For every person who enters America, a profile is drawn up and a determination made on their risk to national security. It’s the same for any cargo or packages. And it’s all done using a tool known as the Automated Targeting System (ATS). This decades-old technology helps border staff decide whether or not you or a shipment needs to be pulled aside for further inspection before being allowed into the country.
Run by Customs and Border Protection, it’s been controversial since the mid-2000s, when the U.S. Department of Homeland Security (DHS) pivoted its use from just targeting cargo to tracking people. Though it’s primarily engineered by lesser-known tech contractors, one of the technologies the ATS uses is Google Maps. Through a review of government contract records and a FOIA request response, Forbes has learned that the CBP has spent at least $2 million in the last three years on the Google mapping software to support ATS, which critics say is a secretive, “terrifying,” huge surveillance system, one that draws in personal and location data from a vast number of government and commercial databases to make its risk assessments.
Whilst ATS can help investigators target individuals or packages that have been making suspicious trips to places of interest, such as Syria or Afghanistan, its use on any visitor to America makes it particularly troubling for privacy advocates. And CBP’s use of Google technology could be problematic for a tech giant whose own employees have voiced anger about its work with Trump’s immigration agencies.
“ATS is sort of this terrifying master database of vast quantities of personally identifiable information that’s being funneled in from dozens of different law enforcement and other databases,” said John Davidson, lead counsel at the Electronic Privacy Information Center (EPIC), who said the use of Google tech in ATS was potentially “alarming.”
Google Mapping the border?
It’s unclear just how Google Maps is being used by CBP. A response to a FOIA request revealed only that it “is required for visualization of maps and geocoding services.”
Google said that “due to contractual obligations, we don’t comment on our work with customers.” A CBP spokesperson said the use of the technology “is law-enforcement-sensitive and we would not be able to comment further.”
One source who claimed knowledge of the deal but would only speak on the condition of anonymity said Google Maps was only used to track shipments. They added that Google Maps geocoding APIs (application programming interfaces—software allowing other apps to use its functionality) are being used to check where cargo and shipping containers are addressed and if they’re real locations.
Rebecca Rivers, a former Google employee who worked on some mapping projects, said that after her own review of DHS documents, she believed Google Maps could be furnishing CBP with information on the owners of given plots of land so the agency could purchase it for remote monitoring stations on different land borders, most notably the one with Mexico.
Even if the use case is relatively innocuous, any Google work with CBP should be cause for concern, added Rivers. She was one of four staff who were let go by the tech giant in 2019, after she helped organize a petition, signed by nearly 1,500 of its own employees, demanding the company never work with immigration agencies, including CBP and ICE, until they stopped perpetrating “human rights abuses.” If Google Maps has been used for surveillance on that southern border, Rivers said the company had not been honest with employees about its work in that region. Google, which hasn’t made a public announcement about whether it will work with CBP on the Mexican border, declined to comment on its current stance.
Rivers told Forbes that even though the Google Maps contract may appear “fairly benign,” it shows Google is forging closer ties with the U.S. government. “Google and the U.S. government getting closer should scare everyone because the closer they are, the more info they will share,” Rivers adds.
Jack Poulson, a former Google research engineer who resigned over Google’s plans to release a censored version of search in China, said it was disturbing to see Google working with government agencies on military and surveillance projects. “Rather than standing for the protection of the vulnerable, Google has, over the past two years, doubled down on cloud and API support for deportations, drone warfare and authoritarian suppression of human rights inquiry,” he added.
The revelation that CBP is using Google tech as part of a surveillance technology also comes at an awkward time for the Mountain View giant. Sundar Pichai, CEO of Google’s parent company, Alphabet, has been vocal in his criticism of the Trump Administration’s clampdown on immigration, saying he was “disappointed” in the Trump Administration’s executive order suspending foreign worker visas in July. Besides being used on the border, ATS is also used to vet nonimmigrant and immigrant visa applications.
And it’s not the first time Google Map projects have caused concern. In 2018, Google employees also protested a $250 million contract to provide 3-D mapping for Department of Defense drones, in what was known as Project Maven. Google let the contract lapse in 2019.
