Monday, November 22, 2010

Automated Targeting System facilitates advance screening of airline travelers

"ATS-P facilitates the CBP officer’s decision-making process about whether a passenger or crewmember should receive additional screening prior to entry into, or departure from, the country because that person may pose a greater risk for terrorism and related crimes or other violations of U.S. law."
I am pleased to present the Department of Homeland Security’s (DHS) 2009 Data Mining Report to Congress. Section 804 of the Implementing Recommendations of the 9/11 Commission Act of 2007, Pub. L. 110-53, entitled the Federal Agency Data Mining Reporting Act (Act), requires DHS to report annually to the Congress on DHS activities that meet the Act’s definition of data mining. For each identified activity, the Act requires DHS to provide (1) a thorough description of the activity; (2) the technology and methodology used; (3) the sources of data used; (4) an analysis of the activity’s efficacy; (5) the legal authorities supporting the activity; and (5) an analysis of the activity’s impact on privacy and the protections in place to protect privacy. This is the fourth comprehensive DHS data mining report, and the second report prepared pursuant to the Act.

RESOURCES: Interesting "update" and discussion here The TSA Blog: Advanced Imaging Technology Automated Target Recognition:

When it created DHS, the Congress authorized the Department to engage in data mining and other analytical tools in furtherance of Departmental goals and objectives. Consistent with the rigorous compliance process applied to all DHS programs and systems, the DHS Privacy Office has worked closely with the programs discussed in this report to ensure that they employ data mining in a manner that both supports the Department’s mission to protect the homeland and protects privacy.

Pursuant to congressional requirements, this report is being provided

Automated Targeting System

During the current reporting period CBP added the DHS Electronic System for Travel Authorization (ESTA) as a new data source for the ATS Passenger module (ATS-P). ESTA was established pursuant to section 711 of the 9/11 Commission Act.22 The addition of ESTA data facilitates advance screening of travelers from Visa Waiver Program (VWP) countries who wish to enter the United State at air or sea points of entry.23 Before the inclusion of ESTA data as a source for ATS-P, use of information typically found on the paper I-94W Notice of Arrival/Departure Form for persons traveling from VWP countries was not available to CBP until the travelers arrived in the United States.

Nationals of VWP countries seeking to enter the United States by air or sea carriers now must submit PII electronically to ESTA prior to travel. As a result, this data is now available for use by ATS-P in screening prior to departure to the United States. CBP and the DHS Privacy Office published a PIA, SORN, and Interim Final Rule for ESTA in June 2008.24

CBP developed ATS, an intranet-based enforcement and decision support tool that is the cornerstone for all CBP targeting efforts. ATS compares traveler, cargo, and conveyance information against intelligence and other enforcement data by incorporating risk-based targeting scenarios and assessments. CBP uses ATS to improve the collection, use, analysis, and dissemination of information that is gathered for the primary purpose of targeting, identifying, and preventing potential terrorists and terrorist weapons from entering the United States. CBP also uses ATS to identify other violations of U.S. laws that are enforced by CBP.

In this way, ATS allows CBP officers charged with enforcing U.S. law and preventing terrorism and other crime to focus their efforts on travelers, conveyances, and cargo shipments that most warrant greater scrutiny. ATS standardizes names, addresses, conveyance names, and similar data so these data elements can be more easily associated with other business data and personal information to form a more complete picture of a traveler, import, or export in context with previous behavior of the parties involved. Traveler, conveyance, and shipment data are processed through ATS and are subject to a real-time, rules-based evaluation.
Example snippets of various targets in field
ATS consists of six modules that focus on exports, imports, passengers and crew (airline passengers and crew on international flights, and passengers and crew on sea carriers), private vehicles crossing at land borders, and import trends over time. This report discusses three of these modules: ATS-Inbound and ATS-Outbound (both of which involve the analysis of cargo), and ATS-P (which involves analysis of information about certain travelers, as discussed below). The remaining modules do not involve data mining as defined by the Data Mining Reporting Act.25

A legacy organization of CBP, the U.S. Customs Service traditionally employed computerized screening tools to target potentially high-risk cargo entering, exiting, and transiting the United States. ATS was originally designed as a rules-based program to identify such cargo; it did not apply to travelers. ATS-Inbound and ATS-Outbound became operational in 1997. ATS-P became operational in 1999 and is critically important to CBP’s mission. ATS-P allows CBP officers to determine whether a variety of potential risk indicators exist for travelers and/or their itineraries that may warrant additional scrutiny.

