*From the archives

A batch of United States diplomatic cables recently published by the media organization, WikiLeaks, contain a few assessments of how other countries’ governments manage their terrorism watch lists. The assessments reveal much about how countries have tried to implement security regimes for travel in the aftermath of 9/11.

In Costa Rica, it is “impossible to determine” how many records the country’s watch list contains.

As of 2009, unlike other countries assessed, biometrics and fingerprints of passengers were not screened or taken. Costa Rica did not have software for screening travelers of “security interest.”

Fraud detection abilities were severely limited. Privacy laws were violated by corruption. “Miranda-like warnings” were to be served, but this rarely happened (if ever). On top of that, records on detentions and interrogations of individuals were spread out through multiple intelligence or security agencies and nobody knew what agencies possessed.

Individuals have tried to gain access to the records the Costa Rican government has on them, but the assessment shows the issue was only “debated,” meaning no clear system is likely in place.

Remarkably, the assessment notes the FBI has a “fingerprint assessment team” in Costa Rica to review the Organismo de Investigaciones  Judiciales (OIJ-Costa Rican version of the FBI), the Ministry of  Public Security, and the Ministry of Justice, which is in charge of prisons. Their presence is mandated by the U.S. Congress’s Merida Initiative, which set up a Central American Fingerprint Exchange (CAFÉ). The assessment says the FBI was tasked with instructing Costa Rica on how best to consolidate the systems of the three agencies.

The assessment on Kenya from November 2007 reveals U.S.-funded personnel identification secure comparison and evaluation systems (PISCES) were installed in the country’s three main airports (which doesn’t appear to be abnormal—Cambodia was provided assistance with a PISCES system and watchlisting too).

However, the technology does not guarantee security. “On many occasions, personnel do not enter travelers into the system if they are in the line to obtain an entry visa and have a Western (US, CAN, EU, JAP, etc.) passport,” the cable indicates. More than seventy percent of travelers, who claim to be “local traders,” are allowed to enter or exit without electronic screening. (Note: Kenyan news organization Daily Nation covered this cable in March.)

The State Department asked the “post” in Kenya to figure out if the Kenya government would make “an appropriate partner for data sharing.” Whether the list would include “political dissidents (as opposed or in addition to terrorists) and whether governments would share or use US watch list data inappropriately” was something the U.S. Ambassador to Kenya was tasked with figuring out.

The ambassador suggested that the government may not have moved away from “political oppression” entirely. Whether to allow data sharing or not, the ambassador replied, would require “a close eye on the attitudes and practices of whoever wins the upcoming presidential elections.” The ambassador also noted accusations of “profiling” or “targeting” of Muslims could lead the government to not enter a formal data-sharing agreement.

The extent to which the U.S. government lobbies and maneuvers to gain access to country’s databases containing watch list information is revealed in an assessment on Turkey’s procedures. The assessment from June 2009 reads:


Each assessment asks whether the country provides individuals with a way to access the data homeland security agencies hold about them. The Costa Rican and Kenyan governments had extremely shoddy processes, if they existed at all.

In Turkey, the Law on Access to and Evaluation of Information (2003) made it possible for an individual to petition for the release of information. There was an appeal process by an oversight board if this failed. But the assessment notes “lack of centralization and the suspicion on the part of court record keepers make access cumbersome.” Additionally, case files are “technically available,” however, access can depend on “developing personal relationship with the people” handling the registry.

Portugal’s government practice on collecting, screening and sharing is exemplary, because in Portugal one appears to have the ability to access data that homeland security agencies hold on them:

The Schengen Convention itself recognizes the rights of individuals.  These include the right to access information in the Schengen Information System (SIS); the right to correct data where there is a de jure or de facto mistake; the right to apply to the courts or competent authorities to demand that data be corrected, deleted or that damages be awarded; the right to ask that data to be checked and to question the reason for data collection.  Since Portugal is a signatory to the Schengen Convention, all requests for access to personal data must follow the provisions of the Schengen Convention’s article 109, article 6 of Portuguese Law 2/94, and/or article 11 of Portuguese Law 67/98.  Any citizen or alien may request verification on whether there is an alert in his or her name in the Schengen database.  In addition, he/she may request a correction or deletion of personal data, in accordance with article 110 of the Schengen Convention.

On top of that, even non-citizens have specific rights under this Convention to access personal data stored and seek modifications when the data is found to be “inaccurate or unlawfully stored.”

The Washington Post’s Ellen Nakashima reported in September 6, 2009, that the President Barack Obama’s administration was actively seeking to keep terror watch list information secret.

Intelligence officials pushed for legislation to “exempt ‘terror identity information’ from disclosure under the Freedom of Information Act.” Noting that watch lists are disseminated to state and federal agencies and are “unclassified” but “for official use only,” the report indicates such data has been released.

An unnamed intelligence official told Nakashima, “If you’ve got somebody, including a suspected terrorist, who can FOIA that information, you’re making intelligence-gathering methods vulnerable. You’re possibly making intelligence agents and law enforcement personnel vulnerable. Suspects could alter their behavior and circumvent the surveillance.”


The creation and management of terrorism watch lists by the U.S. government has had profound implications for innocent people, who were not supposed to be on the list. Design flaws and high-error rates have been documented in government reports. The inspector general for Homeland Security has demonstrated the “redress process” for people who are improperly identified is significantly flawed.

Moreover, “outmoded technology systems,” bureaucracy, or plain disinterest in correcting errors has meant people, who want their names cleared from the databases, are unable to verify if they were removed or not.

Recently, Homeland Security moved to further centralize and expand “in-house access to the FBI’s database of suspected terrorists.” This was troubling, as the move also involved an interpretation of the 1974 Privacy Act that would create exemptions for criminal, civil, and administrative enforcement of the list, increasing the possibility of citizens being subjected to arbitrary decisions.

A scant amount of reason exists to justify the U.S. not having a system much more similar to Portugal’s system. Further exempting data from disclosure and creating safeguards that allow violations of privacy is unnecessary to keep the country safe or secure. Especially when the US is such a superpower and seeks to have its procedures for watch listing copied or used in other countries, the world would benefit greatly if U.S. citizens could meaningfully challenge their placement on a terrorism watch list.

*For the latest revelations from the just released cables, follow @kgosztola on Twitter. Also, @wlfind is a good feed to follow too.

Kevin Gosztola

Kevin Gosztola

Kevin Gosztola is managing editor of Shadowproof. He also produces and co-hosts the weekly podcast, "Unauthorized Disclosure."