Air security grounded: Government struggles to launch screening system: "Shades of Pre-Crime"
Critics call it an abuse of civil liberties that should never be allowed to fly

Oakland Tribune Online

By Sean Holstege - STAFF WRITER

October 26, 2003

The harshest critics of CAPPS II describe it as Big Brother's best tool to secretly track the movements of Americans through a network of internal border controls. It's a back door into unbridled cyber-snooping of everyday people on a global scale, they say.

Government architects consider CAPPS II _ the second generation of the Computer Assisted Passenger Pre-Screening System _ vital for halting terrorists before they seize jetliners. They say it is key to sparing thousands of innocent citizens from pointless airport pat-downs or delays in the security line.

The screening system would color-code air travelers based on a computer assessment of who they are and their risk of being terrorists.

The Transportation Security Administration has struggled to get CAPPS II off the ground. Mounting questions about high, but vague costs, privacy and effectiveness have hindered the government's ability even to test a refinement of a system introduced in 1996. TSA officials now say they hope to have CAPPS II in airports next summer, but the program has been troubled by slipping timetables.

With the new CAPPS, airlines would require travelers to give their name, address, phone number, and itinerary. Somewhere in cyberspace a TSA computer would cross-index that information against airline passenger name records, computerized reservation records and commercial databases. In a few seconds it would spit back a score and a color and just as instantly, snap shut the electronic gateway. No data would be sent, shared, saved or stored.

``Greens'' would be good to go. ``Yellows'' or ``selectees,'' would get extra security screening. ``Reds'' or people on the government's ``no-fly'' list, would go straight to an FBI interrogation room.

That's how the TSA describes what would, in theory, refine a screening system that failed to stop 19 men from hijacking four jets on Sept. 11, 2001, with horrific consequences. It's a system which continues to flag thousands of people for extra scrutiny, merely because it can't distinguish two people with similar sounding names, to the annoyance of passengers and the frustration of airlines.

But turning the theory into a workable system has proven elusive, as the TSA has spent between $80 million and $100 million on testing and consultants, according to insiders' estimates. For now, there's little to show but controversy.

Lingering doubts are growing that the government can assure the privacy of travelers, that it can show restraint in probing into their most personal data or that it can keep that data out of the wrong hands. Questions persist that CAPPS II will even help in identifying passengers, let alone screening them or predicting possible terroristic designs.

``We will have no more protection with CAPPS II than we did on 9-11,'' said Mary Grace, president of Homeland Defense Inc., which is trying to sell biometric ID card software. ``CAPPS II is extremely dangerous.''

Grace says Social Security numbers are the root of all identity theft. Unless it is secured by a unique biometric barometer such as a fingerprint, no data is secure and a terrorist can assume innocent travelers' identities.

``None of these programs works while you can counterfeit ID,'' said Grace.

A shaky future

As the second anniversary of the 9/11 attacks fades, CAPPS II faces a shaky future.

Congress is wary of funding it. Lawmakers passed a bill linking future money to answering the questions about privacy and cost.

Europeans have complained that CAPPS II violates their privacy laws, which limit the type of data that can be shared about passengers far more than what is allowed on this side of the Atlantic. It puts air carriers in an awkward spot. They can help test CAPPS II and face being denied landing rights in Europe or they can defy the TSA and lose U.S. landing rights. Europeans spoke with Homeland Security Director Tom Ridge two weeks ago to find a compromise.

Business travelers last week sided with Europe. The Association of Corporate Travel Executives, whose members oppose CAPPS II by a 4-1 margin, urged that air carriers be immune from U.S. prosecution or bans until the privacy dispute gets resolved.

``The Europeans are feeling that their laws are being run over roughshod by the TSA. That's a very dangerous place for the TSA to be in,'' ACTE spokesman Jack Reepy said.

ACTE President Mark Williams said that all passenger data should be left in the hands of the travel industry until the Department of Homeland Security can answer questions about safeguarding privacy.

Fears inflated

Homeland Security officials think fears of government snooping or compiling passenger dossiers are inflated.

The agency's privacy advocate, Nuala O'Connor Kelly, insists that TSA computers will not look at credit histories or medical data. Legal and technical rules will be drafted to ensure no permanent link exists between TSA and airline computers, commercial databases and law enforcement lists, she says.

``We are not creating vast databases in the government space,'' O'Connor Kelly said. ``We meet at the fence,'' she says. ``The only question CAPPS II will ask is: On this day, at this minute are you a threat to the passengers around you?''

Much of O'Connor Kelly's job involves helping passengers clear their names when they get on the ``no-fly'' lists. She said the TSA now has a ``correct list.''

Such claims came as good news to privacy activists when, during the summer, the government proposed narrowing the scope of CAPPS II. No longer would it retain data for 50 years, as originally suggested. But the reaction was tempered. The TSA now suggested for the first time retaining records for people with outstanding arrest warrants for violent crimes. CAPPS II was no longer limited to terrorists.

``You really have to put the brakes on this until it's fully explored,'' travel executives spokesman Reepy said. ``The air travel industry is very fragile. Why do anything to jinx it?''

The airline industry has appeared to reach the same conclusion after feeling the public's wrath for cooperating with CAPPS II testing.

Online boycott

Privacy activist Bill Scannell, who splits his time between Silicon Valley and Texas, launched an online boycott of Delta Airlines for its help with early tests. The TSA suspended data tests and softened its proposal.

It didn't soften public outrage. Nearly 8,000 people, including former Georgia Republican congressman and American Conservative Union leader Bob Barr, submitted Federal Register comments objecting to the new CAPPS II. Only two people endorsed the idea. Months before, the tougher plan elicited only a few hundred objections.

For months, the merits and drawbacks of CAPPS II had been debated largely out of public view. That was before JetBlue, and another scathing attack by Scannell, who called the airline ``first in line for fascism.''