ATS-P maintains Passenger Name Record (PNR) data, which is data provided to airlines and travel agents by or on behalf of air passengers seeking to book travel. CBP began receiving PNR data voluntarily from certain air carriers in 1997. Currently, CBP collects this information to the extent collected by carriers in connection with a flight into or out of the United States, as part of its border enforcement mission and pursuant to the Aviation and Transportation Security Act of 2001 (ATSA).26

ATS receives various data in real time from the following CBP mainframe systems: the Automated Commercial System (ACS), the Automated Manifest System (AMS), the DHS Advance Passenger Information System (APIS), the Automated Export System (AES), the Automated Commercial Environment, ESTA, the DHS Nonimmigrant Information System (NIIS), DHS Border Crossing Information (BCI), and TECS. TECS includes information from the Federal Bureau of Investigation (FBI) Terrorist Screening Center’s (TSC)27 Terrorist Screening Database (TSDB) and other government databases regarding individuals with outstanding wants and warrants and other high-risk individuals and entities.
Example snippets of various clutter objects in field
ATS collects PNR data directly from air carriers. ATS also collects data from certain express consignment services in ATS-Inbound. ATS accesses data from these sources, which collectively include: electronically filed bills of lading, entries, and entry summaries for cargo imports; shippers’ export declarations and transportation bookings and bills for cargo exports; manifests for arriving and departing passengers; land-border crossing and referral records for vehicles crossing the border; airline reservation data; nonimmigrant entry records; and records from secondary referrals, incident logs, suspect and violator indices, seizures, and information from the TSDB and other government databases regarding individuals with outstanding wants and warrants and other high-risk entities. Finally, ATS uses data from Dun & Bradstreet, a commercially available data source, to assist with company identification through name and address matching.

In addition to providing a risk-based assessment system, ATS provides a graphical user interface for many of the underlying legacy systems from which ATS pulls information. This interface improves the user experience by providing the same functionality in a more rigidly controlled access environment than the underlying system. Access to this functionality of ATS uses existing technical security and privacy safeguards associated with the underlying systems.

A large number of rules are included in the ATS modules that encapsulate sophisticated concepts of business activity that help identify suspicious or unusual behavior. The ATS rules are constantly evolving to both meet new threats and refine existing rules. ATS applies the same methodology to all individuals to preclude any possibility of disparate treatment of individuals or groups. ATS is consistent in its evaluation of risk associated with individuals and is used to support the overall CBP law enforcement mission.

ATS-Inbound assists CBP officers in identifying inbound cargo shipments that pose a high risk of containing weapons of mass effect, illegal narcotics, or other contraband, and in selecting that cargo for intensive examination. ATS-Inbound is available to CBP officers at all major ports (i.e., air, land, sea, and rail) throughout the United States, and also assists CBP personnel in the Container Security Initiative (CSI) and Secure Freight Initiative (SFI) decision-making processes.

ATS-Outbound aids CBP officers in identifying exports that pose a high risk of containing goods requiring specific export licenses, illegal narcotics, smuggled currency, stolen vehicles or other contraband, or exports that may otherwise be in violation of U.S. law. ATS-Outbound sorts Electronic Export Information (EEI) (formerly referred to as the Shippers’ Export Declaration (SED)) data extracted from AES, compares it to a set of rules, and evaluates it in a comprehensive fashion. This information assists CBP officers in targeting and/or identifying exports that pose potential aviation safety and security risks (e.g., hazardous materials) or may be otherwise exported in violation of U.S. law.

