[IP] CAPPS II

To: ip@xxxxxxxxxxxxxx
Subject: [IP] CAPPS II
From: Dave Farber <dave@xxxxxxxxxx>
Date: Wed, 10 Mar 2004 17:28:00 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx

Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Wed, 10 Mar 2004 10:34:53 -0800
From: Lee Tien <tien@xxxxxxxx>
Subject: [E-PRV] Fwd: Fw: CAPPS II


Subject: Holly Hegeman on CAPPS II


From today's issue of "Plane Business"
<http://www.planebusiness.com>http://www.planebusiness.com (subscription)

CAPPS II: A Bad Idea Getting Worse

Testimony begins on Capitol Hill this week on the proposedComputer-Assisted Passenger Prescreening System II security program.However, unfortunately, it appears that the hearings currently scheduledhave been set up to concentrate on the rather narrow issue of the programitself, not the more critical overriding issues involving passenger privacyconcerns.

Not that the program itself, as currently designed, is something thatshould ever see the light of day.

Testifying Thursday will be Kevin Mitchell, chairman of the Business TravelCoalition, Tom Blank, Transportation Security Administration, Norm Rabkin,General Accounting Office, Jim May, Air Transport Association, PaulRosenzweig, Heritage Foundation, and David Sobel, Electronic PrivacyInformation Center.

Mitchell, whose organization represents a number of large corporationswhich purchase hundreds of millions of dollars in airline travel a year,told me Monday that initially, when the story broke that JetBlue had turnedover passenger records to a government contractor, he did not pay muchattention to it.

"However, when the news came out about Northwest Airlines and itsdisclosure of passenger information, I began to look into this moreclosely. And to be honest, Holly, I was blown away by the information Ibegan to read. There is a awful lot of stuff that has been going on behindour backs -- and nobody knows what is going on."

Mitchell continued, "My only interest, at the beginning of my informationlearning curve? To get the debate started. But I have to admit, as I havemoved into this debate more and more, I've been amazed by some of the stuffI've found out."

How do his corporate clients feel about the proposed CAPPS II program?

Mitchell responded that initially they were confused, and that many of themwere really not sure how the program would be different from a "trustedtraveler" program. Or to what extent the TSA is involved.

"They knew very little," Mitchell explained.

But as their level of awareness has grown, Mitchell says that now thebiggest concern of his corporate members is just how, if an employee istagged as a "yellow" (or "unknown risk" -- the second of three risk levels-- as CAPPS II terms it), for instance, that employee will then be able tosimply and quickly clean up his or her record so that it accuratelyreflects who they are.

"Daimler-Chrysler, for instance, employs a great number of people fromaround the world. Some of these folks just fly into the U.S. for a numberof months and then fly out again. Daimler-Chrysler's concern? Whatassurance is there that if the program, as is being proposed now, is putinto place, that a mistake could be fixed, and fixed quickly," Mitchell said.

A second concern to Mitchell's corporate members? Disruption to businesstravel.

"Okay, let's say I go to fly on business and the TSA says, 'Nope, you'reyellow.' Then what? How am I going to be allowed to get on the airplane?How long is this process going to take? And what happens if the next time Ifly, and I get on the flight okay, and then the next time, I'm nabbedagain. Who is going to pay when I have to pay for a walk-up ticket to getfrom point A to point B, because the TSA kept me from making my flight?"Mitchell asked.

The problem of just how an individual can get their record "cleaned up" isa major one. The TSA claims, on the one hand, that passenger informationwill not be kept for more than "a number of days" on any given passenger,for any given flight.

Okay, so how in the heck will a passenger be able to access the neededinformation, in an effort to clear their name?

Another issue that Mitchell brought up that had not occurred to me, wasthis one. Let's say your nabbed and designated "yellow" and let's say it'sbecause of a damaging piece of information that is accurate. Then what?

"Say you are traveling with a number of your co-workers on an importantbusiness trip. Not an unusual thing. And, say, that everyone gets throughsecurity but you. How long do you think it is going to take for theinformation that you are a deadbeat dad, or that you have an outstandingarrest warrant for a parking ticket two years ago, to get back to theoffice?" Mitchell wondered.

Mitchell, who has a number of members in the Detroit area, says thatanother issue of great concern is the similarity in many Arab and Muslim names.

"There is a huge Arab population in Detroit," Mitchell said. "I ask you,how many times do you think some of these folks are going to be stopped bythis system, just because they have the same last name as some supposed'terrorist'?"

Finally, Mitchell brought up the issue of address changes and name changes.

As the CAPPS II program is currently set up, four points of information aregoing to be required of all travelers. Name, address, phone number, andbirth day.

"Let's take a college student, for example. Now, what address is thisperson going to have? Probably more than one. His parents. His dorm. Aplace where he stayed and worked for the summer. Who knows? But one thingis for sure, if just one of those four pieces of information is not insynch with whatever commercial databases the government is going to connectwith -- then we would have to assume this is going to kick this person intoa 'yellow' category."

