March 01, 2003

The TSA has announced it is beginning a 3 month test of CAPPS II, a super-database which will be used to run background checks of all air travellers within the US — including citizens. Screening will include credit histories, personal bank accounts (yes, your actual account), criminal histories, government watch lists, and a host of other undisclosed databanks.

Each passenger will have to give full name, address, phone number and date of birth at the time of booking. The new system, called Computer-Assisted Passenger Pre-Screening II, or CAPPS II, will search several databases the moment a passenger buys a ticket. At the airport a traveler's risk level will be encrypted on the boarding pass.

Airport screeners will use machines to see the code. Green means the passenger gets the usual screening. Yellow means more attention, such as hand searches, removal of shoes and an explosive trace detection swab of carry-on luggage. Red means "you don't fly," said Chet Lunner, spokesman for the U.S. Department of Transportation. Most likely the passenger would be detained or arrested, Lunner said.

The government refuses to disclose what criteria is used to classify travellers. In its RFP to software developers last September, quoted by Federal Computer Week, the TSA said "there shall be no public release of information concerning the requirements" of the system.

Meanwhile, the TSA can't seem to keep its story straight on whether data from CAPPS II screenings will be stored for future reference. On the one hand, stories in the Oakland Tribune and other papers repeat claims by TSA that such data will not be stored. However, a March 1 story in the Atlanta Journal-Constitution states that "CAPPS II would keep some fliers' information on file for up to 50 years." This was supported by a direct quote from TSA spokesman Lunner. "Obviously we want a permanent record of terrorists as long as they present a threat," Lunner told the paper. "We want to make sure the Mohamed Attas of the world stay on the list."

[Read the source...]

Related Links:

• BoycottDelta.com - web site calling for a boycott of Delta Airlines for their role in testing CAPPS II, and a clearinghouse for news and info about CAPPS II.
  
  
  
  • News headlines
    
  
  
• San Jose International one of 3 test airports ('Airports to screen travelers' credit, criminal histories', 3/01/03 - Oakland Tribune)
  
• Air Travel Privacy (@ EPIC)
  
• 'TSA prepares passenger screening system' (2/26/03 - Federal Computer Week)
  
• 'TSA to award system to check travelers' (1/30/03 - Federal Computer Week) - The intent is to "improve the ability to identify threats to aviation security by analyzing and evaluating multiple-source data on every ticketed passenger on every airline to determine whether the passenger poses a security risk or threat to the traveling public," TSA officials wrote in a presolicitation notice posted on FedBizOpps.gov. "The approach creates a configurable threat assessment tool that allows real-time adjustment of threat priorities."
  
• 'TSA system would dig up passenger info' (9/02/02 - Federal Computer Week) - Last spring, TSA hired four companies to design rival versions of essential software for the passenger screening system... The system should be able to conduct "real-time preflight background threat evaluation" of airline passengers by using names and personal information taken from passenger manifests, according to TSA and industry sources. ...TSA officials are guarded about discussing the system. In a notice about CAPPS II sent to software developers this spring, TSA warned that "there shall be no public release of information concerning the requirements" of the system or proposals by companies interested in developing it.
  
• Carnival Booth: An Algorithm for Defeating the Computer-Assisted Passenger Screening System (5/16/02 - Law and Ethics on the Electronic Frontier [6.806]) - A highly technical paper by MIT researchers describing an algorithm called Carnival Booth which a terrorist cell can use to defeat the CAPPS system. "Using a combination of statistical analysis and computer simulation, we evaluate the efficacy of Carnival Booth and illustrate that CAPPS is an ineffective security measure."
  
  
  
  • 'A Lay Explanation of the MIT Research Paper' by Russell L. Brand (@ BoycottDelta.com)