DHS traveler screening system under fire from privacy advocates

On the morning of February 28, 2005, a young Jordanian named Raed al-Banna rammed a car filled with explosives into a crowd of military and police recruits in the Iraqi town of Hillah, killing more than 125. His hand and forearm were found handcuffed to the steering wheel of the smoldering vehicle. The attack remains one of the deadliest suicide bombings of the Iraq war.

Twenty months earlier, al-Banna, carrying a valid business visa on his Jordanian passport, had tried to enter the United States at Chicago's O'Hare Airport. But a Customs officer flagged him for secondary screening and ran al-Banna's data through a sophisticated assessment program called the Automated Targeting System. He was denied entry and sent back to Jordan.

The Homeland Security Department has been using the ATS for several years to perform risk assessments on the 120 million people who seek to enter the United States annually through all forms of travel; almost 90 million come by air. Federal officials call the ATS a critical tool that captures vital information from airline ticketing and other travel records, matches that information with law enforcement and intelligence data, and analyzes threats at the nation's borders to stop terrorist acts. They cite the al-Banna story as a case in point.

Homeland Security Secretary Michael Chertoff hails the ATS for allowing his department's Customs and Border Protection agency to connect the dots to foil potential terrorist plots, a challenge that the government failed to meet so completely six years ago.

But privacy advocates and civil-liberties groups have decried the ATS program as nothing more than a secretive data-mining and profiling technology that allows the government to collect and store highly personal information on travelers, including their habits and their contacts abroad. Some Democrats in Congress have also raised concerns about privacy and have questioned whether DHS is correcting any erroneous data in the system.

"All of the key characteristics of the Automated Targeting System -- including the assessment, the basis for the assessment, the rules that apply, and the 'targeting activities' -- remain shrouded in mystery," according to the Electronic Privacy Information Center, which has joined with 40 other organizations and individuals in the privacy and technology spheres to oppose the ATS. The center's comment was part of its extensive submission this month to DHS, which is developing final privacy rules for the program.

Homeland Security officials counter that the ATS collects no racial, ethnic, or religious data and that the key is to scrutinize behavior, relationships, and contacts among individuals and groups. "I would also argue that anyone would be hard-pressed to find a more transparent government program than ATS," said Russ Knocke, assistant secretary for media relations at DHS. "If anything, the privacy advocates should appreciate that we have been explaining to the public through congressional testimony, hearings, op-eds, and speeches what this is and how it works."

Still, in response to complaints filed at the end of last year, DHS announced in August that it proposes to keep information in the ATS database for only 15 years, down from the original 40-year timeframe. The department also said it would tighten the purposes for which the government could use passenger data, provide individuals with access to data, and add a redress procedure that was not in its original privacy proposal. The rule-making process will settle these and other procedures.

Allies abroad have expressed concern about the ATS program's broad data-collection. Earlier this year, Sophie in 't Veld, a Dutch member of the European Parliament, told National Journal in an interview, "The Americans tell us not to worry.... Trust is good, but control is better. We're still not convinced."

In July, after intensive negotiations, the European Union accepted a new multiyear data-sharing agreement involving foreign air carriers and the United States. Chertoff helped to persuade European officials that DHS is committed to protecting passengers' personal information while it targets threats that endanger nations on both sides of the Atlantic.

The ATS battle erupted last November after DHS filed privacy notices in the Federal Register. The 1974 Privacy Act requires government agencies to file such "system of record notices" for any program with potential privacy implications.

The government had previously filed no such notices for the ATS, even though officials have been using the system since 2002 to perform risk assessments on people entering the United States. The November notices explained that Customs and Border Protection was systematically checking the names, passports, credit cards, phone numbers, and other information of U.S.-bound passengers against a broad government database and performing a link analysis to assess possible ties to terrorism.

If a risk assessment meets certain criteria -- which the government does not publicly disclose, for security reasons -- the passenger is subjected to a secondary screening at the airport, just as al-Banna was before he was turned away in 2003.

To civil-liberties groups, the ATS sounded like a new version of the Pentagon-led Total Information Awareness data-mining program that the government abandoned four years ago in the face of public outrage.

After the November filing, the new Democratic leaders on Capitol Hill complained that they had been kept in the dark about the ATS and asked for administration briefings. At one point, House Homeland Security Committee Chairman Bennie Thompson, D-Miss., charged that the ATS database potentially "could be used as a warrantless well of evidence from which any law enforcement, regulatory, or intelligence agency could dip at will -- without any probable cause, reasonable suspicion, or judicial oversight."

Since then, Thompson and other Democratic leaders have voted to continue funding for the program, but they remain wary, sources say, and are closely following the privacy rule-making process.

A former top official at Homeland Security says he was never told about the decision to implement the ATS as a passenger-screening and assessment tool. The program was created in the 1990s to assess the risks from cargo entering the country, but it was later expanded to include travelers entering and leaving the United States. Clark Ervin, the first inspector general at DHS, who left government in December 2004, told National Journal he was never informed about the switch to passengers, and added, "I should have been, obviously."

Now the director of the Homeland Security Initiative at the Aspen Institute in Washington, Ervin said the program looks like a "prima facie violation of congressional intent." He is referring to language that Congress has adopted over the past four years to prohibit data-mining programs, most recently in the 2007 DHS Appropriations Act, which banned the department from spending money "to develop or test algorithms assigning risk to passengers whose names are not on government watch lists." DHS officials contend that the ban applies to different watch list programs, not the ATS.

Another former DHS official, Stewart Verdery, who is now the government-relations consultant for the National Business Travel Association, said that the group is "supportive of any program that ensures security and safety of air travel, and that certainly includes ATS." But Verdery, who was the first assistant secretary for policy and planning at DHS from 2003 to 2005, stressed that the department "needs to go the extra mile to ensure transparency and must keep a close eye that information is used properly and for the purposes for which it was intended."

DHS officials, in their public efforts to tout the effectiveness of the ATS, offer up examples of how they say Customs and Border Protection agents at major U.S. airports have prevented potential terrorists from entering the country.

One story involves two passengers at Boston's Logan Airport whose traveling patterns prompted a secondary screening. One of the men claimed he was on business travel for an entity that U.S. intelligence agencies suspected of having financial ties to Al Qaeda.

In another instance, said DHS spokesman Knocke, an individual who landed at Minneapolis-St. Paul Airport was carrying "martyrdom videos" and manuals for manufacturing improvised explosive devices, insurgents' weapon of choice in Iraq. And a man with documents indicating that he was a flight instructor arrived at Atlanta's Hartsfield-Jackson Airport in May 2006 with a visa issued a week before the September 11, 2001, attacks that he had never used. The man was also tied to other individuals considered to be security risks, Knocke said.

"There is no question that this is immensely useful," Knocke declared, stressing that had a system such as the ATS been in place before 9/11, agents would have flagged 11 of the 19 hijackers and would have uncovered their plot.