Then there is the issue of name changes. Mitchell explained, "How manypeople get married, divorced, change their name for any number of reasons?Suppose someone attempts to board a plane and uses a driver's license andit has their new name on it. What happens when this does not match any'known' record?"

At this point, I assured Kevin that I more than got the point.

From the airline perspective, besides the fact that the airline industrywould become a surrogate sheriff and bounty hunter, there is one and onlyone big concern with CAPPS II.

Cost.

More than one industry observer has pegged the projected cost to implementthe proposed plan in excess of $1 billion. Now, it is unclear how much ofthis would have to be absorbed by the GDS companies, and how much by theairlines themselves -- but there is no doubt that existing informationdatabases would have to be changed to accommodate the additional information.

In terms of the bigger issues involved with the potential CAPPS II program,there are two very large ones -- one, the issue of privacy and two, theissue of just how effective such a program would be in the long run.

In May 2002, a group of MIT students proved pretty conclusively that aCAPPS type of mandated identity program is practically useless in keepingterrorists off an airplane. In their study, Carnival Booth: An Algorithmfor Defeating the Computer-Assisted Passenger Screening System, thestudents proved that since CAPPS uses profiles to select passengers forincreased scrutiny, it is actually less secure than systems that employrandom searches. In particular, the students presented an algorithm calledCarnival Booth that demonstrated how a terrorist cell could easily defeatthe CAPPS system. Using a combination of statistical analysis and computersimulation, the students evaluated the efficacy of Carnival Booth andillustrated that CAPPS is an ineffective security measure. Essentially allthe terrorists would have to do is send out decoys to "test" whateverinformation was pre-existing on them in the profile. As soon as someone wasa "green" to go -- the terrorist would then know he would be free to passthrough the system undeterred.

But by far, besides the operational issues of just how such a system wouldwork (or wouldn't work, as I suspect would be more the case), there aremajor privacy issues with the proposed CAPPS II plan.

First and foremost, the system would, in a backhanded way, construct anational identification system. Second, while the government has said thatit would not allow the information gathered to be used for any otherpurpose, I simply refuse to believe this.

One, because there have already been comments made by government officialsthat imply CAPPS could be a godsend to law enforcement agencies. Just asthe photo identification program that the U.S. has begun for certainincoming passengers from overseas has also been used to catch criminals --there are those in law enforcement who would like nothing better than tohave every airline passenger's identity screened. In fact, one of thedatabases that will be accessed every time you or I attempt to set foot onan airplane will be a criminal database.

Secondly, why should I believe the government about this issue, when it isclear the government continues to move forward on a number of "data-mining"initiatives?

Last year, Congress ordered the Pentagon to stop its Total InformationAwareness program -- the brainchild of former Iran Contra scandal alum JohnPoindexter, after news of the program's intent became public.

Ironically, the program had already changed its name to "TerrorismInformation Awareness" -- in an attempt to make its mission seem morepalatable.

The program sought to create a data-mining program that would have giventhe Pentagon unrestricted access to large amounts of personal and privateinformation on U.S. citizens.

But, while the Defense Department says it has not shared any of thetechnology that it developed as part of the program, the governmentcertainly seems to be pursuing other smaller, but more highly targetedefforts. CAPPS II is one of these.

In a recent article in the Washington Times, it was noted that while datamining has been used for years by marketers, in an attempt to target peoplewho might be prospective customers, it was only after the events of Sept.11, 2001, that the government seems to have come up with the bright ideathat this would be a great law enforcement tool.

Speaking of, the Terrorist Threat Integration Center is the government'snew data warehouse. According to the Times, it now has the specific task offusing and analyzing all sources of information related to "terrorism."

Now, let's not forget -- that would also include all the information aboutyou -- if you flew on an airplane and CAPPS II was in effect.

However, as a spokesperson for the CIA told the Times, "The term datamining is not appropriate and should not be used in reference to the TTIC.The words we use are 'advanced analytic searches' or 'sophisticatedanalytic search tools' that we use to create linkages and relationshipsbetween information."

Well, I for one, certainly feel better about whatever it is they areamassing, now that I have heard that corporate-speak delineation.

What about other countries? How are they tackling this issue?

As many of you know, the U.S. recently asked the European Union to supplypassenger name records to U.S. authorities.

This request, while initially given a somewhat favorable response by theEuropean Commission, is not exactly being received enthusiastically by theEuropean Parliament.

In fact, as Edward Hasbrouck reported last week, "If, as it is nowconsidering doing, Parliament sends the European Commission's draft dealwith the U.S.A. on CAPPS II testing back to the drawing board, any eventualParliamentary approval will certainly take months -- if it is everforthcoming at all."

