EFF sues DHS over travel data-mining system

Foundation of 'risk assessment' system angers privacy watchdogs

The Electronic Frontier Foundation (EFF) has filed a lawsuit against the Department of Homeland Security, demanding the agency turn over information about an "invasive" data-mining system used to assess the terrorist threat posed by U.S. travelers.

The EFF, an advocacy group focused on privacy and civil liberties, asked the U.S. District Court for the District of Columbia for the expedited release of records related to the DHS Automated Targeting System, or ATS, a program DHS unveiled in a November privacy notice in the Federal Register. The EFF filed Freedom of Information Act requests for information on the program on Nov. 7 and Dec. 6.

ATS creates and assigns "risk assessments" to virtually all travelers as they enter and exit the U.S. by air or other means, according to the DHS filing. The DHS filing on the program raised objections from privacy advocates, who said ATS could violate federal privacy law and civil rights. ATS might also violate a federal law prohibiting DHS from developing algorithms assigning risks to passengers not on government watch lists, the EFF said.

The program, as described, would track tens of millions of travelers, including U.S. citizens, the EFF said. "Individuals have no right to access information about themselves contained in the system, nor request correction of information that is inaccurate, irrelevant, untimely or incomplete," EFF lawyers David Sobel and Marcia Hofmann wrote in their complaint, filed Tuesday in the district court.

The U.S. government will retain the risk assessment information for 40 years, according to DHS records. The information will be made available to "untold" numbers of federal, state, local and foreign agencies, the EFF said in a press release.

"You don't know what information that assessment comes from," Hofmann said. "You don't know how that information will be used against you."

The ATS program for cargo coming into the U.S. has been in place since the early 1990s, and its passenger screening capabilities since the mid-'90s, said DHS spokesman Jarrod Agen. DHS, which was created in March 2003, published the Federal Register notice about the program now after reviewing ATS and finding it had not yet been disclosed to the public, Agen said.

The notice was "an effort to be transparent," Agen said.

Agen declined to comment on the EFF lawsuit, but defended ATS. It's used to identify potential terrorists and terrorist weapons entering the U.S., he said. DHS is "expected to protect this country" from those threats, he added. "Without [ATS], we'd be virtually blind."

The EFF wants to see DHS records that discuss possible redress for people who dispute the ATS assessments, records showing the number of arrests resulting from an ATS screening and records of complaints from people about the assessments.

The EFF also wants to know if DHS has looked at the error rates in the government and private databases used in ATS, whether DHS has set up an oversight board to monitor the use of ATS and whether DHS has implemented security measures to protect the system against hackers.

"DHS needs to provide answers, and provide them quickly, to the millions of law-abiding citizens who are worried about this 'risk assessment' score that will follow them throughout their lives," the EFF's Sobel said in a statement.

ATS is considered by many observers to be the latest iteration in a string of programs with similar mechanisms and goals. Previous DHS efforts toward an automated passenger-screening program include TIA (Total Information Awareness), CAPPS (Computer-Assisted Passenger Pre-Screening program) II, and Secure Flight.

Copyright © 2006 IDG Communications, Inc.

How to supercharge Slack with ‘action’ apps
  
Shop Tech Products at Amazon