ATS-Inbound and ATS-Outbound look at data related to cargo in real time and engage in data mining to provide decision support analysis for targeting of cargo for suspicious activity. The cargo analysis provided by ATS is intended to add automated anomaly detection to CBP’s existing targeting capabilities, to enhance screening of cargo prior to its entry into the United States.

ATS-Inbound and ATS-Outbound do not collect information directly from individuals. The data used in the development, testing, and operation of ATS-Inbound and ATS-Outbound screening technology is taken from bills of lading and shipping manifest data provided by vendors to CBP

as part of the existing cargo screening process. The results of queries, searches, and analyses conducted in the ATS-Inbound and ATS-Outbound system are used to identify anomalous business behavior, data inconsistencies, abnormal business patterns, and suspicious business activity generally. No decisions about individuals are made solely on the basis of these results.

The Security and Accountability for Every Port Act of 2006 (SAFE Port Act) requires ATS to use or investigate the use of advanced algorithms in support of its mission.28 To that end, ATS has established an Advanced Targeting Initiative, which includes plans for development of data mining, machine learning,29 and other analytic techniques during the period from FY09 to FY12, for use in ATS-Inbound and ATS-Outbound. Development will take place in iterative phases; the various iterations will be deployed to a select user population, which will test the new functionality.

The Advanced Targeting Initiative is being undertaken in tandem with ATS’ maintenance and operation of the ATS-Inbound and ATS-Outbound systems. The design and tool-selection processes for data mining, pattern recognition, and machine learning techniques in development in the Advanced Targeting Initiative are under consideration and have yet to be finalized.

As noted above, ATS-Inbound and ATS-Outbound do not collect information directly from individuals. The information maintained in ATS is either collected from private entities providing data in accordance with U.S. legal requirements (e.g., sea, rail and air manifests) or is created by ATS as part of its risk assessments and associated rules.

ATS-Inbound and ATS-Outbound use the information in ATS source databases to gather information about importers and exporters, cargo, and conveyances used to facilitate the importation of cargo into and the exportation of cargo out of the United States. This information includes PII concerning individuals associated with imported and exported cargo (e.g., brokers, carriers, shippers, buyers, sellers, exporters, freight forwarders, and crew).

ATS-Inbound receives data pertaining to entries and manifests from ACS and the Automated Commercial Environment (ACE), and processes it against a variety of rules to make a rapid, automated assessment of the risk of each import. 30 ATS-Outbound uses EEI data that exporters file electronically with AES, export manifest data from AES, export airway bills of lading, and census export data from U.S. Department of Commerce, to assist in formulating risk assessments for cargo bound for destinations outside the United States.

CBP uses commercial off-the-shelf (COTS) software tools to graphically present entity-related information that may represent terrorist or criminal activity, to discover non-obvious relationships across cargo data, to retrieve information from ATS source systems to expose unknown or anomalous activity, and to conduct statistical modeling of cargo-related activities as another approach to detecting anomalous behavior. CBP also uses custom-designed software to resolve ambiguities in trade entity identification related to inbound and outbound cargo.

Based upon the results of testing and operations in the field, ATS-Inbound and ATS-Outbound have proved to be effective means of identifying suspicious cargo that requires further investigation by CBP officers. The results of ATS-Inbound and ATS-Outbound analyses identifying cargo as suspicious have been regularly corroborated by physical searches of the identified cargo.

The goal of the Advanced Targeting Initiative is to enhance CBP officers’ ability to identify entities such as organizations, cargo, vehicles, and conveyances with a possible association to terrorism. By their very nature, the results produced by technologies used in the Advanced Targeting Initiative may be only speculative or inferential; they may only provide leads for further investigation rather than a definitive statement. The program finds it valuable to be able to very quickly produce useful leads gleaned from masses of information. Leads resulting in a positive, factual determination obtained through further investigation and physical inspections of cargo demonstrate the efficacy of these technologies.

