This blog post was authored by Technology for Liberty Program intern Alex Leblang.

David Mack was unprepared for a political confrontation with U.S. border agents as he reentered the United States through New York’s JFK airport. As an Australian with a U.S. work visa, he expected the usual questions from a U.S. Customs and Border Protection (CBP) agent, such as “What was the nature of your trip?” or “Do you have anything to declare?” Instead, the agent grilled Mack, a BuzzFeed breaking news reporter, about the Mueller investigation into Donald Trump and BuzzFeed’s coverage of it. The phrase “fake news” was uttered. Mack described needing to walk an uncomfortable tightrope—gently refuting the agent’s false claims, while remembering that the agent had the ability to deny Mack entry into the country where he lives and works.

How did the border agent know David Mack works for Buzzfeed? Mack suspects that the agent saw his employer listed on his visa. But it’s likely that the agent and agents like him nationwide would have been able to access the same information even on U.S. citizens. Over the past twenty or so years, the federal government’s border police have vastly expanded their surveillance reach, and now keep detailed records about all travelers, including information not just about where we work, but also about our personal and business associations, what we read, our political preferences and religious interests, and more.

Under the Trump administration, the federal government has been particularly eager to expand its surveillance and database systems to track noncitizens. But while the Trump administration has expressed its desire to increase the government’s technical capabilities to track and monitor people both within the U.S. and worldwide, the government has been compiling databases on Americans and foreign nationals for years, under both Democrat and Republican administrations, under the auspices of “counter terrorism” and “border security.”

The government tends to be tight lipped about details related to these efforts, but thanks to federal privacy law, it is required to release at least basic information about its surveillance programs. On Valentine’s Day, the Department of Homeland Security (DHS) published information about its strategy for what the government calls “Continuous Immigration Vetting” (CIV). This is DHS’s latest attempt to fulfill President Trump’s desire for “extreme vetting.” U.S. Citizenship and Immigration Services (USCIS) cites Executive Order (EO) 13780, titled Protecting the Nation from Foreign Terrorist Entry into the United States, as reaffirming the need to create this program. The purpose of Continuous Immigration Vetting is increase the amount of monitoring DHS conducts on noncitizens in the United States and to continue its surveillance until it no longer can do so legally, i.e. they become a naturalized citizen. It its current iteration, the CIV program accomplishes this by increasing the technical links between USCIS, U.S. Customs and Border Protection (CBP), and U.S. Immigration and Customs Enforcement (ICE).

Many of the new data products rolled out by the Department of Homeland Security, as well as other federal agencies, focus on combining multiple databases or allowing automated products to search many databases at once. At a technical level, the U.S. Government has implemented Continuous Immigration Vetting as a connection between two incredibly expansive government data platforms, ATLAS and ATS.

ATLAS searches through the Fraud Detection and National Security Data System, which contains sensitive personally identifying information from a large number of sources, such as the USCIS’s Alien Files and the Immigration and Biometric Background Check System.  If the ATLAS system determines that it has found “derogatory” information on a person it will issue a notification to USCIS, which “may ultimately refer [the case] to ICE.” 

ATS is the CBP’s Automated Targeting System, “a decision support tool that compares traveler, cargo, and conveyance information against law enforcement, intelligence, and other enforcement data using risk-based scenarios and assessments.” As well as storing some of its own data, ATS also ingests data from a mind-numbingly long list of government databases. Many of these contain information about U.S. citizens, such as Department of Motor Vehicle registration data and other unspecified “commercial data aggregators.” The database also contains information about what travelers say, do, and possess while traveling. ATS assigns cargo a threat assessment score that it uses to identify items that may require further investigation, though CBP insists that it does not use ATS to assign a score to people.

What’s the problem with mass data surveillance? Breaches, inaccuracies, misuse, and abuse

Compiling all of these sensitive data about citizens, visitors, and green card holders is not just dangerous because it invites racial and religious profiling. By vastly expanding the data systems available to DHS officers, the government has made it more likely that the data will be leaked or abused.

