IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

13 February 2004

Congressional Report Outlines Risks to Passenger Screening System

Shortcomings include lack of international cooperation, GAO says

The successful development, implementation and operation of a new U.S. air passenger prescreening system may be impeded by a lack of international cooperation, uncertainty over the possible expansion of the program's original mission and the system's inability to recognize identity theft, a congressional investigative group says.

In a report published February 12, the General Accounting Office (GAO) said that the Transportation Security Administration (TSA) in the Department of Homeland Security (DHS), which has been working on an expanded and modernized version of the Computer-Assisted Passenger Prescreening System known as CAPPS II, needs to deal with those issues as well as other developmental, operational and public acceptance challenges.

CAPPS II is designed to protect the commercial aviation system from terrorist threats by identifying higher-risk passengers for additional security procedures. The system is supposed to check quickly a passenger's identity and conduct risk assessment using commercially available databases and intelligence information.

To prescreen passengers on flights originating in foreign countries, CAPPS II must obtain passenger name record data (PNR) on travelers residing in those countries, flying on foreign airlines or purchasing tickets through foreign outlets.

Other countries, however, particularly those in the European Union (EU), have objected to releasing data on their citizens for use by the system on the grounds that CAPPS II requirements are inconsistent with EU privacy laws, the report said.

While DHS and EU officials are negotiating an understanding regarding the transfer of PNR data for use by the department's customs bureau, the European Commission, the EU executive body, said in December that it would not agree to the use of the data for CAPPS II until internal U.S. processes are completed and privacy concerns are resolved, GAO said.

Referring to TSA announcements about the possibility of expanding the system to target violent criminals, fugitives and illegal immigrants, the report said that such an expansion could divert TSA attention from the program's fundamental purpose and lead to an erosion of public confidence.

As for identity theft risk, GAO said that TSA officials believe that although CAPPS II is not foolproof against such a risk, it is an improvement over the existing system.

The report said that key activities in the development of CAPPS II have been delayed, mostly, because airlines concerned about privacy issues are reluctant to provide passenger data for testing purposes.

In addition, GAO said that TSA has not completed important system planning activities nor addressed most of the issues identified by Congress as key areas such as the database accuracy, protection from abuse and unauthorized access, and a process for passengers to appeal decisions and correct what they believe is erroneous information.

GAO said DHS officials generally agreed with recommendations made in the report to strengthen CAPPS II planning, mitigate program risks, provide greater oversight of the system's operations and use, and clarify passenger redress procedures.

Following are excerpts from the report:

(begin excerpt)

General Accounting Office


Key activities in the development of CAPPS II have been delayed, and TSA has not yet completed important system planning activities. Specifically, TSA is currently behind schedule in testing and developing initial increments of CAPPS II, due in large part to delays in obtaining passenger data needed for testing from air carriers because of privacy concerns. Initial operating capability -- the point at which the system will be ready to operate with one airline -- was originally scheduled to be completed in November 2003; however, TSA officials stated that initial operating capability has been delayed and its new completion date is unknown. TSA also has not yet established a complete plan identifying specific system functionality that will be delivered, the schedule for delivery, and the estimated costs throughout the system's development. Establishing such plans is critical to maintaining project focus and achieving intended system results. Project officials reported that they have developed cost and schedule plans for initial increments, but are unable to plan for future increments with any certainty due to testing delays.

As of January 1, 2004, TSA has not fully addressed seven of the eight CAPPS II issues identified by the Congress as key areas of interest, due in part to the early stage of the system's development. These issues relate to (1) the effective management and monitoring of the system's development and operation and (2) the public's acceptance of the system through the protection of passengers' privacy and enabling passengers to seek redress when errors occur. The Department of Homeland Security (DHS) has addressed one of the eight issues by establishing an internal oversight board to review the development of major DHS systems, including CAPPS II. DHS and TSA are taking steps to address the remaining seven issues, however, they have not yet

-- determined and verified the accuracy of the databases to be used by CAPPS II,
-- stress tested and demonstrated the accuracy and effectiveness of all search tools to be used by CAPPS II,
-- completed a security plan to reduce opportunities for abuse and protect the system from unauthorized access,
-- adopted policies to establish effective oversight of the use and operation of the system,
-- identified and addressed all privacy concerns, and
-- developed and documented a process under which passengers impacted by CAPPS II can appeal decisions and correct erroneous information.

