The Department of Homeland Security’s Privacy Office has released its annual report (pdf) on datamining programs at the agency. “For each identified activity, the Act requires DHS to provide (1) a thorough description of the activity; (2) the technology and methodology used; (3) the sources of data used; (4) an analysis of the activity’s efficacy; (5) the legal authorities supporting the activity; and (5) an analysis of the activity’s impact on privacy and the protections in place to protect privacy,” DHS said.
Last year’s report focused on three programs: (1) the Automated Targeting System (ATS) Inbound, Outbound, and Passenger modules, under U.S. Customs and Border Protection; (2) the Data Analysis and Research for Trade Transparency System (DARTTS), under Immigration and Customs Enforcement; and, (3) the Freight Assessment System (FAS), under the Transportation Security Administration. (See my post on the 2008 datamining report from DHS.)
This year’s report, DHS said, “includes complete descriptions of each of these programs, with updates on modifications, additions, or other developments that have occurred since the 2008 Data Mining Report was issued.” No new datamining programs are discussed in the report, because “the DHS Privacy Office identified no additional DHS data mining activities during the current reporting year.”
2009 updates on the programs:
Automated Targeting System (ATS)
1. 2009 Program Update
During the current reporting period CBP added the DHS Electronic System for Travel Authorization (ESTA) as a new data source for the ATS Passenger module (ATS-P). ESTA was established pursuant to section 711 of the 9/11 Commission Act. The addition of ESTA data facilitates advance screening of travelers from Visa Waiver Program (VWP) countries who wish to enter the United State at air or sea points of entry. Before the inclusion of ESTA data as a source for ATS-P, use of information typically found on the paper I-94W Notice of Arrival/Departure Form for persons traveling from VWP countries was not available to CBP until the travelers arrived in the United States. Nationals of VWP countries seeking to enter the United States by air or sea carriers now must submit PII electronically to ESTA prior to travel. As a result, this data is now available for use by ATS-P in screening prior to departure to the United States. CBP and the DHS Privacy Office published a PIA, SORN, and Interim Final Rule for ESTA in June 2008. […]
Based upon the results of testing and operations in the field, ATS-Inbound and ATS-Outbound have proved to be effective means of identifying suspicious cargo that requires further investigation by CBP officers. The results of ATS-Inbound and ATS-Outbound analyses identifying cargo as suspicious have been regularly corroborated by physical searches of the identified cargo.
The goal of the Advanced Targeting Initiative is to enhance CBP officers’ ability to identify entities such as organizations, cargo, vehicles, and conveyances with a possible association to terrorism. By their very nature, the results produced by technologies used in the Advanced Targeting Initiative may be only speculative or inferential; they may only provide leads for further investigation rather than a definitive statement. The program finds it valuable to be able to very quickly produce useful leads gleaned from masses of information. Leads resulting in a positive, factual determination obtained through further investigation and physical inspections of cargo demonstrate the efficacy of these technologies. […]
ii. Technology and Methodology
ATS-P processes traveler information against other information available to ATS, and applies threat-based scenarios comprised of risk-based rules, to assist CBP officers in identifying individuals who require additional screening or in determining whether individuals should be allowed or denied entry into the United States. The risk-based rules are derived from discrete data elements, including criteria that pertain to specific operational/tactical objectives or local enforcement efforts. Unlike in the cargo environment, ATS-P does not use a score to determine an individual’s risk level; instead, ATS-P compares information in ATS source databases against watch lists, criminal records, warrants, and patterns of suspicious activity identified through past investigations and intelligence. The results of these comparisons are either assessments of the threat-based scenario(s) that a traveler has matched, or matches against watch lists, criminal records and/or warrants. The scenarios are run against continuously updated incoming information about travelers (e.g., information in passenger and crew manifests) from the data sources listed below. While the risk-based rules are initially created based on information derived from past investigations and intelligence (rather than derived through data mining), data mining queries of data in ATS and its source databases may be subsequently used by analysts to refine or further focus those rules to improve the effectiveness of their application.
The results of queries in ATS-P are designed to signal to CBP officers that further inspection of a person may be warranted, even though an individual may not have been previously associated with a law enforcement action or otherwise noted as a person of concern to law enforcement. The risk assessment analysis is generally performed in advance of a traveler’s arrival in or departure from the United States, and becomes one more tool available to DHS officers in determining a traveler’s admissibility and in identifying illegal activity. In lieu of manual reviews of traveler information and intensive interviews with every traveler arriving in or departing from the United States, ATS-P allows CBP personnel to focus their efforts on potentially high-risk passengers. The CBP officer uses the information in ATS-P to assist in determining whether an individual should undergo additional screening or should be allowed or denied entry into the United States.
Data Analysis and Research for Trade Transparency System (DARTTS)
1. 2009 Program Update
During the current reporting period, ICE has added two data sources for DARTTS: Suspicious Activity Reports from casinos, card clubs, and money services businesses; and data provided from the U.S. Department of the Treasury Financial Crimes Enforcement Network (FinCEN) in the Report of Foreign Bank and Financial Accounts (FBAR) that pertains to each U.S. person who has a financial interest in, or signature authority, or other authority, over any financial accounts, including bank, securities, or other types of financial accounts in a foreign country, if the aggregate value of these financial accounts exceeds $10,000 at any time during the calendar year. ICE is working to update the DARTTS PIA to include these new data sources.
