Law in the Internet Society

Balancing Security and Privacy: The Use of Privacy Impact Assessments in Border Protection Policies

-- By NishuAfobunor - 19 Dec 2024

Introduction

The integration of artificial intelligence (AI) into border protection systems, such as the Automated Targeting System (ATS), has revolutionized the way the U.S. assesses risk, enabling faster and more accurate identification of potential threats by processing vast amounts of traveler and cargo data. However, this technological advancement comes with its own set of privacy challenges, particularly regarding the security of personally identifiable information (PII). In response, the Department of Homeland Security (DHS) conducts Privacy Impact Assessments (PIAs) as mandated by the E-Government Act of 2002, ensuring that privacy risks are carefully managed. This essay will delve into how PIAs play a critical role in balancing privacy protection with national security objectives, specifically within the ATS and the Traveler Redress Inquiry Program (DHS TRIP).

Functionality and Role of ATS in Border Security

The Automated Targeting System (ATS) in particular is used by Customs and Border Protection to assess the risk of travelers and cargo entering or exiting the U.S. by processing data from various sources, including law enforcement and intelligence databases. It compares information like travel history and criminal background with national security databases, such as the Terrorist Screening Database (TSDB), to identify potential threats. ATS operates through several modules, including the Unified Passenger Analysis (UPAX) module, which consolidates data into a single view for quicker assessment. However, this data aggregation raises concerns about the integrity and security of personal information, requiring careful oversight.

Privacy Risks in ATS

While the Automated Targeting System (ATS) is crucial for national security, it presents several privacy concerns, particularly regarding data accuracy and the consolidation of sensitive information. ATS aggregates data from multiple sources, which creates the potential for outdated or incorrect information to be included in risk assessments. This could result in flawed decisions, such as delays, detentions, or other negative consequences for individuals. Additionally, merging various datasets increases the risk of exposing sensitive information, such as travel history and criminal records. The UPAX module, which consolidates multiple records into a single profile, raises concerns about unauthorized access or accidental disclosure of personal data. To address these privacy risks, the DHS has implemented key safeguards, including strict user access controls, ensuring that only authorized personnel with specific roles can access certain data. This helps minimize the risk of unauthorized disclosure or misuse of personally identifiable information (PII). Furthermore, ATS is designed to update information from source systems in real time, ensuring that only the most accurate and up-to-date data is used in risk assessments. If discrepancies or inaccuracies are identified, CBP officers are required to correct the data, maintaining the system’s accuracy and integrity.

The Traveler Redress Inquiry Program (DHS TRIP)

Another key aspect of DHS's approach to privacy protection is perceived through the Traveler Redress Inquiry Program (DHS TRIP). This program provides individuals who believe they have been unfairly delayed, detained, or denied entry during travel screenings a means of seeking redress. By submitting a redress request, individuals can have their records reviewed and corrected if necessary.

While DHS TRIP also involves the collection of PII, it aims to minimize privacy risks by collecting only the data necessary to resolve redress issues. To further safeguard privacy, individuals requesting redress are required to provide proof of identity, which helps ensure that the data being corrected is accurate and corresponds to the correct individual. In this way, the system seeks to balance privacy protections with the need to correct any errors in federal records.

Privacy Risks and Mitigation in TRIP

The Traveler Redress Inquiry Program (DHS TRIP) presents several privacy risks, particularly in terms of the collection and use of personally identifiable information (PII). One significant risk is that DHS TRIP may collect more information than is necessary to address a redress request. To mitigate this, DHS TRIP strives to collect only the PII that is directly relevant to the individual's request, reducing the potential for unnecessary data collection. Additionally, the DHS TRIP website includes a Frequently Asked Questions (FAQ) section, which aims to address common inquiries without requiring the submission of personal information, thus limiting unnecessary data requests. Another privacy risk involves the potential for DHS TRIP to make redress determinations based on inaccurate or outdated data, which could lead to incorrect outcomes for individuals. To mitigate this risk, individuals are required to submit proof of their identity by providing at least one identity document. This verification process ensures that the information used in redress determinations is accurate and corresponds to the correct individual, also helping to identify any discrepancies in the data held by DHS or its partner agencies. Together, these mitigations help ensure that the privacy of individuals is protected while maintaining the integrity of the redress process.

Strengths and Weaknesses of PIAs

In conclusion, Privacy Impact Assessments (PIAs) play a vital role in identifying and addressing privacy risks early in system development, helping to prevent breaches and unauthorized access to sensitive information. By enhancing transparency and informing the public about how their personal data is handled, PIAs foster trust in systems like the Automated Targeting System (ATS). They also ensure compliance with critical privacy laws. However, despite their benefits, PIAs can be resource-intensive and may struggle to keep pace with rapidly advancing technologies and large data volumes. Additionally, the sensitive nature of border security operations means some PIA findings remain confidential, limiting public understanding. As technology continues to evolve, PIAs must be regularly updated to address emerging risks and ensure ongoing privacy protection.

There's absolutely nothing here. Two government websites are re-summarized, which is the sort of work for which use chatbots. The websites describe government programs which use information about people. One of the websites is used by people to protest government actions involving other programs that use data about people. Generic privacy issues (is too much collected? is information out of date? ) are described. A statute is mentioned. It would be wrong to say nothing has been learned, because someone or something read the websites. It would be wrong to say that no thought is involved, because the sorts of thoughts that fake intelligence can think are inscribed on the page. But it would be right to say that the learning and the thinking are of the lowest possible quality: superficial, routinized, mechanical, unimaginative, ultimately pointless. That there is no relationship to any human thinking, no context or perspective, no resonance or connection to any larger ideas, goes without saying. This is the era of fake intelligence "personified."

The way to improve the essay is to frame an inquiry worthy of human investigation, to master a literature, to enact thinking, and to communicate with a reader. Here there is no effort, no commitment, and no reason to expect improvement.

References • Department of Homeland Security Privacy Impact Assessments: https://www.dhs.gov/privacy-impact-assessments • Automated Targeting System (ATS) Overview o https://www.dhs.gov/publication/automated-targeting-system-ats-update o https://www.dhs.gov/sites/default/files/publications/privacy_pia_cbp_tsacop_09162014.pdf • E-Government Act 2002 o https://www.justice.gov/opcl/e-government-act-2002 • DHS Traveler Redress Inquiry Program: https://www.dhs.gov/dhs-trip


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Navigation

Webs Webs

r2 - 13 Jan 2025 - 19:56:39 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM