TSA system would dig up passenger info
- By William Matthews
- Sep 02, 2002
By late fall, federal airport security officers hope to begin installing computer systems that can instantly check the personal backgrounds of airline passengers and alert security officials to any who are deemed dangerous before they can board planes and take off.
The tool, a substantially advanced version of the Computer Assisted Passenger Prescreening System (CAPPS) now in use, is being designed to comb multiple government and commercial databases for information that could indicate that a passenger poses a threat.
Although installation of the system at airports is scheduled to begin in late fall, a government official, speaking on background, said it could be delayed if, as expected, the Transportation Security Administration is pulled out of the Transportation Department and moved into the Homeland Security Department.
"We're waiting to see what happens with the new department," the official said.
The House of Representatives has approved a Bush administration plan to create the Homeland Security Department and move TSA and about two dozen other federal entities into it. But the Senate has only begun to examine the proposal.
Last spring, TSA hired four companies to design rival versions of essential software for the passenger screening system, and agency officials expect a final design of the system to be finished this fall.
The system should be able to conduct "real-time preflight background threat evaluation" of airline passengers by using names and personal information taken from passenger manifests, according to TSA and industry sources.
The system, called CAPPS II, would compare information from manifests with information culled and analyzed instantaneously from "numerous databases from government, industry and the private sector" to determine whether any passengers pose a security threat.
A computer using a security scoring algorithm and criteria and weights set by TSA would decide whether a passenger posed a threat. The system would also consider "threat data gathered from state, federal and private-sector sources," TSA officials wrote in a report on CAPPS II.
An existing version of CAPPS provides threat information to airline employees, who are then supposed to pass it on to airport security personnel. The new version is being designed to provide threat alerts directly to "front-line security forces," including via secure wireless communication, the report states.
TSA's plan to use information from commercial databases worries privacy advocates.
The Electronic Privacy Information Center warns that "each airline passenger will be subjected to an extensive profiling" if CAPPS II goes forward. Lawyers for EPIC sued TSA, saying the agency failed to disclose enough information about how the system will work.
EPIC wants to know what factors would trigger a threat alarm, how accurate data in the databases would be, what recourse travelers would have if they are falsely identified as being a threat, and whether the system violates constitutional prohibitions, including those against unreasonable searches.
TSA officials are guarded about discussing the system. In a notice about CAPPS II sent to software developers this spring, TSA warned that "there shall be no public release of information concerning the requirements" of the system or proposals by companies interested in developing it.
But industry officials insist it will work. "It could be very effective" in identifying potentially dangerous passengers, said Allen Shay, president of Teradata, a data warehousing division of NCR Corp.
The system is likely to focus on passengers who pay cash, buy one-way tickets or have questionable or conflicting identification documents, criminal records or other information in databases that arouses suspicion, he said. Similar automated background checks are common in the financial industry and commerce, Shay said. Banks, for example, check employment, credit and financial records when marketing loans.
But the passenger-screening system is almost certain to raise concerns about privacy and profiling, Shay said. "When it is done in the commercial world, it is known as customer resource management. When it is done by the government, it's an invasion of privacy," he said. "To move forward in a positive way, that's something we're going to collectively have to get over."