December 8, 2006 | By David Sobel

Chertoff Shocked(!) at Privacy Uproar Over "Targeting" System

In a fascinating article by Shane Harris in the National Journal, Homeland Security Secretary Michael Chertoff professes great surprise at the public uproar over the Automated Targeting System (ATS). He claims that he has discussed the "collection" and "analysis" of personal data -- including airline Passenger Name Records (PNR) -- "incessantly." The Secretary says that critics of the system -- which assigns "risk assessment" scores to all travelers, including U.S. citizens, and retains them for 40 years -- just haven't been paying attention:

"Yeah, they missed about 100 speeches that I gave," an exasperated Chertoff told National Journal on December 5. "I've talked about... PNR data and biographic data and using it to analyze and connect the dots about people before they come into the country; I have to have given at least 20 speeches about it."

Well, many of us have paid attention, and despite our best efforts, we've been unable to learn much about Homeland Security's collection and use of personal data.

Read on for more after the jump.

As a case in point, let's look at the speech Mr. Chertoff delivered just a few months ago, on September 8, titled September 11: Five Years Later." Yes, it's true that he talked about the collection and analysis of personal information, including PNR data. But he expressed frustration at the current state of those activities:

And my plea in this country, and my plea to the Europeans is this: For God's sake, let us do that before the next 9/11, rather than afterwards. It's much better to be able to do this kind of detective work to stop an attack, rather than to investigate an attack that has already occurred.

And he certainly didn't make it sound as though the U.S. government has been engaging in such data-mining for at least four years (as the Associated Press has reported). Mr. Chertoff continued:

So over the next year, I'm going to be looking forward to working with my European colleagues on building on this kind of information, allowing a full analysis, and still making sure we respect the privacy of those who travel internationally.

In any event, it appears that it wasn't only privacy advocates and members of Congress who were unaware of the ATS data-mining project. In May 2004, the General Accounting Office released a report titled "Datamining: Federal Efforts Cover a Wide Range of Uses." The GAO attempted to present a comprehensive survey and defined data-mining as "the application of database technology and techniques -- such as statistical analysis and modeling -- to uncover hidden patterns and subtle relationships in data and to infer rules that allow for the prediction of future results." And the Congressional watchdog agency used a fairly aggressive methodology to avoid missing something of interest, not only surveying agency officials, but also reviewing published materials that described relevant programs.

The GAO report identified 14 Department of Homeland Security data-mining programs, none of which appear to be at all similar to the Automated Targeting System.

More recently, on July 6, 2006, the DHS Privacy Office issued a "Report to Congress on the Impact of Data Mining Technologies on Privacy and Civil Liberties."

The report was issued in compliance with the requirements the 2005 DHS appropriation, which directed "the DHS Privacy Officer, in consultation with the head of each Department of Homeland Security agency that is developing or using data-mining technology" to account for and describe any such activities.

The report identified six DHS programs, and ATS was not among them.

Finally, in August 2006, the DHS Inspector General's Office released a document titled, "Survey of DHS Data Mining Activities." This report did discuss ATS, but certainly not in a way that would raise any privacy flags: "the Automated Targeting System (ATS) . . . uses electronic shipment data to search criteria that could indicate high-risk cargo."

So we apologize, Mr. Chertoff, for not paying attention when you and your Department "incessantly" tried to alert us to the fact that millions of U.S. citizens were being assigned "risk assessment" scores that will follow us throughout our lives.

In any case, the Secretary is trying to misdirect the debate by casting the issue as whether or not the program was common knowledge. That's a peripheral question in the greater scheme of things. The really important question is whether DHS has violated the law. There's a growing consensus that it has, and we will address that issue in upcoming posts.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Prison phone company Securus wins our Stupid Patent of the Month award with a patent on asking people to pay a bill.

Nov 24 @ 3:39pm

América Latina: Ciberseguridad desde la perspectiva argentina, por @ADC_derechos [PDF]

Nov 24 @ 2:01pm

"I’ve come to see encryption as the natural extension a computer scientist can give a democracy" says @kaepora:

Nov 24 @ 11:38am
JavaScript license information