TSA tinkers with privacy plan

DHS notice

In an effort to alleviate privacy concerns about its preflight screening tool for airline passengers, the Transportation Security Administration last week backed off its plans to store passenger data for as long as 50 years.

At the same time, TSA's updated privacy statement raised new concerns about the scope of the program.

TSA, an agency of the Homeland Security Department, reported in a notice dated July 22 but released July 31 that the Computer Assisted Passenger Prescreening System (CAPPS) II will maintain passenger data for "a certain number of days." This is a reduction from the 50 years cited earlier.

A prior notice published in the Federal Register on Jan. 15 generated controversy over how CAPPS II would collect, use and store passengers' personal information.

Although the revisions address some issues, the recent notice raises fresh concerns about the scope of CAPPS II. DHS listed possible future uses of the system to include identifying individuals with outstanding arrest warrants for violent crimes and pinpointing international terrorist threats by integrating CAPPS II with DHS' planned U.S. Visitor and Immigrant Status Indicator Technology system.

CAPPS II is designed to confirm identities of air travelers and identify those who may be potential terrorist threats. The program uses four key pieces of personal information for each passenger: name, date of birth, home address and home phone number.

The program has been a source of controversy since it was announced, and advocates on both sides eagerly awaited last week's notice. The revisions are part of an effort by DHS officials to alleviate privacy concerns.

In addition to the issue of data storage, TSA officials specified that commercial data providers would not be allowed to retain any passenger information provided for CAPPS II, nor would CAPPS II use bank records, credit ratings or medical records to determine passengers' identities or terrorist risk.

TSA is also establishing a Passenger Advocate Office for people to contact if they believe CAPPS II has inaccurate information about them or if they feel they have been mislabeled as a possible threat.

"The Department of Homeland Security leadership, in concert with Transportation Security Administration officials, has taken today a very positive step toward further redefining the CAPPS II program," said Nuala O'Connor Kelly, DHS' chief privacy officer. "The proposed program increases passenger security and strengthens civil aviation in our country, while respecting the privacy of persons affected by the system."

The revisions met with general approval. However, privacy advocates expressed concern that the CAPPS II program might be overreaching its scope.

"We are pleased that TSA is conducting this in an open process; however, we do have concerns about CAPPS II," said Lara Flint, staff counsel at the Center for Democracy and Technology, a Washington, D.C., public interest group. "The biggest is the problem of mission creep. TSA has expanded the scope of the program beyond what they've been stating."

The concern is that an increase in criminal background checks, including those of international suspects and people with outstanding arrest warrants, will divert resources away from the system's main purpose — making airline travel safer.

David Sobel, general counsel for the Electronic Privacy Information Center in Washington, D.C., said that using the system to apprehend passengers with outstanding warrants "seems to be above and beyond the underlying purpose of keeping terrorists off airplanes."

Sobel also expressed concerns that the sources of the commercial data provided to CAPPS II will not be made public.

CAPPS II creates passenger name records based on information collected when passengers make their flight reservations. The system will rely on commercial data providers to verify the passenger's identity.

That data will help officials assign a risk-assessment score to each traveler. A passenger may pose a low, elevated or high security risk. DHS officials believe that most passengers will fall into the low category and will be allowed to board airplanes in a normal fashion.

Those labeled an elevated risk will be subjected to a secondary screening by airport security. Passengers deemed to pose a high security risk will be brought to the attention of law enforcement officials.

"CAPPS II will be a valuable tool in holding down passenger wait times by reducing the number of people who undergo secondary screening or who are misidentified as potential terrorists," said TSA Administrator James Loy.

DHS officials said the agency will continue to evaluate public comments about the system. The notice also said that key technological systems are still being developed and tested.