RealTime IT News

Digital Rights Group Takes Swipe at CAPPS II

The Electronic Frontier Foundation (EFF has joined the growing outcry against the Computer Assisted Passenger Prescreening System (CAPPS II) being developed by the Transportation Security Administration (TSA).

The San Francisco-based digital rights group is asking the Department of Transportation, the parent agency of the TSA, to withdraw plans exempting the controversial Aviation Security Screening Records (ASSR) passenger database from Privacy Act procedural safeguards.

According to the EFF, the ASSR System appears to be a portion of CAPPS II, a program designed to screen airline passengers that has caught the critical attention of Congress and spawned a call for a boycott of Delta Airlines, which is testing the system at three undisclosed airports across the country.

The proposed ASSR system will aggregate personal data collected through public records and private sector databases for use by the TSA. The EFF is concerned that the ASSR system will lead to the creation of "extensive, secret files about all U.S. citizens and the traveling public" and that these secret files may be used to deny individuals the right to travel and for other purposes.

The EFF claims that by excluding the ASSR system from the Privacy Act, the TSA could deny travelers permission to fly based on potentially inaccurate information that the travelers have never had an opportunity to review and correct.

EFF has previously filed comments with the Department of Transportation, outlining alleged privacy and civil liberties deficiencies with the proposed ASSR system, which would compile "risk assessment reports, financial and transactional data," public records, and private sector data.

In comments filed late Friday, EFF, together with co-signers Privacy Activism, the Privacy Rights Clearinghouse, C.A.S.P.I.A.N., and Michael Stollenwerk, opposed the DOT's proposed exemption of the entire system of ASSR records from the procedural protections of the Privacy Act on the grounds that it is "dangerously overbroad, unjustified under the relevant Privacy Act provisions, and raises significant concerns for individuals' privacy, civil liberties, and the Constitutionally-guaranteed right of freedom to travel."

Gwen Ninze, a staff attorney for EFF, noted, "Under the proposed exemption, individuals would have no way of learning that the TSA is holding personal records about them, and would have no access to review or correct that information if it's wrong or outdated. The exemption TSA proposes would completely eliminate all the important safeguards for individuals' privacy that the Privacy Act was passed to protect."

In early March, the Bush administration revealed the TSA plans to scan government and commercial databases for potential terrorist threats when a passenger makes flight reservations. Under the program, airline passengers will be required to provide their full name plus address, phone number and date of birth. Once that information is entered, the airline computer reservation system will automatically link to the TSA for a computer background check on the traveler that can include a credit, banking history and criminal background check.

The TSA will then assign a red, yellow or green score to the passenger based on the agency's risk assessment of the traveler. The score color will then be encrypted on the passenger's boarding pass. A green score will allow passengers to proceed through the usual airport security checks. Passengers with a yellow score will be subjected to additional security checks and a red score will ground the passenger.

Delta Airlines began testing the program this month at three undisclosed airports. TSA will conduct the actual risk assessments.

The announcement of the program prompted Senator Ron Wyden (D.-Ore.), who earlier this year spearheaded an effort to cut off funding for the Pentagon's Total Information Awareness program, to win Senate Commerce Committee approval of an amendment to require Congressional oversight of CAPPS II.

The amendment, if approved by the House and the Senate, would require the Secretary of Homeland Security to report to Congress within 90 days on what impact the CAPPS II program will have on the privacy and civil liberties of United States citizens, including how individual information will be used and what safeguards will be implemented to protect the public's rights.

Delta's participation in the program sparked a Boycott Delta site. Site creator Bill Scannell, a former journalist who now works in public relations for a Silicon Valley-based software firm, told Internetnews, "Defining an invasion of privacy is difficult, but I know it when I see it. This is an egregious violation of privacy by Delta."

According to Scannell, more than 200,000 unique visitors have visited the Web site since it went live on March 3.