DHS policy chief Baker defends passenger data analysis system

The Homeland Security Department is stepping up its efforts to fend off criticism of the data analysis system it uses to pinpoint travelers entering the country who pose the risk of carrying out criminal or terrorist acts.

Publication of the department's Privacy Impact Assessment last month led to a general outpouring of alarm about DHS' use of data-mining methods to assign risk scores to all travelers ' and to keep them for 40 years.

Stewart Baker, DHS' assistant secretary for policy, today told a picked audience of policy specialists and a clutch of reporters that the department's Automated Targeting System has repeatedly proved its worth. He told anecdotes about how ATS had helped finger travelers with terrorist links, who were carrying out criminal activities or who were actually bringing terrorist training tools in their luggage, but he omitted the actual names and identifying details of the accused.

Baker spoke at a panel session held by the Center for Strategic and International Studies in Washington. All the panelists were current or former DHS employees or advisers ' but two out of them called into question the privacy protections built into ATS.

Privacy specialists Jim Harper, director of information studies at the Cato Institute and a member of a DHS privacy advisory panel, joined Mary De Rosa, senior fellow in the center's technology and public policy program, in suggesting that the ATS privacy protection features were inadequate.

Baker's panel presentation today mirrored an earlier international conference on biometrics and privacy that was held largely behind closed doors last month in that it provided Baker a platform to propound an expansive version of DHS' need to gather and keep private information.

Like the biometric privacy conference held early last month, today's panel discussion sharply limited Baker's exposure to questions from the press and totally eliminated any participation by the general public or air travelers.

Baker's seemed to cast doubt on a panelist's statement that ATS assigns risk scores to travelers. However, panelist De Rosa reminded Baker that DHS' recently released Privacy Impact Statement on the ATS refers to the system's use of risk scoring. Department officials have repeatedly described and praised the ATS risk scoring system for several years.

Baker suggested that the system links mainly to passenger name records provided by airlines. In fact, as the ATS Privacy Impact Assessment describes, ATS gathers data from a range of law enforcement and intelligence systems. It then applies rules, which the department has never disclosed, to generate risk scores for travelers.

Baker said that travelers could obtain data about their personal information in the ATS via Freedom of Information Act procedures. That assertion belies years of futile attempts y travelers to expunge their names from databases that ATS relies on.

Baker suggested that the Customs and Border Protection border control offices' 'secondary inspection' rooms, where suspect travelers are diverted for interrogation, should be renamed the 'redress procedure,' because during that procedure, travelers could provide information that would allay agents' suspicions.

However, panel participants noted that the burden of proving admissibility to the country is on the traveler, not the government, during the secondary inspection procedure'which runs counter to the presumption of innocence provided by the courts.

Also, travelers shunted to secondary inspection lack counsel and are subject to long-standing customs inspection laws that give the government warrantless access to all items crossing the border, including all of the traveler's papers and effects.

Baker suggested that if 'the privacy advocates got their way and shut down the program,' the nation's security would be gravely at risk. In response, Harper of the Cato Institute noted that such reasoning amounts to knocking down a nonexistent 'straw man,' by rejecting a position that most privacy advocates don't uphold. Like many such advocates, Harper has called for limits on data-processing methods that jeopardize privacy while continuing robust intelligence functions to ward off terrorism.

The department's inspector general has pinpointed 12 data-mining systems that DHS uses to find traces or indicators of terrorist links and risks. ATS uses algorithms that appear to make it a data-mining tool similar to artificial-intelligence systems that operate according to set rules.

Baker said repeatedly that the department's use of the audit trail feature of ATS to control and punish improper use of the system provides a privacy safeguard. However, while touting the system's legal and policy benefits, he sidestepped questions about whether the addition of anonymization features and other technical means of buttressing data protection would help safeguard travelers' privacy.