The Department of Homeland Security is recording all of your international travel, and much more information about you, and using it to determine how much of a “risk” you pose of committing a terrorist act. And it will keep all this information on file for up to 40 years, keep it secret from you, and refuse to allow you to challenge it if it’s wrong.

Good information or bad, if your “risk profile” is too high, you could be denied travel to and from the U.S. — even if you’re a U.S. citizen holding a valid passport.

The Automated Targeting System has been used for many years to develop risk assessments for each piece of cargo coming in to the U.S. But it was only after 9/11 that the system was applied to people. ATS data mines information from airline Passenger Name Records, along with law enforcement and other data, to develop a risk profile for every international traveler, not just air travelers and cargo, according to a notice published in the Federal Register this week.

Civil libertarians expressed concern that risk profiling on such a scale would be intrusive and would not adequately protect citizens’ privacy rights, issues similar to those that have surrounded systems profiling air passengers.

“They are assigning a suspicion level to millions of law-abiding citizens,” said David Sobel, senior counsel of the Electronic Frontier Foundation. “This is about as Kafkaesque as you can get.”

DHS officials said that by publishing the notice, they are simply providing “expanded notice and transparency” about an existing program disclosed in October 2001, the Treasury Enforcement Communications System. — Washington Post

Sobel also pointed out that even if you have a low risk score, you are still going in the database because, as the government explains, you might become high risk in the future, “for example, if terrorist associations are identified.”

“DHS has exempted all of the data contained in the ATS from the ‘access’ and ‘correction’ requirements of the Privacy Act of 1974, which means that citizens have no right to learn about their own ‘risk assessments’ or to challenge them,” he wrote. “Franz Kafka, call your office.”

(After reading the regulation carefully, it seems to allow people to get their own records if their Member of Congress requests it on their behalf.)

A Congressional aide told theWashington Post that he wasn’t aware that Congress had authorized this use of the ATS system.

And security expert Bruce Schneier pointed out yet again that this sort of data mining just doesn’t work to catch terrorists. It will, however, wind up costing the airlines billions of dollars and inconveniencing at least thousands of travelers.

Recall back in July that Customs announced that they wanted to screen international travelers coming to the U.S. before they even got on the plane. Well, okay, they were very quiet about it. Currently airlines are required to notify CBP within 15 minutes after departure of a flight coming to the U.S. of everyone aboard. CBP matches those names against its watch lists, and if there’s anyone on there that they don’t want coming in to the country, they can order the flight diverted or turned back.

The regulations Customs proposed in July would require airlines to submit passenger names and receive clearance back before allowing the passenger to board the flight, for all flights arriving in the U.S. Anyone who Customs had “not cleared” would not be allowed to board the plane, and if you miss your flight because the data mining didn’t work properly, well, tough.

John Gilmore, who formed The Identity Project after he was illegally denied boarding to two domestic flights for failing to show identification, said in a comment to the notice of proposed rulemaking that the regulation would go much farther than simply interdicting suspected terrorists.

Under the proposed rules, orders by the CBP to common carriers not to transport specific persons would not be based on restraining orders (injunctions) issued by competent judicial authorities. Instead, they would be based on an undefined, secret, administrative permission-to-travel (“clearance”) procedure subject to none of the procedural or substantive due process required for orders prohibiting or restricting the exercise of protected First Amendment rights. From the authority of law enforcement officers and agencies to enforce certain types of orders, once lawfully issued by competent judicial authorities, the NPRM would usurp for the CBP the authority to issue those orders on its own. It’s as though the FBI were to construe its authority to maintain in the NCIC a list of persons for whose arrest warrants have been issued by competent judicial authorities, and execute those warrants, as authority for the FBI to issue and execute its own warrantless administrative arrest orders. — John Gilmore (PDF)

So, the computer coughs up your name as an elevated risk of terrorism for some ridiculous reason. The math is complicated, but the end result is that any such data mining operation must identify many innocent people. You miss your flight back to the U.S. by the time a human being clears up the mix-up:

“CBP estimates that this will result in 2 percent of passengers on large carriers and 0.25 percent of passengers on small carriers missing connecting flights and needing to be rerouted, with an average delay of 4 hours. Additionally, we estimate that 15 percent of passengers will need to arrive at the airport an average of 15 minutes earlier in order to make their flights.”

Sooner or later, business travelers, your number will come up.