WASHINGTON, Jan. 2 (UPI) -- A computer system that screens those arriving in the United States for potential indicators of terrorist activity is in danger of violating the Fourth Amendment, says the incoming chairman of the House Homeland Security Committee.
In public comments filed Friday on the privacy implications of the Automated Targeting System for Passengers, or ATS-P, operated by U.S. Customs and Border Protection, Rep. Bennie Thompson, D-Miss., expressed several concerns about the system, including the way it makes the travel records of U.S. citizens available to other government agencies.
He accused the agency of creating a "warrantless well of evidence from which any law enforcement, regulatory or intelligence agency could dip at will -- without any probable cause, reasonable suspicion, or judicial oversight."
"Without adequate safeguards," he added, routine sharing of the information collected from Americans entering the country "may constitute violations of the U.S. Constitution's Fourth Amendment guarantee against unreasonable searches and seizures."
Some observers predicted ATS-P would become the poster child for concerns on Capitol Hill about the privacy and civil liberties impact of post-Sept. 11 measures aimed at interdicting terrorist travel.
ATS-P "is teed up to be the central figure in a round of high-profile hearings," said Jim Harper, director of information policy studies at the CATO Institute and a member of the Department of Homeland Security's Data Privacy and Integrity Advisory Committee.
ATS-P automatically checks biographical and other data about those arriving in the United States against criminal and terrorism watch-lists, and performs a so-called terrorism risk assessment for each one. The records of incoming passengers matching a watch-list entry or assessed as a terrorist risk are reviewed by officials at the Department of Homeland Security's National Targeting Center -- and they may be flagged for additional scrutiny by immigration inspectors at ports of entry.
Officials say the system has resulted in several suspected terrorists and other malefactors being turned away or apprehended.
In one case a Jordanian national -- flagged by ATS-P in July 2003 and denied entry after questioning at O'Hare International Airport in Chicago, even though he had a valid visa -- blew himself up in a huge car bomb outside an Iraqi police station 18 months later.
"No one knows what he was going to do in the United States, why he wanted to come in or what he was planning," said Department of Homeland Security Assistant Secretary Stewart Baker.
Baker revealed newly cleared details of two such cases at a little-reported think tank privacy seminar just before Christmas. "Personally, I'm actually grateful that we don't know and that we didn't have a chance to find out," he told the seminar, at the Center for Strategic and International Studies.
"It's nice for Baker," said Harper, another participant in the seminar. "He can reach into the lockbox of secret homeland security information and bring out the best stories and spring them on us.
"But I don't think anecdote is a good basis for policy."
Former U.S. Customs and Border Protection Commissioner Robert Bonner told United Press International that ATS-P was "a vital tool ... (that) has actually made the United States safer" from international terrorism.
With 87 million arriving airline passengers every year, Bonner said, the problem was "how to expedite most of them through the airports, concentrating on those who are identified as a potential risk."
Bonner said the terrorism risk assessment was conducted in the light of a secret and constantly updated set of factors -- travel or other behavior patterns that are thought to be indicators of terrorist activities.
"It's strategic intelligence about who the enemy is and how they travel," he said, declining to comment further.
Baker said part of the assessment was so-called link analysis, looking for credit card or telephone number associated with previously identified terrorist suspects or journeys.
Thompson stated in his filing that "0ral briefings by (Department of Homeland Security) officials have clarified that ATS-P is neither a scoring nor a data-mining process; they have described the assessment as a "flag/no flag" result based on a "links analysis," i.e., looking at links between (travel, identity and other) data ... and known or suspected terrorist activity.
"They have explained that the relevant factors are determined by counter-terrorism experts and as such, are constantly changing as facts on the ground change and more information becomes known.
Thompson said he was "reassured that there is no indiscriminate 'data-dumping' or 'data-mining.'"
But his comments reflect concerns about the other uses that the data, which includes records about the 40 million-plus Americans who arrive at U.S. airports annually -- can be put to.
ATS-P collects and indexes information from the Passenger Name Record, or PNR -- an airline database that includes telephone and credit card numbers, seating and meal preferences, and the names of others traveling in the same party.
"At a minimum," states Thompson in his comments, "any further dissemination of this extensive personal data, either on (U.S. Customs and Border Protection) initiative or upon request, must be documented regarding who is the requestor, what is the legal justification for receiving the data, for what purpose will the data be used, and how it will be protected from further disclosure.
"No such safeguards appear" to exist at the moment, he concludes in the comments, filed on the last day that the ATS-P system of records notice -- a regulatory filing required by the Privacy Act -- was open for public comment.
The notice says that ATS-P data will be maintained for 40 years and that sharing it with other law enforcement and government agencies -- either at their request or at customs own initiative -- is a routine use.
Thompson charges the ATS-P notice "does not adequately distinguish between (Custom and Border Protection's) legal authority and processes ... to screen cargo from its legal authority and processes to screen passengers."
"Further, it does not distinguish between its different treatment options for foreign citizens flagged as high risk and high-risk U.S. citizens, whom (Custom and Border Protection) has no authority to exclude from the United States."
