Passenger Screening, Take 10 By Ryan Singel Story location: http://www.wired.com/news/privacy/0,1848,66433,00.html
02:00 AM Jan. 31, 2005 PT A controversial and much-delayed upgrade of the current airline passenger-screening system has gained new momentum, as officials have started testing the newly centralized computer system using real passenger data and are looking to see if commercial databases can help verify passengers' identification. Currently, airline passengers are screened by individual airlines, which select passengers for extra screening or rejection based on whether a person's name matches or approximates those on government watch lists. Passengers who fly one-way or pay with cash are also more likely to be patted down and searched. The Transportation Security Administration wants to centralize the process, using a system now called Secure Flight. Under the proposal, airlines will have to provide data dumps to the agency, which will use an expanded, unified watch list run by the Terrorist Screening Center to flag potential threats. Homeland Security officials hope law enforcement and intelligence groups will add more data to the watch list if they are assured the information will not be provided to private companies. That matching process is currently being tested with millions of passenger records, which the Transportation Security Administration ordered airlines to turn over in November. The TSA further wants to test whether the information passengers provide to airlines can be verified using massive commercial databases run by companies such as LexisNexis and Acxiom. The TSA will award contracts to private companies for testing Feb. 22. An earlier proposed upgrade, known as CAPPS II, drew intense criticism from privacy groups and Congress, in part for its reliance on commercial databases and algorithms to compute a passenger's threat level. Privacy activists, such as security consultant Richard M. Smith, argue those databases, which are used for direct marketing and fraud investigations, are inaccurate and that relying on them could lead to trouble for those whose data is outdated or for students or poor people who don't have much of a "data footprint." Smith, who just moved, has started getting junk mail intended for a man named Quincy Smith and vice versa, which he attributes to an error in the Postal Service's change-of-address database, which data aggregators use to harvest addresses. In a letter to Quincy Smith, Richard worries about how this could affect him: "We don't know each other, but we are now linked permanently in direct-marketing databases. I hope you are not a terrorist or associate with known terrorists. Otherwise, airplane travel is going to become a major hassle for my family and I." Even though the TSA is relying on private databases for identity verification, not to decide if someone might be a terrorist, Chris Hoofnagle of the Electronic Privacy Information Center argues officials should not authorize these databases to be used for airline security, regardless of the outcomes of the test. "These databases are only accurate enough for targeting of junk mail," Hoofnagle said. "That's what they are for." In the 1990s, the Direct Marketing Association promised it would not market its services to law enforcement since that would harm the direct-marketing industry, according to Hoofnagle. "Where are those promises today?" Hoofnagle asked. EPIC also just posted documents (.pdf) obtained through the Freedom of Information Act showing that Acxiom lobbied the Justice Department after the Sept. 11 attacks to radically reduce federal privacy protections so it could build an identity-verification tool. Congress has also expressed its concern over the use of such databases and has barred the TSA from even testing the use of commercial databases until the Government Accountability Office certifies the agency has strong privacy policies in place. That report is due in March, but the TSA's bidding process indicates that the agency thinks it will get a green light from the GAO sooner than that. Secure Flight also gained some momentum from a recent announcement that President Bush is nominating a former Department of Transportation official named Michael Jackson to be the second-in-command at Homeland Security. Jackson is a widely respected manager who initiated the CAPPS II project but left the government just as Homeland Security officials announced they would use it to search for those with warrants out for their arrest. Privacy advocates decried the "mission creep." According to an account in Washington Post reporter Robert O'Harrow's book No Place to Hide, Jackson unsuccessfully attempted in a last-minute trip to the White House to convince officials not to use the system for purposes other than aviation safety. The TSA hopes to roll out the system in increments this year, but first has to mollify congressional critics who mandated an audit into the program's effectiveness and intrusiveness before it can be deployed. In a similar audit last year, the GAO failed the program on seven of its eight criteria. The TSA did not return a request for comment by press time. End of story You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
