Jump to content
The Education Forum

So, what's your terrorist score?

Recommended Posts

AP: Feds rate travelers for terrorism

By MICHAEL J. SNIFFEN, Associated Press Writer1 hour, 45 minutes ago

Without notifying the public, federal agents for the past four years have assigned millions of international travelers, including Americans, computer-generated scores rating the risk they pose of being terrorists or criminals.

The travelers are not allowed to see or directly challenge these risk assessments, which the government intends to keep on file for 40 years.

The scores are assigned to people entering and leaving the United States after computers assess their travel records, including where they are from, how they paid for tickets, their motor vehicle records, past one-way travel, seating preference and what kind of meal they ordered.

The program's existence was quietly disclosed earlier in November when the government put an announcement detailing the Automated Targeting System, or ATS, for the first time in the Federal Register, a fine-print compendium of federal rules. Privacy and civil liberties lawyers, congressional aides and even law enforcement officers said they thought this system had been applied only to cargo.

The Homeland Security Department notice called its program "one of the most advanced targeting systems in the world." The department said the nation's ability to spot criminals and other security threats "would be critically impaired without access to this data."

Still, privacy advocates view ATS with alarm. "It's probably the most invasive system the government has yet deployed in terms of the number of people affected," David Sobel, a lawyer at the Electronic Frontier Foundation, a civil liberties group devoted to electronic data issues, said in an interview.

Government officials could not say whether ATS has apprehended any terrorists. Customs and Border Protection spokesman Bill Anthony said agents refuse entry to about 45 foreign criminals every day based on all the information they have. He could not say how many were spotted by ATS.

A similar Homeland Security data-mining project, for domestic air travelers — now known as Secure Flight — caused a furor two years ago in Congress. Lawmakers barred its implementation until it can pass 10 tests for accuracy and privacy protection.

In comments to the Homeland Security Department about ATS, Sobel said, "Some individuals will be denied the right to travel and many the right to travel free of unwarranted interference as a result of the maintenance of such material."

Sobel said in the interview the government notice also raises the possibility that faulty risk assessments could cost innocent people jobs in shipping or travel, government contracts, licenses or other benefits.

The government notice says ATS data may be shared with state, local and foreign governments for use in hiring decisions and in granting licenses, security clearances, contracts or other benefits. In some cases, the data may be shared with courts, Congress and even private contractors.

"Everybody else can see it, but you can't," Stephen Yale-Loehr, an immigration lawyer who teaches at Cornell Law school, said in an interview.

But Jayson P. Ahern, an assistant commissioner of Homeland Security's Customs and Border Protection agency, said the ATS ratings simply allow agents at the border to pick out people not previously identified by law enforcement as potential terrorists or criminals and send them for additional searches and interviews. "It does not replace the judgments of officers," Ahern said in an interview Thursday.

This targeting system goes beyond traditional border watch lists, Ahern said. Border agents compare arrival names with watch lists separately from the ATS analysis.

In a privacy impact assessment posted on its Web site this week, Homeland Security said ATS is aimed at discovering high-risk individuals who "may not have been previously associated with a law enforcement action or otherwise be noted as a person of concern to law enforcement."

Ahern said ATS does this by applying rules derived from the government's knowledge of terrorists and criminals to the passenger's travel patterns and records.

For security reasons, Ahern declined to disclose any of the rules, but a Homeland Security document on data-mining gave an innocuous example of a risk assessment rule: "If an individual sponsors more than one fiancee for immigration at the same time, there is likelihood of immigration fraud."

In the Federal Register, the department exempted ATS from many provisions of the Privacy Act designed to protect people from secret, possibly inaccurate government dossiers. As a result, it said travelers cannot learn whether the system has assessed them. Nor can they see the records "for the purpose of contesting the content."

Toby Levin, senior adviser in Homeland Security's Privacy Office, noted that the department pledged to review the exemptions over the next 90 days based on the public comment received. As of Thursday, all 15 public comments received opposed the system outright or criticized its redress procedures.

The Homeland Security privacy impact statement added that "an individual might not be aware of the reason additional scrutiny is taking place, nor should he or she" because that might compromise the ATS' methods.

