New U.S. Customs Database on Trucks and Travellers

It’s yet another massive government surveillance program:

US Customs and Border Protection issued a notice in the Federal Register yesterday which detailed the agency’s massive database that keeps risk assessments on every traveler entering or leaving the country. Citizens who are concerned that their information is inaccurate are all but out of luck: the system “may not be accessed under the Privacy Act for the purpose of contesting the content of the record.”

The system in question is the Automated Targeting System, which is associated with the previously-existing Treasury Enforcement Communications System. TECS was built to screen people and assets that moved in and out of the US, and its database contains more than one billion records that are accessible by more than 30,000 users at 1,800 sites around the country. Customs has adapted parts of the TECS system to its own use and now plans to screen all passengers, inbound and outbound cargo, and ships.

The system creates a risk assessment for each person or item in the database. The assessment is generated from information gleaned from federal and commercial databases, provided by people themselves as they cross the border, and the Passenger Name Record information recorded by airlines. This risk assessment will be maintained for up to 40 years and can be pulled up by agents at a moment’s notice in order to evaluate potential threats against the US.

If you leave the country, the government will suddenly know a lot about you. The Passenger Name Record alone contains names, addresses, telephone numbers, itineraries, frequent-flier information, e-mail addresses—even the name of your travel agent. And this information can be shared with plenty of people:

Federal, state, local, tribal, or foreign governments
A court, magistrate, or administrative tribunal
Third parties during the course of a law enforcement investigation
Congressional office in response to an inquiry
Contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, or grant
Any organization or person who might be a target of terrorist activity or conspiracy
The United States Department of Justice
The National Archives and Records Administration
Federal or foreign government intelligence or counterterrorism agencies
Agencies or people when it appears that the security or confidentiality of their information has been compromised.

That’s a lot of people who could be looking at your information and your government-designed risk assessment. The one person who won’t be looking at that information is you. The entire system is exempt from inspection and correction under provision 552a (j)(2) and (k)(2) of US Code Title 5, which allows such exemptions when the data in question involves law enforcement or intelligence information.

This means you can’t review your data for accuracy, and you can’t correct any errors.

But the system can be used to give you a risk assessment score, which presumably will affect how you’re treated when you return to the U.S.

I’ve already explained why data mining does not find terrorists or terrorist plots. So have actual math professors. And we’ve seen this kind of “risk assessment score” idea and the problems it causes with Secure Flight.

This needs some mainstream press attention.

EDITED TO ADD (11/4): More commentary here, here, and here.

EDITED TO ADD (11/5): It’s buried in the back pages, but at least The Washington Post wrote about it.

Tags: borders, data mining, databases, privacy, risk assessment, secrecy, surveillance, watch lists

Posted on November 4, 2006 at 9:19 AM • 26 Comments

Comments

another_bruce • November 4, 2006 12:09 PM

i don’t think the government knows all my phone numbers and email addresses.

The Government • November 4, 2006 12:59 PM

@ another_bruce:

Yes we do.

Roy • November 4, 2006 1:52 PM

It’s interesting that participation is entirely voluntary: if you want to cross the national border, you have to give up everything.

On your return you can be branded a terrorist, an illegal immigrant, or an enemy combatant, in which case you won’t have any rights to be infringed — ever.

And next will be state lines?

Kees • November 4, 2006 2:19 PM

Just cross the border with three elephants and a six-member mariachi band; the government will never know!

http://www.mysanantonio.com/news/metro/stories/MYSA101206.01B.border.elephants.350c41b.html

VOTE!!! • November 4, 2006 2:45 PM

@Kees

They only check donkeys these days, the elephants do whatever they want. At least, for the next few days…

Oz • November 4, 2006 3:26 PM

so, the screening program has borderline utility. Probably better at catching drug runners.

But the danger is if there is violation of rights (or sense) on contact if the system flags a person as a risk.

I don’t see why this isn’t just another case of profiling – the evil is in misapplication. Of course, in free democratic countries like US and Oz the law will be upheld, so there’s no problem there….

yet another bruce • November 4, 2006 4:24 PM

A big database used to make important decisions, but no way to correct or even contest errors? Brilliant.

I hope some insider starts randomly but extensively corrupting the data in the database, so it starts producing completely ridiculous outcomes. That process should take long enough that it won’t be easily discovered. Then by the time the damage is really extensive and really bad, it will be uncorrectable.

Of course, the govt being what it is, they will continue using it despite being unrealistic and corrupt, because, well, because unrealistic and corrupt but still capable of making decisions is what govt is best at.

Clive Robinson • November 4, 2006 4:40 PM

What wories me is that as you say,

“you can’t review your data for accuracy, and you can’t correct any errors”

And that it can be used by the likes of,

1 -Third parties during the course of a law enforcement investigation
2 – A court, magistrate, or administrative tribunal
3 – The United States Department of Justice

So a cop investigates you because of it, a court uses it to judge you, and the DOJ uses it to effectivly sentance you. And you can not chalenge it…

Hmmm…. Stalin would have loved this

So welcome all U.S. Citizens to camp X-Ray-Homeland it’s just opened it’s doors to you.

