News roundup on air travel privacy, CAPPS II [priv]

[Declan McCullagh <declan () well com>]

[Roundup courtesy of the Free Congress Foundation. --Declan]



> *	Privacy Villain: FBI And Their Push For Online Privacy  
>
> EU Parliament Threatens Legal Action
> Over Collection Of Passenger Data
> By Constant Brand
> The Los Angeles Times
> March 18, 2004
>
> Editor's Note: According to the article: "If the EU's highest court finds
> it does violate EU rules, it would nullify the pact."
>
> A European Parliament committee on Thursday threatened to challenge in
> court a deal allowing U.S. authorities to collect personal data on airline
> passengers, saying it undermined the privacy of European Union citizens.
>
> http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2004/03/18/international0635EST0501.DTL
>
> CAPPS II Under Fire In Congressional Hearing
>
> Editor's Note: The TSA claims 75,000 red and yellow alerts a day --
> virtually none a bona fide terrorist -- is progress? How seriously can we
> believe in the TSA's assertions that the misidentified will really have
> recourse?  As Rep. Peter  DeFazio (D-OR) asserted "the Achilles heel' of
> the CAPPS II system is that a sophisticated terrorist will be able to
> assume an identity that it will not trigger a "yellow" (cautionary) or
> "red" (definitely do not allow to board) rating. To paraphrase Stanley
> Baldwin: "The  smart terrorist network will always get through CAPPS II."
> By the TSA's own reckoning, 75,000 people a day -- virtually all who will
> be innocent -- will not. This is progress?    
>
> If a corporation were administering this system, it would trigger class
> action lawsuits. Because it's the Federal Government's  Transportation
> Security Administration singling out 300,000 passengers a day -- virtually
> all innocent -- for extra questioning and inspections, the CAPPS system
> has gotten a pass from a serious court challenge -- so far.     
>
> TSA Defends Its Scrutiny
> Of Airline Workers
> By Jonathan Krim
> The Washington Post
> March 18, 2004
>
> David L. Sobel, general counsel of the Electronic Privacy Information
> Center, testified that the TSA's plan raises serious constitutional
> questions and runs afoul of a 1974 privacy law.
> "This is a secret, classified system," he said, with the TSA under no
> obligation to tell passengers what data has been collected about them.
> Nor, he said, would the public have any legal rights to correct
> information that is wrong.
>  
> http://www.washingtonpost.com/wp-dyn/articles/A2916-2004Mar17.html
>
> Excerpts from Testimony Of Kevin P. Mitchell, Chairman of the Business
> Travel Coalition Regarding CAPPS II Before the U.S. House of
> Representatives Committee on Transportation and Infrastructure
> Subcommittee on Aviation
>
> Editor's Note: Mr. Mitchell, as a representative of the business travel
> industry, is to be commended for raising serious questions about CAPPS II.
> No doubt many privacy advocates have a simpler recommendation to provide
> to Congress: "SCRAP CAPPS II -- period." Nonetheless, Mr. Mitchell's
> recommendations are quoted verbatim below and given that TSA may succeed
> in using some system -- be it CAPPS II or something else -- the
> recommendation that it come with the string of a sunset provision is
> something that privacy advocates should bear in mind. The Electronic and
> Privacy Information Center's David L. Sobel lays out the goals TSA must
> meet to make CAPPS II acceptable from a civil liberties and privacy
> standpoint. Now, it's TSA's move. Do they concede the legitimacy of
> concerns, as expressed by David Sobel, by revising the system and its
> policies? Or do they press on in their campaign to sell a big-budget
> system that infringes upon our privacy and of very dubious effectiveness.
>
> "Recommendations:
>
> "1. CAPPS II should be strictly authorized for use only in aviation system
> security. 
>
> "2. The process and timeframe for U.S. citizens and foreigners to have
> their risk profiles corrected needs to be efficient-to-a-fault, and
> ironclad.
>
> "3. The threshold requirements that Congress wisely placed on the TSA for
> CAPPS II to be fully funded should be revised to reflect GAO's recently
> published CAPPS II audit results as well as the ideas and concerns that
> will come to light from a thorough public policy debate.
>
> "4. An organization such as GAO answerable only to Congress, should have
> sufficient national security clearances and attendant authority to monitor
> all aspects of a CAPPS II including policies, programs and practices of
> other supporting government agencies and private sector contractors. 
>
> "5. CAPPS  II should be sunseted after 3 to 5 years to enable Congress to
> carefully evaluate costs, efficacy and ongoing need for the program and
> determine if it warrants reauthorization."           
>
> Mr. Mitchell's Submitted Statement to the Committee can be read at:
>
> http://btcweb.biz/c2testimony.htm
>
> Excerpts From the Statement of David L. Sobel, General Counsel of the
> Electronic Privacy Information Center Before the House Committee on
> Transportation and Infrastructure Aviation Subcommittee on "The Status of
> the Computer Assisted Passenger Prescreening System (CAPPS II). 
>
> "DHS's Chief Privacy Officer [Nuala O'Connor Kelly] recently touted the
> protections afforded by the Privacy Act, explaining that the law 
>