Nevertheless, Ahern said any traveler who objected to additional searches or interviews could ask to speak to a supervisor to complain. Homeland Security's privacy impact statement said that if asked, border agents would hand complaining passengers a one-page document that describes some, but not all, of the records that agents check and refers complaints to Custom and Border Protection's Customer Satisfaction Unit.

Homeland Security's statement said travelers can use this office to obtain corrections to the underlying data sources that the risk assessment is based on. "There is no procedure to correct the risk assessment and associated rules stored in ATS as the assessment ... will change when the data from the source system(s) is amended."

"I don't buy that at all," said Jim Malmberg, executive director of American Consumer Credit Education Support Services, a private credit education group. Malmberg noted how hard it has been for citizens, including members of Congress and even infants, to stop being misidentified as terrorists because their names match those on anti-terrorism watch lists.

Homeland Security, however, is nearing an announcement of a new effort to improve redress programs and the public's awareness of them, according to a department privacy official, who requested anonymity because the formal announcement has not been made.

The department says that 87 million people a year enter the country by air and 309 million enter by land or sea. The government gets advance passenger and crew lists for all flights and ships entering and leaving and all those names are entered into the system for an ATS analysis, Ahern said. He also said the names of vehicle drivers and passengers are entered when they cross the border and Amtrak is voluntarily supplying passenger data for trains to and from Canada.

Ahern said that border agents concentrate on arrivals more than on departures because their resources are limited.

"If this catches one potential terrorist, this is a success," Ahern said.


On the Net:

DHS privacy impact statement: http://www.dhs.gov/xlibrary/assets/privacy...pia_cbp_ats.pdf


Associated Press writer Leslie Miller contributed to this report.

Copyright © 2006 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.

Copyright © 2006 Yahoo! Inc. All rights reserved.

Questions or Comments

Privacy Policy -Terms of Service

[Federal Register: November 2, 2006 (Volume 71, Number 212)]


[Page 64543-64546]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]





Office of the Secretary


Privacy Act of 1974; System of Records

AGENCY: Privacy Office, Department of Homeland Security.

ACTION: Notice of Privacy Act system of records.


SUMMARY: To provide expanded notice and transparency to the public, the

Department of Homeland Security, U.S. Customs and Border Protection

gives notice regarding the Automated Targeting System, which is the

enforcement screening module associated with the Treasury Enforcement

Communications System and was previously covered by the Treasury

Enforcement Communications System ``System of Records Notice.'' This

system of records is subject to the Privacy Act of 1974, as amended (5

U.S.C. 552a).

The Treasury Enforcement Communications System is established as an

overarching law enforcement information collection, targeting, and

sharing environment. This environment is comprised of several modules

designed to collect, maintain, and screen data, conduct targeting, and

share information. Among these modules, the Automated Targeting System

performs screening of both inbound and outbound cargo, travelers, and

conveyances. As part of this screening function, the Automated

Targeting System compares information obtained from the public with a

set series of queries designed to permit targeting of conveyances,

goods, cargo, or persons to facilitate DHS's border enforcement


The risk assessment and links to information upon which the

assessment is based, which are stored in the Automated Targeting

System, are created from existing information in a number of sources,

including, but not limited to: the trade community through the

Automated Commercial System or its successor; the Automated Commercial

Environment system; the traveling public through information submitted

by their carrier to the Advance Passenger Information System; persons

crossing the United States land border by automobile or on foot; the

Treasury Enforcement Communications System, or its successor; or law

enforcement information maintained in other parts of the Treasury

Enforcement Communications System that pertain to persons, goods, or


As part of the information it accesses for screening, Passenger

Name Record (PNR) information, which is currently collected pursuant to

an existing CBP regulation (19 CFR 122.49d) from both inbound and

outbound travelers through the carrier upon which travel occurs, is

stored in the Automated Targeting System. PNR is comprised of data

which carriers collect as a matter of their usual business practice in

negotiating and arranging the travel transaction.

As noted above, this system of records notice does not identify or

create any new collection of information, rather DHS is providing

additional notice and transparency of the functionality of these


DATES: The new system of records will be effective December 4, 2006,

unless comments are received that result in a contrary determination.

ADDRESSES: You may submit comments, identified by docket number, by one

of the following methods:

Federal eRulemaking Portal: http://www.regulations.gov.