As somebody from outside the U.S. Can you please tell me why so many of you vote Republican?

Pseudonym • November 4, 2006 6:19 PM

I don’t see why you shouldn’t be able to see your data. Surely if the government isn’t doing anything wrong, they have nothing to hide…

quincunx • November 4, 2006 7:19 PM

‘US Customs and Border Protection issued a notice in the Federal Register yesterday which detailed the agency’s massive database that keeps risk assessments on every traveler entering or leaving the country.’

Real risk assessment is figured out by actuaries in insurance companies working in a competitive environment with their OWN money.

Government risk assessment is an oxymoron, because the government always spreads the risk onto others. The government will not be put out of business by failing to achieve its objective, ergo there is no risk at all.

Roy • November 4, 2006 8:38 PM

The error-correction prevention is engineered in as a design feature.

George Orwell was a naive optimist.

John Faughnan • November 5, 2006 12:04 AM

Mainstream press attention would be nice, but pointless. The only hope of introducing some reason into this madness is to oust the GOP from Congress.

Michael Hampton • November 5, 2006 9:08 AM

Buried in the back pages, but at least they wrote something:
http://www.washingtonpost.com/wp-dyn/content/article/2006/11/02/AR2006110201810.html

Anonymous • November 5, 2006 9:23 AM

“So a cop investigates you because of it, a court uses it to judge you, and the DOJ uses it to effectivly sentance you. And you can not chalenge it…”

The court is made of humans who review cases based on sanity more than bureaucratic regulations. If there’s a clear error in the database, the court is likely to notice.

It will cause problems, but it won’t do away with juries.

Sundial • November 5, 2006 12:48 PM

I posted an extensive comment on Wired. (Follow the third link.)

ChipGeek • November 5, 2006 7:27 PM

@ Anonymous

“The court is made of humans who review cases based on sanity more than bureaucratic regulations. If there’s a clear error in the database, the court is likely to notice.”

You’re a naive optimist.

Ben • November 5, 2006 10:49 PM

Screw up the database? That’s worked so well with the no fly list hasn’t it? Just ask any parent trying to get on a plane with a three year old whose name is on the list.

jmax • November 5, 2006 10:57 PM

“The court is made of humans who review cases based on sanity more than bureaucratic regulations. If there’s a clear error in the database, the court is likely to notice.”

Two points:
1. “likely” isn’t real comforting.

And if the error isn’t clear? You can’t challenge it, because you don’t know it’s there; you aren’t allowed to look at the data.

bob • November 6, 2006 7:18 AM

@Clive Robinson: This isnt a “left” or “right” wing issue. We had just as many tramplings of rights under Clinton or Carter.

This is a “big government black hole absorbing everything in reach and becoming bigger” thing that transcends which side of the aisle you sit on. It was triggered by 9/11 and the republicans get all the credit for it cause it happened on their watch. Give it a couple of years and the democrats will have their turn to make monolithic government growth a new olympic sport.

Stephane • November 6, 2006 7:18 AM

Ask me why I decided never to go to the USA again, please

Ex-Pat • November 6, 2006 8:49 AM

@Stephane

Why did you decide never to return to the USA? (Had to ask…)

avery • November 6, 2006 10:23 AM

I don’t see what you guys are worried about. If I want to see my information I’ll just poing out this: “Any organization or person who might be a target of terrorist activity or conspiracy” and remind them that they’ve spent the better part of five years telling my the terrorists are out to get me personally. How can they expcect the members of my family to sleep at night until they are certain that I do not represent a terrorist threat right there in the house?

Winston Smith • November 7, 2006 5:30 AM

http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-545269

Yay, we’re worse than the US!
We’re nearly as bad as China.

Cheers Tony

effects side zoloft • November 7, 2006 12:17 PM

Good and useful info! Thank you!

w • November 7, 2006 2:55 PM

@Anonymous – you don’t get a jury trial anymore, remember? That was last weeks fun with the law.

Bukko in Australia • November 24, 2006 2:19 AM

How is the U.S. different to the old USSR? Almost equal paranoia about people coming in. This should throw a New Orleans’ worth of cold water on the U.S. tourism industry. “Welcome to Fortress America! Now GO AWAY!”

I’m an American who emigrated to Australia last year because I didn’t like the fascism and murder that my tax dollars were paying for. When my wife and I would travel overseas, we’d find it so relaxed going between countries in Europe. But coming back to the U.S. was like entering a hate-state. We don’t have any plans to return to the country where we lived for half a century (the flight back is a bee-yotch!) and based on this article, we wouldn’t be allowed back in anyway. Traitorous country-leavers that we are and all.

But hey, anyone who’s patriotic would NEVER want to leave the good ol’ USA. Unless it was to invade another country, that is…

Schneier on Security

New U.S. Customs Database on Trucks and Travellers

Comments

Leave a comment Cancel reply