Separating The Myth From The Fact

Mired in controversy over its plans to gather information on passengers using intelligence, law enforcement and commercial databases, the TSA issued this news release to ANN in hopes of clearing things up a bit:

• Myth: CAPPS II will be the first national intelligence gathering database.
• Fact: CAPPS II is not an intelligence gathering database. It is a prescreening system that will assess the likelihood that travelers are who they claim to be and perform a risk assessment to detect individuals who may pose a terrorist-related threat or who have outstanding Federal or state warrants for crimes of violence.

CAPPS II modernizes an existing program that was created in 1997 as an additional measure to help prevent a terrorist attack on passenger aircraft. In the wake of September 11th, Congress, through the Aviation and Transportation Security Act (ATSA) directed the Transportation Security Administration (TSA) to improve the system.

CAPPS II will only retain data for a short period after the completion of a US person’s itinerary. The system simply does two things:

(1) It assesses the identity of every passenger by matching limited information about the traveler (including name, date of birth, address, and phone number) with commercially available information. This check is done between databases outside of a government firewall. CAPPS II will not bring any information contained in the commercial databases into the government’s system and the commercial databases are prohibited from keeping or using the information provided by CAPPS II.

(2) CAPPS II also performs a risk assessment, including a check against lists of terrorists and known or suspected threats, to detect individuals who may pose a terrorist-related threat or who have outstanding Federal or state warrants for crimes of violence.

Once the system has computed a traveler’s risk score, it will send an encoded message to be printed on the boarding pass indicating the appropriate level of screening. Eventually, this information is planned to be transmitted directly to screeners at security checkpoints.

• Myth: Once I buy a plane ticket, CAPPS II will seek out information about my life (travel patterns, purchases, living habits).
• Fact: CAPPS II will not use data mining techniques to profile and track citizens. Except for the slightly expanded Passenger Name Record (PNR) data that air carriers and reservation systems will collect, CAPPS II will not collect additional personal information about the traveler. In addition, with rare exceptions, all data created by the CAPPS II system, including risk scores, will be destroyed shortly after the completion of a US person’s travel itinerary.
• Myth: Once CAPPS II is put in place I will have to submit a significant amount of personal information when I book a flight.
• Fact: CAPPS II will require PNR information from the airlines, which will be required to include information such as full name, home address, home phone number, and date of birth.
• Myth: Airline employees will be able to view my personal information when I check in for a flight.
• Fact: Airline employees already see the PNR that is in an airline’s system. The difference with CAPPS II is that airlines will be required to include a passenger’s full name, home address, home phone number, and date of birth in the passenger’s PNR. The only CAPPS II data to be printed on a passengers’ boarding pass will be an encoded field that indicates what level of screening should be conducted.
• Myth: If I have bad credit I will be flagged in CAPPS II.
• Fact: CAPPS II will not review credit worthiness, as it has no correlation to whether an individual is a terrorist or other security risk.
• Myth: If I have moved recently or use a Post Office Box as my address I will be flagged by CAPPS II.
• Fact: CAPPS II uses a number of public commercial databases to confirm your identity. A simple address change alone would not elevate an individual’s risk score.
• Myth: CAPPS II will track where and when I travel and will store that information.
• Fact: For US persons, information will only be kept for a short period after completion of the travel itinerary, and then it will be permanently destroyed. The prescreening process will be conducted anew each time you fly.
• Myth: If I am flagged for secondary screening I will be questioned by local law enforcement.
• Fact: Under the current CAPPS I, certain individuals are already flagged for secondary screening at the TSA checkpoint. Under CAPPS II, a much smaller percentage of all travelers will be flagged for secondary screening by TSA. Furthermore, it is only those who are assessed as a high risk who will be referred to law enforcement, not those flagged for secondary screening.
• Myth: If the system flags me as a threat to aviation I will have no recourse to verify that I am not a threat.
• Fact: With CAPPS II, there will be a redress process established, to include a Passenger Advocate. The Passenger Advocate will focus on assisting passengers who feel that they have been incorrectly or consistently prescreened. Since CAPPS II will be a centralized government-run system, rather than a decentralized system implemented by over 70 airlines, CAPPS II will provide the opportunity for a more efficient and effective disposition of passenger complaints. The passenger authentication process that CAPPS II will provide will eliminate many of the mistaken identity situations that airline travelers currently face under the pre-screening system that the airlines now operate.
• Myth: CAPPS II will use racial profiling to identify travelers who pose a threat.
• Fact: CAPPS II will absolutely not profile based on race, ethnicity, religion or physical appearance.
• Myth: Contractors working for TSA will be able to use my personal information for commercial or for-profit uses (for example, sell my personal information to car companies).
• Fact: TSA contractors are contractually prohibited from selling or retaining a passenger’s personal information for commercial purposes.
• Myth: CAPPS II will run a criminal background check on every passenger.
• Fact: No, CAPPS II will NOT run a criminal background check on every passenger. Instead, CAPPS II will perform an identity authentication and a risk assessment. Specifically, CAPPS II will do two things:

It will assess the identity of every passenger by matching limited information about the traveler, including name, date of birth, address, and phone number, with commercially available information. This check is done between databases outside of a government firewall. CAPPS II will not bring any information contained in the commercial databases into the government’s system.

CAPPS II also performs a risk assessment, including a check against lists of terrorists and known or suspected threats, to detect individuals who may pose a terrorist-related threat or who have outstanding Federal or state warrants for crimes of violence.

• Myth: If a passenger has several speeding tickets or misdemeanors on his/her record, does this mean that he or she cannot fly?
• Fact: No, a speeding ticket or misdemeanor in and of itself will not bar a passenger from flying. CAPPS II will assess a passenger’s identity and perform a risk assessment. The aggregated information will determine screening level. In the rare instances where a particular traveler has been identified as having known or suspected links to terrorism, or an outstanding warrant for violent criminal behavior, appropriate law enforcement officers will be notified.
• Myth: TSA cannot move forward in its plans for CAPPS II until the GAO report that Congress requested is issued on February 15.
• Fact: The current legislation states that TSA can move forward in testing CAPPS II. CAPPS II is scheduled to be implemented after testing and after Congressional requirements are met.
• Myth: CAPPS II can be easily thwarted by identity fraud.
• Fact: The CAPPS II design includes an information-based identity assessment process similar to what is done today in the commercial sector when, for example, a person purchases a cellular telephone, opens a bank account, or acquires a credit card. This is a substantial addition to the current identity verification process.

FMI: www.tsa.gov