Follow the instructions for submitting comments via docket number DH6-


Fax: 202-572-8727.

Mail: Comments by mail are to be addressed to the Border

Security Regulations Branch, Office of Regulations and Rulings, Bureau

of Customs and Border Protection, 1300 Pennsylvania Avenue, NW. (Mint

Annex), Washington, DC 20229. Comments by mail may also be submitted to

Hugo Teufel III, Chief Privacy Officer, Department of Homeland

Security, 601 S. 12th Street, Arlington, VA 22202-4220.

Instructions: All submissions received must include the

agency name and docket number for this rulemaking. All comments

received will be posted without change to http://www.regulations.gov,

including any personal information provided.

Docket: For access to the docket to read background

documents or comments received go to http://www.regulations.gov.

Submitted comments may also be inspected during regular business days

between the hours of 9 a.m. and 4:30 p.m. at the Regulations Branch,

Office of Regulations and Rulings, Bureau of Customs and Border

Protection, 799 9th Street, NW., 5th Floor, Washington, DC.

Arrangements to inspect submitted comments should be made in advance by

calling Mr. Joseph Clark at (202) 572-8768.

[[Page 64544]]

FOR FURTHER INFORMATION CONTACT: For general questions please contact:

Laurence E. Castelli (202-572-8790), Chief, Privacy Act Policy and

Procedures Branch, Bureau of Customs and Border Protection, Office of

Regulations & Rulings, Mint Annex, 1300 Pennsylvania Ave., NW.,

Washington, DC 20229. For privacy issues please contact: Hugo Teufel

III (571-227-3813), Chief Privacy Officer, Privacy Office, U.S.

Department of Homeland Security, Washington, DC 20528.

SUPPLEMENTARY INFORMATION: Bureau of Customs and Border Protection

(CBP), Department of Homeland Security (DHS), has traditionally relied

on computerized cargo screening processes to aid the CBP inspection

workforce in the cargo release process. Separately, CBP has used the

advance submission of traveler information to aid in screening

travelers to facilitate its border enforcement mission. The Automated

Targeting System (ATS) associates information obtained from CBP's

cargo, travelers, and border enforcement systems with a level of risk

posed by each item and person as determined through the rule based

query of the cargo or personal information accessed by ATS.

The Privacy Act embodies fair information principles in a statutory

framework governing the means by which the United States Government

collects, maintains, uses, and disseminates personally identifiable

information. The Privacy Act applies to information that is maintained

in a ``system of records.'' A ``system of records'' is a group of any

records under the control of an agency from which information is

retrieved by the name of the individual or by some identifying number,

symbol, or other identifying particular assigned to the individual. In

the Privacy Act, an individual is defined to encompass United States

citizens and legal permanent residents. ATS involves the collection and

creation of information that is maintained in a system of records.

Previously, this information was covered by the Treasury

Enforcement Communications System (TECS) system of records notice, as

ATS is a functional module associated with the environment of TECS. ATS

is employed as an analytical tool to enhance CBP screening and

targeting capabilities by permitting query-based comparisons of

different data modules associated with the TECS system, as well as

comparisons with data sets from sources outside of TECS. As part of

DHS's updating of its system of records notices and in an effort to

provide more detailed information to the traveling public and trade

community, CBP has determined that ATS should be noticed as a separate

system of records, giving greater visibility into its targeting and

screening efforts.

The Privacy Act requires each agency to publish in the Federal

Register a description denoting the type and character of each system

of records that the agency maintains, and the routine uses that are

contained in each system in order to make agency recordkeeping

practices transparent, to notify individuals regarding the uses to

which personally identifiable information is put, and to assist the

individual to more easily find such files within the agency.

DHS is hereby publishing a description of the system of records

referred to as the Automated Targeting System. In accordance with 5

U.S.C. 552a®, a report concerning this record system has been sent to

the Office of Management and Budget and to the Congress.



Automated Targeting System (ATS)--DHS/CBP.


This computer database is located at the Bureau of Customs and

Border Protection (CBP) National Data Center in Washington, DC.

Computer terminals are located at customhouses, border ports of entry,

airport inspection facilities under the jurisdiction of the Department

of Homeland Security (DHS) and other locations at which DHS authorized

personnel may be posted to facilitate DHS's mission.


