Targeting Systems can be used to target a very variety of “things”. The things can be people, tax filings, medical claims, flights, customers, and many others. For example, targeting systems can be used to find which of the tax filings (or medical claims) should be reviewed (targeted) for errors (or fraud), it is just as easy to envision a targeting system that reviews customers arriving at a department store for providing individual assistance. Casinos have been doing this for years to find the “high rollers”. Travel industry does this to find travelers who may be given upgrades.
Frequently though, targeting systems target people. And in even more specific cases, the system doing the targeting belongs to the government. It is in those cases that ethical, policy and privacy issues most commonly emerge in the public domain. One obvious reason is that if the targeting system belongs to the government, then it may be forced to declare more specifics of the system (hotels and airlines may have no obligation to declare their system to identify high profile travelers). As an example, US Food and Drug Administration has been publishing import alerts and import bulletins for many years (Incidentally, FDA’s risk targeting system is called PREDICT, you can watch their YouTube video here).
An interesting example of such a scenario is the Automated Targeting System, a US DHS system for every person who crosses the US borders. Although first implemented in the late 90s, the system was first discovered by the public in November 2006, when a mention of it appeared in the Federal Register. Since then, the system has been subject to many lawsuits, primarily from the ACLU and citizens concerned about their privacy. Bruce Schneier, author of books on privacy and computer security (including “Liars and Outliers: Enabling the Trust that Society Needs to Thrive“, wrote about ATS:
There is something un-American about a government program that uses secret criteria to collect dossiers on innocent people and shares that information with various agencies, all without any oversight. It’s the sort of thing you’d expect from the former Soviet Union or East Germany or China. And it doesn’t make us any safer from terrorism.
Outside of ATS, the broader questions are:
- Is it acceptable for the government to maintain “risk” files on its innocent citizens, especially as those files contain the output from a targeting system that is not transparent? (the storage aspect of those files is the main concern here)
- Specifically, is it acceptable for government to use an obscure and opaque risk targeting system (opaqueness of the system is the main concern here)
It is also worthwhile to consider one simple risk targeting system that everyone is largely OK with today – that system is the X-ray machine that we all use when going into secure facilities and airports etc. People have largely come to accept that machine, and are also comfortable with the simplicity and the transparency (no pun intended) of that specific risk targeting system.