These concerns are not merely hypothetical; government data breaches are unfortunately quite frequent. The most infamous government data breach occurred at the Office of Personnel Management (OPM), which by final count exposed the data of 21.5 million government employees, including biometric data, most likely to a foreign adversary. As gargantuan and serious as the OPM breach was, the website DigitalGuardian.com lists it as only the fourth largest breach impacting state and federal government in the U.S. The mere existence of such databases constitutes a privacy liability to anyone unfortunate enough to have their information contained within it, meaning the government ought to have very good reason to take this risk. Governments since George W. Bush’s have defended mass surveillance and data collection by claiming that it can prevent terrorism. The evidence says otherwise.

Another problem with these databases is that they often contain inaccurate information. These large systems gather information from many agencies and individuals, all with varying levels of training protocols and internal oversight mechanisms. As a result, it’s very difficult for the government to be sure their information reflects reality. In some cases, this is because government agents are human, and make mistakes. In others, it’s because of intentional malice.

In 2015, for example, a CBP officer was charged with filing a false report against a man who had started criminal proceedings against the officer’s brother-in-law for the rape of the man’s 11-year-old son. As a result of this false and malicious report, the man was subsequently detained at gunpoint multiple times when crossing the border into the U.S. In this case, the agent was caught and properly charged, but it’s likely that many false reports are never discovered. With so many government databases connected, and a system of approvals and denials based on automated rules and systems, it’s easy to imagine how a bad actor could input information that could negatively impact a person in a domain unrelated to the false report. Junk in, junk out.

Even if these databases were properly protected and the data were accurate, there would remain a high likelihood that the data would be misused and abused in racially and religiously discriminatory ways.

In the summer of 2017, ICE attempted to get private industry to create a program that would use artificial intelligence and machine learning to evaluate “an [immigration] applicant’s probability of becoming a positively contributing member of society.” Machine learning experts pointed out that the technology that DHS was asking for did not exist, and that it wouldn’t be possible to code a system to identify whether someone met a subjective threshold such as “positively contributing member of society.” After sustained pressure from advocacy groups and lawmakers, ICE eventually backed down from that portion of the extreme vetting process. But it’s possible that the agency will try to use similar techniques on the data that they gain access to with the CIV program.

Even without an explicit artificial intelligence portion, these automated decision systems can harm people and violate rights. ATLAS uses a “rules based” automated system to flag persons as threats to national security, but it is unclear what these rules are. What we do know about DHS’ intent does not inspire confidence. When addressing racial profiling, the CIV report cites DHS policy and includes the following paragraph:

Except as noted below, it is DHS policy, although not required by the Constitution, that tools, policies, directives, and rules in law enforcement and security settings that consider, as an investigative or screening criterion, an individual’s simple connection to a particular country, by birth or citizenship, should be reserved for situations in which such consideration is based on an assessment of intelligence and risk, and in which alternatives do not meet security needs, and such consideration should remain in place only as long as necessary. These self-imposed limits, however, do not apply to antiterrorism, immigration, or customs activities in which nationality is expressly relevant to the administration or enforcement of a statute, regulation, or executive order, or in individualized discretionary use of nationality as a screening, investigation, or enforcement factor.

We know the current administration considers nationality to be a relevant factor in immigration determinations, and this policy specifically cites executive orders as avenues of exemption that would allow DHS to consider nationality in the creation of its rules. Unfortunately, because we are unable to see the rules themselves, we don’t know for certain if racial profiling is built in to these risk assessments.

One thing is crystal clear, however: DHS’ goal is to use computer systems, big data, and automation to monitor U.S. visa applicants and permanent residents to the greatest extent that they feel they can legally defend. At an industry day courting private sector venders for its extreme vetting initiative, ICE was asked about the similarity of their request to a system that the FBI had tried to build that had been shut down by the ACLU. The ICE spokesperson responded that, unlike that FBI system, the system that they were seeking would be dealing with foreign nationals, and that they “will continue to do it until someone says that we can’t.