A. Persons seeking to enter or exit the United States;

B. Persons who engage in any form of trade or other commercial

transaction related to the importation or exportation of merchandise;

C. Persons who are employed in any capacity related to the transit

of merchandise intended to cross the United States border; and

D. Persons who serve as operators, crew, or passengers on any

vessel, vehicle, aircraft, or train who enters or exits the United



ATS builds a risk assessment for cargo, conveyances, and travelers

based on criteria and rules developed by CBP. ATS maintains the

resulting assessment together with a record of which rules were used to

develop the assessment. With the exception of PNR information,

discussed below, ATS maintains a pointer or reference to the underlying

records from other systems that resulted in a particular assessment.

This assessment and related rules history associated with developing a

risk assessment for an individual are maintained for up to forty years

to support ongoing targeting requirements.

ATS--P (Automated Targeting System--Passenger), a component of ATS,

maintains the PNR information obtained from commercial carriers for

purposes of assessing the risk of international travelers. PNR may

include such items as:

PNR record locator code,

Date of reservation,

Date(s) of intended travel,


Other names on PNR,

Number of travelers on PNR,

Seat information,


All forms of payment information,

Billing address,

Contact telephone numbers,

All travel itinerary for specific PNR,

Frequent flyer information,

Travel agency,

Travel agent,

Code share PNR information,

Travel status of passenger,

Split/Divided PNR information,

Identifiers for free tickets,

One-way tickets,

E-mail address,

Ticketing field information,

Automated Ticketing Fare Quote (ATFQ) fields,

General remarks,

Ticket number,

Seat number,

Date of ticket issuance,

Any collected APIS information,

No show history,

Number of bags,

Bag tag numbers,

Go show information,

Number of bags on each segment,

Other Supplementary information (OSI),

Special Services information (SSI),

Special Services Request (SSR),

Voluntary/involuntary upgrades,

Received from information, and

All historical changes to the PNR

Not all carriers maintain the same sets of information for PNR.


19 U.S.C. 482, 1461, 1496, and 1581-1582, 8 U.S.C. 1357, Title VII

of Public Law 104-208, and 49 U.S.C. 44909.


(a) To perform targeting of individuals, including passengers and

[[Page 64545]]

crew, focusing CBP resources by identifying persons who may pose a risk

to border security, may be a terrorist or suspected terrorist, or may

otherwise be engaged in activity in violation of U.S. law;

(B) To perform targeting of conveyances and cargo to focus CBP's

resources for inspection and examination and enhance CBP's ability to

identify potential violations of U.S. law, possible terrorist threats,

and other threats to border security; and

© To assist in the enforcement of the laws enforced or

administered by DHS, including those related to counterterrorism.



In addition to those disclosures generally permitted under 5 U.S.C.

552a(B) of the Privacy Act, all or a portion of the records or

information contained in this system may be disclosed outside DHS as a

routine use pursuant to 5 U.S.C. 552a(B)(3) as follows:

A. To appropriate Federal, state, local, tribal, or foreign

governmental agencies or multilateral governmental organizations

responsible for investigating or prosecuting the violations of, or for

enforcing or implementing, a statute, rule, regulation, order, or

license, where CBP believes the information would assist enforcement of

civil or criminal laws;

B. To appropriate Federal, state, local, tribal, or foreign

governmental agencies maintaining civil, criminal, or other relevant

enforcement information or other pertinent information, which has

requested information relevant or necessary to the requesting agency's

hiring or retention of an individual, or issuance of a security

clearance, license, contract, grant, or other benefit and disclosure is

appropriate to the proper performance of the official duties of the

person making the disclosure;

C. To a court, magistrate, or administrative tribunal in the course

of presenting evidence, including disclosures to opposing counsel or

witnesses in the course of civil discovery, litigation, or settlement

negotiations, or in response to a subpoena, or in connection with

criminal law proceedings;

D. To third parties during the course of a law enforcement

investigation to the extent necessary to obtain information pertinent

to the investigation, provided disclosure is appropriate to the proper

performance of the official duties of the officer making the


E. To an agency, organization, or individual for the purposes of

performing audit or oversight operations as authorized by law;

