Computer Assisted Passenger Prescreening System

The Computer Assisted Passenger Prescreening System (often abbreviated CAPPS) is a counter-terrorism system in place in the United States air travel industry. It seeks to pre-emptively identify terrorists attempting to buy plane tickets or board planes traveling in the United States. This system (CAPPS I) was first implemented in the late 1990s, in response to the perceived threat of U.S. domestic and international terrorism after incidents like the explosion of TWA Flight 800 and the Centennial Olympic Park bombing several days later in 1996. In 2003, the Transportation Security Administration presented a proposal for an expanded system (CAPPS II), which was reviewed by Congress and later canceled by the United States Department of Homeland Security.

Contents

1 Overview 2 CAPPS I 3 CAPPS II 4 Controversy 5 See also 6 External links

Overview

These systems rely on what is known as a Passenger Name Record, often abbreviated PNR. When a person books a plane ticket, certain identifying information is collected by the airline: full name, address, etc. This information is used to check against some data store (i.e., a TSA no-fly list, the FBI ten most wanted fugitive list, etc.) and assign a terrorism "risk score" to that person. High risk scores behoove the airline to subject the person to extended baggage and/or personal screening, and to contact law enforcement if necessary.

CAPPS I

CAPPS I was first put in place in 1999 by the Federal Aviation Administration at the behest of a special White House committee commissioned in 1996 by President Clinton. It is in use in airports around the world.

It is a system implemented by the individual airlines using data provided by the federal government. The system checks the PNR (as well as payment information) against the government supplied data and flags potential threats. There is no public disclosure of the rules that ascertain whether a person is a suspected terrorist threat.

In the investigations into the September 11, 2001 Terrorist Attacks, it was reported that 9 of the 19 implicated terrorists were flagged for additional scrutiny by the CAPPS I system, but none of them were intercepted. Sources have blamed this failure on the notion that CAPPS I was intended and designed to intercept bombs in checked luggage, and supposedly only 2 of the implicated terrorists had checked luggage.

CAPPS II

CAPPS II was a proposal for a new CAPPS system, designed by the Office of National Risk Assessment (ONRA), a subsidiary office of the TSA, with the contracted assistance of Lockheed Martin. Congress presented the TSA with a list of requirements for a successor to CAPPS I. Some of those requirements were:

• the government, not the airlines, will control and administer the system
• every ticketed passenger will be screened, for instance not just those who check bags
• every airline and every airport will be covered by the system

Like its predecessor, the CAPPS II proposal would rely on the PNR to uniquely identify people attempting to board aircraft. It would expand the PNR field to include a few extra fields, like a full street address, date of birth, and a home telephone number. It would then cross-reference these fields with government records and private sector databases to ascertain the identity of the person, and then determine a number of details about that person. Law enforcement would be contacted in the event that the person:

• is present on a terrorist or most-wanted list
• has outstanding Federal or state arrest warrants for violent crime

Otherwise, the software would calculate a "risk score" and then print a code on the boarding pass indicating the appropriate "screening level" for that person: green (no threat) indicates no additional screening, yellow (unknown or possible threat) indicates additional screening, and red (high risk) indicates no boarding and deferral to law enforcement. How this risk score would be calculated was never disclosed nor subject to public oversight of any kind outside of the TSA.

Controversy

CAPPS II raised obvious civil liberties concerns, due in part to the potential for ethnic, religious, economic, or racial profiling and discrimination. Particular concern has been raised about the use of credit reports in calculating the risk score. In response to the controversy, the TSA stated that it would not use a person's credit score to determine its risk score, but this statement lacked convincing weight as there was no public oversight structure outside the TSA and no legal requirement to disclose what factors would be used to determine the risk score.

There were also substantial privacy and fairness concerns, since the government would be using private sector databases to ascertain identity and behavior patterns that supposedly indicate a potential terrorist. These private sector databases are unregulated, often fraught with errors, and most importantly not covered by government regulations like the Fair Credit Reporting Act, which mandates that consumers have the right and the ability to view and correct private sector information about them.

Government entities external to the U.S., such as the European Union, expressed concerns about allowing the CAPPS II proposal to be implemented within their respective borders.

During the early testing of CAPPS II, the TSA privately requested that airlines disclose massive amounts of private information about their passengers. Though intended only for testing, this action was likely a gross violation of the Privacy Act of 1974, which forbids the government from compiling secret databases on Americans. Though spokespeople from several major airlines initially denied these allegations, they later reneged and admitted that they had disclosed the information, revealing that they had not only lied to their own customers, but also to the government and the public. These admissions were followed by further admissions from the TSA and the DHS, revealing that the government had in fact inappropriately requested and used this information.

In the midst of this controversy, the Government Accountability Office of the U.S. Congress produced a critical report on the CAPPS II system. The report characterized the proposal as incomplete, seriously behind-schedule, and noted that the TSA had failed to address "developmental, operational, and privacy issues identified by Congress". On July 14, 2004, TSA officials said CAPPS II was being pulled from consideration without proceeding to full testing. Critics have alleged (http://www.tompaine.com/articles/are_you_registered_traveler.php) that the TSA has merely chosen to start with a less controversial entry point they are calling the "Registered Traveler" program. They have also begun testing of another program called "Secure Flight", which is supposed to solve some of the problems of CAPPS I while avoiding the privacy issues of CAPPS II.

See also

• Registered Traveler

External links

Government sources:

• TSA CAPPS II At A Glance (http://www.tsa.gov/public/interapp/tsa_policy/tsa_policy_0035.xml)
• TSA CAPPS II: Myths and Facts (http://www.tsa.gov/public/display?theme=5&content=0900051980089895)
• Report to the Public on Events Surrounding jetBlue Data Transfer (http://www.dhs.gov/interweb/assetlibrary/PrivacyOffice_jetBlueFINAL.pdf) (PDF) - the DHS report on potential privacy violations during CAPPS II testing
• Computer Assisted Passenger Prescreening System Faces Significant Implementation Challenges (http://www.gao.gov/new.items/d04385.pdf) (PDF) - the GAO report on CAPPS II
• Report: TSA Misled Public on Personal Data (http://news.yahoo.com/news?tmpl=story&u=/ap/20050325/ap_on_go_ot/passenger_privacy_1) "The Transportation Security Administration misled the public about its role in obtaining personal information about 12 million airline passengers to test a new computerized system that screens for terrorists, according to a government investigation."

Critics:

• CAPPS II: Red Light, Green Light, or Mother, May I? (http://www.homelanddefense.org/journal/Articles/Rhodes_CAPPS_II.html)
• ACLU CAPPS II feature (http://www.aclu.org/Privacy/Privacy.cfm?ID=13453&c=130)
• in-depth analysis published in Chicago Tribune, April, 2004 (http://reclaimdemocracy.org/civil_rights/capps_2_illusion_safety.html)
• More False Information From TSA (http://www.wired.com/news/politics/0,1283,63958,00.html?tw=wn_tophead_1) - Wired News
• blog with ongoing updates on airline privacy issues (http://www.hasbrouck.org/blog)