"Clearly the law prohibits testing or development" of such computer programs, said Rep. Martin O. Sabo (D-Minn.), who wrote the three-year-old prohibition into homeland security funding legislation. "And if they are saying that they just took some system, used it and therefore did not test or develop it, they clearly were not upfront about saying it."
On Nov. 2, a notice in the Federal Register revealed information about the data-mining program, particularly the creation of risk assessments on Americans that would be retained for up to 40 years.
Developed to help customs inspectors target narcotics and other contraband, ATS began scrutinizing air travelers entering and leaving the United States in the mid-1990s, said Jayson P. Ahern, assistant commissioner of U.S. Customs and Border Protection. After the 2001 terrorist attacks, it was used to assign risk assessments to cargo and passengers, officials' testimony and a February 2005 DHS report to Congress show. Two years ago, it was expanded again to a limited but growing number of land border crossers, according to the report and Ahern. About 309 million land crossings and 87 million air crossings of U.S. borders are made each year.
Privacy rights and business travel groups are up in arms over the revelation.
The Center for Democracy and Technology said the program violated the 1974 Privacy Act because customs officials targeted U.S. travelers and shared their data with other agencies without notifying the public. Homeland Security officials say that notice was implicit in an announcement in 2001 about an older program.
"The lack of a notice at all was clearly illegal for however many years they claim this was in operation," said David Sobel, Electronic Frontier Foundation senior counsel.
"This is everybody's worst nightmare," said Kevin Mitchell, chairman of the Business Travel Coalition, who was angered by the revelation that profiles were being kept without travelers' knowledge.
Homeland Security maintains that this is the same program that was created in 2001 and thus it predates the funding ban passed in the aftermath of the controversial CAPPS II program, which was to use commercial databases to assign risk.
DHS leaders have described in speeches and congressional hearings their efforts over the years to process data from manifests and airline passenger records on U.S.-bound international flights to "detect anomalies and 'red flags' " for high-risk individuals. DHS has been more explicit recently about ATS data mining and risk profiling, saying computer algorithms were used to "produce potential matches" of inbound and outbound travelers with "potential . . . connections to terrorist risk factors." But senior Homeland Security officials made only a few short references in 2004 and 2005 to using the program to assess land travelers. At the time, they cited it only as a future possibility.