ARGUMENT: DHS & AUTOMATED SYSTEMSDHS Must Evaluate and Overhaul its Flawed Automated Systems

The Department of Homeland Security (DHS) is likely the single largest collector and consumer in the U.S. government of detailed, often intimate, information about Americans and foreigners alike. Rachel Levinson-Waldman and José Guillermo Gutiérrez write in Just Security that

The department stores and analyzes this information using vast data systems to determine who can enter the country and who is subjected to intrusive inspections, including by parsing through travel records, social media data, non-immigrant visa applications, and other information to detect patterns of behavior that the department has determined are worthy of scrutiny. As we explain in a new Brennan Center report, these systems and the data that powers them operate behind a veil of secrecy, with little meaningful documentation about how they work, and are too often deployed in discriminatory ways that violate Americans’ constitutional rights and civil liberties.

The risk assessment process begins with Customs and Border Protection (CBP) and the Transportation Security Administration, which use law enforcement data, classified intelligence, and “patterns of suspicious activity” to formulate “rules” capturing patterns of behavior that putatively indicate someone presents a higher risk of committing a crime — anything from importing contraband agricultural products to terrorism. These processes are driven by the Automated Targeting System (ATS), an algorithmically powered analytical database owned and operated by CBP. ATS mines the oceans of data it contains, including airline records, data obtained from border crossings, department of motor vehicle registration data, and more, to detect traces of information that match these rules. ATS also compares travelers’ information against the federal government’s watch lists of known or suspected terrorists, as well as law enforcement databases. Travelers who match one of ATS’s rules, an identity on a watch list, or a law enforcement record are subjected to increased scrutiny, whether by analysts who conduct additional vetting of travelers against databases or agents who inspect travelers and their belongings at the airport and once they enter the United States. CBP also uses ATS to conduct predictive threat modeling using historical data in ATS in response to “more generalized threats.”

Levinson-Waldman and Gutiérrez explain how ATS’s operation is in significant tension with the White House’s October 2022 Blueprint for an AI Bill of Rights, which is intended to guide the “development of policies and practices that protect civil rights and promote democratic values in the building, deployment, and governance of automated systems.”

They note that the blueprint sets out five overarching principles and related commentary to guide the development of automated systems, like ATS and its associated systems, to ensure they are safe, effective, equitable, transparent, and fair. “While these principles are not binding on the federal government, and currently exclude law enforcement and national security systems, implementing them would significantly improve the automated systems that DHS already uses.”

Levinson-Waldman and Gutiérrez conclude:

It is past time for DHS to stop improvising how it designs and implements its automated systems, with inadequate mechanisms for evaluation and oversight, weak standards, and disproportionate impacts on marginalized communities and individuals. DHS must disclose additional information about its systems, including the policies that govern their operations and reports explaining how they are used. An independent body should undertake a rigorous investigation of DHS’s automated systems, evaluating whether they are useful and accurate, assessing how they function, and determining whether they contain sufficient safeguards to protect privacy, civil rights, and civil liberties. In addition, the White House should take steps to give the AI blueprint teeth by making it applicable to federal agencies, including national security and law enforcement agencies such as DHS, as civil society groups and elected officials have urged. These steps, taken together, would ensure that DHS’s risk assessment functions are an effective use of resources, preserve civil rights and civil liberties, and reflect best practices for the use of automated systems.