CAPPS
Matthew X
profrv at nex.net.au
Tue Sep 3 07:26:33 PDT 2002
By late fall, federal airport security officers hope to begin installing
computer systems that can instantly check the personal backgrounds of
airline passengers and alert security officials to any who are deemed
dangerous before they can board planes and take off.
The tool, a substantially advanced version of the Computer Assisted
Passenger Prescreening System (CAPPS) now in use, is being designed to comb
multiple government and commercial databases for information that could
indicate that a passenger poses a threat.
Although installation of the system at airports is scheduled to begin in
late fall, a government official, speaking on background, said it could be
delayed if, as expected, the Transportation Security Administration is
pulled out of the Transportation Department and moved into the Homeland
Security Department.
"We're waiting to see what happens with the new department," the official said.
The House of Representatives has approved a Bush administration plan to
create the Homeland Security Department and move TSA and about two dozen
other federal entities into it. But the Senate has only begun to examine
the proposal.
Last spring, TSA hired four companies to design rival versions of essential
software for the passenger screening system, and agency officials expect a
final design of the system to be finished this fall.
The system should be able to conduct "real-time preflight background threat
evaluation" of airline passengers by using names and personal information
taken from passenger manifests, according to TSA and industry sources.
The system, called CAPPS II, would compare information from manifests with
information culled and analyzed instantaneously from "numerous databases
from government, industry and the private sector" to determine whether any
passengers pose a security threat.
A computer using a security scoring algorithm and criteria and weights set
by TSA would decide whether a passenger posed a threat. The system would
also consider "threat data gathered from state, federal and private-sector
sources," TSA officials wrote in a report on CAPPS II.
An existing version of CAPPS provides threat information to airline
employees, who are then supposed to pass it on to airport security
personnel. The new version is being designed to provide threat alerts
directly to "front-line security forces," including via secure wireless
communication, the report states.
TSA's plan to use information from commercial databases worries privacy
advocates.
The Electronic Privacy Information Center warns that "each airline
passenger will be subjected to an extensive profiling" if CAPPS II goes
forward. Lawyers for EPIC sued TSA, saying the agency failed to disclose
enough information about how the system will work.
EPIC wants to know what factors would trigger a threat alarm, how accurate
data in the databases would be, what recourse travelers would have if they
are falsely identified as being a threat, and whether the system violates
constitutional prohibitions, including those against unreasonable searches.
TSA officials are guarded about discussing the system. In a notice about
CAPPS II sent to software developers this spring, TSA warned that "there
shall be no public release of information concerning the requirements" of
the system or proposals by companies interested in developing it.
But industry officials insist it will work. "It could be very effective" in
identifying potentially dangerous passengers, said Allen Shay, president of
Teradata, a data warehousing division of NCR Corp.
The system is likely to focus on passengers who pay cash, buy one-way
tickets or have questionable or conflicting identification documents,
criminal records or other information in databases that arouses suspicion,
he said. Similar automated background checks are common in the financial
industry and commerce, Shay said. Banks, for example, check employment,
credit and financial records when marketing loans.
But the passenger-screening system is almost certain to raise concerns
about privacy and profiling, Shay said. "When it is done in the commercial
world, it is known as customer resource management. When it is done by the
government, it's an invasion of privacy," he said. "To move forward in a
positive way, that's something we're going to collectively have to get over."
http://www.fcw.com/fcw/articles/2002/0902/news-capps-09-02-02.asp
Hope it picks up anthrax carrying sheep murdering Mi5 agents.
More information about the cypherpunks-legacy
mailing list