Last month the Department of Homeland Security disclosed a new database, called the Border Crossing Information (BCI) system, on page 43,457 of the 2008 Federal Register. Today, the Washington Post gives it Page One treatment.
The data will be basic personal information: The Post reports that Customs and Border Protection agents began to log the arrivals of all U.S. citizens across land borders earlier this year, adding that by next June, "all travelers crossing land borders will need to present a machine-readable document, such as a passport or a driver's license with a radio frequency identification chip." The U.S. already maintains a database for airline travel, which will be fed into BCI.
The primary purpose of the database, according to DHS, is to prevent terrorists and terrorists' weapons from entering the country. But the data could also be released outside of DHS for other purposes. That, and the fact that records will be retained for 15 years, is ample cause for concern from privacy advocates, who question whether the database is even legal. The Post continues:
The government states in its notice that the system was authorized by post-Sept. 11 laws...
[Greg Nojeim, senior counsel at the Center for Democracy & Technology] said that though the statutes authorize the government to issue travel documents and check immigration status, he does not believe they explicitly authorize creation of the database.
"This database is, in a sense, worse than a watch list," he said. "At least in the watch-list scenario, there's some reason why the name got on the list. Here, the only thing a person does to come to the attention of DHS is to lawfully cross the border. The theory of this data collection is: Track everyone -- just in case."
The Federal Register notice lists a number of "routine uses" (PDF) for the records. They could be released to federal, state, local, foreign governments or government contractors for various reasons, ranging from criminal investigations to feeding new data crunching systems designed to "enhance border security or identify other violations of law."
And they could be released to a judge as part of a civil suit or to the news media and public "when there exists a legitimate public interest in the disclosure of the information."
But DHS says that the data will be exempt from certain provisions of the Privacy Act, including the right of a citizen to know whether a law enforcement or intelligence agency has requested his or her records.
DHS also has requested that the states all contribute to a national database of licensed drivers. But some states have opted out (it's unclear how many), the Post reports, deciding instead to provide the information only when prompted by a query:
Because of privacy concerns, Washington state earlier this year opted for the queries-only approach. The Canadian government made the same decision. "There was absolutely no way they should have the entire database," said Ann Cavoukian, Ontario's privacy commissioner, who learned about the Canadian government's decision in April.
"Once you have data in a database you don't need, it lends itself to unauthorized use," she said. "You have no idea of the data creep."
DHS will accept public comments through next Monday, when the new database will go into effect.