Wednesday, 28 January 2004

USA airlines ask Congress to merge US-VISIT and CAPPS-II

James May, President and CEO of the Air Transport Association, the trade association of USA-based airlines, told a very different story to Congress today than had been suggested by ATA press statements following last week's ATA meeting with the USA Department of Homeland Security on the privacy of travel records.

Testifying at the House Homeland Security Subcommittee hearing I talked about in this space yesterday , May made no mention of privacy policies or practices, either on the part of airlines or the government. Nor did he suggest that government programs for access to reservation data should be postponed until such protocols could be developed or put in place.

Quite the contrary. USA airlines want the US-VISIT program, designed to facilitate the collections of lifetime biometric and biographic travel histories on visitors to the USA, deployed without delay:

We support DHS in its efforts to create and implement US-VISIT.... We believe it is critical that DHS adhere to the planned schedule for deploying US-VISIT.

The only objection to government surveillance of travellers that was voiced by May on behalf of the airlines was to the possibility that airlines might have to conduct this passenger surveillance at their own expense:

ATA opposes any requirement that airline staff collect the biometric data, either at the check-in counters or at the departure gates. Airline personnel should not be used as quasi-immigration officers.

On the other hand, airlines have indicated no objection to the government forcing travel agents -- the people who actual create most airline reservations -- to function as unpaid "Homeland Security" surveillance and data collection agents for CAPPS-II and other programs.

The airlines' real objection seems to be to having to bear the cost of US-VISIT or CAPPS-II, not on principle to collaborating in the creation of permanent dossiers on airlines' customers. Airlines want to do the latter, as long as the government reimburses their costs and they get to keep the additonal data for their own commercial purposes.

But USA government payments to USA-based airlines to offset "government-imposed security costs" are increasingly being viewed as a government subsidy to domestic airlines, since foreign airlines that serve the USA, and are subject to the same government requirements, aren't eligible for any of these funds.

For example, a 1 December 2003 policy paper from a coalition of European airline industry associations argued that:

Particular reference should be paid to the US, where US$5 billion in cash was granted to the country's air transport sector in 2001 and more than US$2.3 billion is being granted in 2003 to pay for security measures. The US air transport industry is clearly enjoying a competitive advantage vis-à-vis its European counterparts.

In the face of such objections from airlines serving the USA from abroad, the USA government will likely have to choose in the future to suspend reimbursement of security costs (losing the government the cooperation in security/surveillance schemes of USA-based airlines), include foreign airlines in the security-cost reimbursement program (increasing its cost by an order of magnitude), or face trade sanctions from the EU and elsewhere in retaliation for continued preferential security subsidies to domestic airlines.

As for the CAPPS-II program, which ATA members have claimed they would cooperate with only if ordered to do so by the goverment (although no airline has yet said they will try to contest such a legally questionable order), and which the government has claimed has absolutely nothing to do with US-VISIT, May quickly put the lie to all that:

The CAPPS II program ... may be adapted to also readily identify US-VISIT exiting passengers. We would urge that, as these programs develop, consideration be given to combining screening and exit processing.... We believe that the nation's interests will best be served by a seamless, fully integrated approach to passenger processing and screening.

That's a really bad idea that goes beyond anything the DHS has yet proposed, and would multiply the intrusiveness of both the CAPPS-II and US-VISIT programs.

US-VISIT is designed to facilitate the creation of a lifetime lifetime biographic and biometric travel history , stored in a DHS database, on each foreigner who has ever visited the USA. CAPPS-II would accomplish much the same thing for domestic travellers, forcing them identify themselves and provide additional information each time they travel to enable airlines and computerized reservation systems (CRS's) to index reservation records into lifetime travel histories.

Even if the government doesn't itself keep CAPPS-II records, it could get access to CRS archives whenever it likes: under the Patriot Act, travel records can be requisitioned with a "national security letter", without a warrant or subpoena or judicial review, and the recipient of such a letter can be forbidden to reveal that information has been given to the government. Denials by airlines, CRS's, or other travel companies that they have furnished passenger records to the government cannot be taken at face value, since under Patriot Act those denials could be government-ordered lies.

But integrating CAPPS-II with US-VISIT would make the process much easier by merging all four CRS's databases on travellers to, from, or within the USA with the US-VISIT database on travel by foreigners across US borders. (The Transportation Security Administration could still claim with a straight face that, "The TSA does not retain CAPPS-II data," since US-VISIT records are stored by a different division of the DHS.) The result would be a single comprehensive archive, in government hands, of lifetime records of the movements of everyone, foreigner or citizen, who has ever taken an airplane flight touching the USA, or crossed the USA border.

Also at today's US-VISIT hearing, Assistant Secretary of State Maura Harty boasted of the success of USA lobbying for an international agreement on remotely-readable RFID biometric passports:

We are also undertaking a massive effort to introduce embedded biometrics into the U.S. passport through the insertion of a contact-less chip, which will store biometric and biographic data including digital photos.... We recognize that convincing other nations to change and improve their passport requires U.S. leadership both at the International Civil Aviation Organization (ICAO) and practically by introducing these changes into the U.S. passport. Thus, the Department of State has underway a program that should result in the production of our first enhanced biometric passports using the ICAO standard of facial recognition techniques in October of this year and we plan to complete the transition to this new biometric passport by the end of calendar year 2005.... The U.S. has played a leadership role in ICAO working groups to advocate the successful inclusion of biometrics in travel documents.

It's clear from Harty's testimony that the USA is treating ICAO's decision as a fait accompli , despite the fact that the proposed RFID biometric passport standard isn't actually scheduled to be decided until the next meeting of the ICAO working group, 22 March - 2 April 2004 in Cairo .

It's becoming increasing apparent that ICAO is on the verge of adopting an extraordinarily controversial item, without having involved the relevant stakeholders (e.g. travellers and consumer and privacy advocates) and without having given any serious consideration to its profound implications for privacy and civil liberties. ICAO needs to postpone its decision until after a full and open privacy impact assessment can be completed and its results considered in the debate.

Within the USA, similar arguments are being raised about the need to consider the privacy and civil liberties implications of government access and commercil sharing of travel records, as FoxNews.com reports in Massive Travel Database Raises Eyebrows . And Business Week's Jane Black endorses my call for Congressional hearings on the use of travel data, and enactment of a Federal travel privacy law, in her latest Privacy Matters column: The airline-data mess should be cleared up.... It's time to regulate travel data.

Link | Posted by Edward on Wednesday, 28 January 2004, 18:35 ( 6:35 PM) | TrackBack (0)
Comments
Post a comment









Save personal info as cookie?