Privacy groups rip terrorist risk-rating plan

Computerworld - More than two-dozen privacy groups have joined a growing chorus of voices calling for the immediate suspension of a federal data mining program that assigns secret terrorist ratings to millions of U.S. citizens and foreigners traveling to and from the country.

In formal comments filed with the U.S. Department of Homeland Security on Monday, the group called the government's Automated Targeting System (ATS) a "massive black box" for secretly profiling citizens in violation of the Privacy Act.

The program will give individuals no right to access the information used for such profiling, nor will it allow them to correct details that are inaccurate, irrelevant or outdated, the group said in its comments. At the same time, the information "will be made readily available to an untold number of federal, state, local and foreign agencies, as well as a wide variety of third parties, including contractors [and] grantees," the statement said.

At deadline, the DHS had not responded to requests for comment.

If the program goes forward, the government needs to ensure that individuals have judicially enforceable rights of access to the data and to correct it if needed, the group said. It also needs to make sure that only information that is needed for the screening process is collected and that use of such information is restricted. Among the 30 organizations that sent the comments were the Privacy Rights Clearinghouse, the Center for Democracy and Technology, the Electronic Privacy Information Center and the World Privacy Forum.

The ATS is designed to allow U.S. Customs and Border Protection officials to screen inbound and outbound cargo and passengers for terrorist threats. As part of the screening process, the system compares "information obtained from the public with a set series of queries designed to permit targeting of conveyances, goods, cargo or persons to facilitate DHS' border enforcement mission," according to the official DHS description.

The information for such screening will come from a variety of sources and can be stored for as long as 40 years. In the case of inbound and outbound passengers, the information will be obtained from the Passenger Name Record (PNR) data that is collected by each carrier. The information collected and stored by the ATS will include details such as names and addresses of all travelers, billing and travel agent information, e-mail addresses, number of bags checked and no-show history.

The DHS disclosed the details of its use of the ATS in a notice published in the Federal Register on Nov. 2. The purpose of the notice was to "provide expanded notice and transparency" related to the use of the ATS, the DHS wrote in the notice. The public comment period for the notice ended Dec. 4 but was extended to Dec. 29.