Traveler Data Program Defied Ban, Critics Say
Congress Barred Funds for DHS Development
By Spencer S. Hsu and Ellen Nakashima
Washington Post Staff Writers
The Department of Homeland Security violated a congressional funding ban when it continued to develop a computerized program that creates risk assessments of travelers entering and leaving the United States, according to lawmakers and privacy advocates.
Although congressional testimony shows that department officials apparently disclosed some important elements of the controversial Automated Targeting System program to lawmakers in recent months, several key members of Congress said that they were in the dark about the program and that it violated their intentions.
"Clearly the law prohibits testing or development" of such computer programs, said Rep. Martin O. Sabo (D-Minn.), who wrote the three-year-old prohibition into homeland security funding legislation. "And if they are saying that they just took some system, used it and therefore did not test or develop it, they clearly were not upfront about saying it."
Privacy advocates and members of Congress expressed growing skepticism this week about the legality, scope and effectiveness of the massive data-mining program -- particularly the creation of risk assessments on Americans that would be retained for up to 40 years -- whose existence was first disclosed in detail in a Nov. 2 notice in the Federal Register.
The department announced yesterday that after receiving more than 50 objections to the program, it has extended a public comment period for ATS from Dec. 4 to Dec. 29. Sen. Joseph I. Lieberman (D-Conn.) and Rep. Bennie Thompson (D-Miss.), incoming chairmen of the Senate and House homeland security committees, and others have questioned the effort and called for hearings or additional administration briefings.
Developed to help customs inspectors target narcotics and other contraband, ATS began scrutinizing air travelers entering and leaving the United States in the mid-1990s, said Jayson P. Ahern, assistant commissioner of U.S. Customs and Border Protection. After the 2001 terrorist attacks, it was used to assign risk assessments to cargo and passengers, officials' testimony and a February 2005 DHS report to Congress show.
Two years ago, it was expanded again to a limited but growing number of land border crossers, according to the report and Ahern. About 309 million land crossings and 87 million air crossings of U.S. borders are made each year.
Travelers are not allowed to see their risk assessments and must file Freedom of Information Act requests to view the original records on which the assessment is based.
The Center for Democracy and Technology said the program violated the 1974 Privacy Act because customs officials targeted U.S. travelers and shared their data with other agencies without notifying the public. Homeland Security officials say that notice was implicit in an announcement in 2001 about an older program.
"The lack of a notice at all was clearly illegal for however many years they claim this was in operation," said David Sobel, Electronic Frontier Foundation senior counsel.
"This is everybody's worst nightmare," said Kevin Mitchell, chairman of the Business Travel Coalition, who was angered by the revelation that profiles were being kept without travelers' knowledge.
Homeland Security officials said the funding ban applied only to successor programs to its aborted attempt in 2004 to use commercial databases to assign risk to domestic air passengers -- then known as CAPPS II and renamed Secure Flight -- not to preexisting programs.
Homeland Security Secretary Michael Chertoff acknowledged that the November notice was an attempt "to be even more transparent and write, in even clearer English, about what we were going to do." But in an interview with the National Journal, he expressed frustration with critics' surprise.
"Otherwise, why are we collecting the data?" he asked. "Just to have it to sit around?"
DHS leaders have described in speeches and congressional hearings their efforts over the years to process data from manifests and airline passenger records on U.S.-bound international flights to "detect anomalies and 'red flags' " for high-risk individuals.
DHS has been more explicit recently about ATS data mining and risk profiling, saying computer algorithms were used to "produce potential matches" of inbound and outbound travelers with "potential . . . connections to terrorist risk factors."
But senior Homeland Security officials made only a few short references in 2004 and 2005 to using the program to assess land travelers. At the time, they cited it only as a future possibility.
"Funding will allow us to develop and implement a version of ATS that, for the first time, will be able to identify potentially high-risk travelers in passenger vehicles," then-Customs and Border Protection Commissioner Robert C. Bonner told Congress.