IP: The Intensifying Scrutiny at Airports

[Dave Farber <dave () farber net>]

Anyone want to start a pool on the cost overrun on this one!! djf

http://www.businessweek.com/technology/content/jun2002/tc2002065_2255.htm

SPECIAL REPORT: NEW THREATS TO PRIVACY

The Intensifying Scrutiny at Airports
 
Depending on your point of view, air travel is about to become the most
closely watched or thoroughly invaded area of your life
 In Steven Spielberg's upcoming movie, Minority Report, Tom Cruise plays a
cop working for the mythical federal Precrime Dept. Through the use of
mysterious techno-psychic powers, he and other sleuths are able to foretell
murders -- and arrest perpetrators before they act. The plot thickens when
the system identifies Cruise as a future killer, forcing him to elude
capture until he proves his innocence.
While far out, the story does capture hopes and fears surrounding the
deployment of new technologies aimed at making air travel more secure.
Advocates of exhaustive screening envision an intelligent system that can
more readily spot hijackers and terrorists -- and intercept them before they
strike. Civil libertarians, by contrast, fear that with so much information
on individuals at its disposal, the government will use this data in
unforeseen -- and possibly unethical -- ways.
NEW ARM OF THE LAW.  Airline security, including the use of biometrics (such
as computerized facial recognition) to identify crews, airport employees,
and "trusted travelers," is rapidly becoming the test bed for both camps. A
system is rolling out that will make air travel one of the most intensely
scrutinized -- some might say most thoroughly invaded -- pursuits in
American life. 
Leading the new effort is the Transportation Safety Administration (TSA), an
arm of the U.S. Transportation Dept. The TSA was spawned after September 11
with a mandate to secure the domestic transportation system. And how well
that works -- or doesn't -- could set the tone for numerous other security
efforts in the post-September 11 era.
The TSA's initial priorities were to hire and train a new federal force of
30,000 airport-security employees and install thousands of new
explosives-detection systems that could check every piece of luggage that
goes on a plane at 429 major U.S. airports by yearend. The TSA's staff has
been quietly working on a handful of screening programs that worry guardians
of liberty, such as the American Civil Liberties Union (ACLU). Passengers
could soon find themselves checked against a manifest that includes not only
their name and seat assignment but also the photograph from their driver's
license or passport. Or they could be scrutinized by facial-recognition
systems designed to rout out known terrorists during boarding.
WHO SEES WHAT?  No one objects to catching bad guys, of course, but such
data-centric methods could scoop up a lot of others in the process. They
might identify people who have routine relationships with terrorists --
folks who merely live in the same building or attend the same place of
worship. 
Since the TSA now holds jurisdiction over airport security, these programs
and the information they assemble will end up within the feds' purview. Most
likely, this data will be kept and evaluated in a central repository that's
widely available to various agencies and subject to the normal leaks of
government. The TSA hasn't yet said whether it will allow individuals to see
what has been collected on them and contest or correct it.
The backbone of next-generation airport-screening technology will be CAPPS
II (for computer-assisted passenger prescreening system). The first CAPPS
system was developed in the early 1990s by Northwest Airlines to spot
potential hijackers by examining a limited amount of data. The information
gathered included such details as whether a ticket was paid for in cash,
whether it was one-way, and how long before the date of departure it was
purchased. 
WATCHING EVERY STEP.  CAPPS II will most likely make the old system look
primitive. It will not only examine travel booking and payment information
but it will also be much more tightly integrated with lists of terrorists
and criminals that are kept by global and domestic law-enforcement agencies.
In addition, CAPPS II will pull in data from banks, credit-reporting
agencies, and other companies that aggregate personal information, including
Experian, Acxiom (ACXM ), and ChoicePoint (CPS ), to name a few likely
candidates. 
The new CAPPS system will most likely be involved at every step a traveler
takes. "A next-generation version would be enabled at all points of
passenger processing: booking, ticketing, check-in, security screening, and
aircraft boarding," Jim Dullum, managing director of Electronic Data Systems
(EDS ), testified before a panel of U.S. senators in April. Most important,
CAPPS II will likely be run by a single agency -- probably the TSA -- and
won't rely on individual airlines for technical support.
That makes sense to the technologists who are trying to build the system. A
federal screening system would allow more-controlled access to data, they
say. "The guy at the airport ticket counter might have one view. The FAA and
the TSA might have another view. And you could build a strict audit trail of
who sees what type of information," explains Steve Cooperman, Oracle's (ORCL
) director of homeland-security solutions.
 
