Politech mailing list archives
News roundup on air travel privacy, CAPPS II [priv]
From: Declan McCullagh <declan () well com>
Date: Mon, 22 Mar 2004 13:05:31 -0500
[Roundup courtesy of the Free Congress Foundation. --Declan]
* Privacy Villain: FBI And Their Push For Online PrivacyEU Parliament Threatens Legal Action Over Collection Of Passenger Data By Constant Brand The Los Angeles Times March 18, 2004 Editor's Note: According to the article: "If the EU's highest court finds it does violate EU rules, it would nullify the pact." A European Parliament committee on Thursday threatened to challenge in court a deal allowing U.S. authorities to collect personal data on airline passengers, saying it undermined the privacy of European Union citizens. http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2004/03/18/international0635EST0501.DTL CAPPS II Under Fire In Congressional Hearing Editor's Note: The TSA claims 75,000 red and yellow alerts a day -- virtually none a bona fide terrorist -- is progress? How seriously can we believe in the TSA's assertions that the misidentified will really have recourse? As Rep. Peter DeFazio (D-OR) asserted "the Achilles heel' of the CAPPS II system is that a sophisticated terrorist will be able to assume an identity that it will not trigger a "yellow" (cautionary) or "red" (definitely do not allow to board) rating. To paraphrase Stanley Baldwin: "The smart terrorist network will always get through CAPPS II." By the TSA's own reckoning, 75,000 people a day -- virtually all who willbe innocent -- will not. This is progress?If a corporation were administering this system, it would trigger class action lawsuits. Because it's the Federal Government's Transportation Security Administration singling out 300,000 passengers a day -- virtually all innocent -- for extra questioning and inspections, the CAPPS systemhas gotten a pass from a serious court challenge -- so far.TSA Defends Its Scrutiny Of Airline Workers By Jonathan Krim The Washington Post March 18, 2004 David L. Sobel, general counsel of the Electronic Privacy Information Center, testified that the TSA's plan raises serious constitutional questions and runs afoul of a 1974 privacy law. "This is a secret, classified system," he said, with the TSA under no obligation to tell passengers what data has been collected about them. Nor, he said, would the public have any legal rights to correct information that is wrong.http://www.washingtonpost.com/wp-dyn/articles/A2916-2004Mar17.htmlExcerpts from Testimony Of Kevin P. Mitchell, Chairman of the Business Travel Coalition Regarding CAPPS II Before the U.S. House of Representatives Committee on Transportation and Infrastructure Subcommittee on Aviation Editor's Note: Mr. Mitchell, as a representative of the business travel industry, is to be commended for raising serious questions about CAPPS II. No doubt many privacy advocates have a simpler recommendation to provide to Congress: "SCRAP CAPPS II -- period." Nonetheless, Mr. Mitchell's recommendations are quoted verbatim below and given that TSA may succeed in using some system -- be it CAPPS II or something else -- the recommendation that it come with the string of a sunset provision is something that privacy advocates should bear in mind. The Electronic and Privacy Information Center's David L. Sobel lays out the goals TSA must meet to make CAPPS II acceptable from a civil liberties and privacy standpoint. Now, it's TSA's move. Do they concede the legitimacy of concerns, as expressed by David Sobel, by revising the system and its policies? Or do they press on in their campaign to sell a big-budget system that infringes upon our privacy and of very dubious effectiveness. "Recommendations: "1. CAPPS II should be strictly authorized for use only in aviation systemsecurity."2. The process and timeframe for U.S. citizens and foreigners to have their risk profiles corrected needs to be efficient-to-a-fault, and ironclad. "3. The threshold requirements that Congress wisely placed on the TSA for CAPPS II to be fully funded should be revised to reflect GAO's recently published CAPPS II audit results as well as the ideas and concerns that will come to light from a thorough public policy debate. "4. An organization such as GAO answerable only to Congress, should have sufficient national security clearances and attendant authority to monitor all aspects of a CAPPS II including policies, programs and practices ofother supporting government agencies and private sector contractors."5. CAPPS II should be sunseted after 3 to 5 years to enable Congress to carefully evaluate costs, efficacy and ongoing need for the program anddetermine if it warrants reauthorization."Mr. Mitchell's Submitted Statement to the Committee can be read at: http://btcweb.biz/c2testimony.htm Excerpts From the Statement of David L. Sobel, General Counsel of the Electronic Privacy Information Center Before the House Committee on Transportation and Infrastructure Aviation Subcommittee on "The Status ofthe Computer Assisted Passenger Prescreening System (CAPPS II)."DHS's Chief Privacy Officer [Nuala O'Connor Kelly] recently touted theprotections afforded by the Privacy