JetBlue Airways gave 5 million passenger records to a Pentagon subcontractor, disclosed San Francisco travel agent and privacy activist Edward Hasbrouck in late September.

JetBlue later acknowledged that it had violated its own privacy guidelines and apologized to outraged customers. Executives promised in a statement: ``We decided not to be involved in CAPPS II testing, given the unresolved issues regarding privacy protection.''

As the heat from the JetBlue flap subsided, Adm. James Loy, head of TSA, told reporters that no single airline should be asked to jump alone ``into the middle of the bonfire.'' He urged airlines to join together and suggested he would impose CAPPS II on all of them if they didn't.

Meanwhile, it quickly emerged that the recipient of JetBlue passenger data, Torch Concepts, Inc., had links to the Defense Advanced Research Projects Agency, the agency behind the much vilified Total Information Awareness experiment. Congress blasted the TIA project, which envisioned predicting the acts of terrorists by mining a massive global database of everyday private records, ranging from credit information to medical records and video rental receipts.

A backdoor for TIA?

For months Hasbrouck, Scannell and civil liberties groups have questioned if CAPPS was a surreptitious way of sneaking TIA into reality. To him, this was the first tangible link.

``I don't think we're going to get to the bottom of the JetBlue scandal until Congress holds a full investigation,'' Hasbrouck said.

He publicized a Feb. 25 Torch Concepts presentation titled ``Homeland Security: Airline Passenger Risk Assessment.'' Torch explained that its database of JetBlue passengers contains 53 types of information from air traveler records.

Torch's document notes that the company first approached Delta Airlines for data in December 2001, met with the TSA in June 2002 and had assurances that CAPPS II contractors could use the data within weeks. The TSA has always insisted that its teams never used real data in its testing.

Torch managed to extract specific information on about 40 percent of JetBlue's passengers and create a profile. It was based on such things as income, job, number of kids, how long individuals lived at a particular address and whether they owned or rented.

Torch identified what it called ``passenger stability indicators'' to set the terrorists apart from typical JetBlue customers. Torch said income, home ownership, Social Security numbers and length of residence were the best available measures. Also knowing how many miles a person had flown could also help tip off who's a terrorist.

Shades of `pre-crime'

``Sounds like Pre-crime,'' Scannell said, referring to the science fiction film ``Minority Report'' starring Tom Cruise, in which murderers are arrested before they kill, based solely on the visions of mutants who can see the future. In the movie, the precognitive mutants are part of a futuristic law enforcement unit called Pre-Crime, which is presumed flawless.

``This is so much like `Minority Report,' it's frightening,'' said technology vendor Mary Grace, who is trying to sell biometrics to the Chinese.

``The TSA is proposing things I don't think the Chinese government does,'' she said. ``These databases are like a national ID card, just without the card.''

Few in aviation security and counterterrorism have such high hopes that CAPPS II computers can nab terrorists before they act. What computerized profile, they wonder, could have matched the Sept. 11 hijackers, dirty bomb suspect Jose Padilla, the Washington, D.C., sniper suspects, Oklahoma City bomber Timothy McVeigh, Unabomber Ted Kaczynski, shoe bomber Richard Reid or ``Marin Taliban'' John Walker Lindh?

Torch described it this way: How to find a needle in haystack ``without knowing what the needle looks like.''

Massachusetts Institute of Technology researchers found mathematically what former undercover ``Red Team'' inspectors at the FAA saw with their own eyes. CAPPS could be easily thwarted by terrorist groups willing to stage enough trial runs. By laws of averages, a terrorist who isn't flagged after four tests could count on being labeled a ``green'' passenger every time.

``Everything is about people. People are going to defeat technology. We just don't need to throw all this money at some technology that won't work,'' said Steve Elson, who quit the FAA after officials ignored his warnings as a Red Team inspector, and sends blistering e-mails to the TSA and Congress from his home near Washington D.C.

Machines not effective

He and others say well-trained, observant security teams and solid procedures are always more effective than machines.

But O'Connor Kelly, the privacy chief for the Department of Homeland Security, has more faith.

``We can pinpoint with better accuracy who should not be flagged,'' she said. ``The new system would dynamically input the most up-to-date threat, based on real up-to-date information, not profiles.''

She describes a three-step process. Step 1 determines if the traveler is who he says. Step 2 checks if he is on any of a dozen government watch lists. Step 3 she describes as ``dynamic targeting.''

That means the TSA computer can assign different scores to different predictors, depending on the latest intelligence about likely threats.

How CAPPS II may unfold can be traced the evolution of its predecessor and its roots which lie in the explosion of TWA Flight 800 off Long Island in 1996.

Amid eye-witness reports and hysteria of rockets streaking up from the ground toward the doomed jetliner, the FAA secretly issued a security directive that established passenger screening on domestic flights. Domestic travelers had to show ID at the airports for the first time.

Excerpts from classified security directives and government regulations show that initially airlines were required to ask for IDs, but it was left up to the carriers to enforce the security. Airline documents reveal that carriers took security a step beyond conducting extra searches, and began refusing to board people without ID. No law required it.

Two months after the 9-11 attacks, the policy morphed again, when another security directive said lack of ID was now grounds to deny transport. The TSA Web site now advises that passengers cannot board a plane without ID.

John Gilmore, a founder of the Electronic Freedom Forum, has sued the government, claiming he has a constitutional right to travel without providing identification. While the Constitution does not spell out that freedom of travel is protected, Gilmore's complaint argues that travel is key to his right to assemble and speak freely.

He and Scannell say the evolution of CAPPS shows how the government can skirt its legal responsibilities by enlisting private corporations.

Contact Sean Holstege at,1413,82~1865~1725109,00.html