F. To a Congressional office, for the record of an individual in

response to an inquiry from that Congressional office made at the

request of the individual to whom the record pertains;

G. To contractors, grantees, experts, consultants, students, and

others performing or working on a contract, service, grant, cooperative

agreement, or other assignment for the Federal government, when

necessary to accomplish an agency function related to this system of

records, in compliance with the Privacy Act of 1974, as amended;

H. To an organization or individual in either the public or private

sector, either foreign or domestic, where there is a reason to believe

that the recipient is or could become the target of a particular

terrorist activity or conspiracy, to the extent the information is

relevant to the protection of life or property and disclosure is

appropriate to the proper performance of the official duties of the

person making the disclosure;

I. To the United States Department of Justice (including United

States Attorney offices) or other Federal agency conducting litigation

or in proceedings before any court, adjudicative or administrative

body, when it is necessary to the litigation and one of the following

is a party to the litigation or has an interest in such litigation: (a)

DHS, or (B) any employee of DHS in his/her official capacity, or ©

any employee of DHS in his/her individual capacity where DOJ or DHS has

agreed to represent said employee, or (d) the United States or any

agency thereof;

J. To the National Archives and Records Administration or other

Federal government agencies pursuant to records management inspections

being conducted under the authority of 44 U.S.C. 2904 and 2906;

K. To appropriate Federal, state, local, tribal, or foreign

governmental agencies, if necessary to obtain information relevant to a

DHS decision concerning the hiring or retention of an employee, the

issuance of a security clearance, the reporting of an investigation of

an employee, the letting of a contract, or the issuance of a license,

grant or other benefit and disclosure is appropriate to the proper

performance of the official duties of the individual making the


L. To appropriate Federal, State, local, tribal, or foreign

governmental agencies or multilateral governmental organizations, for

purposes of assisting such agencies or organizations in preventing

exposure to or transmission of a communicable or quarantinable disease

or for combatting other significant public health threats;

M. To Federal and foreign government intelligence or

counterterrorism agencies or components where CBP becomes aware of an

indication of a threat or potential threat to national or international

security, or where such use is to assist in anti-terrorism efforts and

disclosure is appropriate to the proper performance of the official

duties of the person making the disclosure;

N. To appropriate Federal, State, local, tribal, or foreign

governmental agencies or multilateral governmental organizations where

CBP is aware of a need to utilize relevant data for purposes of testing

new technology and systems designed to enhance border security or

identify other violations of law;

O. To appropriate agencies, entities, and persons when (1) it is

suspected or confirmed that the security or confidentiality of

information in the system of records has been compromised; (2) CBP has

determined that as a result of the suspected or confirmed compromise

there is a risk of harm to economic or property interests, identity

theft or fraud, or harm to the security or integrity of this system or

other systems or programs (whether maintained by CBP or another agency

or entity) that rely upon the compromised information; and (3) the

disclosure is made to such agencies, entities, and persons when

reasonably necessary to assist in connection with the CBP's efforts to

respond to the suspected or confirmed compromise and prevent, minimize,

or remedy such harm.




The data is stored electronically at the National Data Center for

current data and offsite at an alternative data storage facility for

historical logs and system backups.


The data is retrievable by name or personal identifier from an

electronic database.


All records are protected from unauthorized access through

appropriate administrative, physical, and technical safeguards. These

safeguards include all of the following: restricting access to those

with a ``need to know''; using locks, alarm devices,

[[Page 64546]]

and passwords; compartmentalizing databases; auditing software; and

encrypting data communications.

ATS also monitors source systems for changes to the source data.

The system manager, in addition, has the capability to maintain system

back-ups for the purpose of supporting continuity of operations and the

discrete need to isolate and copy specific data access transactions for

the purpose of conducting security incident investigations. ATS

information is secured in full compliance with the requirements of the

DHS IT Security Program Handbook. This handbook establishes a

comprehensive information security program.

Access to the risk assessment results and related rules is

restricted to a limited number of authorized government personnel who

have gone through extensive training on the appropriate use of this

information and CBP policies, including for security and privacy. These

individuals are trained to review the risk assessments and background

information to identify individuals who may likely pose a risk. To

ensure that ATS is being accessed and used appropriately, audit logs

are created and reviewed routinely by CBP's Office of Internal Affairs.


