The Department of Homeland Security’s Privacy Office has released its annual report (pdf) on data mining programs at the agency. The report focuses on three programs: (1) the Automated Targeting System (ATS) Inbound, Outbound, and Passenger modules, under U.S. Customs and Border Protection; (2) the Data Analysis and Research for Trade Transparency System (DARTTS), under Immigration and Customs Enforcement; and, (3) the Freight Assessment System (FAS), under the Transportation Security Administration.
This report comes on the heels of one by the National Research Council that found data mining programs don’t really work. The Council’s report, “Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment,” was sponsored by the Department of Homeland Security and the National Science Foundation.
“Automated identification of terrorists through data mining (or any other known methodology) is neither feasible as an objective nor desirable as a goal of technology development efforts,” the Council said. “[E]ven in well-managed programs such tools are likely to return significant rates of false positives, especially if the tools are highly automated.”
Included in the Privacy Office’s annual data mining report is a set of privacy principles for the DHS Science and Technology Directorate. “S&T organizes the scientific and technological resources of the United States to prevent or mitigate the effects of catastrophic terrorism against the United States or its allies.” The Privacy Office states, “S&T has agreed will govern new research performed at S&T laboratories, S&T-sponsored research conducted in cooperation with other Federal government entities, and research conducted by external performers under a contract with S&T.” Currently, the Privacy Office and S&T are working on plans to implement the principles in S&T programs.
The principles set out for the Science and Technology Directorate are based on the Fair Information Practices and OECD Guidelines and urge openness, data minimization, accuracy, and accountability. They are similar to principles set out in DHS’s “Handbook for Safeguarding Sensitive Personally Identifiable Information.”