>                 `provides substantial notice, access, and redress rights for
>
> 		citizens and legal residents of the United States whose 
> 		information is held by a branch of the federal government. 
> 		The law provides robust advance notice, through detailed 
> 		"system of records" notices, about the creation of new
> techno -
>                 logical or other systems containing personal information.
> The 
> 		law also provides the right of access to one's own records,
> the 
> 			right to know and to limit other parties with whom
> information
>                         has been shared, and the right to appeal
> determinations regarding    
> 		the accuracy of those records or the disclosure of those
> records.' 
>
> "TSA, however, has sought to exempt CAPPS II from nearly all of the
> Privacy Act provisions Ms. O'Connor Kelly described."
>
> [quotation of Ms. O'Connor Kelly is from: Remarks of Nuala O'Connor Kelly
> Before the 25th International Conference of Data Protection and Privacy
> Commissioners, Sydney, Australia, September 11, 2003]
>
> "As the recent GAO report found, TSA has failed to adequately address the
> very real privacy and due process issues that permeate the proposed
> system. Based upon TSA"s Privacy Act notice for the system, I believe
> there is reason to doubt whether the system, as currently envisioned, can
> ever function in a manner that protects privacy and provides citizens with
> basic rights of access and redress. In order for CAPPS II to pass muster
> from a privacy and civil liberties perspective, TSA must, at a minimum:
> 1.) ensure greater transparency through the establishment of a
> non-classified system; 2.) provide individuals enforceable rights of
> access and correction; 3.) limit the collection of information to only
> that which is necessary and relevant; and 4.) substantially limit the
> routine uses of collected information. Further, development of the system
> should be suspended until TSA provides a final Privacy Impact Assessment,
> discloses it to the public and receives public comments. Finally, the
> agency should not acquire personal information, even for testing purposes,
> until it has revised its policies and procedures as suggested above."
>
>
>
> Mr. Sobel's Submitted Statement  On CAPPS II Can Be Read At:
>
> http://www.epic.org/privacy/airtravel/capps_testimony_3_04.pdf  
>
> Also, see: 3/18/04 Associated Press story on "TSA Plans To Test Low-Risk
> Flyer Program" (posted on The New York Times webpage)
>
> http://www.nytimes.com/aponline/national/AP-Airline-Passenger-Screening.ht
> ml  
>
> Kevin Mitchell, chairman of the Business Travel Coalition, said he wasn't
> sure passengers would embrace the ``registered traveler program'' because
> of privacy concerns.
> ``We are, as an organization, very much in favor of it,'' Mitchell said.
> ``But I'm not sure there are a lot of business travelers willing to pay to
> turn over all that information.''
> And: 3/17/04 Reuters Article On "U.S. To Force airlines To Provide
> Traveler Data"(posted on The New York Times webpage)
>
> CAPPS II would check government intelligence and consumer data amassed by
> companies like Acxiom Corp. to verify passengers' identities and determine
> if they have criminal records or links to groups such as al Qaeda.
>
> http://www.nytimes.com/reuters/news/news-airlines-security.html
>
> And: 3/18/04 United Press International Article by Shaun Waterman on
> "Privacy Officer, Board To Oversee Profiling System"(posted on The
> Washington Times webpage)
>
> Privacy specialists cautioned that the oversight board, to be truly
> effective and independent, would need to include people willing to
> challenge and question the agency. 
>
>  "They ought to include persistent critics of the program," said one
> longtime privacy professional who asked not to be named. "If they're all
> ex-TSA employees, that will be a danger sign."
>
> http://www.washtimes.com/national/20040317-110813-1393r.htm
>  
> And: 3/17/04 Associated Press Story on "Airlines OK Security Plan" Posted
> on Wired News.com
>
> The Air Transport Association said it supports the concept of the
> Computer-Assisted Passenger Prescreening System, or CAPPS II, provided the
> government follows seven "privacy principles." The Associated Press
> obtained the list of principles Tuesday, a day before they were to be
> revealed at a House hearing.
>
> http://www.wired.com/news/privacy/0,1848,62701,00.html  
>
> Read The 3/16/04 AP Story Listing The  Air Transport Association's Seven
> Privacy Principles 
>
> ...TSA shall provide passengers with effective and expeditious means to...
> resolve complaints about the collection, accuracy, processing or use of
> personal information.
>
> http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2004/03/16/fi
> nancial0225EST0007.DTL
>
> And: 3/17/04 Federal Computer Week Article By Sarita Chourey On "Norton
> Raises CAPPS II Liability Fears"  
>
> "May I suggest that this program is going nowhere until you get an opinion
> on liability," Norton said. 
> She assailed what she characterized as an assumption that CAPPS II would
> not have any liability concerns. CAPPS II officials must be prepared "to
> deal with what happens to people who... in any imperfect  system, will be
> misidentified and will have major losses as a result," Norton said.
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)