Homeland privacy chief confronts doubts on passenger-screening system
Nuala O'Connor Kelly had propelled herself into the privacy debate by joining DoubleClick in 2000 after the company came under intense criticism for its plan to gather individually identifiable consumer information for ad-targeting. She led the legal team that settled the lawsuits, modified the company's privacy practices, and saw the Federal Trade Commission drop its investigation. Kelly joined the Commerce Department in August 2001 as deputy director of policy and strategic planning, and she advanced to chief counsel of the Technology Administration in March 2002, adding the title of privacy officer in December.
On April 16, Homeland Security Secretary Tom Ridge appointed her chief privacy officer of the department. Her first charge is to evaluate the next version of the Computer Assisted Passenger Pre-Screening System, known as CAPPS II. Following are edited excerpts from her interview with National Journal on May 2.
NJ: Would you talk about CAPPS II and the privacy issues that have been raised about it? What will your approach be as you go forward in evaluating it?
Kelly: Everything I say is completely preliminary, as I am on day 10 of the job. I do not want to be perceived as saying we have a green light or a red light, a yes or no, on how we are proceeding.
The aggregation of information about individuals by the government and the use of that data is always an important issue to look at. The second cause for concern is the use of private-sector databases. In this country, as opposed to other parts of the world, we have greater comfort with private-sector companies having our individual data than the U.S. government. That is a healthy skepticism [about] government use of our data and the potential commingling of data between the private and public sectors.
CAPPS II is not the creation of a vast database of personally identifiable material. It is actually a system, not a database at all. It merely transports data about a passenger to verify the name, address, phone number, and date of birth-the same [the bank] would [use to] verify that your credit card wasn't being fraudulently used. Those sorts of very basic fraud checks will allow us to search for identity fraud, which is often an indicator of terrorist activity or some kind of suspicious activity. That is not to say we are done building it or done scrutinizing it, by any means. I am just at the very tip of the process.
NJ: As you know, the Privacy Act requires the government, when it collects data about individuals, to provide notice to those citizens. What use is contemplated for private-sector data, and how does this stay on the right side of the Privacy Act?
Kelly: It is absolutely something that I will be looking at. Even if [we are] not required by the Privacy Act to give notice, we are still looking at notice, access, and all the fair-information principles in this context of CAPPS II.
We are not looking at whether people have a good [credit] score or at people's health histories in order to get them on a plane. We are not going to use sensitive data to analyze; what we are going to do is authenticate their name and address identification, and then we are going to check the national security and law enforcement databases that are relevant to whether this person should get on this plane on this day.
The best thing and the worst thing I can say about this system is that it is not a database, and so the potential for misuse is almost nil. I can't imagine, if [personal data] doesn't last more than five seconds, what the risks are.
NJ: You've spoken about collecting name, address, phone number, and date of birth information from the airlines. But I don't remember giving my date of birth the last time I flew.
Kelly: Currently, you are not asked in many cases, although some airlines have date of birth in frequent-flier accounts. This is a new requirement on the airlines to collect passengers' records.
NJ: When does that go into effect?
Kelly: This system is still being built. It is not currently active, and it is absolutely also a changing target. Which may be some of the reason why we have seen different explanations of it out there.
NJ: What if someone is on the list, and they are denied flight, and they don't believe they are a terrorist? Kelly: My office is going to be working on systems of redress. Not only checking that the data in the system is accurate and limited to the purpose at hand, but also that, if there are errors, there is an easy way for an individual flier to make very fast redress and correction of their data.
NJ: Have you decided yet whether you are going to definitely go forward with CAPPS II?
Kelly: The decision on what CAPPS II looks like is still evolving. Everyone at the Department of Homeland Security wants there to be CAPPS II. If it gets built, we are going to make sure that there are privacy protections in the system.