The 2008 Data Mining Report noted ICE’s plans to transition DARTTS from a stand-alone system to the ICE enterprise network. The transition will take place in FY 2010, expanding access to DARTTS to include a broader pool of ICE field agents, subject to appropriate access controls. ICE plans to add a new data source – bill of lading data from AMS – and enhanced system auditing capability when it deploys the enterprise version of DARTTS. The DARTTS PIA will be updated accordingly. […]
4. Data Sources
All of the raw data in DARTTS is provided by other U.S. agencies and foreign governments, and is divided into three broad categories: U.S. trade data, foreign trade data, and U.S. financial data. The U.S. trade data in DARTTS is (1) import data in the form of an extract from the ACS, which CBP collects from individuals and entities importing merchandise into the U.S. who complete CBP Form 7501 (Entry Summary) or provide electronic manifest information via ACS, and (2) export data that the U.S. Department of Commerce collects from individuals and entities exporting commodities from the U.S. using Commerce Department Form 7525-V (Shipper’s Export Declaration) and/or through the AES and publicly available aggregated U.S. export data (i.e., data that does not include PII) purchased by ICE from the U.S. Department of Commerce. In the DARTTS enterprise version, ICE plans to incorporate a new data module with bill of lading data, which is data provided by carriers to confirm the receipt and transportation of on- boarded cargo to a specified destination. This information includes consignee name and address, shipper name and address, container number, carrier and bill of lading. It is collected by CBP via the AMS, and will be provided to ICE through CD-ROM, external storage devices, or electronic data transfers for uploading into DARTTS. ICE will update the DARTTS PIA to include the new bill of lading module prior to deployment.
The foreign import and export data in DARTTS is provided to ICE by partner countries pursuant to a Customs Mutual Assistance Agreement (CMAA) or other similar agreement. Certain countries provide trade data that has been stripped of PII. Other countries provide complete trade data, which includes any individuals’ names and other identifying information that may be contained in the trade records.
ICE receives U.S. financial data from FinCEN for uploading into DARTTS. This data is in the form of the following financial transaction reports: Currency Monetary Instrument Reports (declarations of currency or monetary instruments in excess of $10,000 made by persons coming into or leaving the United States); Currency Transaction Reports (deposits or withdrawals of $10,000 or more in currency into or from depository institutions and casinos and card clubs); Suspicious Activity Reports (information regarding suspicious financial transactions within depository institutions, money services businesses, the securities and futures industry, and casinos and card clubs); and Reports of Cash Payments over $10,000 Received in a Trade or Business (reports of merchandise purchased with $10,000 or more in currency). ICE also uses FBAR data from FinCEN.
DARTTS itself is the source of analyses of the raw data produced using COTS software analytical tools within the system. In addition, DARTTS creates extracts of U.S. trade data that has been stripped of PII, and provides those extracts to partner countries that operate their own TTUs and with whom the United States has entered into a CMAA or other similar agreement. The U.S. financial data in DARTTS is not shared with partner countries. […]
The DARTTS system has proved to be a useful tool for ICE in identifying criminal activity. To date the ICE TTU has initiated several case referrals and continues to support on-going investigations. Information from the DARTTS system has assisted in several criminal prosecutions and has also identified several major money laundering schemes. For example, through information gathered with DARTTS, ICE was able to disrupt and stop a major money laundering scheme that involved the movement of several billion dollars worth of Euros from Colombia to the United States. This information resulted in two multi-million dollar seizures, which disrupted and virtually stopped the laundering of Euros into the United States from Colombia.
Freight Assessment System (FAS)
1. 2009 Program Update
During the reporting period for the 2008 Data Mining Report, FAS had been prioritized for operational implementation. FAS is now being used to analyze air carriers’ screening data as well as Indirect Air Carrier data from the TSA Air Cargo Division’s Air Cargo Screening Technology Pilot (ACSTP) program, as discussed below. FAS data mining capabilities have not yet been deployed. […]
4. Data Sources
FAS uses the air carriers’ house and master airway bills (no PII from airway bills is included in the system), and data from the following TSA systems: the Performance and Results Information System (PARIS) (compliance data);61 the Indirect Air Carrier Management System (IACMS) (TSA-assigned certification number); and the Known Shipper Management System (KSMS) (company names). FAS compares information in these TSA systems with company background information that it obtains from Dun & Bradstreet, and with publicly-available statistical data on criminal activity. […]
The software used in FAS has proven in various testing and operational deployments to be highly effective in providing accurate information in real time that supports TSA risk analysts (the primary users of the system) in their work. The value of the output generated by the software will be determined by the quality of the data inputs, including airway bills, the primary document used in FAS. Where necessary, FAS can use the software’s industry-specific capabilities (supply chain, logistics, and freight transportation) to enable data cleansing and the interpretation and improvement of any data that appears to be of lesser quality.
Prior to the testing phase described in the 2007 Report, validity testing was completed in a proof of concept that scored live airway bills with a prototype model of FAS. TSA found the results to be consistent with expectations and with CBP’s ATS determinations. TSA was able to inspect cargo that the tools identified as presenting an elevated risk, and physical inspection confirmed the higher risk determination. Standards for validating the data mining models are included in the software used by FAS. The results of the FAS testing phase corroborate the results of the proof- of-concept validity testing.