DEPARTMENT OF HOMELAND SECURITY
Bureau of Customs and Border Protection
Docket No. DHS–2006–0060 Privacy Act System of Records Notice
Automated Targeting System
COMMENTS OF THE BUSINESS TRAVEL COALITION
03►Dismissal of the Privacy Act of 1974
04►Lack of Transparency and Public Debate
By notice published on November 2, 2006 in the Federal Register, the Department of Homeland Security, U.S. Customs and Border Protection, acknowledged the existence of a system-of-records known as the Automated Targeting System (ATS) that will assign risk assessments to millions of U.S. and non-U.S. travelers who enter and exit the U.S. ATS has apparently been in an operational testing mode for 4 years without the knowledge of Congress or the traveling public, American and foreigner alike.
The Business Travel Coalition (BTC) submits these comments to raise serious concerns related to said system-of-records and to urge the Department to a) abandon the December 4, 2006 official program implementation date; b) provide substantially more details on the program to the public beyond the Privacy Impact Statement released just one week ago; and c) per the requirements of the Privacy Act of 1974, replace its current truncated comment process via the Federal Register with an official rulemaking with a significant public comment period.
The Department has stated that the program “will be effective December 4, 2006, unless comments are received that result in a contrary determination.” BTC believes that the serious problems raised in its filed comments herein, and those of other individuals and prominent organizations who have filed comments, indisputably require such a “contrary determination.”
The Department characterizes ATS, which originated as a cargo screening program 4 years ago, as “one of the most advanced targeting systems in the world.” Indeed, this system represents a historically unparalleled, massive data-mining initiative the parameters of which would: a) allow for the collection of all manner of personal information on innocent citizens without their prior consent; b) forbid citizens from accessing and correcting inaccuracies in their personal government dossiers; c) provide for the sharing of such information with foreign governments and third parties, including prospective employers; and d) retain individuals’ information for 40 years. Evolving ATS from a publicly-supported cargo screening program begun 4 years ago to a secretively implemented global traveler screening program represents “Exhibit A” in the case against Mission Creep.
03►Dismissal of the Privacy Act of 1974
The Privacy Act of 1974 was designed and intended by Congress to safeguard the privacy rights of citizens against government intrusion. It was determined by Congress that privacy can be greatly diminished by the collection, use, sharing and storage of personal information by federal agencies. Congress, however, did provide exacting procedures for an agency to exempt a system-of-records for law enforcement purposes.
The Department seeks to exempt ATS from virtually all relevant provisions of the Privacy Act, and in so doing, dismisses the intent of Congress.
Congress made exceedingly clear its intentions regarding exemptions through subsections 5 U.S.C. §§ 552a(j)(2) & (k)(2) of the Privacy Act. Key points from these subsections are summarized below.
- identified the kinds of federal agencies that could, by virtue of their law enforcement functions, have systems-of-records exempted from the Privacy Act;
- identified criminals and alleged offenders as those citizens that very narrow information could be compiled on such as arrests and sentencing;
- made explicit that the purpose of the information collection must be for a criminal investigation associated with an identifiable individual;
- required that an agency seeking an exemption must open its decision making process through an official rulemaking with attendant sufficient public comment;
- required an agency to publish a Statement giving the reason why a system-of-records should be exempted from provisions of the Privacy Act; and
- protected the rights of citizens to have access to information collected on them.
The Department does not meet the threshold requirements of the Privacy Act summarized above with respect to justifying exemptions for ATS. The Department cannot possibly posit that millions of travelers are identified or alleged criminals in a criminal investigation. As opposed to a “backdoor” posting to the Federal Register, the Privacy Act requires a transparent, official rulemaking with abundant time for full public participation. Finally, under the Privacy Act, other federal laws and protections trump exemptions for an agency’s program with regard to a citizen’s right to access to information collected.
The actual language from the subsections of the Privacy Act follows immediately below.
04►Lack of Transparency and Public Debate
Given the scope, scale and potential impacts of ATS, and given the public’s and U.S. Congress’ concerns with CAPPS II, how could the Department have been implementing this traveler screening program in secrecy even as Congress was conducting hearings and raising concerns in the spring of 2004? How in any material sense does ATS differ from CAPPS II, or Secure Flight? The answer, of course, is that no one outside the Department knows as the details of the program are largely secret; there has been no public debate or Congressional hearings. Moreover, how would ATS fair against the 10 data accuracy and protection criteria Congress established that had to be met before CAPPS II was implemented?
