Do you know your terror score? Think you don't have one? You may, if you've traveled internationally during the past four years. And that is generating a growing controversy both in the United States and abroad.
The Department of Homeland Security's Customs and Border Protection (CBP) has been quietly assigning travelers, both American and foreign, on international flights a score that's designed to identify high-risk travelers. It's derived from a set of criteria, such as where you're from and whether you have a habit of buying one-way tickets and paying with cash.
CBP officials call the program, which was implemented with little public notice and no congressional approval, a crucial tool to protect the nation. They describe it as a kind of extra electronic border that has the potential to catch terrorists and criminals before they get to an actual border crossing.
"Without a system like this, we would in many ways be blind to potential threats before they arrive," says Jarrod Agen, a DHS spokesman.
But some congressional leaders, privacy advocates, and travel executives believe it's an unparalleled use of data-mining to invade individuals' privacy. Some European leaders also object, claiming the program – called the Automated Targeting System (ATS) – violates a privacy agreement worked out between the US and the European Union.
Opponents are calling on the Department of Homeland Security (DHS) to suspend the program until privacy concerns can be addressed. They say the key problem with ATS is that there's no way for individual to determine that he or she has been flagged. CBP can also share the information it's collected with other government agencies, other governments, and even private contractors. And CBP can keep the data up to 40 years.
"For the first time, a dossier is being built on me and every other innocent citizen that tracks information on them," says Kevin Mitchell, chairman of the Business Travel Coalition in Radnor, Pa. "To add insult to injury ... they say they're keeping the data for 40 years – just in case Kevin Mitchell – whose profile is not threatening at the moment – has some kind of ties to a terrorist organization in the future."
The controversy over ATS erupted after privacy advocates at the Electronic Frontier Foundation (EFF) found an obscure notice about it in the Federal Register last month. In the notice, which is required under the 1974 Privacy Act, DHS says that its data collection system "does not identify or create any new collection of information, rather DHS is providing additional notice and transparency of the functionality of these systems."
In fact, the data collection system has been in place since the mid-1990s, says CBP spokesman Pat Jones. It was started as a way to help interdict drug shipments and smugglers and was carried out by the Treasury Department. After 9/11, it was enhanced to include potential terrorists, and it was eventually moved to CBP, according to Mr. Jones. "The information that we've got is not invasive. How someone pays for their plane ticket I don't think is an invasion of anyone's privacy," he says. "These issues always involve some kind of a balance."
But privacy advocates contend the issue is far more complex. EFF's lead counsel, David Sobel, notes that prior to the publication of the November notice, the only public mention of ATS said that it was used to target and assess cargo shipments, not people.
"Congress didn't know they were doing this. Even DHS's own inspector general in a report issued this summer didn't realize they were using this to target passengers," he says.
The Transportation Security Administration has been trying to put together a similar data collection system to check air passengers for years, Mr. Sobel and other privacy advocates note. That system, called Secure Flight, has been tabled by DHS until privacy concerns raised by Congress can be addressed.
Mr. Mitchell of the Business Travel Coalition says that while he and others were testifying before Congress about problems with Secure Flight, DHS was quietly collecting almost the same kind of information. And unlike Secure Flight, which is designed to "ping data" and then expunge it, the ATS data is saved in a data bank.
"None of us knew this was going on behind our backs," says Mitchell. "This looks like it was done because [other data-mining systems failed] and Secure Flight's in trouble."
Some congressional leaders, including Sen. Patrick Leahy (D) of Vermont, have pledged to hold hearings on ATS. "Databanks like this are overdue for oversight, and that is going to change in the new Congress," Senator Leahy said in a statement.
For now, DHS is standing by its program and says it has no plans to suspend it for further public scrutiny. "You tell [privacy advocates] when they're able to persuade the bad guys to announce when they're coming into the country, we won't need a system like this," says Jones of CBP.