The information initially collected in ATS is used for entry

screening purposes. Records in this system will be retained and

disposed of in accordance with a records schedule to be approved by the

National Archives and Records Administration. ATS both collects

information directly, and derives other information from various

systems. To the extent information is collected from other systems,

data is retained in accordance with the record retention requirements

of those systems.

The retention period for data specifically maintained in ATS will

not exceed forty years at which time it will be deleted from ATS. Up to

forty years of data retention may be required to cover the potentially

active lifespan of individuals associated with terrorism or other

criminal activities. The touchstone for data retention, however, is its

relevance and utility. Accordingly, CBP will regularly review the data

maintained in ATS to ensure its continued relevance and usefulness. If

no longer relevant and useful, CBP will delete the information. All

risk assessments need to be maintained because the risk assessment for

individuals who are deemed low risk will be relevant if their risk

profile changes in the future, for example, if terrorist associations

are identified. Additionally, certain data collected directly by ATS

may be subject to shorter retention limitations pursuant to separate

arrangements. The adoption of shorter retention periods may not be

publicly disclosed if DHS concludes that disclosure would affect

operational security, for example by giving terrorism suspects the

certainty that their past travel patterns would no longer be known to

U.S. authorities.


Executive Director, National Targeting and Security, Office of

Field Operations, U.S. Customs and Border Protection, Ronald Reagan

Building and Director, Targeting and Analysis, Systems Program Office,

Office of Information Technology, U.S. Customs and Border Protection.


Generally, this system of records may not be accessed for purposes

of determining if the system is a record pertaining to a particular

individual. (See 5 U.S.C. 552a(e)(4)(G) and (f)(1)).

General inquiries regarding ATS may be directed to the Customer

Satisfaction Unit, Office of Field Operations, U.S. Customs and Border

Protection, Room 5.5-C, 1300 Pennsylvania Avenue, NW., Washington, DC

20229 (phone: (202) 344-1850 and fax: (202) 344-2791).


Generally, this system of records may not be accessed under the

Privacy Act for the purpose of inspection. The majority of this system

is exempted from this requirement pursuant to 5 U.S.C. 552a(j)(2) and


General inquiries regarding ATS may be directed to the Customer

Satisfaction Unit, Office of Field Operations, U.S. Customs and Border

Protection, Room 5.5-C, 1300 Pennsylvania Avenue, NW., Washington, DC


Requests should conform to the requirements of 6 CFR Part 5,

Subpart B, which provides the rules for requesting access to Privacy

Act records maintained by DHS. The envelope and letter should be

clearly marked ``Privacy Act Access Request.'' The request should

include a general description of the records sought and must include

the requester's full name, current address, and date and place of

birth. The request must be signed and either notarized or submitted

under penalty of perjury.


Since this system of records may not be accessed, generally, for

purposes of determining if the system contains a record pertaining to a

particular individual and those records, if any, cannot be inspected,

the system may not be accessed under the Privacy Act for the purpose of

contesting the content of the record.


The system contains information derived from other law enforcement

systems operated by DHS and other government agencies, which collected

the underlying data from individuals and public entities directly.

In addition, the system contains information collected from

carriers that operate vessels, vehicles, aircraft, and/or trains that

enter or exit the United States.


Pursuant to 31 CFR 1.36 pertaining to the Treasury Enforcement

Communications System, the Automated Targeting System, which was

previously covered by the Treasury Enforcement Communications System

(TECS) system of records notice and associated with the below

exemptions, records and information in this system are exempt from 5

U.S.C. 552a©(3), (d)(1), (d)(2), (d)(3), (d)(4), (e)(1), (e)(4)(G),

(H), and (I), and (f) of the Privacy Act pursuant to 5 U.S.C.

552a(j)(2) and (k)(2). DHS intends to review these exemptions and, if

warranted, issue a new set of exemptions specific to ATS within ninety

(90) days of the publication of this notice.

Dated: October 27, 2006.

Hugo Teufel III,

Chief Privacy Officer.

[FR Doc. 06-9026 Filed 10-30-06; 3:31 pm]


Edited by Joseph Backes
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now
  • Create New...