The Automated Targeting System (ATS) is a data-mining system that will let the agency create "risk assessments" of tens of millions of travelers. The information will be held for 40 years, and even U.S. citizens will have no right to view those risk assessments.
"With respect to the data that ATS creates, i.e. the risk assessment for an individual, the risk assessment is for official law enforcement use only and is not communicated outside of CBP (Bureau of Customs and Border Protection) staff, nor is it subject to access under the Privacy Act," said a Department of Homeland Security assessment of the system's impact on privacy.
Risk assessments will be used to determine whether the subject is deemed a security threat, or is likely to contravene any article of U.S. law. However, the Department of Homeland Security has said that innocent passengers may not even be aware that information on them is being mined or that risk assessments are being formed.
"ATS is a system that supports CBP law enforcement activities, as such an individual might not be aware of the reason additional scrutiny is taking place, nor should he or she as this may compromise the means and methods of how CBP came to require further scrutiny," the agency said.
The data is initially collected from both government and commercial sources, including airline reservations. So-called Passenger Name Record (PNR) data may include passenger name, address, contact details, flight details, frequent flier details, accommodation details and general remarks.
Once collected, the data is fed into the Treasury Enforcement Communications System, an "overarching law enforcement information collection, targeting, and sharing environment," according to a Department of Homeland Security document.
Access to the data will be granted to law enforcement bodies, the Secret Service, and also "contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, co-operative agreement, or other assignment for the Federal government," according to the document.
No mention is made of the public being able to access the data collected on them. There is a mechanism for redress should incorrect or inaccurate data be collected--but how passengers would know that incorrect data is being held has not been explained by the agency. The data can be corrected through the redress process. Once this happens, risk assessments are reformulated in real time.
Electronic rights group the Electronic Frontier Foundation (EFF) called this an "invasive and unprecedented data-mining system," and called for the government to delay implementation of the scheme until there had been informed public debate. ATS was implemented on Monday.
"The government is preparing to give millions of law-abiding citizens 'risk assessment' scores that will follow them throughout their lives," said EFF senior counsel David Sobel.
"If that wasn't frightening enough, none of us will have the ability to know our own score, or to challenge it. Homeland Security needs to delay the deployment of this system and allow for an informed public debate on this dangerous proposal," he added.
Under a deal with the European Union, the Department of Homeland Security can electronically access PNR data from air carriers' reservation and departure control systems within the European Union.
Tom Espiner of ZDNet UK reported from London.