Via Bruce Scheier, AP report
Without notifying the public, federal agents for the past four years have assigned millions of international travelers, including Americans, computer-generated scores rating the risk they pose of being terrorists or criminals.
The travelers are not allowed to see or directly challenge these risk assessments, which the government intends to keep on file for 40 years.
The scores are assigned to people entering and leaving the United States after computers assess their travel records, including where they are from, how they paid for tickets, their motor vehicle records, past one-way travel, seating preference and what kind of meal they ordered.
As The Register, covering the same story in considerable detail, comments, note, pass on pre-ordering the halal option.
The program’s existence was quietly disclosed earlier in November when the government put an announcement detailing the Automated Targeting System, or ATS, for the first time in the Federal Register, a fine-print compendium of federal rules. Privacy and civil liberties lawyers, congressional aides and even law enforcement officers said they thought this system had been applied only to cargo.
The report continues,
The government notice says ATS data may be shared with state, local and foreign governments for use in hiring decisions and in granting licenses, security clearances, contracts or other benefits. In some cases, the data may be shared with courts, Congress and even private contractors.
However, the subject of all this data can’t see it:
The Homeland Security privacy impact statement added that “an individual might not be aware of the reason additional scrutiny is taking place, nor should he or she” because that might compromise the ATS’ methods.
Nevertheless, [Jayson P. Ahern, an assistant commissioner of Homeland Security’s Customs and Border Protection agency] said any traveler who objected to additional searches or interviews could ask to speak to a supervisor to complain. Homeland Security’s privacy impact statement said that if asked, border agents would hand complaining passengers a one-page document that describes some, but not all, of the records that agents check and refers complaints to Custom and Border Protection’s Customer Satisfaction Unit.
Homeland Security’s statement said travelers can use this office to obtain corrections to the underlying data sources that the risk assessment is based on. “There is no procedure to correct the risk assessment and associated rules stored in ATS as the assessment … will change when the data from the source system[s] is amended.”
El Reg again:
So, they’re using the venerable Google model of data integrity. If ATS contains spurious data about you, you must contact the agency or data broker from whom they obtained it, and persuade them to correct it. And then wait for ATS to trawl the information again, Google-wise, and automatically update it.
Of course, the system has to operate behind a veil of secrecy to remain effective, so it might be quite a challenge to learn which “source system” is supplying the inaccurate data about you to the ATS.
As The Register says, it’s clear from what the Homeland Security Department says that the data used to build these profiles is drawn from a wide variety of sources, including commercial databases and profiles, they quote the Department as saying,
“ATS standardises names, addresses, conveyance names, and similar data so these data elements can be more easily associated with other business data and personal information to form a more complete picture of a traveller, import, or export in context with previous behaviour of the parties involved”
In other words, all travellers to and from the USA are being profiled — and the profiles stored, of course — on the basis of secret algorithms and quite possibly inaccurate data; remember the chap in Northern California who’d never been near Iraq in his life who discovered he’s been turned down for a mortgage because the credit reference agency thought he was Saddam Hussein’s son? At the very least this means people risk being subjected to needless delays and searches at American airports and land and sea borders based, in part, on their seating preferences and their choice of in-flight meals; at worst it seems it can lead to their being placed on employment blacklists for no reason they can readily ascertain or challenge.
It would appear, moreover, that the Homeland Security people have learned one trick from the terrorists — that of using multiple identities and aliases; AP tell us that
A similar Homeland Security data-mining project, for domestic air travelers — now known as Secure Flight — caused a furor two years ago in Congress. Lawmakers barred its implementation until it can pass 10 tests for accuracy and privacy protection
and, as The Register say, they’ve just resurrected the Secure Flight scheme under a different name.
How’s this mass surveillance project doing?
Government officials could not say whether ATS has apprehended any terrorists. Customs and Border Protection spokesman Bill Anthony said agents refuse entry to about 45 foreign criminals every day based on all the information they have. He could not say how many were spotted by ATS.
Forty five a day? That’s 16,425 criminals a year. Out of … glad you asked that;
The department says that 87 million people a year enter the country by air and 309 million enter by land or sea. The government gets advance passenger and crew lists for all flights and ships entering and leaving and all those names are entered into the system for an ATS analysis, Ahern said. He also said the names of vehicle drivers and passengers are entered when they cross the border and Amtrak is voluntarily supplying passenger data for trains to and from Canada.
Hmm. That’s about one person to whom they refuse entry for every 24,000 whom they screen — for they screen everyone, not just foreigners. The figure I’d like to know is how many people they delay or subject to extra searches and questioning as a result of these profiles — that is, how many false positives they have, either because of dud algorithms or dud data or both.
Not to worry, though:
“If this catches one potential terrorist, this is a success,” Ahern said.
tags: War on Terror, Civil Liberties, Homeland Security, Passenger Profiles, ATS