There are numerous customs and immigration authorities authorizing the collection of data regarding the import and export of cargo as well as the entry and exit of conveyances.31 Additionally, ATS-Outbound and ATS-Inbound support functions mandated by Title VII of Public Law 104-208 (1996 Omnibus Consolidated Appropriations Act for FY 1997), which provides funding for counter-terrorism and drug law enforcement. ATS-Outbound also supports functions arising from the Anti-Terrorism Act of 198732 and the 1996 Clinger-Cohen Act.33 The risk assessments for cargo are also mandated under Section 203 of the SAFE Port Act.

ATS – Passenger Module i. Program Description.

ATS-P is a custom-designed system used at U.S. ports of entry, particularly those receiving international flights and voyages (both commercial and private), to evaluate passengers and crewmembers prior to arrival or departure. ATS-P facilitates the CBP officer’s decision-making process about whether a passenger or crewmember should receive additional screening prior to entry into, or departure from, the country because that person may pose a greater risk for terrorism and related crimes or other violations of U.S. law. ATS-P is a fully operational application that utilizes CBP's System Engineering Life Cycle methodology34 and is subject to recurring systems maintenance. ATS-P is operational and has no set retirement date.

ATS-P processes traveler information against other information available to ATS, and applies threat-based scenarios comprised of risk-based rules, to assist CBP officers in identifying individuals who require additional screening or in determining whether individuals should be allowed or denied entry into the United States. The risk-based rules are derived from discrete data elements, including criteria that pertain to specific operational/tactical objectives or local enforcement efforts. Unlike in the cargo environment, ATS-P does not use a score to determine an individual’s risk level; instead, ATS-P compares information in ATS source databases against watch lists, criminal records, warrants, and patterns of suspicious activity identified through past investigations and intelligence.

The results of these comparisons are either assessments of the threat-based scenario(s) that a traveler has matched, or matches against watch lists, criminal records and/or warrants. The scenarios are run against continuously updated incoming information about travelers (e.g., information in passenger and crew manifests) from the data sources listed below. While the risk-based rules are initially created based on information derived from past investigations and intelligence (rather than derived through data mining), data mining queries of data in ATS and its source databases may be subsequently used by analysts to refine or further focus those rules to improve the effectiveness of their application.

The results of queries in ATS-P are designed to signal to CBP officers that further inspection of a person may be warranted, even though an individual may not have been previously associated with a law enforcement action or otherwise noted as a person of concern to law enforcement. The risk assessment analysis is generally performed in advance of a traveler’s arrival in or departure from the United States, and becomes one more tool available to DHS officers in determining a traveler’s admissibility and in identifying illegal activity.

In lieu of manual reviews of traveler information and intensive interviews with every traveler arriving in or departing from the United States, ATS-P allows CBP personnel to focus their efforts on potentially high-risk passengers. The CBP officer uses the information in ATS-P to assist in determining whether an individual should undergo additional screening or should be allowed or denied entry into the United States.

ATS-P uses available information from the following databases to assist in the development of the risk-based rules discussed above. ATS-P screening relies upon information in APIS; NIIS, which contains all Form I-94 Notice of Arrival/Departure records; ESTA, which will eventually replace the I-94W and contains pre-arrival information for persons traveling from VWP countries (separately maintained in NIIS); the DHS Suspect and Violator Indices (SAVI); and the Department of State visa databases. ATS-P also relies upon PNR information from commercial airlines; TECS crossing data and seizure data; and information from the consolidated and integrated terrorist watch list maintained by the FBI’s Terrorist Screening Center.

ATS-P provides information to its users in near real time. The flexibility of ATS-P's design and cross-referencing of databases permits CBP personnel to employ information collected through multiple systems within a secure information technology system, to detect individuals requiring additional screening. The automated nature of ATS-P greatly increases the efficiency and effectiveness of the officer's otherwise manual and labor-intensive work checking individual databases, and thereby helps facilitate the more efficient movement of travelers while safeguarding the border and the security of the United States. As discussed below, ATS includes real-time updates of information from ATS source systems to ensure that CBP officers are acting upon accurate information.

Interesting "update" and discussion here The TSA Blog: Advanced Imaging Technology Automated Target Recognition:


No comments:

Post a Comment