Buried in the transcripts of a congressional hearing that took place yesterday is fleeting mention of the federal government’s latest and perhaps most outrageous assault on privacy. If you take an inbound flight from overseas, and a suspected terrorist or supporter is flagged by automated name-check systems as being on the same flight—even if (and particularly if) that someone was denied boarding because they were on some no-fly list—the government regards you as connected with that terrorist, and runs a check on you and everyone else on the plane.

The program is called Kingfisher. It began two years ago to check foreign-born visa-applicants against ever-growing intelligence and biometrics databases, and then expanded to keep tabs on visa-holders even after they enter the country. Under Kingfisher, those names are constantly pinged against day-to-day intelligence traffic just in case something was missed or develops. But Kingfisher has also been quietly expanded again to permit checks of passengers (including American citizens) on inbound flights containing foreigners that the government regards as fishy.

The theory behind Kingfisher goes back 20-plus years, when two of the original World Trade Center bombers arrived together on the same flight at Kennedy airport, intentionally seated in separate sections of the plane. The musclemen on 9/11 arrived in the same manner. After 9/11, as everyone’s names taking international flights started going through computers, the terrorist-hunters began to wonder: What if we catch a bad guy coming in, but we don’t spot his buddy sitting four rows behind? So they built the capability to look at everyone on select planes.

Our keyboard warriors have stretched the notion of legal predicate—that you have to have a reason to investigate an American’s background—to the point of absurdity. Kingfisher is a triumph of sheer computing power, which is now more powerful than any laws or even common sense in the insatiable dragnet to catch terrorists, extremists, and homegrown. Today, with the feds ever more obsessed with ISIS supporters who might be entering the country, every time you board an international flight headed for the United States—Moe or Mohammed; tourist or terrorist; even Grandma and little Sally—your mere presence on a flight with a suspected bad guy goes down in your permanent record.

Kingfisher went live on June 15, 2013, as a program of the National Counterterrorism Center (NCTC). Using “improved technology,” it sought to find terrorists and their supporters among the approximately 11 million annual visa applicants by “comparing applicant data to... classified data.” It was another layer of security, the NCTC bragged, and who could argue with checking foreign visitors to the United States, now possible in near real time against both intelligence databases and even raw intelligence traffic?

The program was expanded to include all applicants for refugee and asylum status, and opened to FBI and DHS watch officers, all in the name of coordination and time-savings. By the end of 2014, according to intelligence sources who spoke off the record but have been involved in oversight of the program, automated systems were set up that ran names through intelligence data, returning RED/GREEN light tip-offs within minutes. All RED hits were then hand checked. And then, all RED light hits were placed on a system of continuous vetting against derogatory information—that is, “evolving” intelligence data as the terror hunters call it.

The Kingfisher screening mission against inbound passengers began last year. On any flight with a RED hit, all passengers—seats 35C, 28A, 5B—are checked against name databases, against fingerprints, iris scans, even facial photos. The intelligence databases are constantly themselves automatically expanded (“enhanced”) through correlation of big data, analysis of encounter data, and emerging threat information from raw and finished intelligence reports. In other words, the full panoply of what is called “identity intelligence” can be checked against a set of names. And it is all done merely because you happened to book a flight. NCTC’s Screening and Vetting Group, according to records obtained by Phase Zero, sends some 20 to 30 RED hits a week to law enforcement and intelligence agencies for further scrutiny. The program, according to a federal job posting, is “one of the top priorities for the Director of NCTC.”

Just as the FBI’s National Security Analysis Center (NSAC) can access your credit report and online transactions on the ground, Kingfisher has carved out a place for itself in the sky.

The NCTC, whose job includes “integrating and analyzing all intelligence pertaining to terrorism possessed or acquired by the U.S. government,” is essentially in charge of coordinating efforts and synthesizing data from the entire federal bureaucracy. There are the spying-and-killing All Stars like CIA, Department of Justice, FBI, Department of State, and Homeland Security. But NCTC also pulls intelligence from and for a number of other departments—Energy, Treasury, Agriculture, Transportation, and Health and Human Services, to name a few. Kingfisher uses all of these agencies in its quest to map the skies and identify potential threats.

In testimony before the the Committee on Homeland Security Subcommittee on Counterterrorism and Intelligence yesterday, Seth G. Jones of the RAND Corporation made mention of Kingfisher, referring to it’s visa “vetting process.” Jones’ report, entitled, “The Terrorism Threat to the United States and Implications for Refugees,” lays out the legal framework for expanding federal monitoring of the expected Syrian refugee influx, including the use of Kingfisher.

Computers have hardly reached their maximum level of power and thoughtlessness. Visa holders, refugee and asylum seekers, and international air passengers are just the beginning. It’s only a matter of time before the capacity of the computers allows the regular checking of everyone. “Evolving” suspects, they call them. Programs like Kingfisher are where the rubber of mass dragnet surveillance meets the road of invasive personal monitoring. You’ve heard of “signature strikes,” where drone targets are selected by their profile? Well this is the beginning of signature surveillance. If you’re in the wrong place at the wrong time, you are marked.

[Photo by AP. Illustration courtesy of Getty.]

You can contact the authors at william.arkin@gawker.com or sultana@gawker.com.