Is CAPPS II our ticket to better aviation security?

By Steve Lilienthal 
web posted May 10, 2004

Is CAPPS II the cure-all to prevent future 9/11s or is it simply
an attempt at a political panacea? As scrutiny of the proposed
aviation security system heightens, this question will have
increased salience for those privacy advocates who are critical of
its mission.

Clearly, there are security experts who do have questions about
its impact. One such expert is Bruce Schneier, the author of
Beyond Fear: Thinking Sensibly About Security in an Uncertain
World, who argues that true security systems need information to
be effective, not more data, whereas CAPPS II appears to be
premised on the belief that the more data it holds about
passengers, the more safe we will be.

The odds are high that a terrorist network planning to penetrate
aviation would be able to defeat CAPPS II by figuring out which
types of people can receive a "green" rating and then send them
on their deadly way.

Another thing that needs to be understood by the American
public is that the cost of the CAPPS II system will be very high.
Not only is there the cost of simply operating the system itself,
but also airline reservation agents and travel agents are using
reservation systems that are not equipped to process the
identifying information that TSA will demand. Re-conversion will
be very expensive. In that sense, the CAPPS II system is an
unfounded mandate on the travel and airline industries.

In the meantime, the TSA had been unresponsive to Congress'
own demand for placing an effective defense system on airliners
by arming pilots. TSA has dragged its feet in implementing this
congressionally mandated program causing Senator Jim Bunning
(R-KY) and Rep. Joe Wilson (R-SC) to take the lead in
sponsoring legislation to make sure that TSA's bureaucrats
implement the armed pilots program the way Congress intended.
Even Sen. Barbara Boxer
(D-CA) has signed on. (For the record, Schneier is one
prominent exception in questioning the effectiveness of arming
pilots.)

There are other things that TSA could be pressing. One would
be to upgrade the quality of screeners. Another would be to
improve the quality of security involving airport employees. This
is considered to be a gaping hole within aviation security. Greater
use of sky marshals on flights and reinforced cockpit doors are
other items that need to be advanced.

These are very real items that deserve consideration by
Congress. The issue of airport screeners received that scrutiny
last week by the aviation subcommittee of the House
Transportation & Infrastructure Committee. Also being
addressed was the issue of whether to spend CAPPS II money on
upgrading human intelligence capabilities, (considered to be a
more effective way to stop terrorist actions), or a standstill
system such as CAPPS II that is an invitation for terrorists either
to avoid or defeat.

Frankly, more effort needs to be put forth by the critics of
CAPPS II in developing sound, constructive alternatives while
keeping in mind the cost to the privacy of airline passengers.

The TSA is seeking exemptions from the Privacy Act. The
Government Accounting Office stated earlier this year, " ...TSA
plans to exempt CAPPS II from the Privacy Act's requirements
to maintain only that information about an individual that is
relevant and necessary to accomplish a proper agency purpose.
These plans reflect the subordination of the use limitation practice
and data quality practice (personal information should be
relevant to the purpose for which it is collected) and to other
goals and raises concerns that TSA may collect and maintain
more information than is needed for the purpose of CAPPS II,
and perhaps use this information for new purposes in the future.
Further, TSA plans to limit the application of the individual
participation practice - which states that individuals should have
the right to know about the collection of personal information, to
access that information, and request correction - by prohibiting
passenger access to all personal information about them
accessed by CAPPS II. This raises concerns that inaccurate
personal information will remain uncorrected in and continue to
be accessed by CAPPS II."

The largely unmentioned price tags of CAPPS II will be costly.
1) Airlines and travel agencies, in converting their reservation
systems to satisfy what amounts to an unfounded mandate, will
spend very real dollars and cents. 2) The cost of the potential
impact on privacy and due process (particularly given that
information from government and commercial databases will be
used) in factoring the color rating of passengers and - let's not
forget - the exemptions that are being sought from the Privacy
Act.

Concerned citizens can call for an independent review committee
to assess what databases are used and to ensure that the
information contained within them is indeed accurate.

Furthermore, shouldn't the grievance procedure for CAPPS II
be more formalized than simply relying on the TSA's Privacy
Office and Passenger Advocate (and the TSA in general) to
judge why a yellow or red rating is given? The Government
Accounting Office report stated, "Given the concerns regarding
the protection of passenger data, the [CAPPS II] system cannot
be fully accepted if it lacks a comprehensive redress process for
those who believe they are erroneously labeled as an unknown
or unacceptable risk."

That process still has yet to be adequately defined. 

CAPPS II may or may not be stopped. If it isn't, then the TSA
and DHS owe the American public more than promises of "trust
us". Americans deserve clear action in order to ensure that
everything possible is being done to make passengers safe - both
from terrorists and from being tyrannized by an incorrect rating.

Steve Lilienthal is Director of the Center for Privacy and
Technology Policy at the Free Congress Foundation. (http:
//www.freecongress.org/)

Enter Stage Right -- http://www.enterstageright.com