Busta CAPPS In Yo Ass
from EFF
referred by alert reader Busta Van Buren

What Is CAPPS II?

The "Computer Assisted Passenger Pre-Screening System" (CAPPS II) is a controversial program proposed by the Transportation Security Administration (TSA) to combat terrorism and prevent another hijacking of US airlines.

CAPPS II would allow TSA to access personal information about you available in both government and commercial databases, and to use this information to "tag" you according to how much of a threat you appear to pose to the safety of those aboard the airplane.

How Does CAPPS II Work?

CAPPS II gathers information from government and commercial databases and uses the data to assign each passenger a color-coded score. "Green" means that you do not appear to pose a threat to safety and are free to board the plane. "Yellow" means that you appear to pose a potential threat and must undergo further security checks before being allowed to board. "Red" means that you are likely to pose an "imminent threat" to the physical safety of the people on the plane and will not be allowed to board the flight.

More

What Is CAPPS II?

The "Computer Assisted Passenger Pre-Screening System" (CAPPS II) is a controversial program proposed by the Transportation Security Administration (TSA) to combat terrorism and prevent another hijacking of US airlines.

CAPPS II would allow TSA to access personal information about you available in both government and commercial databases, and to use this information to "tag" you according to how much of a threat you appear to pose to the safety of those aboard the airplane.
How Does CAPPS II Work?

CAPPS II gathers information from government and commercial databases and uses the data to assign each passenger a color-coded score. "Green" means that you do not appear to pose a threat to safety and are free to board the plane. "Yellow" means that you appear to pose a potential threat and must undergo further security checks before being allowed to board. "Red" means that you are likely to pose an "imminent threat" to the physical safety of the people on the plane and will not be allowed to board the flight.

How many people will be classified as yellow or red is unclear; early reports indicated that the figure might be as high as 8 percent, but Admiral James M. Loy, Under Secretary of Transportation Security, later told the Associated Press (Wednesday, September 16, 2003) that the figure would more likely be 3-4 percent. If you are flagged as red you may not only be denied boarding, but also undergo police questioning and possible arrest.
Why Is EFF Concerned About CAPPS II?

* Quality of Data: We are concerned about the accuracy of the data that TSA would have access to.

TSA claims that commercial databases it contracts with would have to meet a "very high" standard before being used to execute the CAPPS II system. Whether or not that turns out to be the case, CAPPS II also uses government databases, which are notoriously unreliable.

In a hearing this May before a House subcommittee, Steven McCraw, Assistant Director of the Office of Intelligence at the FBI, testified that the National Crimes Information Center (NCIC) database is not required to meet the same standard for accuracy as other public sector databases. NCIC could nevertheless be included in the CAPPS II system.
* Financial and Medical Records: We are concerned about the possibility that TSA will use sensitive financial and medical records in classifying you.

The "Supplementary Information" section of the Privacy Act Notice about CAPPS II asserts that financial and medical information will not be used in classifying passengers, but there is no such claim in the Notice itself. In fact, many statements that appear in the supplementary section are missing from the Notice. As final regulations will be drafted from the Notice, it is vital that the privacy protections outlined in the supplementary section also appear there.
* Integrity of Data: We are concerned that the personal information TSA collects about you will be vulnerable to criminal intruders.

TSA assumes that any information it collects and stores will be safe, leaving unaddressed the issue of computer trespass and identity theft. Considering the sophistication with which criminal intruders work, this is a grave oversight. Before the agency begins to collect sensitive information on passengers, the public must have a strong assurance that the information is secure and cannot be compromised.
* Public Access and Redress: We are concerned that the opportunity for you to access your records and to fix any errors will be limited.

TSA states that any passenger wishing to access his records should do so by writing to the agency's CAPPS II Passenger Advocate. Not only is this method slow and inefficient, there is no mention made of a timeline by which the agency must abide to correct errors. Worse, the Notice states that in most cases there won't be any information available for an aggrieved passenger to review, as TSA will not be retaining records.
* Mission Creep: We are concerned that the information TSA collects about you will be used for purposes other than that for which it was intended.

Mission creep is a common problem with government agencies. The National Directory of New Hires, created during the Clinton administration, was originally a database containing personal information about anyone starting a job. Its limited purpose was to ensure that the new hire was not a "deadbeat parent" evading responsibility for child support. Not long after the directory was established, however, it became a tool for locating students with overdue loans and anyone else owing federal monies.

Given the recent announcement that the Department of Homeland Security (DHS) will be involved in investigating child pornography cases, we need to look hard at what information is collected in CAPPS II to determine whether it is likely to be used for purposes other than identifying a passenger as a potential terrorist. TSA has already stated that it intends to share information on outstanding warrants with law enforcement.

posted by prof_booty | 01:23 PM