In addition to facing developmental, operational, and public acceptance challenges related to the key areas of interest of the Congress, CAPPS II also faces a number of additional challenges that may impede its success. These challenges are developing the international cooperation needed to obtain passenger data, managing the expansion of the program's mission beyond its original purpose, and ensuring that identity theft-in which an individual poses as and uses information of another individual-cannot be used to negate the security benefits of the system. We believe that these issues, if not resolved, pose major risks to the successful development, implementation, and operation of CAPPS II.

In order to address the shortcomings we have identified, we are making a number of recommendations to the Secretary of Homeland Security to strengthen CAPPS II project planning, develop plans to mitigate program risks, provide greater oversight of CAPPS II operations and use, and clarify passenger redress procedures.

We provided a draft of this report to DHS for its review and comment. In commenting on the draft report, the department generally concurred with the report and its recommendations, but expressed some concerns with the draft report's presentation of CAPPS II progress, international cooperation, and mission expansion. We considered the department's comments in finalizing the report, and made revisions where appropriate.

International Cooperation

For CAPPS II to operate fully and effectively, it needs data not only on U.S. citizens who are passengers on flights of domestic origin, but also on foreign nationals on domestic flights and on flights to the United States originating in other countries. This information is critical to achieving the program's objective of reducing the risk of foreign terrorism and helping to avoid events like those of September 11, 2001. Moreover, as evidenced by the cancellation for security reasons of several flights to the United States from December 2003 through February 2004, the use of commercial aircraft originating in foreign countries may be the means terrorists choose to use to attempt future attacks.

To prescreen passengers on flights originating in foreign countries requires that CAPPS II obtain Passenger Name Record data on passengers from foreign countries, flying on foreign airlines, or purchasing tickets through foreign sources. However, obtaining international cooperation for access to this data remains a substantial challenge. The European Union, in particular, has objected to its citizens' data being used by CAPPS II, whether a citizen of a European Union country flies on a U.S. carrier or an air carrier under another country's flag. The European Union has asserted that using such data is not in compliance with its privacy directive and violates the civil liberties and privacy rights of its citizens. Its position extends not only to international flights to the United States, but also to U.S. domestic flights that carry citizens of European Union countries.

DHS and European Union officials are in the process of finalizing an understanding regarding the transfer of passenger data for use by the Bureau of Customs and Border Protection for preventing and combating (1) terrorism and related crimes; (2) other serious crimes, including organized crime, that are transnational in nature; and (3) flight from warrants or custody for these crimes. However, this understanding does not permit the passenger data to be used by TSA in the operation of CAPPS II but does allow for the data to be used for testing purposes. According to a December 16, 2003, report from the Commission of European Communities, the European Union will not be in a position to agree to the use of its citizens' passenger data for CAPPS II until internal U.S. processes have been completed and it is clear that the U.S. Congress's privacy concerns have been resolved. The Commission stated that it would discuss the use of European Union citizen passenger data in a second, later round of discussions.

TSA officials stated that in the short term, the lack of data on non-U.S. citizens could potentially affect the implementation of the system's initial operating capabilities. Moreover, officials stated that in the longer term, an inability to obtain data on non-U.S. citizens would hamper the effectiveness of the system. Without data on foreign nationals traveling to, from, and within the United States, CAPPS II would be unable to assess the threat posed by all individuals or by a group of passengers on a single flight, thus compromising the full capabilities and effectiveness of CAPPS II.

(end excerpt)