DHS remains committed to contested passenger-screening program
Despite public outcry over recent data-sharing flaps, the government plans to issue a directive this summer requiring airlines to turn over passenger records.
The Homeland Security Department remains committed to developing a controversial passenger screening program despite recent disclosures and a public outcry about how federal agencies obtained passenger records from airlines.
The department plans to issue a directive this summer that will require airlines to turn over traveler information that the Transportation Security Administration will use to test the Computer Assisted Passenger Pre-screening System II program, spokesman Dennis Murphy said Monday.
"We're working to develop the plan for putting out a security directive and a regulation to obtain the data," Murphy said. "We're hopeful to have it out this summer so we can do a full test of CAPPS II and analyze the full results of that test to determine what needs to be modified, if anything, so we can move forward and implement the program."
CAPPS II has been criticized on privacy grounds. Airlines have been unwilling to provide passenger data to the TSA unless they are compelled by the government to do so, or privacy protections are put in place. The system would check information, such as a passenger's name, address, phone number and birth date against terrorist watch lists and law enforcement information and commercial databases. Each passenger will then be graded on a color-coded risk assessment scale.
Criticism of CAPPS II, however, is growing due to recent disclosures that agencies obtained passenger information from airlines in the past without appropriate public notice.
For example, in recent months JetBlue Airways said it shared more than five million passenger records with a Pentagon contractor in 2002; Northwest Airlines acknowledged it gave three months' worth of 2001 passenger data to NASA's Ames Research Center for a research project into passenger profiling; American Airlines admitted that one of its contractors, Airline Automation, gave 1.2 million passenger records in June 2002 to four companies competing for TSA contracts, and, most recently, the FBI acknowledged that it ordered the nation's largest airlines to turn over millions of passenger records in the days after the Sept. 11 terrorist attacks as part of a criminal investigation.
The DHS inspector general's office is reviewing TSA's role in the dissemination and use of passenger information records, office spokeswoman Tamara Faulkner said Monday. The review covers TSA's involvement in the American Airlines and JetBlue cases, and any other related incidents by the agency.
"At this point, it's a review," Faulkner said. "We're just looking at the basic role of the use and dissemination of passenger name records." She added that the review could result in a formal investigation into TSA if warranted.
DHS privacy officer Nuala O'Connor Kelly also is conducting an investigation into the American Airlines case, which should conclude by the end of June. She completed an investigation of the JetBlue case in February, finding that TSA was involved but did not violate any laws. The Defense Department's inspector general also is investigating the JetBlue case and is likely to issue a report next week.
Asa Hutchinson, DHS undersecretary for border and transportation security, recently told Government Executive that the government has learned lessons from the examples above, which he noted all happened before DHS was created.
"Our policy is that we are going to have a uniform standard," he said. "If we need data, we would do it by an appropriate security order that would direct it, and that way the privacy concerns can be addressed in that fashion. After 9/11, people wanted to help and do what's necessary to protect our country, and obviously we learned that you've got to make sure that the proper protections are in there."
Murphy said government officials are aware of the importance of transparency and safeguards when obtaining passenger information, and CAPPS II is following appropriate disclosure and privacy guidelines.
"We shouldn't be just collecting data from private companies and using it as we see fit without making public disclosure about what we want, how we're going to use it and how we're going to protect it," Murphy said. "We should separate the transparent process we're doing to develop CAPPS II with efforts that were undertaken … without the appropriate safeguard and without the appropriate privacy protections."
According to Murphy, CAPPS II is "a very vital program for air security" that will help end confusion over which travelers should legitimately be prevented from flying or referred for secondary screening.
Some industry officials aren't convinced that CAPPS II can be separated from other efforts.
Kevin Mitchell, chairman of the Business Traveler's Coalition, said Monday that the American Airlines case proves that critical questions related to data-sharing have not been answered, and appropriate safeguards are not yet in place.
His organization now has "one foot strongly in the camp" to kill CAPPS II from moving forward, he said.
"There are underlying problems here," Mitchell said. "It would be like simply replacing a couple of guards over in that Iraqi prison and saying we solved the problem. There's more going on here that needs to be fixed before turning over information."
At the very least, Mitchell said, DHS should not require airlines to turn over passenger data until most of the problems identified by the General Accounting Office in February are resolved.