WASHINGTON-
The Homeland Security Department’s newly revealed computerized risk assessments of international travelers may violate a specific ban that Congress imposed as part of the agency’s budget over the past three years.
Some members of Congress and privacy advocates on Thursday questioned the legality of Automated Targeting System, or ATS, risk assessments that have been assigned to millions of Americans and foreigners who entered or left the United States over the past four years.
“It clearly goes contrary to what we have in law,” Rep. Martin Sabo, D-Minn., said in an interview. He said ATS is the kind of computerized risk assessment “we have been trying to prohibit.”
Homeland Security Secretary Michael Chertoff told The Associated Press: “I don’t think it (the prohibition) can be read as applying to this program. The statute doesn’t bar the use of funds for the purpose of analyzing the risks for people entering the country.”
Department spokesman Russ Knocke said Congress was informed many times since 2003 that ATS was being used to assess people.
The AP reported last week that ATS has been assessing millions of people since 2002.
At that time, a law prompted by the attacks of Sept. 11, 2001, required air and cruise lines to give the Homeland Security Department advance data on all passengers and crew entering and leaving the country.
Jayson P. Ahern, assistant commissioner of customs and border protection, told the AP all that passenger data is analyzed by ATS. Data on rail and some land travelers also have been assessed, he said.
ATS has operated with little public notice or understanding until a description was published last month in the Federal Register, a fine print compendium of federal rules.
The Homeland Security Department’s notice said people could not see their assessments or directly challenge them. It plans to keep the assessments for 40 years and share data with state, local and foreign governments for hiring, contracting, licensing and other decisions. In some instances, data could be shared with courts and private contractors.
Sabo, the top Democrat on the House Appropriations subcommittee on homeland security, wrote into the agency’s spending bills the ban on computerized passenger risk assessments. For the past three budget years, the legislation has said no funds from the appropriations bill could be used to develop or test computerized data-mining tools “assigning risk to passengers whose names are not on government watch lists.”
“They keep going off on these wild scenarios on a regular basis,” Sabo said. “They should concentrate on making their watch lists comprehensive and correctable.”
Sen. Patrick Leahy, a Vermont Democrat, agreed. “There is growing concern in Congress that this program invites abuse, and that the administration is plowing ahead with it in apparent violation of the law,” said Leahy, a member of the counterpart subcommittee in the Senate and incoming chairman of the Senate Judiciary Committee.
Chertoff noted that the prohibition barred risk assessments of “passengers.” He said “other people may have a different opinion of what they intended, but it’s clear this is all aimed at what Secure Flight was, which was deciding who could board aircraft” in the United States.
Democrats and privacy advocates acknowledged the provision began in 2004 trying to prohibit computerized risk assessments using commercial databases by the proposed domestic screening system, then known as CAPPS II.
But they said when the agency changed the name to Secure Flight and dropped commercial databases, they broadened the prohibition in 2005. One section restricted Secure Flight only to testing and set accuracy and privacy tests before it could be implemented. But they said a separate section, covering the entire department, was added to prevent any use of computerized risk assessment of people who are not already on watch lists.
Knocke said the department provided written testimony about ATS to Congress 19 times since May 2003. Most of the written testimony contained a sentence or two saying ATS was being used to screen passengers. One statement specifically mentioned mining regulatory databases; one said ATS used computer algorithms to find potentially risky people for additional questioning at the border.
Ahern, the customs and border protection official, told the AP that ATS “is a very proven, forward-leaning border initiative that we put in place to try to take a look for people that basically weren’t watch-listed.”
Ahern said the ATS software finds people whose travel histories in the passenger records forwarded by air and cruise lines coincides with patterns of behavior that agents had seen among terrorists or criminals over time.
In comments filed with the government this week, The Identity Project, a legal defense fund for people whose travel has been impeded by government screening, argued ATS violated the spending ban and said “any records or data already collected … for this forbidden purpose should be immediately destroyed.”
The ban also was raised by Barry Steinhardt, director of the American Civil Liberties Union’s technology and liberty project; David Sobel, lawyer for the Electronic Frontier Foundation; and former Republican Rep. Bob Barr of Georgia, now a liberty and privacy expert for the American Conservative Union.
“We went through many years of debate over this notion of probing into the background of every passenger and assigning them a threat rating,” Steinhardt said.
“Congress enacted a specific prohibition on rating innocent travelers and instructed DHS to focus only on those who were on a government watch list. So it is unconscionable for the government to then create this kind of a system in violation of that ban, and without proper notice to Congress or the public.”
The department’s operation of ATS since the ban was passed might violate the Anti-Deficiency Act, which bars government officials from spending money not appropriated by Congress, according to several of these critics.
That act carries administrative penalties that include firing. It also has criminal penalties for willful violations up to two years in prison, although no one ever has been prosecuted.
