Transcript Research Issues in CAPPS II

CAPPS II:
CAPPS
II
A Case Study of Homeland
A Case
Study
in
Homeland
Security Computer
SecurityApplications
Use of Technology
Marcia Hofmann
Staff Counsel
Electronic Privacy Information Center
Computer Freedom & Privacy 2004
April 20, 2004
After 9/11, a New Mission
“We must prevent first, prosecute
second.”
-- Attorney General John Ashcroft
After the September 11, 2001 terrorist
attacks, the government made defense
of the United States the highest priority.
2
CAPPS I
• In use since 1998
• Run by airlines
• Checks passenger information against a
terrorist watch list
• Then checks passenger information
against CAPPS rules to identify terroristlike behavior
3
Aviation Security After 9/11
After 9/11, Congress demanded that a new,
more effective air passenger screening
program be developed to replace CAPPS.
The new program that the Transportation
Security Administration has designed is
called the second-generation Computer
Assisted Passenger Prescreening System, or
CAPPS II.
4
How CAPPS II Works
• A passenger provides her name, address,
phone number, and date of birth when
she makes a reservation to fly on an
airplane.
• This information is entered into her
Passenger Name Record, which also
includes information such as travel
itinerary and form of payment.
• The PNR is transmitted electronically to
TSA.
5
How CAPPS II Works
• Prior to the passenger’s flight, TSA
transmits the information to one or more
commercial data aggregators to verify the
passenger’s identity.
• The data aggregator(s) generate an score
indicating the likelihood that the
passenger-provided data are authentic,
which is sent back to TSA.
6
How CAPPS II Works
• Then TSA conducts risk assessments
using government databases, including
classified and intelligence data, to
determine the passenger’s likelihood of
being a threat to security.
• When the passenger checks in for her
flight, TSA transmits her risk category to
the check-in counter, which will
determine the level of security she
encounters.
7
The Program’s Status
•Congress is withholding funding until its
concerns are addressed.
•The General Accounting Office determined
in February that seven of eight key
concerns still remain.
•Congress is considering the next step.
8
Issues That Need To Be
Addressed
• Incomplete
planning
• Effectiveness
• Accuracy
• Security
• Privacy
• Redress
• Function Creep
9
Incomplete Planning
• TSA has yet to identify the specific
system functionality to be developed, its
schedule for completion, or its cost
throughout development.
• The agency also has not finalized policies
concerning security, oversight,
compliance with law, and redress.
10
Effectiveness
Early increments of CAPPS II have not
been stress tested to assess the
effectiveness of the system or its
components.
TSA reports that it has been unable to
obtain actual passenger data to test
CAPPS II, though a recent statement by
one airline indicates this may not be
accurate.
11
Accuracy
• TSA has not found a way to determine the
error rate of the commercial and
government databases that will be used
by CAPPS II.
• TSA has also not found a way to mitigate
data errors.
12
Security Safeguards
• TSA has not yet developed a security
policy to address system, personnel, and
physical security controls.
• TSA has not identified or assessed
information security risks associated with
CAPPS II.
• There are no operational controls to
protect against unauthorized access and
misuse.
13
Privacy Safeguards
TSA exempted CAPPS II from numerous legal
requirements of the Privacy Act, including:
• Collection only of information that is
“necessary and relevant”
• Right of the individual to access
information
• Right of the individual to correct
inaccurate information
14
Privacy Safeguards
• No privacy impact assessment has been
finalized as required by the EGovernment Act of 2002.
• TSA has appointed a Privacy Officer and
established an internal oversight board.
However, the program lacks independent
oversight.
15
Redress
TSA is developing a redress process for
individuals adversely affected by CAPPS
II. However, the process is highly
discretionary and does not provide any
right to judicial review as required by the
Privacy Act.
16
Function Creep
“[A]t the moment we are charged with
finding in the aviation sector foreign
terrorists or those associated with
foreign terrorists and keep[ing] them off
airplanes. That is our very limited goal at
the moment.”
--TSA Administrator Admiral James Loy,
May 2003
17
Function Creep
By August 2003, CAPPS II was expanded
to include analysis of information
regarding persons with outstanding state
or federal arrest warrants for crimes of
violence.
It was also announced that CAPPS II
would be linked with US-VISIT, which is
intended to track visitors’ entry to and
exit from the US.
18
Challenges
• The system’s changing goals
• Responsible use of private and public
sector data
• Need for secrecy vs. rights of individuals
in their information
19