Act, explaining that the law`provides substantial notice, access, and redress rights forcitizens and legal residents of the United States whose information is held by a branch of the federal government. The law provides robust advance notice, through detailed "system of records" notices, about the creation of newtechno - logical or other systems containing personal information.The law also provides the right of access to one's own records, the right to know and to limit other parties with whominformation has been shared, and the right to appealdeterminations regarding the accuracy of those records or the disclosure of those records.'"TSA, however, has sought to exempt CAPPS II from nearly all of the Privacy Act provisions Ms. O'Connor Kelly described." [quotation of Ms. O'Connor Kelly is from: Remarks of Nuala O'Connor Kelly Before the 25th International Conference of Data Protection and Privacy Commissioners, Sydney, Australia, September 11, 2003] "As the recent GAO report found, TSA has failed to adequately address the very real privacy and due process issues that permeate the proposed system. Based upon TSA"s Privacy Act notice for the system, I believe there is reason to doubt whether the system, as currently envisioned, can ever function in a manner that protects privacy and provides citizens with basic rights of access and redress. In order for CAPPS II to pass muster from a privacy and civil liberties perspective, TSA must, at a minimum: 1.) ensure greater transparency through the establishment of a non-classified system; 2.) provide individuals enforceable rights of access and correction; 3.) limit the collection of information to only that which is necessary and relevant; and 4.) substantially limit the routine uses of collected information. Further, development of the system should be suspended until TSA provides a final Privacy Impact Assessment, discloses it to the public and receives public comments. Finally, the agency should not acquire personal information, even for testing purposes, until it has revised its policies and procedures as suggested above." Mr. Sobel's Submitted Statement On CAPPS II Can Be Read At:http://www.epic.org/privacy/airtravel/capps_testimony_3_04.pdfAlso, see: 3/18/04 Associated Press story on "TSA Plans To Test Low-Risk Flyer Program" (posted on The New York Times webpage) http://www.nytimes.com/aponline/national/AP-Airline-Passenger-Screening.htmlKevin Mitchell, chairman of the Business Travel Coalition, said he wasn't sure passengers would embrace the ``registered traveler program'' because of privacy concerns. ``We are, as an organization, very much in favor of it,'' Mitchell said. ``But I'm not sure there are a lot of business travelers willing to pay to turn over all that information.'' And: 3/17/04 Reuters Article On "U.S. To Force airlines To Provide Traveler Data"(posted on The New York Times webpage) CAPPS II would check government intelligence and consumer data amassed by companies like Acxiom Corp. to verify passengers' identities and determine if they have criminal records or links to groups such as al Qaeda. http://www.nytimes.com/reuters/news/news-airlines-security.html And: 3/18/04 United Press International Article by Shaun Waterman on "Privacy Officer, Board To Oversee Profiling System"(posted on The Washington Times webpage) Privacy specialists cautioned that the oversight board, to be truly effective and independent, would need to include people willing tochallenge and question the agency."They ought to include persistent critics of the program," said one longtime privacy professional who asked not to be named. "If they're all ex-TSA employees, that will be a danger sign." http://www.washtimes.com/national/20040317-110813-1393r.htmAnd: 3/17/04 Associated Press Story on "Airlines OK Security Plan" Postedon Wired News.com The Air Transport Association said it supports the concept of the Computer-Assisted Passenger Prescreening System, or CAPPS II, provided the government follows seven "privacy principles." The Associated Press obtained the list of principles Tuesday, a day before they were to be revealed at a House hearing.http://www.wired.com/news/privacy/0,1848,62701,00.htmlRead The 3/16/04 AP Story Listing The Air Transport Association's SevenPrivacy Principles...TSA shall provide passengers with effective and expeditious means to... resolve complaints about the collection, accuracy, processing or use of personal information. http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2004/03/16/fi nancial0225EST0007.DTL And: 3/17/04 Federal Computer Week Article By Sarita Chourey On "NortonRaises CAPPS II Liability Fears""May I suggest that this program is going nowhere until you get an opinionon liability," Norton said. She assailed what she characterized as an assumption that CAPPS II wouldnot have any liability concerns. CAPPS II officials must be prepared "to deal with what happens to people who... in any imperfect system, will be misidentified and will have major losses as a result," Norton said.
_______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
Current thread:
- News roundup on air travel privacy, CAPPS II [priv] Declan McCullagh (Mar 22)