We’ve heard a lot of talk in recent months about “extreme vetting” of immigrants, Muslims, and foreign visitors to the US. But what does “extreme vetting” really mean?
“Vetting” means examining people and deciding who to allow, and who not to allow, to do something.
Under DHS procedures that have been in place for a decade, no airline operating to, from, or within the US is allowed to issue a boarding pass or let you on a plane unless and until it has sent your personal information to DHS and received an individualized, per-passenger, per-flight “Boarding Pass Printing Result” (BPPR) message giving the airline “permission” to “allow” you to exercise your right to travel by common carrier. The default if DHS doesn’t respond is “no”, and both the algorithms used for the decision and the data put into that algorithmic black box are secret.
What could be more “extreme”? Manual strip searches for all travelers, instead of just virtual strip searches using as-though-naked imaging machines?
But as President-Elect Trump’s “extreme” rhetoric suggests, the government’s desire for surveillance and control of our movements is insatiable. It’s always possible to make yet another mirror copy of the government’s warehouse of metadada about our movements, disseminate it more widely, and pile on another layer of pre-crime profiling algorithms. More is always better, right — especially if you call it “intelligence”?
The latest replication and propagation of travel data, and the latest layer of traveler “vetting” tools, is the so-called “Analytical Framework for Intelligence” (AFI) operated by, or under contract to, US Customs and Border Protection (CBP). As we told Spencer Woodman of The Verge for his story today about AFI:
“When Trump uses the term ‘extreme vetting’, AFI is the black-box system of profiling algorithms that he’s talking about,” says Edward Hasbrouck of the Identity Project, a civil liberties initiative that focuses on the rights of travelers. “This is what extreme vetting means.”
DHS in general, and CBP in particular, have been playing a shell game for many years with their travel surveillance and control systems.
Government copies of airline reservations (Passenger Name Records) were first claimed to be part of a system of records called TECS, then declared to be part of a “new” system of records called the Automated Targeting System (ATS), although still stored in the TECS database. (Huh?) Now an additional mirror copy of all this PNR data (still stored in TECS and still also deemed part of ATS) is being created as part of another “newer” system of records known as AFI.
AFI is one several new user interfaces and front-ends to TECS data being developed for use by multiple DHS components including US Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) as part of a long-term “TECS modernization” project.
If you’re confused by all the acronyms and name changes, and don’t know which government files you should ask for or worry about, that’s exactly what DHS wants.
AFI itself has changed fundamentally and for the worse in the last few months, at least if we can believe what DHS says. It’s always been a suspicion-generating and guilt-by-association machine, but now it’s a much more powerful one. More powerful, to be clear, does not mean “better” or “more accurate”. It means, “capable of placing more people under suspicion” based on more intrusive data aggregation, data mining, and profiling. Here’s how:
The existence of AFI was disclosed in 2012 in a “System of Records Notice” in the Federal Register and an announcement that DHS intended to exempt AFI, as much as possible, from the requirements of the Privacy Act, as it did just a few months later. As described at that time by the DHS, AFI was a tool for mining and analyzing an index file of pointers to (a) government databases about individuals, including PNR data and other records in TECS and ATS, and (b) records held by (unnamed) commercial data brokers. As of 2012, AFI contained only index files, so it was limited to search, referral, profiling, and suspicion-generation based on only those fields and data items that were included in the AFI index files.
In September of 2016, however, DHS posted an update on AFI disclosing that the architecture of AFI had been, or was being, changed. Whether the notice was posted before or after the fact wasn’t clear. Instead of indexing records from government and commercial sources, AFI now imports and makes complete copies of the underlying records, merges the commercial and government files, and maintains and replicates an unspecified and unlimited number of copies of these aggregated files in some sort of DHS “cloud”.
What this means — in addition to wider distribution and vulnerability of this data to unauthorized access or official abuse — is that DHS and other government agencies can now use AFI to mine, search, link, score, and profile the full text of the underlying records, not just indexes. So, for example, they could search for information in free-text comments entered by CBP inspectors at airports and borders (such as the title of the book you were carrying) or entered in PNRs by airline staff at the airport or travel agency contractors in a call center (“irate customer” — maybe that indicates a would-be terrorist). And all this is Hoovered up into another garbage-in, garbage-out file that is used, along with secret algorithms, as the basis for government decisions about what you can and can’t do.
As discussed in today’s article in The Verge (also reprinted by CNBC), documents about AFI obtained by the Electronic Privacy Information Center through a Freedom Of Information Act lawsuit show that many of the functions of AFI have been outsourced to Palantir, a data-mining company funded by venture capitalist and Trump advisor Peter Thiel. It’s unclear from those documents whether Palantir provides the data-mining and profiling (“analysis”) tools, the underlying commercial data, or both. [Follow-up: More on Palantir, Peter Thiel, Big Data, and the DHS.]
We think this is “extreme” enough. AFI should be shut down and its data store expunged, not expanded.