One of the major surveillance battles the ACLU fought in the years after 9/11 was over a Bush administration proposal known as the Computer Assisted Passenger Pre-screening System II, or CAPPS II. Under this scheme as initially proposed, the government would have tapped into commercial data sources to perform background checks on the 100 million Americans who fly each year, and build a profile of those individuals in order to determine their "risk" to airline safety. After a battle that lasted approximately five years, the government abandoned this concept, which was impractical, unwise, and unlikely to be effective — and would set the government on the road of engaging in radically new level of intrusions into the private lives of individuals.
The New York Times reports today that this concept is back from the dead.
According to the Times, support is growing within the Transportation Security Administration (TSA) and within "several industry organizations" for the notion that the government should "divide travelers into three groups — trusted, regular or risky — and apply different screening techniques based on what is known about the passengers." The Times also reports renewed support for the related by distinct concept of creating a "Trusted Traveler" system.
The Times piece shows no evidence that either the reporter or TSA Director John Pistole is aware of the long history of the passenger profiling concept and the profound problems it faces, not only from a privacy and civil liberties perspective, but also from a practical one.
On our old page on the CAPPS II proposal you can find a record of sorts of the long, long battle that we and other advocates fought over CAPPS II, including these pieces on the Problems with CAPPS II and the Problems with Secure Flight. Most of these problems would apply equally to the passenger profiling scheme apparently being (re)considered today.
The CAPPS II program was beset by problems and delays from when it was first announced in early 2002, until 2007 when the program (which along the way was renamed Secure Flight) was scaled back to a system that consisted only of watch list checks (problematic though they are). I wrote up a timeline of the program for this 2006 report — skimming it provides a quick introduction to just how riddled with problems this program was. In addition to bureaucratic indecision and incompetence, and the opposition of Americans concerned about an unprecedented new government intrusions into citizens' lives, the protracted difficulties experienced by the CAPPS II program reflected genuinely knotty problems with the very concept of this kind of system.In a democratic society, attempts to carry out background checks and make judgments about individuals' supposed "danger to aviation" simply introduced too many dilemmas. For example:
- What criteria would be used to sort the population by dangerousness? Early TSA proposals spoke about measuring the extent to which an individual was "rooted in their community." But African-Americans and Hispanics tend to move more often than non-Hispanic whites, which would mean the program would have a seriously discriminatory impact.
- Would the criteria be made public? If so, they could be gamed by a terrorist. But if the algorithm is a black box, the criteria might be unfair, arbitrary, and discriminatory, and at odds with democratic values, and there would be no checks or balances.
- What data sources would be used to make such a judgment? CAPPS II as originally proposed would have relied upon commercial data sources — not only putting the government into the business of collecting seriously detailed information about the lives of its citizens, but also exposing Americans to the significant inaccuracies that commercial data companies are known for.
- How much data is enough? Just how much data would these "risk assessments" be based on? Our strong suspicion is that however much the government collected for this purpose, it would never be enough. The New York Times suggests that the current thinking is that it would be "data that the government and the airlines are already collecting about passengers." That would suggest that it is passenger travel records. These records, known as PNR, can reveal a lot of private information about a person (details). But what kind of security judgment can one make from that? The danger is that once this system is in place, the stage will be set for the government to demand access to more and more personal information about Americans to make ever-more refined judgments.
- What kinds of security would be applied to the trusted, the less-trusted, and the suspected groups? Would those in the trusted category get less scrutiny than is normal today? If so, such a "get out of security free" card would open up a new security vulnerability. Or would new security measures simply be imposed on the other two groups — and if so, where would the resources and time for those extra searches be found?
- What kind of redress process would be in place for those unhappy at receiving a label of "untrusted" by their own government? For anyone who might have confidence that the government would handle this well, I have just two words for you: watch lists.
- How effective will the system even be? How likely is it that this rough population-sort will stop a terrorist? In addition, even a known, wanted terrorist could sail right through security simply by obtaining a false driver's license or passport.
The "Registered Traveler" concept, which has been tried in several airports already over the years, largely unsuccessfully, is also rife with problems and unanswered questions, as I wrote about in this piece. Central among them is, who gets approved and who gets denied "trusted" status, and on what basis, and with what recourse for those who are denied? And, will it really improve our security?
All of these issues were confronted by the Bush administration when they tried to push through CAPPS II after 9/11. Ultimately, they were too much. Hopefully those who are thinking about reviving this concept will realize the profound problems it faces, and we can finally drive a stake through the heart of this threat to our privacy.