The Transportation Security Administration (TSA) has failed to meet most criteria mandated by Congress to implement the controversial Computer Assisted Passenger Prescreening System (CAPPS II), according to new report from the U.S. General Accounting Office (GAO).
The TSA, the report states, has met only one of the criteria — the establishment of an internal oversight board — outlined for the agency, a division of the Department of Homeland Security (DHS).
“As of January of January 1, 2004, TSA has not fully addressed seven of the eight CAPPS II issues identified by the Congress as key areas of interest,” the report states.
Under the anti-terrorism program, airline passengers would be required to provide their name plus address, phone number and date of birth. The TSA would then link to databases for a background check that could include a credit, banking and criminal histories.
The proposal raised a firestorm of privacy criticism, and Congress squarely addressed the issues in its 2004 appropriation for DHS. Lawmakers said there would be no further funding for CAPPS II until the GAO confirmed the TSA had put in a system of due process and operational safeguards.
The criteria included security measures to protect the program from hackers and testing of the search tools to ensure accurate assessments of passengers deemed as a threat.
“Key activities in the development of CAPPS II have been delayed, and TSA has not yet completed important system planning activities,” the report states. “Specifically, TSA is currently behind schedule in testing and developing initial increments of CAPPS II, due in large part to delays in obtaining passenger data needed for testing from air carriers because of privacy
The report also notes that TSA also has not yet established a complete plan identifying specific system functionality that will be delivered, the schedule for delivery, and the estimated costs throughout the system’s development.
Nuala Kelly, chief privacy office of the DHS, said at a news conference, “I want to make sure that this system is truly going to work for the people we are trying to pinpoint and not going to disadvantage any other particular group based on behavior, or category or whatever.”
“For the most part, I think the GAO Report is quite fair and I think it’s accurate and
I think it’s a fair statement to say that there is good work that has been done and a great deal of work that still remains to be done,” she said.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, said in a statement, “The report confirms that the (DHS) has failed to address the very significant privacy issues that lie at the heart of CAPPS II. It shows that international opposition to the U.S. initiative is well-founded, and makes it unlikely that European
officials will approve the transfer of passenger data to the United States.”