TSA boosts CAPPS privacy provisions

DHS notice

The Transportation Security Administration today, in an effort to alleviate privacy concerns, backed away from its plan to store passenger data for as long as 50 years for its controversial pre-flight screening tool.

TSA, an agency of the Homeland Security Department, reported in a notice that the Computer Assisted Passenger Prescreening System (CAPPS II) will maintain passenger data for "a certain number of days." This is a reduction from the 50 years it had said earlier.

Although the revisions address previous issues about how the system will use and store the data it collects, the notice raises fresh concerns regarding the scope of CAPPS II. DHS listed possible future uses of CAPPS II to include identifying individuals with outstanding arrest warrants for violent crimes and identifying international terrorist threats through integration with the US-VISIT technology.

The new possibilities raise the question of whether the focus of CAPPS II will be diverted away from airline security.

The goal of the notice is to provide view of how the CAPPS II will use passenger information that is easier to understand.

CAPPS II is designed to confirm identities of air travelers and to identify travelers who may be potential terrorist threats. The system uses personal information of each passenger — including name, date of birth, home address and home phone number.

The system, however, has raised a great deal of controversy, mostly because of privacy issues.

The shortened retention period for personal data is part of the effort by DHS officials to alleviate the privacy concerns.

The notice also specifies that TSA will not allow commercial data providers to retain any passenger data provided under CAPPS II purposes, nor will CAPPS II use bank records, credit ratings or medical records in determining passenger identity.

DHS is also creating a Passenger Advocate Office for passengers to contact if they feel that CAPPS II has inaccurate information about them, or if they feel they have been mislabeled as a possible threat.

"The Department of Homeland Security leadership, in concert with Transportation Security Administration officials, has taken today a very positive step towards further redefining the CAPPS II program," said Nuala O'Connor Kelly, DHS's chief privacy officer.

The notice announced that key technological systems are currently being developed and tested. The testing process could take up to 180 days, and DHS officials hope that it will prove that a significantly reduced number of passengers will be mislabeled as terrorist threats.

Homeland Security also announced that it will continue to evaluate public comment on the system, and that a third privacy notice will be released before CAPPS II is operational.