The Transportation Security Administration yesterday announced a proposed mandate for domestic carriers to provide passenger name record data from June as part of testing for the Secure Flight program--a modified version of the scrapped second-generation computer assisted passenger prescreening system. As TSA revives its prescreening system, critics are reviving concerns.
If the proposal moves forward, U.S. airlines by late-October are expected to begin passing along such data, upon which the government will start testing the Secure Flight system "at full load and full speed," TSA said. In the meantime, TSA for a 30-day period will solicit comments from the public on the proposal.
TSA is delivering on its promise made late last month that within the next 30 to 60 days it would begin checking up to 2 million daily airline passenger names against terrorist watch lists
(BTN, Aug. 27). TSA will compare airline PNR data--which could include passenger names, flight information, addresses, telephone numbers and meal orders--to a database controlled by the Terrorist Screening Center, which was launched last year.
While privacy and operational concerns were crucial to the capsizing of CAPPS II, TSA is adamant on the new system's sensitivity to such issues. "The system is designed around a core of privacy statutes, regulations and U.S. Department of Homeland Security policy," TSA said. However, such critics as the Business Travel Coalition and the American Civil Liberties Union said the new system renews the problems of CAPPS II, as others note many questions remain unanswered.
"We want to know about the reconciliation process, the restitution process and the likely cost-impact to business, in comparison with the level of protection this new program is expected to provide," said Association of Corporate Travel Executives executive director Nancy Holtzman. "TSA would be wise to come out of the gate with all of the proposed processes intact and ready to go."
"To me, this is CAPPS III," said BTC chairman Kevin Mitchell. "You can call this whatever you want, but it's still a replacement for the original CAPPS." Mitchell noted a General Accountability Office report released in March that outlined criteria for the deployment of CAPPS II and urged the government to apply the same standards to the new system.
At that time, GAO said the only issue fully addressed by TSA was the establishment of an "internal oversight board" to review CAPPS II. "However, concerns exist regarding the timeliness of the board's future reviews," GAO noted. "Other issues, including ensuring the accuracy of data used by CAPPS II, stress testing, preventing unauthorized access to the system and resolving privacy concerns have not been completely addressed, due, in part, to the early stage of the system's development
(BTN, March 15)."
ACLU and the National Business Travel Association also are urging congress to push GAO for a similar evaluation. "Congress needs to step in and require the Government Accountability Office to perform the same objective evaluation of this program--looking at both its effectiveness and its impact on privacy--that it did for the CAPPS II program," said Barry Steinhardt, director of ACLU's technology and liberty project.
Mitchell added, "If they're going to get off on the right foot, they're going to have to be transparent and upfront from the get-go or people are going to have a jaundiced view almost immediately."
NBTA said TSA already is taking into account such concerns highlighted in the GAO report as enabling an outlet to clear misidentified passengers and "stress testing," among others. "The concerns that were raised throughout the CAPPS II program seem to have been heard and are being addressed," said NBTA spokesperson Caleb Tiller. "They're going about this in a much more productive way." NBTA said its data protection committee would continue to explore the new program as more details become available.
American Airlines
(BTN, April 12) and JetBlue Airways
(BTN, Oct. 6, 2003) previously acknowledged sending data to government contractors, and Northwest Airlines early this year was forced to admit it transmitted passenger information to NASA in September 2001
(BTN, Feb. 9). While these actions have spurred lawsuits, other major carriers in the past said they would not relinquish PNR data unless mandated by the government, which is expected to shield airlines from lawsuits.
Southwest Airlines today said, "Private customer information is something that Southwest has long held extremely close and reviews any request for information with that same filter. We're just going to have to see the final order if it gets to that point."
Meanwhile, American Airlines noted that it is within policy "to turn over any documents to TSA when ordered to do so by law or court order." Continental Airlines said it was too early to comment, and Northwest said it is "reviewing the matter with TSA." As of press time, other major carriers had yet to respond.