May 20 2010

Is “SPOT” a reasonable basis for suspicion or surveillance?

Today the Government Accountability Office released a detailed report on the TSA’s “Screening Passengers by Observation Techniques” (SPOT) program, providing considerably more detail than the TSA itself has ever provided, confirming the lack of any evidence that the program has spotted any terrorists, and suggesting implicitly that the DHS has been keeping yet another set of illegal records about innocent travelers.

We’ve followed the SPOT program since its existence was first revealed in 2004, and we’ve been detained, interrogated, and subjected to more intrusive search ourselves after being picked out by SPOT “Behavior Detection Officers”.  (Fancy language for, “They didn’t like our looks, so they harassed us and gave us a thorough shakedown.”)

The SPOT program is the TSA’s attempt to adopt Israeli-style passenger profiling based on appearance and behavior (isn’t that supposed to be un-American, or at least illegal?), and now has a budget of more than $200 million a year.  As shown in the diagram above from the GAO report, more than 150,000 people have been subjected to more intrusive search or interrogation as a result of being fingered by BDOs as “suspicious” or allegedly fitting the (secret, of course, this being the TSA) SPOT appearance and behavior profile.  In 14,000 cases, police were called and passengers detained for “investigation”, typically including a police demand for, and logging of, their ID.

The GAO report serves mainly to confirm the obvious: There is no scientific evidence that the SPOT program has identified any actual would-be terrorists, or provides any legitimate basis for suspicion of those it singles out:

TSA officials did not identify any direct links to terrorism or any threat to the aviation system in any of these cases.

According to TSA, anecdotal examples of BDO actions at airports show the value added by SPOT to securing the aviation system. However, because the SPOT program has not been scientifically validated, it cannot be determined if the anecdotal results cited by TSA were better than if passengers had been pulled aside at random, rather than as a consequence of being identified for further screening by BDOs.

So far as we know, no court has yet considered whether SPOT provides sufficient basis of suspicion to justify an investigative detention, but this GAO report provides a strong argument that it should be given no weight at all in such a determination.  As the report notes, BDOs in airports and TSA agents and contractors at checkpoints typically are not law enforcement officers and have no more authority to detain or arrest anyone than any member of the public making a citizen’s arrest.  The TSA calls in local law enforcement officers to do its dirty work, but police would seem to be on very shaky legal ground if they rely on the word of a BDO that “they looked to me like they fit the SPOT profile” as the basis for a detention or arrest.

There’s nothing new or really surprising in any of this.  But there is a disturbing revelation in the report of apparently illegal TSA record-keeping about the (mostly-innocent) people identified by BDOs as fitting the secret SPOT profile:

BDOs do not analyze the data obtained during referrals; if they have the appropriate training, they may enter the data by computer into the Transportation Information Sharing System… According to TSA, a 2008 pilot program it conducted … involved BDOs entering data into the Transportation Information Sharing System database…. A February 2006 TSA memorandum describes the Transportation Information Sharing System as “a critical element in the success of SPOT” because it provides the necessary platform for the reporting of information obtained as a result of SPOT referrals….

On March 18, 2010, TSA officials told us that TSA recognizes the value of recording SPOT incidents for the purposes of intelligence gathering. As a result, TSA decided that certain data would be entered into the Transportation Information Sharing System, and would, in turn, be analyzed as a way to potentially “connect the dots” with other transportation security incidents.

It’s outrageous, and fraught with potential for abuse, for the TSA again to be keeping files about innocent people, this time  merely because a BDO (who despite the title “officer” isn’t actually a law enforcement officer and at some airports like SFO might be a rent-a-cop contractor rather than any sort of government employee) decided they looked suspicious.

The particular legal problem with this — aside from the general Privacy Act prohibition on recording of information about the exercise of First Amendment rights, such as the right to assemble, without specific statutory authorization that is lacking for SPOT records — is that the TSA has never published a System of Records Notice for the Transportation Information Sharing System (TISS), and never mentioned SPOT or BDOs in its 2008 Privacy Impact Assessment for TISS, which described TISS solely in relation to the work of Federal Air Martials (FAMs).

A 2008 Privacy Impact Assessment for the SPOT program itself mentions that personal information about travelers will be entered into TISS and “the SPOT database,” but no SORN has been published for a system of records with either of those names. The PIA for SPOT doesn’t say that either of the TISS or SPOT databases are supposed to be included in some other “system of records”, or that notice of them was included in a SORN for some system with a different name.

The status of TISS records of BDO and SPOT interactions with travelers thus appears to be same as that of the Automated Targeting System in the years of ATS operation prior to its disclosure in 2006: TISS appears on its face to be a rogue system, the operation of which, without the publication of a valid SORN, constitutes a criminal violation of the Privacy Act on the part of the responsible TSA (and FAM?) officials.

We expect that, as it did with ATS, the DHS will scramble to come up with some strained interpretation of another SORN — probably one mentioning neither TISS not SPOT, and certainly not both — that it will claim actually covers the recording in TISS of information about people fingered by BDOs and SPOT.

The real test will be whether the Obama Administration now does what the Bush Administration didn’t do with ATS or with TSA collection of files on people who exercised their right not to show ID credentials at checkpoints, and initiates criminal investigations and prosecutions of the DHS officials responsible for this secret collection, without properly published notice, of records of innocent travelers whose appearances and behaviors some BDO thought fit a secret SPOT profile.