The controversy over the passenger component of the Automated Targeting System has simmered over the past month (see my previous posts here and here) in the media and the blogosphere, with the latest feud centering around whether a provision in the FY 2007 appropriations acts prohibits the risk assessment function of the ATS-P. Privacy and civil liberties groups have argued in the past week that it does. DHS has started to fight back against these charges in the media, as exemplified by Sec. Chertoff’s quotes in this National Journal piece by Shane Harris.
You can read the full provision in question, Sec. 514, on pages 25-26 of the FY 2007 DHS appropriations bill (H.R. 5441) at this link. My take on this question is that ATS-P does not violate Sec. 514, which specifically references the domestic Secure Flight program and “any successor programs.” ATS-P is a program that preceded Secure Flight. And all of the references to GAO requirements in Sec. 514 confirm that this was solely written with Secure Flight in mind.
There is one other important difference between the two programs that is also worth pointing out: the domains in which the two programs are used. ATS-P is for inbound international arrivals. Secure Flight, if it were to become operational, would be for domestic air travel. The security imperatives and the personal rights of individuals are inherently different in these two domains. In the domestic realm (Secure Flight), travelers are presumed to be legally in the United States, and the sole purpose of risk assessment is related to risks associated with the air travel. In the international realm (ATS-P), identity is not assumed but needs to be proven, and the government has a legitimate role in determining the identity and nationality of individuals entering the United States as a legitimate assertion of national sovereignty. At borders and points-of-entry, the government has greater authority to conduct search and inspection activities than at any place inside of the country’s borders. This same inherent authority is what, I think, should give the ATS-P system a greater authority to conduct security-related risk analysis than any domestic risk assessment system.
There are some legitimate concerns that the privacy and civil liberties groups have brought forward in the course of this debate, e.g. questioning the rationale for retaining records for 40 years. But overall, I find myself sticking to my original impression of this issue when I first posted about it in early November, and wondering what all the fuss is about.