The federal government disclosed details yesterday of a border-security program to screen all people who enter and leave the United States, create a terrorism risk profile of each individual and retain that information for up to 40 years.
The details, released in a notice published yesterday in the Federal Register, open a new window on the government's broad and often controversial data-collection effort directed at American and foreign travelers, which was implemented after the Sept. 11, 2001, attacks.
While long known to scrutinize air travelers, the Department of Homeland Security is seeking to apply new technology to perform similar checks on people who enter or leave the country "by automobile or on foot," the notice said.
The department intends to use a program called the Automated Targeting System, originally designed to screen shipping cargo, to store and analyze the data.
"We have been doing risk assessments of cargo and passengers coming into and out of the U.S.," DHS spokesman Jarrod Agen said. "We have the authority and the ability to do it for passengers coming by land and sea."
In practice, he said, the government has not conducted risk assessments on travelers at land crossings for logistical reasons.
"We gather, collect information that is needed to protect the borders," Agen said. "We store the information we see as pertinent to keeping Americans safe."
Civil libertarians expressed concern that risk profiling on such a scale would be intrusive and would not adequately protect citizens' privacy rights, issues similar to those that have surrounded systems profiling air passengers.
"They are assigning a suspicion level to millions of law-abiding citizens," said David Sobel, senior counsel of the Electronic Frontier Foundation. "This is about as Kafkaesque as you can get."
DHS officials said that by publishing the notice, they are simply providing "expanded notice and transparency" about an existing program disclosed in October 2001, the Treasury Enforcement Communications System.
But others said Congress has been unaware of the potential of the Automated Targeting System to assess non-aviation travelers.
"ATS started as a tool to prevent the entry of drugs with cargo into the U.S.," said one aide, who spoke on the condition of anonymity because of the sensitivity of the subject. "We are not aware of Congress specifically legislating to make this expansion possible."
The Senate Homeland Security and Governmental Affairs Committee, chaired by Sen. Susan Collins (R-Maine), yesterday asked Homeland Security to brief staff members on the program, Collins's spokeswoman, Jen Burita, said.
The notice comes as the department is tightening its ability to identify people at the borders. At the end of the year, for example, Homeland Security is expanding its Visitor and Immigrant Status Indicator Technology program, under which 32 million noncitizens entering the country annually are fingerprinted and photographed at 115 airports, 15 seaports and 154 land ports.
Stephen E. Flynn, senior fellow for national security studies at the Council on Foreign Relations, expressed doubts about the department's ability to conduct risk assessments of individuals on a wide scale.
He said customs investigators are so focused on finding drugs and weapons of mass destruction that it would be difficult to screen all individual border crossers, other than cargo-truck drivers and shipping crews.
"There is an ability in theory for government to cast a wider net," he said. "The reality of it is customs is barely able to manage the data they have."
The data-mining program stemmed from an effort in the early 1990s by customs officials to begin assessing the risk of cargo originating in certain countries and from certain shippers. Risk assessment turned more heavily to automated, computer-driven systems after the 2001 attacks.
The risk assessment is created by analysts at the National Targeting Center, a high-tech facility opened in November 2001 and now run by Customs and Border Protection.
In a round-the-clock operation, targeters match names against terrorist watch lists and a host of other data to determine whether a person's background or behavior indicates a terrorist threat, a risk to border security or the potential for illegal activity. They also assess cargo.
Each traveler assessed by the center is assigned a numeric score: The higher the score, the higher the risk. A certain number of points send the traveler back for a full interview.
The Automated Targeting System relies on government databases that include law enforcement data, shipping manifests, travel itineraries and airline passenger data, such as names, addresses, credit card details and phone numbers.
The parent program, Treasury Enforcement Communications System, houses "every possible type of information from a variety of federal, state and local sources," according to a 2001 Federal Register notice.
It includes arrest records, physical descriptions and "wanted" notices. The 5.3 billion-record database was accessed 766 million times a day to process 475 million travelers, according to a 2003 Transportation Research Board study.
In yesterday's Federal Register notice, Homeland Security said it will keep people's risk profiles for up to 40 years "to cover the potentially active lifespan of individuals associated with terrorism or other criminal activities," and because "the risk assessment for individuals who are deemed low risk will be relevant if their risk profile changes in the future, for example, if terrorist associations are identified."
DHS will keep a "pointer or reference" to the underlying records that resulted in the profile.
The DHS notice specified that the Automated Targeting System does not call for any new means of collecting information but rather for the use of existing systems. The notice did not spell out what will determine whether someone is high risk.
But documents and former officials say the system relies on hundreds of "rules" to factor a score for each individual, vehicle or piece of cargo.
According to yesterday's notice, the program is exempt from certain requirements of the Privacy Act of 1974 that allow, for instance, people to access records to determine "if the system contains a record pertaining to a particular individual" and "for the purpose of contesting the content of the record."