More eye-opening, in reading through Edward's latest entry concerning theE.U., the proposed European Parliament resolution noted, "in the U.S.A.the protection of privacy... is not regarded as a fundamental right... noris there any right of legal redress should the measures restricting thefreedom to travel be abused."

Hmmmm.

If you think this statement is off base, consider comments from the recentGAO report on the proposed program.

"..TSA plans to exempt CAPPS II from the Privacy Act's requirements tomaintain only that information about an individual that is relevant andnecessary to accomplish a proper agency purpose. These plans reflect thethe subordination of the use limitation practice and data quality practice(personal information should be relevant to the purpose for which it iscollected) to other goals and raises concerns that TSA may collect andmaintain more information than is needed for the purpose of CAPPS II, andperhaps use this information for new purposes in the future.

Further, TSA plans to limit the application of the individual participationpractice -- which states that individuals should have the right to knowabout the collection of personal information, to access that information,and request correction -- by prohibiting passenger access to all personalinformation about them accessed by CAPPS II. This raises concerns thatinaccurate personal information will remain uncorrected and continue to beaccessed by CAPPS II".

According to Hasbrouck, the chances of other countries throughout the worldsimply handing over PNR information to the U.S. is slim. "It's nothyperbole to describe E.U. and Canadian data privacy laws as exemplifyingemerging global norms of privacy as a human right. Many other countrieshave similar laws, including for example several Latin American countrieswith large volumes of passenger air traffic to and from the U.S. that havebased their data protection laws almost verbatim on those of Spain, andthus the E.U. The only question is how many of these and other countrieswill assert their right to be consulted before their citizens' privacyrights are violated by nonconsensual U.S. government access to passengerreservation records."

So, let's see. First, we have a respected study that sayspassenger-profiling programs are ineffective at catching terrorists. But,undeterred by this, or by advice from other leading countries known fortheir security acumen, notably Israel, we have just such a plan in theworks by the TSA. This proposed plan by the TSA would rely on matchingdatabases of commercial and law enforcement agencies against a passenger'sname and address -- a situation fraught with problems right from the start.(Ever pulled a copy of your credit report and seen how many incorrectpieces of information are on there?)

Then, if a passenger is classified a "yellow," much less a dreaded "red,"the TSA does not seem to be too forthcoming in just how someone wouldquickly clear up the problem. (And think about it -- if they are matchingyour information across a number of commercial databases, how are theygoing to know where the mismatch is? And how in the heck is the passengergoing to be able to fix the problem?)

Finally, in terms of the effect of this on the airline industry -- I seevery little positive. The industry would experience massive problems interms of airport backups and delayed boardings -- leading to reducedpassenger levels (worse, I believe than what we saw post-Sept. 11, 2001);there would be additional costs, as part of the implementation of such aprogram; and would passengers feel safer because of all this?

I think not.

Bottom line -- passengers lose and airlines lose. But U.S. citizens wouldlose most of all.

Pertinent Links

MIT: Carnival Booth: An Algorithm for Defeating the Computer-AssistedPassenger Screening System, May 2002

Edward Hasbrouck: "The Practical Nomad" and "Total Travel InformationAwareness" -- An updated version of the 2003 Lowell Thomas TravelJournalism Award for investigative reporting on the issue of air travelerprivacy. If you want a good background read -- this is the place to go.

ACLU: CAPPS II

Don't Spy on Us: Bill Scannell can go over the top at times, I admit, but Ifound his linking of David Stempler's Air Traveler's Association withCendant's Traveler's Advantage program pretty interesting. Essentially, itlooks like Stempler's website and that of Cendant's Traveler's Advantageare both owned and managed by the Trilegiant Corporation, a Cendantsubsidiary. So much for the independent passenger voice.

I found this especially interesting, in that I recently jumped on Stemplerfor posting a rather rah-rah post on the CAPPS II program on an industryemail list. Scannell's take is that Stempler appears to be little more thana front for Cendant, whose Galileo subsidiary could stand to gain a newprofit center if CAPPS II is implemented.

This apparent cozy little relationship brings up an entirely separateargument -- how would the additional passenger travel information in PNRs,that GDS companies would now have access to, be protected once thatinformation was routinely accessed? Answer: It couldn't be. Translation?The expanded PNR information would represent a marketing gold mine.

Latest GAO report on CAPPS II (PDF download).

Scott McMurren
Alaska Travelgram
http://www.alaskatravelgram.com
mailto:zoom@xxxxxxx

Scott McMurren
Alaska Travelgram
http://www.alaskatravelgram.com
mailto:zoom@xxxxxxx



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] FCC Faces Suit on Regulation of Digital Broadcast Television
Next by Date: [IP] Byliner: Sununu on Taxing New Internet Voice Communication Technology
Previous by thread: [IP] FCC Faces Suit on Regulation of Digital Broadcast Television
Next by thread: [IP] Byliner: Sununu on Taxing New Internet Voice Communication Technology
Index(es):
- Date
- Thread