"Data banks like this are overdue for oversight," said Sen. Patrick Leahy, D-Vt., who will take over Judiciary in January. "That is going to change in the new Congress."
The Associated Press reported Thursday that millions of Americans and foreigners crossing U.S. borders in the past four years have been assessed by the computerized Automated Targeting System, or ATS, designed to help pick out terrorists or criminals.
The travelers are not allowed to see or directly challenge these risk assessments, which the government intends to keep on file for 40 years. Under specific circumstances, some or all data in the system can be shared with state, local and foreign governments and even some private contractors.
"It is simply incredible that the Bush administration is willing to share this sensitive information with foreign governments and even private employers, while refusing to allow U.S. citizens to see or challenge their own terror scores," Leahy said. This system "highlights the danger of government use of technology to conduct widespread surveillance of our daily lives without proper safeguards for privacy."
Sen. Susan Collins, R-Maine, chairman of the Senate Homeland Security Committee, said that while it is critical for government to have the tools necessary to thwart terrorists, "we must ensure that travelers privacy and civil liberties are appropriately respected."
The Homeland Security Department, which operates ATS, calls the system critical to national security following the Sept. 11, 2001, terrorist attacks.
But privacy advocates were alarmed by it.
"Never before in American history has our government gotten into the business of creating mass 'risk assessment' ratings of its own citizens," said Barry Steinhardt, a lawyer for the American Civil Liberties Union. "We are stunned" the program has been undertaken "with virtually no opportunity for the public to evaluate or comment on it."
Almost every person entering and leaving the United States by air, sea or land is assessed based on ATS' analysis of their travel records and other data, including items such as where they are from, how they paid for tickets, their motor vehicle records, past one-way travel, seating preference and what kind of meal they ordered.
The use of the program on travelers was quietly disclosed earlier this month when the department put a notice detailing ATS in the Federal Register, a fine-print compendium of federal rules. The few civil liberties lawyers who had heard of ATS and even some law enforcement officers said they had thought it was only used to screen cargo.
The Homeland Security Department called the program "one of the most advanced targeting systems in the world" and said the nation's ability to spot criminals and other security threats "would be critically impaired without access to this data."
But to David Sobel, a lawyer at the Electronic Frontier Foundation, a group devoted to civil liberties in cyberspace, "It's probably the most invasive system the government has yet deployed in terms of the number of people affected."
Government officials could not say whether ATS has apprehended any terrorists. Based on all the information available to them, federal agents turn back about 45 foreign criminals a day at U.S. borders, according to Homeland Security's Customs and Border Protection spokesman Bill Anthony. He could not say how many were spotted by ATS.
Officials described how the system works: applying rules learned from experience with the activities and characteristics of terrorists and criminals to the traveler data. But they would not describe in detail the format in which border agents see the results or in which the databases store the results of the ATS risk assessments.
Acting Assistant Homeland Security Secretary Paul Rosenzweig told reporters Friday they could call it scoring. "It can be reduced to a number," he said, but he clearly preferred the longer descriptions.
Steinhardt said the ATS was more far-reaching than the department's trouble-plagued efforts to develop a computerized screening system for domestic air travelers.
That data-mining project — now known as Secure Flight — caused a furor two years ago in Congress. Lawmakers barred its implementation until it can pass 10 tests for accuracy and privacy protection.
In comments to the government about ATS, Sobel said, "Some individuals will be denied the right to travel and many the right to travel free of unwarranted interference."
Sobel said in the interview that the government notice also raises the possibility that faulty risk assessments could cost innocent people jobs in shipping or travel, government contracts, licenses or other benefits.
The government notice says some or all of the ATS data about an individual may be shared with state, local and foreign governments for use in hiring decisions and in granting licenses, security clearances, contracts or other benefits. In some cases, the data may be shared with courts, Congress and even private contractors.
"Everybody else can see it, but you can't," Stephen Yale-Loehr, an immigration lawyer who teaches at Cornell Law school, said in an interview.
But Jayson P. Ahern, an assistant commissioner of Customs and Border Protection, said the ATS ratings simply allow agents at the border to pick out people not previously identified by law enforcement as potential terrorists or criminals and send them for additional searches and interviews.
"It does not replace the judgments of officers" in reaching a final decision about a traveler, Ahern said in an interview Thursday.
This targeting system goes beyond traditional watch lists, Ahern said. Border agents compare arrival names with watch lists separately from the ATS analysis.
In a privacy impact assessment posted on its Web site this week, Homeland Security said ATS is aimed at discovering high-risk individuals who "may not have been previously associated with a law enforcement action or otherwise be noted as a person of concern to law enforcement."
Ahern said ATS does this by applying rules derived from the government's knowledge of terrorists and criminals to the passenger's travel records.
Ahern declined to disclose any of the rules, but a Homeland Security document on data-mining gave this innocuous example of a risk assessment rule: "If an individual sponsors more than one fiancée for immigration at the same time, there is likelihood of immigration fraud."
Ahern said ATS was first used to rate the risk posed by travelers in the late 1990s, using personal information about them voluntarily supplied by air and cruise lines.
A post-9/11 law vastly expanded the program, he said. It required airline and cruise companies to begin in 2002 sending the government electronic data in advance on all passengers and crew bound into or out of the country. All these names are put through ATS analysis, Ahern said. In addition, at land border crossings, agents enter license plates and the names of vehicle drivers and passengers, and Amtrak voluntarily supplies passenger data on its trains to and from Canada, he said.