Rosen praises CAPPS II

Related Links

"ACLU challenge"

Privacy law expert Jeffrey Rosen today praised the Computer Assisted Passenger Profiling System (CAPPS) II for balancing public safety and personal privacy.

But he worries that the compromise achieved with the Transportation Security Administration's CAPPS II will be difficult to maintain in other information systems that share public- and private-sector data.

Speaking in Washington, D.C., at the Gartner Information Technology Security Summit, Rosen said that CAPPS II corrected two fundamental flaws of the unpopular Total Information Awareness system, a project of Defense Advanced Research Projects Agency.

First, CAPPS II is designed to verify only that people are who they say they are. "It doesn't presume to pick people out of crowds and say whether they look like a [Sept. 11, 2001] terrorist," Rosen said.

Using terms familiar to information security managers, he said the system does authentication but not identification.

Second, CAPPS II operates with limits on how authorities can use its data. TSA officials forward evidence to law enforcement authorities only if the system uncovers outstanding warrants for violent federal crimes, Rosen said.

Operational controls prevent TSA officials from sharing evidence of low-level, nonviolent crimes that CAPPS II might uncover, a feature of the system that he called "an important victory for privacy."

Rosen, a professor of law at the Georgetown University Law Center and author of "The Naked Crowd: Reclaiming Security and Freedom in an Anxious Age," said he doesn't share the views many privacy critics have of the U.S. Patriot Act. But a part of the law known as Section 215 is overbroad and should be amended, he said.

A bipartisan bill pending in Congress would amend the act by requiring government authorities to certify that a person is a suspected terrorist or spy before officials could engage in broad data mining of shared databases. "This was the arrangement that preceded [Sept. 11] under the Foreign Intelligence Surveillance Act," and it should be part of the Patriot Act, Rosen said.

Amending the law to include those added controls over broad data-mining searches would be desirable in principle, he said. And he challenged the software engineers in the audience to contribute their know-how to designing future systems that would provide broad access to data that is searchable but anonymous, unless there is legal cause to reveal personal identities.

"You have a crucial role in designing these laws and technologies," Rosen said.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.