DHS Posts Privacy Act Notice

According to a statement by Homeland Security Chief Privacy Officer Hugo Teufel III, the Department of Homeland Security has posted on its Web site, and will publish on Monday in the Federal Register, four Privacy Act records involving the Automated Targeting System (ATS). The records are an updated System of Records Notice (SORN), the discussion of public comments received on the SORN, a notice of proposed rulemaking for privacy act exemptions, and a privacy impact assessment (PIA).  In doing so, said Teufel, the department has strengthened privacy protections for all individuals traveling in to and out of the United States.

ATS assists U.S. Customs and Border Protection (CBP) frontline officers in frustrating the ability of terrorists to gain entry into the United States, enforcing all import and export laws, and facilitating legitimate trade and travel across U.S. borders. Following publication on Nov. 2, 2006 of the initial SORN, the department received several hundred comments on the SORN and PIA, many of which concerned ATS-P, the passenger screening module used by CBP officers. The department responded to these comments by revising the SORN.

Notable revisions to the SORN include:

• ATS-P will retain the information for a far shorter period of time.  Under the revised SORN, the retention period is 15 years (7 years active and 8 years dormant), a significant decrease from the proposed 40-year period.  

• Under ATS-P, the purposes for which Passenger Name Record data (PNR) may be used have been narrowed.  

• The updated SORN implements the department's mixed-system policy, which administratively extends the protections of the Privacy Act of 1974 to non-U.S. persons by providing access and redress to their PNR data.   

ATS-P treats all passengers equally, continued Teufel. ATS does not profile by race, ethnicity or arbitrary assumptions. The department does not collect information on race, ethnicity, religion or orientation, or make decisions based on such information, and to the extent such information may be provided by a carrier, the department filters that information out.  

Further, ATS-P does not use a score to determine an individual's risk level.  Rather, ATS-P compares PNR and Advanced Passenger Information System data with law enforcement records and threat-based scenarios for use by law enforcement officials to intercept high-risk travelers, identify persons of concern, and identify patterns of suspicious activity, which may be used to identify other high risk travelers previously unknown to law enforcement. The scenarios are drawn from previous and current law enforcement and intelligence information.

ATS does not replace human decision making, said Teufel.  It is a decision-making support tool for use by trained law enforcement officials. "It is the assessment of my office," concluded Teufel, "that ATS continues to have strong access controls, including regular auditing and training of personnel and strong information technology security."