More travel records, more exemptions from the Privacy Act

An anonymous traveler has posted the records of their international travel that were provided by the Customs and Border Protection (CBP) division of the Department of Homeland Security, in response to a request under the Privacy act using these forms updated from those used by the Identity Project in our original investigation of the CBP “Automated Targeting System” (ATS).  As noted by philosecurity.org, which published the latest example of the government’s travel data vacuum cleaner, as provided by one of the site’s readers,

The document reveals that the DHS is storing the reader’s:

  • Credit card number and expiration (really)
  • IP address used to make web travel reservations
  • Hotel information and itinerary
  • Full Name, birth date and passport number
  • Full airline itinerary, including flight numbers and seat numbers
  • Cruise ship itinerary
  • Phone numbers, incl. business, home & cell
  • Every frequent flyer and hotel number associated with the subject, even ones not used for the specific reservation

There are also the details of a reservation at a hotel the person didn’t end up staying at, but which they had a reservation for when the CBP pulled a snapshot of their PNR from the airline or CRS. Sadly, all this is typical of what’s in a PNR and what we found in our continuing investigation of CBP/DHS travel records.

Meanwhile, even as more travelers are finally getting portions of their travel records, the DHS published a new final rule on August 31, 2009 (74 Federal Register 45070-45072) exempting portions of those records from the Privacy Act.

The new rule applies to the so-called “TECS” system of records, in which all of the Automated Targeting System (ATS) was originally classified.  In an elaborate shell game to evade requests, the DHS eventually categorized portions of the ATS data as a separate records system, but recent responses show that some travel records, particularly the logs of arrivals and departures at land border crossing, seaports, and airports, and the detail pages for events such as secondary searches and interrogations at borders and ports (which have often been withheld without notice to requesters, who probably didn’t even realize they existed or were missing from the disclosures), remain categorized as TECS rather than ATS data.  The new rule purports to authorize the DHS to keep irrelevant, inaccurate, incomplete, and unnecessary information in the TECS system (because CBP might want to use irrelevant irrelevant, inaccurate, and incomplete information as the basis for its decisions), to collect it in secret from third parties (airlines and computerized reservation systems, of course, but also others), disclose it in secret to other third parties, and keep it secret from travelers themselves.

Some of our appeals of Privacy Act request for our own ATS records (including, under the definitions in effect when our requests and appeals were made, TECS records) have been pending for almost two full years without response.  We suspect that part of the reason for the stall was that the DHS was withholding any response until after they could finalize new rules purporting to exempt themselves from the obligation to turn over their records of our travels.  We’ll see if we now get a belated response to our outstanding appeal, and if it relies on the newly finalized exemptions.

Similar Privacy Act exemptions for ATS records were proposed two years ago, under the previous Administration.  We filed formal objections when these exemptions were proposed, and they have never been finalized, but they could be at any time without further notice.  If you haven’t yet applied for your ATS travel records, we urge you strongly to do so without delay, before the CBP publishes a final rule exempting ATS travel records from the Privacy Act the way they’ve just done with TECS travel records.

We welcome any copies of DHS responses to your requests, either in confidence or for publication, as is or with your redactions (just let us know, if possible, which redactions are yours and which are those of the DHS).  We’ll also do our best to respond to request for assistance in interpreting travel records obtained form the government.

2 Responses to “More travel records, more exemptions from the Privacy Act”

  1. Wednesday, September 23, 2009 « The Jeff Farias Show Says:

    [...] the best picture of the FBI’s data mining system through other government FOIA requests. … More travel records, more exemptions from the Privacy Act An anonymous traveler has posted the records of their international travel that were provided by [...]

  2. Tuesday, October 6 2009 « The Jeff Farias Show Says:

    [...] DHS exempting more travel records from the Privacy Act (and examples of what other people have found… [...]

Leave a Reply