Network of Google-flogging contractors
Google leadership could, at least, tell angry staff that it isn’t directly selling to the agency.
CBP has instead been going to a little-known contractor called First Source Partners (FS Partners) for its Google Maps services. Through that contractor, CBP purchased three yearly licenses to the Google Maps API, which organizations can buy to get a more bespoke, more detailed version of the Maps app. The latest order came via a $900,000 contract dated March 2020 and was for a renewal. Previous orders with FS Partners for Google Maps were made in March 2018 and February 2019, for $550,000 and $600,000, respectively, with the total cost coming to $2 million.
Google tech, from Google Earth to Chrome services and cloud licenses, has been sold to CBP since 2011 via such contractors, including Govplace, Wildflower International, NCS Technologies, All Points Logistics and Thundercat Technology, according to federal contract records.
FS Partners hadn’t responded to requests for comment at the time of publication.
ATS: The forgotten surveillance system
Google’s contributions to ATS are also bringing to light a forgotten surveillance system that has extraordinary breadth and power. It’s been some years since myriad nonprofits took umbrage at CBP’s surveillance tool. Back in the mid-2000s, ATS was only used to track suspicious cargo. Then DHS updated the system in 2006 so that people were tracked and given a risk assessment, leading to an outcry among privacy-conscious folk, who said the program should be shut down entirely. But, despite the uproar over ATS dying down, it remains hugely problematic.
“The Automated Targeting System is emblematic of so much that is wrong with the U.S. government’s approach to screening travelers,” adds Hugh Handeyside, senior staff attorney for the ACLU National Security Project.
“It uses a black-box algorithm to create the illusion of reliability, when in reality it sweeps in travelers who have done nothing wrong, without giving them any notice or recourse, and without any indication that it actually improves security.”
When Handeyside says it’s a “black-box algorithm,” he’s referring to DHS’s own vague language and secrecy around how ATS comes up with its determination of an individual’s risk level. Per the DHS privacy impact assessment for ATS, it’s “a decision support tool that compares traveler, cargo and conveyance information against law enforcement, intelligence, and other enforcement data using risk-based scenarios and assessments.”
Though its algorithms are opaque, what is clear is that ATS is an extremely powerful surveillance system, allowing border patrol to quickly search data on individuals, companies and cargo from an astonishing array of different databases. They include: the U.S. Immigration and Customs Enforcement’s (ICE) Student Exchange and Visitor Information System (SEVIS), the Department of Justice’s (DOJ) National Crime Information Center (NCIC), the DHS Terrorist Screening Database, and the Immigrant Visa data from Department of State. Facial recognition data troves are used by ATS, too, and as of 2019, CBP said it was going to use ATS to access License Plate Reader (LPR) information that it had acquired from a vendor.
Whilst it doesn’t ingest the data, ATS can also cross-reference individuals with data CBP has purchased from so-called “commercial data aggregators.” That will include the mobile application data that CBP has been purchasing from companies like Venntel. That little-known business tracks the location of app users, like those who use iOS or Android weather and games apps. Border police acquisitions of mobile app data have proven controversial, too, with Venntel becoming the subject of a probe by the House Committee on Oversight and Reform.
ATS also includes information taken directly from smartphones and computers when they’re searched at the border. Such searches don’t require a warrant by U.S. law, much to the consternation of human rights organizations, and ATS has been ingesting data from devices since a pilot started in 2007.
ATS looks at all this information and then automatically assesses an individual’s “patterns of suspicious activity.” It’s up to the CBP officer to determine what course of action to take next.
Though the CBP’s surveillance technology has flown under the radar for so long, it’s perhaps ironic that its use of Google technology will now bring ATS and its many concomitant privacy concerns to light once again.
Meanwhile, tech companies continue to find themselves in internecine squabbles over working with immigration agencies. Major tech companies such as Microsoft and Dell continue to sign off on multimillion-dollar deals with ICE and CBP and earlier this month an employee at Hootsuite was reportedly fired for speaking out against the social media marketing company’s work with ICE. According to federal contracting records, last month ICE spent just over $500,000 on Hootsuite licenses. As with Google, the deal was not done directly, but through FCN Inc., a small government contractor.