Rejecting a wave of criticisms, the government has agreed to only modest changes in the computerized system that assesses whether each American who travels abroad poses a terrorist threat.
The Homeland Security Department decided to keep the risk assessments for 15 years instead of 40 years and no longer will share them with federal, state and local officials who are deciding whether a person gets a job, a security clearance, a license to do business or a government contract.
Nevertheless, travelers still will not be allowed to see their actual assessments or the reasons for them. Federal agents still will be looking at an array of information about international travelers — Americans and foreigners; this includes even meal choices, the names of traveling companions and the number of hotel beds requested.
"The revisions are useful, but they don't go to the heart of the matter," said James Dempsey, policy director of the Center for Democracy and Technology, a civil liberties group. "Why should the government keep massive databases about people it has decided are innocent?"
Privacy advocates and civil libertarians also condemn the remedies for people who believe they were wrongly detained, delayed or even denied the right to travel.
The department's decision to continue the Automated Targeting System with few changes took effect last Thursday. It was announced in advance by an August notice in the Federal Register, a daily catalog of federal regulations that is read mostly by lawyers and lobbyists.
The computerized system is used by Customs and Border Protection officers to screen 400 million passengers a year who arrive from or depart for foreign locations by air, sea or rail. A separate part of the system is used for vehicles crossing the border.
Members of Congress, business travel associations, privacy and civil liberties groups and even European legislators protested after Homeland Security disclosed details of the system last fall for the first time; it had gone in service in 1999.
Critics cry foul
Some critics said the entire program was illegal; others wanted parts of it changed.
But the department said the system was crucial to preventing terrorists and other criminals from entering the United States, and helps border officers decide which travelers to pull aside for further scrutiny.
The department acknowledges the risk that "a negative Customs and Border Protection action could be taken" when relying on "computer generated information in ATS that has been skewed by inaccurate data." But the department emphasizes that it is agents who decide whether to release or detain people after interviews.
"ATS does not replace human decision-making," said Hugo Teufel III, the department's chief privacy officer.
Program computers can compare travel information — known as Passenger Name Records obtained from airlines, cruise lines, and Amtrak — with government watchlists of known and suspected terrorists and other wanted or barred individuals.
Beyond that, Teufel said, the system tries "to identify other high risk travelers previously unknown to law enforcement." This is done by comparing the passenger's data with a secret list of "rules" — theories conceived by department analysts based on intelligence reports and past terrorist attacks — describing behavior that might indicate someone is a terrorist or other type of criminal.
The government will not release these rules because that would tip off terrorists and criminals to what agents look for. The rules are believed to include scenarios such as young men without baggage on one-way tickets paid in cash and with a history of travel to Pakistan and Afghanistan where al-Qaida trains.
A department report provides this carefully selected example of a risk assessment rule: "If an individual sponsors more than one fiancee for immigration at the same time, there is likelihood of immigration fraud."
‘Nothing more than ... best guess’
Privacy advocate David Sobel, counsel at Electronic Frontier Foundation, said the rules "are nothing more than the agency's best guess about what behavior might indicate a risk of terrorist activity."
The passenger name records contain the passenger's name and usually address and telephone number, but there is no fixed standard. Most of the records include payment data, baggage information, seat assignment and whether special meals for Hindus, Muslims or Jews were requested.
Ed Hasbrouck, a travel agent and privacy advocate, said many travel agents, including Expedia or Travelocity online, can add to those records the names of traveling companions and hotel reservations, including the number of rooms and beds requested. A different section can include remarks by the ticket seller like "difficult customer — always changing his mind," Hasbrouck said.
Some innocent decisions could look suspicious. For instance, bombers are thought to prefer certain seats.
Homeland Security said only `in exceptional circumstances" does it use some terms in the passenger name records that indicate race, ethnic origin, political or religious beliefs, health conditions or sex life. The department did not define those circumstances.
Backing off a policy of keeping risk assessments 40 years, the department said it still needs to keep them 15 years because "potential terrorists may make multiple visits to the United States in advance of performing an attack." Over time, "a potential risk becomes clearer."
After seven years, agents will need high-level permission to see the passenger name records unless those records have been associated with active lookouts, investigations or travel "routes of concern," according to the department.
"So a database justified for controlling the borders turns into one that keeps track of the international travel of citizens and noncitizens — even after they've been cleared to enter," said Dempsey, the civil libertarian. "It starts with a rational goal and becomes a database on innocent citizens."
Program exempt from disclosure
The department said the assessments and rules on which they were based are exempt from disclosure under the Privacy Act for law enforcement reasons, but travelers upset over extra scrutiny can obtain and check data they supplied for the passenger name records.
The department set up a one-stop Traveler Redress Program to take in all complaints and refer them to the agency that generated the data or watchlist responsible, spokesman Russ Knocke said.
Privacy advocates complained the remedies do not really allow travelers to challenge the reason that the system targeted them. Also, because watchlists also are secret, travelers cannot see how complaints related to them are handled.
One watchlist that the system accesses is the combined Terrorist Screening Database, managed by the FBI.
The Justice Department's internal watchdog, Inspector General Glenn Fine, reported Thursday that 38 percent of the records in a Terrorist Screening Database sample contained errors or inconsistencies. Fine said in 388 resolved complaints, 45 percent of the traveler records had to be removed from list or corrected.
"Error-prone data run through a secret process is not a recipe for public confidence," privacy advocate Sobel said.
Homeland Security also rejected arguments the system violated a congressional ban against computerized systems "assigning risk to passengers whose names are not on government watch lists."
The department argued that the ban applied to a separate screening program. But former Rep. Martin Sabo, D-Minn., said he wrote the ban as a catchall.
"The congressional prohibition is explicit," said Barry Steinhardt of the American Civil Liberties Union. The system "is in violation of the law and must be shut down."