The batch of US State Embassy cables recently published by the media organization WikiLeaks contain a few assessments of how other countries’ governments manage their terrorism watch lists. The assessments reveal much about how countries have tried to implement security regimes for travel in the aftermath of 9/11. And, each assessment is in the form of questionnaire.

In Costa Rica, it is “impossible to determine” how many records the country’s watchlist contains. As of 2009, unlike other countries assessed, biometrics and fingerprints of passengers were not screened or taken. They did not have software for screening travelers of “security interest.” Fraud detection abilities were severely limited. Privacy laws are violated by corruption. “Miranda-like warnings” are to be served but this rarely happens (if ever). On top of that, records on detentions and interrogations of individuals are spread out through multiple intelligence or security agencies and nobody knows what agency has what. Individuals have tried to gain access to the records government has on them but the assessment reads the issue is “being debated,” meaning no clear system is likely in place.

Interestingly, the assessment notes the FBI has a “fingerprint assessment team” in Costa Rica to review the Organismo de Investigaciones  Judiciales (OIJ-Costa Rican version of the FBI), the Ministry of  Public Security, and the Ministry of Justice (Prisons). Their presence is mandated by the US Congress’s Merida Initiative, which set up a Central American Fingerprint Exchange (CAFÉ). The assessment says the FBI was tasked with instructing Costa Rica on how best to consolidate the systems of the three agencies.

The assessment on Kenya from November 2007 reveals that US-funded personnel identification secure comparison and evaluation systems (PISCES) were installed in the country’s three main airports (which doesn’t appear to be abnormal—Cambodia was provided assistance with a PISCES system and watchlisting too).

But, the technology does not guarantee security. “On many occasions, personnel do not enter travelers into the system if they are in the line to obtain an entry visa and have a Western (US, CAN, EU, JAP, etc.) passport,” the cable indicates. More than seventy percent of travelers, who claim to be “local traders,” are allowed to enter or exit without electronic screening. (Note: Kenyan news organization Daily Nation covered this cable in March of this year.)

The State Department asks the “post” in Kenya to figure out if the Kenya government would make “an appropriate partner for data sharing.” Whether the list would include “political dissidents (as opposed or in addition to terrorists) and whether governments would share or use US watchlist data inappropriately” is something the diplomat is asked to figure out. The diplomat suggests that the government may not have moved away from “political oppression” entirely. And, whether to allow data sharing or not, the diplomat contemptuously replies, would require “a close eye on the attitudes and practices of whoever wins the upcoming presidential elections.” The diplomat also notes accusations of “profiling” or “targeting” of Muslims could lead to the government to not enter a formal data-sharing agreement.

The extent to which the US government lobbies and maneuvers to gain access to gain access to country’s databases containing watchlist information is further revealed in an assessment on Turkey’s procedures. The assessment from June 2009 reads:


Each assessment asks whether the country provides individuals with a way to access the data homeland security agencies hold about them. Costa Rica’s and Kenya’s are extremely shoddy, if not virtually non-existent. In Turkey, the Law on Access to and Evaluation of Information (2003) makes it possible for an individual to petition for the release of information. There is an appeal process by an oversight board if this fails. But, the assessment notes “lack of centralization and the suspicion on the part of court record keepers make access cumbersome.” Additionally, case files are “technically available” but access can depend on “developing personal relationship with the people” handling the registry.

Portugal’s government practice on collecting, screening and sharing is exemplary, because in Portugal one truly appears to have the ability to access data that homeland security agencies hold on them:

The Schengen Convention itself recognizes the rights of individuals.  These include the right to access information in the Schengen Information System (SIS); the right to correct data where there is a de jure or de facto mistake; the right to apply to the courts or competent authorities to demand that data be corrected, deleted or that damages be awarded; the right to ask that data to be checked and to question the reason for data collection.  Since Portugal is a signatory to the Schengen Convention, all requests for access to personal data must follow the provisions of the Schengen Convention’s article 109, article 6 of Portuguese Law 2/94, and/or article 11 of Portuguese Law 67/98.  Any citizen or alien may request verification on whether there is an alert in his or her name in the Schengen database.  In addition, he/she may request a correction or deletion of personal data, in accordance with article 110 of the Schengen Convention.

On top of that, even non-citizens have specific rights under this Convention to access personal data stored and seek modifications when the data is found to be “inaccurate or unlawfully stored.”

The Washington Post’s Ellen Nakashima reported in September 6, 2009, the Obama administration was actively seeking to keep terror watchlist information secret. Intelligence officials were reportedly pushing for legislation to “exempt ‘terror identity information’ from disclosure under the Freedom of Information Act.” Noting that watchlists are disseminated to state and federal agencies and are “unclassified” but “for official use only,” the report indicates such data has been released.

But, an intelligence official, who spoke anonymously, told Nakashima, “If you’ve got somebody, including a suspected terrorist, who can FOIA that information, you’re making intelligence-gathering methods vulnerable. You’re possibly making intelligence agents and law enforcement personnel vulnerable. Suspects could alter their behavior and circumvent the surveillance.”

This appears to defy logic. Would a terrorist actually FOIA his or her self? Wouldn’t the terrorist begin to suspect the government might be tracking him for requesting information in regards to whether he or she was on the list? It seems like people who would FOIA their information would be people, who had run into problems and needed confirmation to pursue redress for being improperly included on the list. If the terrorist had run into zero problems with his or her inclusion, there would be no reason to create a paper trail and pursue information on whether he or she was designated a terrorist.

A terrorist, can we agree, does not need to know what governments know about him or her to commit a terrorist act. The terrorist will almost always find a way to attack if he or she wants to attack.

The creation and management of terrorism watch lists by the United States government has brought profound implications to innocent people who were not supposed to be on the list. Design flaws and high-error rates have been documented in government reports. The Inspector General for the DHS has demonstrated the “redress process” for people who are improperly identified is significantly flawed. Moreover, “outmoded technology systems,” bureaucracy or just plain disinterest in correcting errors has meant people, who want their names cleared from the databases, are unable to verify if they were removed or not.

Recently, Homeland Security moved to further centralize and expand “in-house access to the FBI’s database of suspected terrorists.” This was troubling, as the move also involved an interpretation of a 1974 Privacy Act that would create exemptions for criminal, civil and and administrative enforcement of the list, increasing the possibility of citizens being subjected to arbitrary decisions.

A scant amount of reason exists to justify the US not having a system much more similar to Portugal’s system. Further exempting data from disclosure and creating safeguards that allow violations of privacy is not necessary to keep the country safe or secure. Especially when the US is such a superpower and seeks to have its procedures for watchlisting copied or used in other countries, the world would benefit greatly if US citizens could better challenge their designation on a terror watch list.

*For the latest revelations from the just released cables, follow @kgosztola on Twitter. Also, @wlfind is a good feed to follow too.