Automated Targeting System
The Automated Targeting System or ATS is a United States Department of Homeland Security computerized system that, for every person who crosses U.S. borders, scrutinizes a large volume of data related to that person (see below), and then automatically assigns a rating for which the expectation is that it helps gauge whether this person may be placed within a risk group of terrorists or other criminals. Similarly ATS analyzes data related to container cargo.
These ratings take many details into account, such as country of origin, how travel to the U.S. was funded, and the visitor's driving record. Other more mundane details also factor in, such as where the person is sitting on the flight and what they ordered for their meal.
The existence of such a system was first discovered by the public in November 2006, when a mention of it appeared in the Federal Register. The system was first implemented in the late 1990s, and was significantly expanded shortly after the 9/11 Terrorist Attacks.
Exemption from Privacy Act
Following the controversial Passenger Name Record agreement signed with the European Union (EU) in 2007, the Bush administration proposed to exempt the Automated Targeting System from the requirements of the 1974 Privacy Act for access to records and for an accounting of disclosures. Those proposed exemptions were finalized on February 3, 2010.
Lawsuits have been filed under both the Privacy Act and the Freedom of Information Act (FOIA) seeking disclosure of information about ATS as well as records from ATS dossiers about individuals.
EFF v. Department of Homeland Security: On December 19, 2006, the Electronic Frontier Foundation's FOIA Litigation for Accountable Government (FLAG) project filed suit against the Department of Homeland Security under FOIA, demanding "immediate answers about an invasive and unprecedented data-mining system deployed on American travelers."
Shearson v. Department of Homeland Security: In June 2006, Julia Shearson, Executive Director of the Cleveland Chapter of the Council on American Islamic Relations (CAIR) filed suit pro se against the DHS under the Privacy Act, seeking disclosure of records about herself from ATS and the correction of erroneous records falsely characterizing her as a terrorist.
In 't Veld v. Department of Homeland Security: On July 1, 2008, the EFF FLAG project filed suit against the DHS under FOIA on behalf of Sophie In 't Veld, a Member of the European Parliament from the Netherlands, seeking disclosure of records about herself from ATS and other systems of records.
Hasbrouck v. U.S. Customs and Border Protection: On August 25, 2010, Edward Hasbrouck of the Identity Project (PapersPlease.org) filed suit against CBP under the Privacy Act and FOIA, seeking disclosure of records about himself from ATS, information about how ATS records are retrieved, and records related to the processing of his previous Privacy Act requests and appeals for ATS records. Mr. Hasb rouck was represented by the First Amendment Project.
Gellman v. Department of Homeland Security et al.: On April 4, 2016, Pulitzer Prize-winning journalist Barton Gellman filed suit against DHS and other Federal agencies under the Privacy Act and FOIA, seeking disclosure of records about himself including "ticket and flight information, Passenger Name Records, records pertaining to inspections... [and] any other data collected and/or stored by ATS-P." Mr. Gellman was represented by the Reporters Committee for Freedom of the Press.
Organizations and security experts have expressed opposition to the system, citing concerns about reliability and undue scrutiny.
The American Civil Liberties Union had similar concerns:
"Never before in American history has our government gotten into the business of creating mass 'risk assessment' ratings of its own citizens," said Barry Steinhardt, Director of the ACLU's Technology and Liberty Project. "That is a radical new step with far-reaching implications – but one that has been taken almost thoughtlessly by expanding a cargo-tracking system to incorporate human beings, and with little public notice, discussion, or debate."
The Association of Corporate Travel Executives (ACTE) requested an immediate suspension of the program, stating:
While ATS is undoubtedly raising red flags among privacy advocates and other groups that question the legality and intent of such programs, ACTE is primarily concerned with the economic impact this initiative will have on the business travel community. Delays, missed flights, canceled meetings, and potential arrests will generate staggering costs. In an ACTE survey dating to 2004, 97 percent of respondents stated that programs like this will have a negative impact on travel. This could very will be the impetus for businesses to fully explore alternatives to travel.
Bruce Schneier, noted security specialist and writer, wrote about ATS:
There is something un-American about a government program that uses secret criteria to collect dossiers on innocent people and shares that information with various agencies, all without any oversight. It's the sort of thing you'd expect from the former Soviet Union or East Germany or China. And it doesn't make us any safer from terrorism.
The Electronic Frontier Foundation expressed their concerns:
The Automated Targeting System (ATS) will create and assign "risk assessments" to tens of millions of citizens as they enter and leave the country. Individuals will have no way to access information about their "risk assessment" scores or to correct any false information about them. But once the assessment is made, the government will retain the information for 40 years -- as well as make it available to untold numbers of federal, state, local, and foreign agencies in addition to contractors, grantees, consultants, and others.
The Identity Project (Papersplease.org) filed a series of formal comments  objecting to the ATS:
The Identity Project has filed comments with the DHS, objecting to this proposal. Among other things, we’ve pointed out that Congress has expressly forbidden the DHS from spending a penny on any system like this to assign risk scores to airline passengers, and that the Privacy Act forbids any Federal agency form collecting information about how we exercise rights protected by the First Amendment — like our right to travel — except as expressly directed by Congress.
- James Giermanski (June 25, 2008). "Container Security: Is the Layered Approach Working?" (PDF). CSO online.com.
- Statewatch, US changes the privacy rules to exemption access to personal data September 2007
- PapersPlease.org, DHS exempts dossiers used for “targeting” from the Privacy Act February 2010
- Press Releases: December, 2006 | Electronic Frontier Foundation
- DHS can't opt out of liability for violating the Privacy Act | PapersPlease.org: April 21, 2011
- European Lawmaker Sues U.S. Agencies to Obtain Travel-Related and Other Personal Information: Lawsuit Tests U.S. Assurances of Access Rights for EU Citizens | Electronic Frontier Foundation: July 1, 2008
- Edward Hasbrouck v. U.S. Customs and Border Protection | PapersPlease.org
- "Complaint for Declaratory and Injunctive relief". Barton Gellman v. Department of Homeland Security et al. April 4, 2016. p. 58 (Exhibit C). Retrieved 12 April 2016.
- American Civil Liberties Union : ACLU Calls on DHS to Withdraw Plan For Tagging Americans With 40-Year “Risk Assessments”
- Schneier on Security: Automated Targeting System
- Press Releases: November, 2006 | Electronic Frontier Foundation
- Policy Analysis: ATS | PapersPlease.org
- Every traveler is a target: December 5, 2006 | PapersPlease.org
- Associated Press article discussing ATS
- Washington post article discussing contents of ATS records
- Government documentation on ATS
- Slashdot article discussing ATS
- EPIC - Automated Targeting System
- Brief Forbes article on ATS
- ACTE - North America Traveler Security and Data Privacy publications on ATS