Data mining won’t catch terrorists

Many business travelers prefer to sit in an aisle seat. Many also prefer to sit near the front of the plane so they may be among the first off when the plane lands.

Those also happen to be seats that might be desirable for terrorists bent on hijacking an airplane.

That common seat preference shared by business fliers and violent extremists could be earning innocent passengers additional scrutiny as they cross the U.S. border.

Last month, in a little-noticed filing buried deep in the Federal Register and first reported by the Associated Press, the Department of Homeland Security revealed that for several years, it had been using a so-called Automated Targeting System to screen passengers entering and leaving the United States.

The purpose, the agency said, was to identify “potential terrorists and weapons” and prevent them from entering the country.

In the screening process, Homeland Security has analyzed such seemingly innocuous information as passengers’ travel histories, frequent flier miles, number of bags checked, number of one-way tickets booked, e-mail addresses and even voluntary and involuntary upgrades. With that data, the department has assigned risk assessment scores to millions of travelers.

The program “mines,” or analyzes, the data in the same way direct mail companies do to decide who gets catalogs or other solicitations.

But unlike direct mail, critics say, this type of passenger data analysis is not only ineffective, it may be illegal.

“Congress enacted a specific prohibition on rating innocent travelers and instructed DHS to focus only on those who were on a government watch list,” Barry Steinhardt, director of the American Civil Liberties Union’s Technology and Liberty Project, said in a statement. “So it is unconscionable for the government to then create this kind of a system in violation of that ban, and without proper notice to Congress or the public.”

The government insists that no privacy laws have been violated. Homeland Security Secretary Michael Chertoff told AP, “I don’t think [the prohibition] can be read as applying to this program. The statute doesn’t bar the use of funds for the purpose of analyzing the risks for people entering the country.”

Department spokesman Russ Knocke said Congress was informed many times since 2003 that the Automated Targeting System, or ATS, had been used to assess people. The program was conceived as a means of screening cargo, but its scope was expanded.

It relies on principles of data mining that are tried and true in the commercial realm but are ineffective in targeting terrorists, said Jim Harper, director of information policy studies at the Cato Institute, the libertarian policy research group in Washington.

The only thing data mining does is winnow down the numbers, said Harper, who is also on the Department of Homeland Security’s data privacy and integrity advisory panel. “But the winnowing it would do

The program is different from the still-evolving terrorist watch list, once known as CAPPS II but now called Secure Flight. That effort compares the names of suspected terrorists with those of passengers to keep terrorists off airplanes.

Data mining is used to “discover previously unknown, valid patterns and relationships to large data sets,” read a January report by the Congressional Research Service.

It is similar to direct marketing in how it identifies targets, according to a paper released this week. It explained that marketers use demographic information such as ZIP Code, type of car owned, magazine subscriptions and other commercially available data to identify people who may be more likely to buy a service or product.

The paper was written by Harper and Jeff Jonas, chief scientist with IBM Corp.’s entity analytic solutions group.

Even after potential customers are narrowed down, only a small percentage actually buys something -- in the low to mid-single digits, the paper said. Although that might be OK for direct mail, the large miss rate is unacceptable when it comes to assigning terrorist rankings, Harper said.

“The one thing predictable about predictive data mining for terrorism is that it would be consistently wrong,” Harper and Jonas contended.

Authorities may hope to use data mining as a security tool, but there isn’t enough information about what a terrorist is like to compare against the millions of travelers who cross our borders every year, Harper said.

The program plans to store the information for 40 years. Travelers can file a Freedom of Information Act request to see the data, but the analysis -- your terrorist score, if you will -- is not available for review. Homeland Security won’t even say how much weight it assigns any category of information.

“With respect to the data that ATS creates, i.e., the risk assessment for an individual, [it] is for official law enforcement use only and is not ... subject to access under the Privacy Act,” according to the Privacy Impact Assessment filed by the department Nov. 22.

The effect on business travelers’ privacy and ability to travel freely could be significant.

“The ATS program implementation erodes trust and confidence in government,” the Business Travel Coalition, a corporate travel advocacy organization, said in a filing with the department. “When policies go straight to the first principle of personal liberty, then the requirement for transparency, participation and support is at the very highest level.”

Homeland Security has bowed to pressure and extended public comment on ATS to Dec. 29. To submit your view, go to www.regulations.gov and type “automated targeting system” in the keyword section. Then click on the “Add comments” icon.

“Good, honest, well-meaning people in government are throwing everything they’ve got at terrorism,” Harper said. “It’s time now, five years after 9/11.... Let’s actually do what works and put aside what doesn’t.”

*

james.gilden@latimes.com