The information for such screening will come from a variety of sources and can be stored for as long as 40 years. In the case of inbound and outbound passengers, the information will be obtained from the Passenger Name Record (PNR) data that is collected by each carrier. The information collected and stored by the ATS will include details such as names and addresses of all travelers, billing and travel agent information, e-mail addresses, number of bags checked and no-show history.

The DHS disclosed the details of its use of the ATS in a notice published in the Federal Register on Nov. 2. The purpose of the notice was to "provide expanded notice and transparency" related to the use of the ATS, the DHS wrote in the notice. The public comment period for the notice ended Dec. 4 but was extended to Dec. 29.

In comments filed with the DHS last week, the Electronic Frontier Foundation, a privacy advocacy group, called the ATS "precisely the sort of system that Congress sought to prohibit when it enacted the Privacy Act of 1974.

"There has not yet been an adequate public explanation of how the system works and what the consequences might be for individuals who are assigned 'bad' risk assessments," said David Sobel, senior council at the EFF. The fact that there is no access to the data in the ATS nor any opportunity to correct it is also a problem, he said. "These problems are compounded by the 40-year data retention period, which means that people could be tainted for life by bad information," Sobel said.

Using algorithms to predict who is likely to present a terrorist threat is also questionable, he said. "The more likely result is a very high rate of false positives," said Sobel.