03 November 2006

In the Crosshairs

Ars Technica has just published this story about a system you'll want to check out. You'll want to, but you won't really be able to.

The system is designed to collect large amounts of personally identifiable information about every person entering or leaving the United States for the purpose of assigning each individual a "risk assessment" rating. It will be implemented and operated by US Customs and Border Protection, a unit of the Department of Homeland Security.

If you travel a lot, the system will pretty quickly contain your name, address, telephone number, email address, frequent-flyer numbers, travel itineraries, and other information. It would surprise me if it didn't eventually include some credit card information.

The most surreal aspect of the system is its name: THE AUTOMATED TARGETING SYSTEM. Whoever approved that moniker obviously doesn't work in public relations. But in fact Customs and Border Protection clearly isn't too concerned with public relations. While your AUTOMATED TARGETING SYSTEM record can be accessed by courts, government officials at all levels including international, law enforcement, congressional offices, contractors, researchers, the Department of Justice, the National Archives, and intelligence agencies, it's not subject to the protections of the United States Privacy Act, and you can't access it yourself for purposes of reviewing the record's accuracy and correcting errors.

If you're worried about the privacy implications of this, well, you'll probably have lots of company. But don't let your privacy worries distract you so much that you don't worry about another important problem: the accuracy of the "risk assessment" which will be performed using your data.

Since the risk assessment criteria haven't been published, it's not easy to analyze any weaknesses that might exist. But it's not hard to predict that these weaknesses will be profound. Here's a fairly simple question I'd ask if I were assessing the system:

What risk rating would the system have assigned to Timothy McVeigh? Mohammed Atta? Omar Abdel Rahman? Brandon Mayfield? Hugo Chavez? Pope Benedict XVI? Aldrich Ames? John Walker Lindh?

I'm also interested to know whether a "high" risk rating will be considered sufficient justification for initiating an investigation of a US citizen or resident alien, and if so, what due process will be granted to the individual who is investigated.

This type of system (a large-scale system constructed in secret to solve a poorly understood but highly politically sensitive problem) has always resulted in failures, cost overruns, and injustices in the past. There's no reason to predict that THE AUTOMATED TARGETING SYSTEM will be the exception to the rule.


Blogger Jim Malmberg said...

You need to be aware that the notice in the Federal Register (at least in the online version) also gave incorrect information on how to post comments on this program. Specifically, the Docket Number was incorrect in the Federal Register, making it difficult for anyone wanting to comment on the program. The actual Docket number is DHS-2006-0060.

DHS is required by law to take comments from the public prior to implementing screening. If enough people give negative comments on this system, there is a real chance that it can be stopped.

To comment, you can go to http://www.regulations.gov. Do a search using the Docket Number mentioned above. On the results page, in the far right column, you can click on the “bubble” and you will be taken to a page that allows you to leave your comment.

Unfortunately, there is no way to link directly to the comments page. I presume that the government has done this intentionally to dissuade people from giving them too much feedback.

Jim Malmberg

November 06, 2006 1:36 PM  

Post a Comment

<< Home