s hiring or retention of an individual, or issuance of a security clearance, license, contract, grant, or other benefit and
disclosure is appropriate to the proper performance of the official duties of the person making the disclosure; - a court, magistrate, or administrative tribunal in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations, or in response to a subpoena, or in connection with criminal law proceedings;
- contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal government, when necessary to accomplish an agency function related to this system of records, in compliance with the Privacy Act of 1974, as amended;
- Federal, state, local, tribal, or foreign governmental agencies, if necessary to obtain information relevant to a DHS decision concerning the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant or other benefit and disclosure is appropriate to the proper performance of the official duties of the individual making the disclosure;
- Federal, State, local, tribal, or foreign governmental agencies or multilateral governmental organizations, for purposes of assistingsuch agencies or organizations in preventing exposure to or transmission of a communicable or quarantinable disease or for combatting other significant public health threats;
- Federal and foreign government intelligence or counterterrorism agencies or components where CBP becomes aware of an indication of a threat or potential threat to national or
international security, or where such use is to assist in anti-terrorism efforts and disclosure is appropriate to the proper performance of the official duties of the person making the disclosure; - Federal, State, local, tribal, or foreign governmental agencies or multilateral governmental organizations where CBP is aware of a need to utilize relevant data for purposes of testing new technology and systems designed to enhance border security or identify other violations of law
.. so you can’t see what data is maintained about you in the system for the next 40 years, but DHS can share the data with local law enforcement, foreign intelligence agencies, your county health department, the local animal control agency seeking to enforce pet license laws, tax collectors, John Poindexter’s TIA project .. and the ATS data may be available in discovery if you’re involved in a lawsuit or a divorce.
For better or for worse, as a society we’ve argued and blamed ourselves into a posture where it’s politically infeasible to back away from keeping a list of Bad People. However, that doesn’t mean that it has to be configured as badly as DHS proposes with the ATS system. If DHS anticipates that they’re going to be extracting information from Jet Blue and Southwest Airlines and passing it along to municipal and county-level employees, it’s ridiculous to assert that there’s a strong government interest in preventing people from inspecting their own records - apparently everyone else can.
The ATS system would be much more sensible if it were configured either so that information in the system cannot be shared outside of DHS or used for non-DHS purposes; or if it were configured with the understanding that widespread dispersion of the information is essential to widespread usage of the information, and accordingly individuals should have the right to inspect and correct inaccurate information maintained about them inside the system.
EPIC has a good page about the ATS system at http://www.epic.org/privacy/surveillance/spotlight/1006/default.html