CAPPS II Continues To Draw Fire
Congress, the Bush
administration and major airlines all say they want the same thing:
a computerized passenger screening program that will keep dangerous
people off airliners. But not all are pleased with the way the
two-year-old project is taking shape. The Computer-Assisted
Passenger Prescreening System, or CAPPS II, would rank all air
passengers according to the likelihood of their being terrorists.
But some say the project would violate privacy rights, while others
are concerned it would cost the private sector too much money.
The House aviation subcommittee scheduled a hearing on the
status of CAPPS II on Wednesday. Congress last year ordered its
investigative arm to report on whether CAPPS II safeguards
passenger privacy. The auditors reported last month that the
government hasn't adequately addressed security and privacy
concerns.
U.S. airlines are refusing to voluntarily turn over passenger
data to the government so it can test the system. They echo their
customers' concerns about government snooping and the possibility
that people will be wrongly labeled as terrorists. The Air
Transport Association, the trade group for major airlines, has come
up with seven "privacy principles" that it says the government
should follow in implementing CAPPS II.
The seven personal privacy safeguards for passenger prescreening
programs advocated by major airlines are:
- The Transportation Security Administration shall ensure that it
only collects personal information from passengers that is (a)
directly relevant to the aviation security purpose for which it is
collected and (b) clearly necessary to achieve that purpose.
- TSA shall ensure that personal information that it collects is
accurate and that collected information is disposed of securely and
promptly after the passenger's air transportation is
completed.
- TSA shall inform passengers: (a) why it is requiring the
collection of the personal information; (b) how it will use that
information; (c) the circumstances under which it will provide that
information to third parties, whether those parties are private
sector or governmental; and (d) its information retention and
disposal policy.
- The government shall only use collected information for
aviation security purposes and shall not use the information for
law enforcement purposes not directly related to aviation
security.
- TSA shall provide passengers with effective and expeditious
means to (a) inquire about TSA's CAPPS II privacy policy; (b)
access, consistent with national security considerations, their
personal information and correct that information; and (c) resolve
complaints about the collection, accuracy, processing or use of
personal information.
- TSA shall take necessary steps to keep personal information
secure. Such procedures shall be designed to prevent the
unauthorized access to, or loss, misuse, unauthorized disclosure or
alteration of, such information.
- TSA shall not implement CAPPS II for international flights
until it obtains any necessary determinations from foreign data
protection authorities that the collection, transmission and use of
information that is collected in that country for CAPPS II is
permissible.
ATA claims these guidelines seek to ensure the TSA collects only
personal information pertaining to aviation security, stores it
securely and gets rid of it as soon as travel is completed. The
airlines also said that passengers must be allowed to access their
personal information and correct any errors.
The TSA says it agrees
that privacy must be protected. A privacy officer, Nuala O'Connor
Kelly, has been hired to make sure federal privacy law is upheld.
The agency won't hold on to passengers' records, except for people
who might be terrorists. The TSA also says it has established a way
for passengers to redress inaccurate information, though that
remains to be tested.
The Business Travel Coalition, a group that wants to lower the
cost of business travel, said in a statement that business would be
disrupted if travelers were inadvertently snared by the system. The
group also said that CAPPS II would burden corporations and travel
agencies with higher costs.
"Firms in the travel industry distribution business face
unknowable costs at this time to reconfigure their systems in
accordance with the requirements of a CAPPS II," the coalition
said.
The passenger screening program would check information such as
a name, address and birth date against commercial and government
databases. Each passenger would be given one of three color-coded
ratings. Suspected terrorists and violent criminals would be
designated as red and forbidden to fly. Passengers who raise
questions would be classified as yellow and would receive extra
security screening. The vast majority would be designated green and
allowed through routine screening.