Automated Targeting System

On November 2, 2006, the Department of Homeland Security posted a System of Records Notice (SORN) in the Federal Register regarding the deployment of the Automated Targeting System (ATS), to screen travelers entering the United States by car, plane, ship, or rail. Originally developed to help identify potential cargo threats, ATS is a module of the Treasure Enforcement Communications System (TECS). TECS is described as an “overarching law enforcement information collection, targeting, and sharing environment.” ATS is run by the Bureau of Customs and Border Protection (CBP). The Federal Register notice states that “ATS builds a risk assessment for cargo, conveyances, and travelers based on criteria and rules developed by CBP.” The notice further states that “ATS both collects information directly, and derives other information from various systems.” Information collected may be retained for up to forty years “to cover the potentially active lifespan of individuals associated with terrorism or other criminal activities.” According to a November 22, 2006 privacy impact assessment, ATS itself is composed of six modules:


 * ATS-Inbound &mdash; inbound cargo and conveyances (rail, truck, ship, and air)
 * ATS-Outbound &mdash; outbound cargo and conveyances (rail, truck, ship, and air)
 * ATS-Passenger (ATS-P) &mdash; travelers and conveyances (air, ship, and rail)
 * ATS-Land (ATS-L) &mdash; private vehicles arriving by land
 * ATS - International (ATS-I) &mdash; cargo targeting for CBP's collaboration with foreign customs authorities
 * ATS-Trend Analysis and Analytical Selectivity Program (ATS-TAP) (analytical module)

It appears that the November 2006 Federal Register notice is the first time that DHS or its predecessor component agencies have publicly disclosed the use of ATS for screening people. The disclosure has raised a number of issues about various facets of the program, including proposed exemptions from the 1974 Privacy Act; opportunities for citizens to correct errors in the records; how the risk assessments are created; if any previous testing has been conducted; and the effectiveness of the system.