------------------------------------------------------------------------
    "Trusted travelers" could avoid serpentine lines at airports
------------------------------------------------------------------------
     
What would make CAPPS II especially powerful would be its ability to
incorporate exotic new technologies that look beyond obvious correlations.
For example, Las-Vegas-based Systems Research & Development (SRD ) already
builds software that cross-references databases using "fuzzy logic"
algorithms that can spot red flags -- such as social associations with known
terrorists -- that the old CAPPS system might not have noticed.
DEEP BACKGROUND.  SRD's strong ties with the casino industry might prove
useful. "You may have a dealer at one of the places and find out their
next-door neighbor is a known card cheat. That kind of logic applies very
well to antiterrorism," explains Allen Shays, chief operating officer of the
government systems division at data warehousing specialist NCR Teradata.
The TSA is also exploring how to weave biometric applications into CAPPS II
via "trusted traveler" programs. With these, passengers would agree to
biometric identification and undergo background checks to expedite their
trips. They would still go through standard CAPPS II screening and mandatory
baggage checks but could avoid the serpentine lines that will plague
airports for some time.
Exactly what criteria will be used to establish who is a trusted traveler
remains unclear. Some of the tech specialists involved with the TSA's
efforts think a couple of fingerprints and a standard credit check combined
with an FBI check would be sufficient. Others think the same criteria that
are used for obtaining national security clearances should apply. That would
mean a far more extensive and expensive check -- and require trusted
traveler applicants to submit all 10 fingerprints.
FALSE SECURITY?  While many business travelers would likely sign up for
trusted-traveler clearance, "no program has taken off because the TSA needs
to establish a criteria for trusted traveler and what privileges you would
be granted," says Joseph Atick, the CEO of biometric company Visionics (VSNX
). Not surprisingly, he's an advocate of both trusted-traveler programs and
using biometrics for passenger screening.
The idea that a trusted-traveler program might be used by many millions of
Americans troubles the ACLU on several counts. "The problem with trying to
have the government identify some citizens as trusted leads to the
possibility that some people who get these preferential security treatments
will become security risks themselves," says Jay Stanley of the ACLU's
Technology & Liberty Program. Obvious examples: Oklahoma City bomber Timothy
McVeigh, who was a veteran of the Gulf war, and FBI agent Robert Hansen, who
spied for Russia. 
Equally troubling is the possibility that innocent people will be tagged as
untrusted because of simple and legitimate associations with terrorist
groups or other unsavory individuals. Further, Stanley worries about what
will happen to all the information collected by CAPPS II. "It's offensive
that private corporations and data aggregators are creating vast dossiers on
the American people," he declares. "When you talk about the government doing
that, it becomes even more serious and offensive."
HUSH-HUSH.  Stanley also points out that using these databases to screen for
terrorists is more problematic than screening for, say, credit scofflaws,
since a relative paucity of good information on known terrorists is
available. 
To date, the TSA's new techno-security efforts remain largely in the pilot
stage. The agency remains hush-hush, but insiders believe it will spend less
than $100 million on CAPPS II -- a relatively small sum for such an
ambitious project. The big push for tighter travel security should start
this fall and continue through 2003.
Already, the TSA has awarded grants for pilot projects to four tech
companies, says NCR Teradata's Shay. It isn't clear what the projects are,
though. SRD and antifraud software company HNC Software (HNC ), as well as
systems integrator Accenture (ACN ), declined to comment for this story. The
ACLU seems to be uncharacteristically in the dark.
It appears, though, that CAPPS II has been cleared for takeoff. What remains
is to see how well it flies in the eyes of a public that's facing stark
choices on privacy vs. security.

------------------------------------------------------------------------

By Alex Salkever

For archives see:
http://www.interesting-people.org/archives/interesting-people/