Thursday, August 21, 2008

They want dossiers on all of us

In January, the Department of Homeland Security started quietly manually entering the personal data on every American entering the country at one of the land crossings with Mexico and Canada. The data collected on us will be retained for fifteen years, and is subject to being used in criminal and security/intelligence investigations.

The party line on the Border Crossing Information system, which came to light last month in a notice in the Federal Register, is that it is part of a "broader effort to guard against terrorist threats."

Critics charge that it is yet another component of a growing number of government systems that are gathering personal information on Americans that can be shared across a broad range of agencies for law enforcement and intelligence purposes, some of which are exempt from Privacy Act protections.

"People expect to be checked when they enter the country and for the government to determine if they're admissible or not," said Greg Nojeim, senior counsel at the Center for Democracy & Technology. "What they don't expect is for the government to keep a record for 15 years of their comings into the country."

But DHS spokesman Russ Knocke said the retention period is justified.

"History has shown, whether you are talking about criminal or terrorist activity, that plotting, planning or even relationships among conspirators can go on for years," he said. "Basic travel records can, quite literally, help frontline officers to connect the dots."

The government states in its notice that the system was authorized by post-Sept. 11 laws, including the Enhanced Border Security and Visa Reform Act of 2002, the Aviation and Transportation Security Act of 2001, and the Intelligence Reform and Terrorism Prevention Act of 2004.

Nojeim said that though the statutes authorize the government to issue travel documents and check immigration status, he does not believe they explicitly authorize creation of the database.

"This database is, in a sense, worse than a watch list," he said. "At least in the watch-list scenario, there's some reason why the name got on the list. Here, the only thing a person does to come to the attention of DHS is to lawfully cross the border. The theory of this data collection is: Track everyone -- just in case."

Under the system, officials record name, birth date, gender, date and time of crossing, and a photo, where available, for U.S. travelers returning to the country by land, sea or air. The same information is gathered about foreign travelers, but it is held for 75 years.

DHS and other agencies are amassing more and more data that they subject to sophisticated analysis. A customs document issued last month stated that the agency does not perform data mining on border crossings to glean relationships and patterns that could signify a terrorist or law enforcement threat. But the Federal Register notice states that information may be shared with federal, state and local governments to test "new technology and systems designed to enhance border security or identify other violations of law." And the Homeland Security Act establishing the department calls for the development of data-mining tools to further the department's objectives.

That raises concerns, privacy advocates say, that analyses can be undertaken that could implicate innocent people if appropriate safeguards are not used.

The border information system will link to a new database, the Non-Federal Entity Data System, which is being set up to hold personal information about all drivers in a state's database. States that do not agree to allow customs to have such large amounts of information may allow the agency to query their databases in real time for information on a traveler.

Because of privacy concerns, Washington state earlier this year opted for the queries-only approach. The Canadian government made the same decision. "There was absolutely no way they should have the entire database," said Ann Cavoukian, Ontario's privacy commissioner, who learned about the Canadian government's decision in April.

"Once you have data in a database you don't need, it lends itself to unauthorized use," she said. "You have no idea of the data creep."

American officials are rather glib and dismissive about the concerns, taking a "then don't cross the border, no skin off my ass" attitude.

The notice states that records of border crossings can be shared with federal, state, local and tribal agencies, as well as agencies of foreign governments in cases where customs believes that sharing the information would assist enforcement of civil or criminal laws or regulations, or if border crossing information might be relevant in hiring decisions.

The information might also be shared with courts and attorneys in matters of civil litigation - including divorce and child custody cases.

Federal contractors and consultants will also be able to access the information when it is deemed necessary to "accomplish and agency function related to the system of records." Foreign and federal agencies with an antiterrorism mission will have virtually unfettered access by simply making the claim that there is a "legitimate public interest in the disclosure of the information."

And for added flourish, Homeland Security is angling to exempt this massive database of personal information about American citizens from the Privacy Act of 1974...Including the rights of a citizen to know whether his or her records have been accessed. Additionally, the citizen will not have the right to sue for access to ones own records, or for corrections in those disclosures.

This proposal is rife with abuse at every turn. For starters, I would venture that divorces in border states are about to get really, really messy.

But I am creeped out by the fact that all of my identifying information is there for the asking, or that it could be given to any agency casting a wide net, from the Willard, New Mexico police department to MI5, without so much as providing a need to know, let alone getting a warrant.

And I am really pissed off about the possibility of having my information shared and not having the right to know. It is my information! I can see not forcing agencies to seek me out and inform me when my files are accessed - but only if its part of a sort of quid pro quo - If I ask if my files have been accessed - they should damned sure have to tell me!

[*The proposal will remain open for public comment through August 25. I would encourage you to take the time to read the entire notice, formulate your thoughts carefully, submit them via the channels outlined in the notice. Remember to be respectful.)