Monday, 12 January 2004

USA will keep visitor travel histories for 100 years

A Privacy Impact Assessment for the US-VISIT program I've discussed in previous articles appeared last week on the Web site of the Chief Privacy Officer for the USA Department of Homeland Security.

The requirement for fingerprinting and photographing of visitors to the USA (except for short-term tourists from a few countries, almost all of them inhabited mainly by white people) has gotten most of the attention paid to US-VISIT. But the real privacy invasion feature of US-VISIT is buried deeply, and its significance evaded, in the Privacy Impact Assessment: US-VISIT will be used to maintain a lifetime travel dossier for anyone who ever visits the USA, just as CAPPS-II will enable the maintenance of lifetime travel dossiers on anyone who ever travels by air to, from, or within the USA.

US-VISIT will be many times larger and more complex than its predecessor systems, and is already drawing questions from within the security industry on feasibility as well as cost and civil liberties implications . But while it is unlikely to serve any real security function, it would effectively serve a surveillance function through the maintenance of lifetime travel dossiers on visitors.

In order to implement US-VISIT more quickly than would otherwise have been possible, it is being treated for Privacy Act purposes as merely a "modification" of existing systems, rather than a new system. The US-VISIT data flow diagram on page 4 of the Privacy Impact Assessment includes a "modified database" labelled "biographic and biometric travel history", to be included within the ADIS (Arrival Departure Information System).

These "travel histories" aren't mentioned anywhere in the so-called "assessment", which says of ADIS and other records only that, "The policies of individual component systems, as stated in their SORNs [System of Records Notices under the Privacy Act], govern the retention of personal information collected by US-VISIT." To find out anything about the policies governing these records, one has to look at the most recent SORN for the ADIS system , which was published in the Federal Register on 12 December 2003.

Only there, deep in the acronym soup at 68 Federal Register 69412-69414, does one learn that these records may be disclosed without restriction to any law enforcement agency in the USA or any other country (even if not actually relevant to any specific investigation) and, even more significantly, that "Records will be retained for 100 years." Full stop.

Even if you die, or become a citizen of the USA, the history of each of your prior movements in or out of the USA will still be kept for the full 100 years. This database of lifetime travel dossiers makes no sense as a security system, but it makes a lot of sense (from the perspective of the NSA types setting policy at the DHS) as a surveillance system.

In parallel with the deployment of US-VISIT to collect travel histories of international movements by non-USA citizens, the DHS is preparing to move forward on the CAPPS-II system, which would require additional "indexing" information in each airline reservation, so that the history of each person's air travels would become as readily accessible to the CRS's that host airline databases (and from them, on request, by the government) as a criminal history is today.

It's all part of a comprehensive array of overlapping programs for tracking people's movements and compiling them into lifetime dossiers recording both their international and domestic travels.

The DHS says, misleadingly, that the DHS itself won't retain CAPPS-II data. But the CRS's will be free to do so (and will have every commercial motive to do so), there are only 4 of them worldwide, and they are under no legal restrictions whatsoever, at least in the USA, on how they use their archives.

Right now, though, it's hard for a CRS or anyone else to tell which individual reservations, especially in common names, correspond to the same person. The crucial significance of the CAPPS-II requirement to include a name, date of birth, etc. in reservations will be the ability it gives the CRS's (and anyone else with access to the archives) to identify all your reservations from different trips on different airlines, and construct a lifetime history of everywhere you've ever been on an airplane, who you went with, where you stayed, etc.

What data, if any, the DHS itself retains, is largely irrelevant as long as the CRS's remain free to retain, use, and sell CAPPS-II data -- supplied under government duress -- however they wish.

In interviews yesterday with Christopher Elliott and the Washington Post , and in a conference call with reporters today, DHS spokespeople reiterated that -- as I reported a month ago -- the DHS is preparing, if necessary, to issue (secret) "security directives" to the airlines to force them to implement CAPPS-II in spite of their and their employees' and customers objections, those of the public, and those of other countries' governments.

The Post reports that, "The European Union, whose passengers would also be rated and screened, have said the system would violate EU privacy laws, but it has allowed the TSA to use passenger data for testing purposes." It would be more accurate to say that, "The USA claims that the EU has agreed to allow the TSA to use EU data for CAPPS-II testing purposes."

In the press conference call today, DHS spokespeople claimed that there was a "side agreement" on CAPPS-II testing to the proposed USA-EU agreement on passenger manifest (APIS) data.

But there was no mention of any such side agreement when the proposal was presented to the European Parliament last month. I've looked carefully through the European Commission's report and the preliminary transcript and translation of the European Parliament committee meeting on the proposed agreement, and there's only a hint of a "side agreement" for CAPPS-II testing. All the other references to CAPPS-II exclude it categorically from the proposed agreement.

According to a report by the Agence Europe news service from Brussels over the weekend, a spokesperson for European Commissioner Frits Bolkestein confirmed the existence of the side agreement and "gave assurances that 'In the CAPPS II test phase, they (the Transport security agency responsible for developing the system) can use PPD [protected personal data] but only for testing the system. We also have commitments that this data will not be kept or used in any operational way'."

In light of the EC failure to disclose the side agreement earlier, the EC negotiators are likely to be in for a tough time with Parliament, which hasn't yet approved any part of an agreement with the USA. Some MEP's on the committee were already calling for legal action against the EC in the European Court of Justice for the EC's failure to enforce EU privacy law on passenger data transfers to the USA. The relevant committee was scheduled to hold its first meeting today since its holiday recess; I haven't heard if this subject was discussed, but it's sure to be back on the agenda at future sessions.

Ultimately, though, people in the USA can't rely on international or European law to protect our rights, or those of visitors to our country. If we don't want our travel history to be treated like a criminal history, or available for sale to all comers, we need a Federal data privacy law on the Canadian or EU model, or at least a Federal travel privacy law as strong as, or stronger, than existing Federal laws for financial and medical data.

(I'll be talking about the latest CAPPS-II developments, and what they mean, tonight on KGO-TV news on Channel 7 in San Francisco.)

[Addendum, 13 January 2004: I neglected to mention that at least the Privacy Act Notice and Privacy Impact Assessment for US-VISIT do say to whom you can complain if you think that fingerprinting and photgraphing visitors, and keeping the records for 100 years, invades their privacy: Steve Yonkers, US-VISIT Privacy Officer, telephone +1-202-298-5200. Yesterday was the deadline for formal comments on the proposal for 100-year retention of visitor travel dossiers. The notice claimed that, "DHS will make comments received available online at http://www.dhs.gov ." But they said the same thing about the public comments on CAPPS-II, most of which still haven't been posted more than 3 months after the close of the comment period, so I wouldn't hold my breath.]

[Further addendum, 14 January 2004: EPIC's comments on the ADIS Privacy Act notice, US-VISIT, and the 100-year retention of travel histories include an excellent summary of the emerging international humnan rights norms of privacy protection, and how far short of them USA laws and regulations like this one fall.]

Link | Posted by Edward on Monday, 12 January 2004, 17:02 ( 5:02 PM) | TrackBack (1)
Comments

Don't they already have some sort of system like this - called a passport?

Posted by: Stephen, 13 September 2004, 19:08 ( 7:08 PM)

Hello

I thought this was an interesting travel article!

Regards

Stephen Jones

Posted by: Stephen Jones, 14 July 2007, 02:30 ( 2:30 AM)
Post a comment









Save personal info as cookie?