Databases are notoriously prone to inaccuracies. No doubt ATS will cause delays for travelers, unwarranted interferences and inconveniences. Missed flights will cause travelers to pay higher last-minute fares to proceed with their travel plans. Business travelers will miss commercial opportunities, and all travelers risk arrest in a foreign country due to an inaccurate dossier.
What’s more, many U.S. and foreign-based corporations have employees who are citizens of other countries who travel to and within the U.S., and sometimes work here for extended periods of time. What extra steps would a foreigner be required to take, should his travel be continuously interfered with, and at what expense, to prove that he is not a risk to the U.S. homeland? If one member of a group traveling together is denied the right to travel, would the entire group receive additional screening?
Importantly, Islam is the fastest growing religion among African Americans, many of whom are business travelers. Often conversion to Islam leads to a name change of the kind that could be mistaken for names on various terrorist watch lists. ATS does not even allow the traveler to know he has been rated a threat; such individuals would not have access to timely and complete corrections to their dossiers.
Adding supreme insult to injury is the fact that while U.S. citizens will not be able to access information collected on them, foreign governments and third parties will be able to do so. This is egregious-in-the-extreme and will further erode citizens’ confidence and trust in the U.S. government’s ability to calibrate, in a thoughtful and balanced way, efforts to frustrate the efforts of those who would seek to do us harm.
According to David Sobel, of the Electronic Frontier Foundation, the U.S. Government, "is preparing to give millions of law-abiding citizens risk assessment scores that will follow them throughout their lives. If that wasn't frightening enough, none of us will have the ability to know our score or to challenge it."
BTC strongly agrees with the Foundation’s concern. ATS incorporates criminal arrest records an individual may have and stores them for 40 years. What if a young person commits an offense that would be expunged from his record after a 5-year period? That record could be picked up by ATS and cause a lifetime of nightmarish problems for that citizen. What’s more, after many years of tracking such a young person, the government will have a detailed profile on his travel around the world. That is no one’s business but the individual’s.
The understatement for 2006 would certainly have to be that DHS observers were stunned to learn of the Department’s intentions to near-secretly implement such a massively intrusive program behind the backs of Congress and the public. Virtually all aviation security observers had been led to believe the program was for cargo only. Will ATS be applied to all domestic U.S. air travel next on the justification that we have millions of illegal, unregistered aliens living here who could do us harm? How about ferry, bus and rail transportation?
A look at the world’s newspapers after the Associated Press stories of December 1 ran provides vivid evidence of the harm such a program will cause to tourism and business travel. BTC is afraid that we are on the cusp of transitioning from an international perception of “Fortress America,” to something much darker in its implications. One has to wonder what other uses such a vast and rich database could be used for. Certainly, the public’s confidence that the Department takes privacy protections, and the laws enacted by Congress seriously, has been all but shattered by these ATS revelations.
BTC urges the Department to take the following immediate steps:
a) abandon the December 4, 2006 ATS implementation;
b) provide substantially more details on the program to the public; and
c) per requirements of the Privacy Act of 1974, proceed with an official
rulemaking with a significant public comment period.
In the final analysis, the American people will not stand for their freedoms and liberties being trampled upon, period, full stop. Such reckless governance as represented by the ATS program erodes trust and confidence in government and its credibility as an effective guardian of citizens’ interests, including both privacy and security. We live in a democracy wherein the citizenry needs to understand and support government policies if long-term success is to be achieved. When policies go straight to the heart and soul-- our first-principle-belief in personal liberty--then the requirement for transparency, participation and support is at the very highest level, “Code Red,” if you will. DHS is currently failing in this most precious of missions.
December 3, 2006
Kevin Mitchell, Chairman
Business Travel Coalition
214 Grouse Lane, Suite 210, Radnor, PA 19087
Founded in 1994, the mission of the Business Travel Coalition is to lower the long-term cost structure of business travel. BTC seeks to bring transparency to industry and government policies and practices so that customers can influence issues of strategic importance to them. BTC recently founded the Full Content Commission (FCC).