As part of its celebration of “Sunshine Week”, The Electronic Frontier Foundation has posted more than a thousand pages of documents about the Automated Targeting System (ATS) for archiving and data-mining airline reservations to asisgn risk scores to all international travelers, released by the Department of Homeland Security over the last two years in response to Freedom of Informaiton Act requests and a FOIA lawsuit by EFF’s FOIA Litigation for Accountable Government (FLAG) project.

DHS claims still to be searching for and “processing” yet more documents responsive to the original requests, the documents that have been released are heavily redacted, and the lawsuit is ongoing.  Recently, EFF has asked the Court hearing the case to stay further proceedings while DHS decisions under the Bush Administration to withhold and redact documents at issue in the case are reviewed in light of the Obama Administration’s new instructions to Federal agencies on transparecncy and the processing of FOIA requests.

We’re still making our way through the newly-published documents for the first time, but they include extensive internal DHS discussion on how to respond to our criticisms, when the DHS first published the official notice (we’re still not exactly sure how many years after the fact) that was supposed to precede the deployment of any such system of Federal records about individuals, that the ATS was being used for a purpose specifically forbidden by Congress.  The documents also seem to confirm, even through the redactions, the lack of understanding by DHS of what information is included in the Passenger Name Records (PNRs) being sucked into government databases by the ATS dragnet, or how to interpret it.  Briefing memos prepared by operational staff for senior policy officials and public relations spokespeople refer to what PNRs “seem” to contain, and appear to be based on guesses and reverse engineering rather than on any expertise in industry standards, messaging protocols (such as the AIRIMP), or business practices.

Just in time for the launch tomorrow night (Tuesday, Jan. 6th) of the the new DHS “reality” television show, Michael Yon has a timely post about an aspect of DHS reality that the “embedded” television production crews probably won’t show us: Border Bullies: The Department of Homeland Security in Action. Read the whole story. The devil is in the details of how Michael’s friend was treated on arrivial in the USA (en route to spend money as a tourist at Disneyworld), but here are a few snippets:

While the U.S. Immigration officer named Knapp rifled through all her belongings, Aew sat quietly. She was afraid of this man, who eventually pushed a keyboard to Aew and coerced her into giving up the password to her e-mail address. Officer Knapp read through Aew’s e-mails that were addressed to me, and mine to her. Aew would tell me later that she sat quietly, but “Inside I was crying.” She had been so excited to finally visit America. America, the only country ever to coerce her at the border. This is against everything I know about winning and losing the subtle wars. This is against everything I love about the United States. We are not supposed to behave like this. Aew would tell me later that she thought she would be arrested if she did not give the password….

Knowing that Homeland Security officers are creating animosity and anxiety at our borders does not make me feel safer. How many truly bad guys slip by while U.S. officers stand in small rooms and pick on little women?…

I had intended to show Aew a bit of my country. But it’s taking a little while for her to get over her discomfort at being in America. She was treated better in China. So was I.

Giving new meaning to the epithet, “security theater”, the hit Australian reality-television show Border Security has been franchised to the USA in the form of Homeland Security USA.

The weekly hour-long “reality” program is scheduled to begin Tuesday night, January 6th, 2009, on ABC.  Having seen the Australian predecessor, we can hardly wait to see how the DHS, with its growing focus on spin control and image management, wants to be seen.

The show boasts of the “full cooperation” of all DHS departments, without which it couldn’t be produced — and, therefore, who it can’t afford to offend if it wants to continue.

On Friday, December 19th, the Privacy Office of the U.S. Department of Homeland Security released A Report Concerning Passenger Name Record Information Derived From Flights Between The U.S. and the European Union.

This is a very important report for both US and European travelers, but not for the reasons the DHS claims:

The authors of the report conclude that DHS handling of Passenger Name Record (PNR) data is in compliance with both US law (particularly the Privacy Act) and the DHS-EU agreement on USA access to, and use of, PNR data related to flights between the EU and the USA.

In fact, the report contains multiple admissions that support exactly the opposite conclusion: The DHS has complied with neither the agreement with the EU, nor US law (especially, but not only, the Privacy Act), in its use of PNR data concerning US citizens as well as Europeans and other foreigners.

The DHS has legal obligations to US citizens and residents under the Privacy Act, and commitments to travelers from the EU under the PNR agreeement, to allow individuals timely access to PNR data about them held by the DHS. According to the report:

DHS policy allows persons (including foreign nationals) to access and seek redress under the Privacy Act to raw PNR data maintained in ATS-P.

Despite this, the DHS Privacy Office has now reported that:

1. Requests for PNR data have typically taken more than a year to answer — many times longer than the legal time limits in the Privacy Act and Freedom of Information Act: “The requests for PNR took more than one year to process.”
2. When individuals have requested “all data” about them held by the DHS, often they have not been given any of their PNR data: “If an individual requests ‘all information held by CBP’ the FOIA specialist generally does not search ATS because PNR was not specifically requested.”
3. Because of this, the vast majority of requesters who should have received PNR data did not: “The PNR specific requests are a small percentage of the total requests based on the statistics provided to the Privacy Office, but if ATS-P were searched in all cases in which an individual asks for ‘all information held by CBP,’ the percentage would increase more than seven [sic]”
4. PNR data has been inconsistently censored before it was released: “The requests for PNR … were inconsistent in what information was redacted.”
5. A large backlog from the initial requests for PNR data remains unanswered, more than a year later: “Management noted that they have been understaffed and are bringing on new staff to reduce the backlog and period of time it takes to respond to requests. Additionally, management stated that part of the delayed response was due to the large number of requests initially submitted for PNR.”

To understand the full meaning and significance of the report, let’s quickly review the history of US government use of PNR data:

Read More →