A rare peek at Homeland Security's files on travelers

A rare peek at Homeland Security's files on travelers
Is this useful information, or a waste of time?
By Sean O'Neill


The oversize white envelope bore the blue logo of the Department of Homeland Security. Inside, I found 20 photocopies of the government's records on my international travels. Every overseas trip I've taken since 2001 was noted.

I had requested the files after I had heard that the government tracks "passenger activity." Starting in the mid-1990s, many airlines handed over passenger records. Since 2002, the government has mandated that the commercial airlines deliver this information routinely and electronically.

A passenger record typically includes the name of the person traveling, the name of the person who submitted the information while arranging the trip, and details about how the ticket was bought, according to documents published by the Department of Homeland Security. Records are made for citizens and non-citizens who cross our borders. An agent from U.S. Customs and Border Protection can generate a travel history for any traveler with a few keystrokes on a computer. Officials use the information to prevent terrorism, acts of organized crime, and other illegal activity.

I had been curious about what's in my travel dossier, so I made a Freedom of Information Act (FOIA) request for a copy.

My biggest surprise was that the Internet Protocol (I.P.) address of the computer used to buy my tickets via a Web agency was noted. On the first document image posted here, I've circled in red the I.P. address of the computer used to buy my pair of airline tickets.

(An I.P. address is assigned to every computer on the Internet. Each time that computer sends an e-mail—or is used to make a purchase via a Web browser — it has to reveal its I.P. address, which tells its geographic location.)

The rest of my file contained details about my ticketed itineraries, the amount I paid for tickets, and the airports I passed through overseas. My credit card number was not listed, nor were any hotels I've visited. In two cases, the basic identifying information about my traveling companion (whose ticket was part of the same purchase as mine) was included in the file. Perhaps that information was included by mistake.

Some sections of my documents were blacked out by an official. Presumably, this information contains material that is classified because it would reveal the inner workings of law enforcement.

Here's the lowdown on the records.

The commercial airlines send these passenger records to Customs and Border Protection, an agency within the Department of Homeland Security. Computers match the information with the databases of federal departments, such as Treasury, Agriculture, and Homeland Security. Computers uncover links between known and previously unidentified terrorists or terrorist suspects, as well as suspicious or irregular travel patterns. Some of this information comes from foreign governments and law enforcement agencies. The data is also crosschecked with American state and local law enforcement agencies, which are tracking persons who have warrants out for their arrest or who are under restraining orders. The data is used not only to fight terrorism but also to prevent and combat acts of organized crime and other illegal activity.

Officials use the information to help decide if a passenger needs to have additional screening. Case in point: After overseas trips, I've stood in lines at U.S. border checkpoints and had my passport swiped and my electronic file examined. A few times, something in my record has prompted officers to pull me over to a side room, where I have been asked additional questions. Sometimes I've had to clarify a missing middle initial. Other times, I have been referred to a secondary examination. (I've blogged about this before.)

When did this electronic data collection start? In 1999, U.S. Customs and Border Protection (then known as the U.S. Customs Service) began receiving passenger identification information electronically from certain air carriers on a voluntary basis, though some paper records were shared prior to that. A mandatory, automated program began about 6 years ago. Congress funds this Automated Targeting System's Passenger Screening Program to the tune of about $30 million a year.

How safe is your information? Regulations prohibit officials from sharing the records of any traveler — or the government's risk assessment of any traveler — with airlines or private companies. A record is kept for 15 years—unless it is linked to an investigation, in which case it can be kept indefinitely. Agency computers do not encrypt the data, but officials insist that other measures — both physical and electronic — safeguard our records.

I wonder if the government's data collecting is relevant and necessary to accomplish the agency's purpose in protecting our borders. The volume of data collected, and the rate at which the records is growing and being shared with officials nationwide, suggests that the potential for misuse could soar out of hand. Others may wonder if the efforts are effective. For instance, I asked security expert Bruce Schneier Schneider about the Feds' efforts to track passenger activity, and he responded by e-mail:

"I think it's a waste of time. There's this myth that we can pick terrorists out of the crowd if we only knew more information."

On the other hand, some people may find it reassuring that the government is using technology to keep our borders safe.

Oh, one more thing: Are your records worth seeing? Maybe not, unless you've been experiencing a problem crossing our nation's borders. For one thing, the records are a bit dull. In my file, for instance, officials had blacked out the (presumably) most fascinating parts, which were about how officials assessed my risk profile. What's more, the records are mainly limited to information that airline and passport control officials have collected, so you probably won't be surprised by anything you read in them. Lastly, there may be a cost. While there was no charge to me when I requested my records, you might charged a fee of up to $50 if there is difficulty in obtaining your records. Of course, there's a cost to taxpayers and to our nation's security resources whenever a request is filed, too.

However, if you are being detained at the border or if you suspect a problem with your records, then by all means request a copy. U.S. Customs and Border Protection is required by law to make your records available to you, with some exceptions. Your request must be made in writing on paper and be signed by you. Ask to see the "information relating to me in the Automated Targeting System." Say that your request is "made pursuant to the Freedom of Information Act, as amended (5 U.S.C. 552)." Add that you wish to have a copy of your records made and mailed to you without first inspecting them. Your letter should, obviously, give reasonably sufficient detail to enable an official to find your record. So supply your passport number and mailing address. Put a date on your letter and make a copy for your own records. On your envelope, you should conspicuously print the words “FOIA Request." It should be addressed to “Freedom of Information Act Request,” U.S. Customs Service, 1300 Pennsylvania Avenue, NW., Washington, DC 20229. Be patient. I had wait for up to a year to receive a copy of my records. Then if you believe there's an error in your record, ask for a correction by writing a letter to the Customer Satisfaction Unit, Office of Field Operations, U.S. Customs and Border Protection, Room 5.5C, 1300 Pennsylvania Avenue, N.W., Washington, D.C. 20229

Is the TSA violating your privacy with its new body scanning machines?