By Jared Chausow
By Katie Toth
By Elizabeth Flock
By Albert Samaha
By Anna Merlan
By Jon Campbell
By Jon Campbell
By Albert Samaha
What you're thinking of is the Computer Assisted Passenger Pre-Screening System, colloquially known as CAPPS II. And while, yes, it's still on Tom Ridge's front burner, privacy advocates and their congressional allies have successfully said "Whoa" for the time being. On June 17, a House committee voted to withhold funding for CAPPS II, at least until the National Academy of Sciences can vet the system for potential civil liberties pitfalls. So forget about an early 2004 rollout, as the Transportation Security Administration once hoped for.
And that's the good news concerning CAPPS II. The bad news? Pretty much everything else. Let's walk through the proposed system and see if we can spot some problems, OK? A few days before takeoff, your carrier will provide the TSA with four pieces of your personal information: birth date, phone number, address, and name. TSA computers match this data against government and commercial databases, most notably credit reports. If you're copacetic, you get graded "green" and zip through security. A "yellow" tag earns you an extra frisking or baggage search. And a "reds" can only fly if they sprout wings.
There's lots of speculation as to what CAPPS II will look for, though the TSA's been mum on the particulars. The agency was supposed to have published a tell-all in the Federal Register last week, but that's been delayed (ostensibly to ensure accuracy). The heavy buzz, however, is that a key part of the threat assessment will be a check on whether you move around a lot, and whether you own your own home. Mr. Roboto can already hear the worried chorus of young New Yorkers, all potential yellows because they've switched apartments four times since graduation day. Hope y'all don't mind assuming the position, folks.
Kidding aside, the big question is whether the TSA can use the system to lasso critics, political opponents, or other traveling dissenters. Privacy experts call this "mission creep," and wonder who'll check to make sure it isn't happening. For national security reasons, no one outside the government will be allowed to examine the algorithm, or mathematical formula, that CAPPS II will use to flag troublemakers. Nor does it appear that third parties will be able to verify the TSA's claims that a passenger's CAPPS II profile is destroyed once a flight arrives safely. (Contrary to some press reports, airlines won't have access to your credit history.) Obviously, the database companies that will be providing the majority of the CAPPS II info, like Lexis-Nexis and Acxiom, would love to hang on to whatever else they can glean from the system, or from each other.
Sensitive to these concerns, the Department of Homeland Security, which oversees TSA, has appointed a chief privacy officer, Nuala O'Connor Kelly. Mr. Roboto had the pleasure of meeting Kelly a few years back, and came away impressed by her intelligence, not to mention her self-deprecating Irish wit. On the other hand, her last corporate stop was at DoubleClick, notorious for surreptitiously collecting data on Web surfers. And it wasn't encouraging to read a recent Washington Internet Daily interview in which Kelly stated that she "reports directly to the secretary," Tom Ridge.
The National Academy of Sciences report is due on New Year's Eve, and is supposed to recommend "practices, procedures, regulations, or legislation" that can prevent CAPPS II from turning into a panopticon. One important suggestion that privacy sticklers are already pushing for: an appeals process, so a traveler needn't wear a scarlet letter forever because of a credit-history error.
If you're still craving CAPPS II info, check out the always excellent "Passenger Profiling" section at EPIC.org. Or, better yet, the muckraking BoycottDelta.com, which has taken the carrier to task for offering to help test CAPPS II. Just don't be lulled by the "Victory" headline. CAPPS II ain't dead by a long shot.
Input questions at firstname.lastname@example.org.