Security and Privacy

Letter by CDT and other civil liberties groups raising questions about the effectiveness and privacy implications of CAPPS II, March 25, 2003

The Honorable Christopher Cox Chairman Select Committee on Homeland Security United States House of Representatives Washington, DC 20515

The Honorable Jim Turner Ranking Member Select Committee on Homeland Security United States House of Representatives Washington, DC 20515

Dear Chairman Cox and Ranking Member Turner:

We write as a nonpartisan coalition of national organizations to urge Congress to stop the deployment of the Transportation Security Administration’s (TSA) second-generation airline passenger profiling system known as CAPPS II (“Computer Assisted Passenger Prescreening System”) unless it can be shown to be both effective and consistent with privacy and due process principles. CAPPS II would attempt to assess the security risk of every single airline passenger based on commercial and government data. As a result, innocent people could be branded security risks on the basis of flawed data and without any meaningful way to challenge the government’s determination. At a minimum, Congress should require the TSA to answer key questions about both the effectiveness of CAPPS II and its implications for privacy and civil liberties before the program is fully developed and TSA constructs the infrastructure for a general-purpose domestic risk assessment system.

In January, the TSA published a Federal Register notice announcing the Aviation Security Screening Records (ASSR) database. The Federal Register notice described a system that would allow the government access to “financial and transactional data” as well as virtually unlimited amounts and kinds of data from other proprietary and public sources. TSA also indicated in that notice that many private and public entities might gain access to the personal information used in the ASSR database. Yet the notice did not provide information about how passengers can challenge their “score” or otherwise seek redress for their treatment at airports if they think it is based on inaccurate information. Over 100 individuals and organizations filed comments on the ASSR database that were almost universally critical of the program.

TSA plans to revise the Federal Register notice to more specifically reflect the evolving nature and scope of CAPPS II and the agency has begun a series of meetings with privacy organizations, industry groups and other stakeholders to explain the program in more detail.

In the past few weeks, TSA officials have clarified the basic structure of CAPPS II. First, TSA officials said the program would gather only four pieces of information about each passenger from the airlines: full name, home address, home phone number and date of birth. That information would then be checked against “credit header” information and other data held by various data aggregators - private corporations that maintain files on the commercial activities of most American citizens - in an effort to verify the traveler’s identity. However, credit header information can be inaccurate and identity thieves could easily sidestep the identity check by presenting a false driver's license or passport, undercutting the system's entire mission, which is why we believe that effectiveness is a threshold issue.

After attempting to verify identity, CAPPS II would conduct a check against government databases (including intelligence and law enforcement databases) to assign a risk assessment “score” to each passenger: green for minimal, yellow to spark heightened security procedures, and red for those judged to pose an acute danger, who would be referred to law enforcement. The good news is TSA does not plan to retain data on individuals. The bad news is that CAPPS II puts the riskiest element of the program - the determination of risk and the construction of rules for conducting background checks - into the realm of the more secretive intelligence and law enforcement programs and databases. We appreciate that TSA plans to develop some mechanism for individuals to request a re-evaluation of their color code but it now appears that CAPPS II is rooted in the secretive box of law enforcement and intelligence data (which itself could include data mined from innocent people’s commercial information). This heightens the concern that the program will be beyond meaningful public review and oversight.

Although the TSA’s recent outreach to stakeholders is welcome, Congress should not allow the TSA to develop unilaterally a tool that could invade individual privacy and brand innocent airline passengers a security risk without meaningful review.

Congress should carefully and deliberately assess the program’s effectiveness as a security measure, its cost in economic terms, and its cost to civil liberties before allowing TSA to move forward with CAPPS II. To start, Congress should ask TSA the following questions:

Effectiveness of the Program

Privacy of Personal Information

Air passengers’ "Risk Assessment"

Cost of CAPPS II

It is important that Congress exercise its oversight role and start asking questions about CAPPS II now, because the project is moving ahead with a pilot program at Delta Air Lines. And air travelers are worried about CAPPS II; according to The New York Times, in a recent survey conducted by the Association of Corporate Travel Executives, 82 percent of respondents considered the program an invasion of privacy.

Thank you for your consideration of this matter.

Sincerely,

American Civil Liberties Union
American Conservative Union
American Defense Council
Americans for Tax Reform
Center for Democracy and Technology
Christian Coalition
Eagle Forum
Electronic Frontier Foundation
Electronic Privacy Information Center
Free Congress Foundation
People for the American Way

cc: Members of the House Select Committee on Homeland Security