Shaken by data dishonesty at Northwest Airlines and a burglary at ARC, corporate travel buyers are disturbed by the U.S. Department of Homeland Security's planned revision this spring of the computer assisted passenger prescreening system.
Meanwhile, the bipartisan commission investigating the Sept. 11, 2001, events that initiated CAPPS II is questioning the efficacy of passenger screening.
According to results of a poll last week by the Association of Corporate Travel Executives, 129 of 150 corporate buyer members "support the concept of a passenger screening process, but not this one, as it leaves too many questions unanswered." Only 6 percent agreed that CAPPS II "will get the job done and needs to be implemented."
ACTE respondents want to know how verified passengers will be removed from the CAPPS II "suspect" list, how misidentified passengers will be reconciled at the airport and which offenses could trigger "high risk" status or arrest. Those polled said ACTE should study the cost of CAPPS II-related delays and missed flights. Yet, DHS estimates that only up to 5 percent of passengers will be subjected to secondary screening, down from 15 percent today.
The Business Travel Coalition last week sent a letter signed by more than 30 corporate travel buyers to the Senate Commerce and the House Transportation and Infrastructure committees urging "hearings on CAPPS II and the growing data privacy problems." The National Business Travel Association is studying CAPPS II and plans to release a white paper by May.
Dozens of corporate buyers speaking with BTN in recent weeks expect CAPPS II to offer a number of challenges this year. Although many said travelers are not asking much about it, buyers expect to be hit with questions ranging from how to avoid secondary screening—which DHS has said could be augmented by some sort of registered traveler program—to whether travelers' political beliefs, credit histories or racial profiles will impact their status.
The Bush Administration said it intends to collect from passenger name records travelers' full names, addresses, phone numbers and dates of birth. In partnership with Lockheed Martin Management and Data Systems, DHS is developing a system that it claimed will require five seconds to confirm the passenger's identity by comparing it with commercial databases from Acxiom Corp. and others, and then assessing risk by matching it with federal databases.
DHS deputy secretary James Loy on Jan. 27 noted that "an outstanding warrant for violent criminal behavior" or other "known or suspected threats" would result in a rating of high risk. "CAPPS II will be a threat-based system under the direct control of the federal government and will represent a major improvement over the current CAPPS system where information is decentralized and under the control of airlines," according to Loy.
CAPPS I actually fingered about half of the hijackers, according to a statement last month by the National Commission on Terrorist Attacks Upon the United States, but passenger screening "was irrelevant to defeating the plot," as post-screening procedures were not then designed to stop airliners from being used as missiles. In a preliminary report based on several months' testimony and research, the bipartisan commission—also known as the 9/11 Commission—said the 19 hijackers exploited tolerance of small weapons in carry-on luggage and inflight security procedures that taught crew members to work with hijackers rather than fight them.
Inflight crew clearly have a new appreciation of what hijackers can do, and last April the Transportation Security Administration announced that 10,000 aircraft had been equipped with ballistic-resistant, hardened cockpit doors.
"Had the consequences of being a 'selectee' under the passenger prescreening program, as nine of the terrorists were, required a more intense screening of the selectee—as had been the case before the prescreening system was computerized in 1998—the system would have stood a better chance of detecting the prohibited item, possibly depriving the terrorists of an important weapon," reported the 9/11 Commission, which is headed by former New Jersey governor Thomas Kean. "Was it wise to ease the consequences of being a prescreening selectee at a time when the U.S. government perceived a rising terrorist threat, including domestically, and when the limits of detection technology and shortcomings of checkpoint screening efficacy were well known?"
The 9/11 Commission has "presented only a small part of what we have learned" and late last month requested a two-month extension, to July 26, of the deadline for its final report. The White House late last week acceded to the extension after initially opposing it.
After it addresses data privacy concerns through ongoing discussions with airlines and privacy advocates, DHS plans to test CAPPS II in "late spring" and phase in implementation this summer, said the spokesperson. It intends to create a Passenger Advocate's Office to aid those who believe they have been incorrectly singled out for extra screening. "For the vast majority of passengers, the information will be discarded within a few days," TSA said last year. "CAPPS II will not use bank, creditworthiness or medical records."
Further seeking to allay privacy concerns, Loy last month told the 9/11 Commission that "CAPPS II will not bring any information found in the commercial databases into the government's system. CAPPS II is being designed and will be built with the explicit requirement that privacy protection not become a cost of increased aviation security. CAPPS II is undergoing a rigorous course of testing and will not be implemented until it has successfully passed this test phase."
In addition to considering issues that are more personal for travelers, travel buyers need to assess what effect the new security measures could have on company productivity. Accuracy in traveler profiles may never have been more vital, since inconsistencies could give airport screeners reason to hold back travelers and their business.
Regarding the registered traveler concept, a DHS spokesperson last week said most details are to be determined. "There are some assumptions that have been voiced, and I won't dispell them," he said. "The general concept is that it would be opt in, possibly fee-based and would require an ID card that probably would contain a biometric identifier and an expiring term."
After hearing a presentation in Texas by a local TSA representative, Lyondell Chemical global corporate travel manager Bonner Fulenwider was receptive to the idea. "Participants still would have to go through metal detectors once, but they would not be subjected to a second random screening," Fulenwider said. "I'm pretty sure our company would reimburse travelers to become certified."
Buyers are trying to get answers before their senior management and travelers begin asking questions. Sources said many of their partners in the vendor community feel no better informed.
"Our security officer is really interested, so now I'm the 'let me know what you find out guy,' " said one corporate travel manager, mulling whether companies helping to register their travelers could amount to vouching for them. "We just don't have it on the corporate agenda to protect travelers in terms of knowing what people do outside their job."
A procurement manager asked, "When does trusted traveler become trusted terrorist?"
"Big Brother, right or wrong, is watching a little closer," said National Semiconductor senior travel services purchasing manager Mark Vilcsek. "Everyone's cutting a lot of slack, and it's tolerable to a lot of us. There's not a lot of pushback."
"The whole CAPPS II thing is a concern of mine," said Cadence Systems global travel manager Marcia Saurman, who noted she has "little confidence" in the management of data privacy by TSA.
Although travel managers are showing a healthy range of opinion on the struggles among security, individual liberties and company objectives, they're nearly unanimous in not taking kindly to duplicity. Eighty percent of 45 corporate travel and purchasing managers said they were at least somewhat concerned about Northwest Airlines' "handling of this entire data privacy issue with NASA so far," according to the BTC poll. Half said they were "extremely concerned" about the incident
(BTNonline, Jan. 21), in which Northwest last month was forced to admit it sent PNRs in September 2001 to NASA, contradicting its own statement at the time.
Eighty-four percent of ACTE respondents agreed that sharing confidential passenger data with "government contractors and NASA" made them "question the way company data could be handled or protected."