Wednesday, 11 February 2004
AP, UPI say the GAO will give "thumbs down" on CAPPS-II
A draft of the forthcoming General Accounting Office (GAO) report on CAPPS-II obtained by the Associated Press and UPI reportedly says that the Transportation Security Administration (TSA) has failed to meet seven of the eight tests (see section 519) specified by Congress last fall as the prerequisites for any further spending on CAPPS-II, "except on a test basis".
Unless President Bush disregards the Congressional mandate, as he threatened when he signed the law requiring the GAO audit and restricting CAPPS-II spending, or unless Congress changes its mind, CAPPS-II deployment will be a dead issue as soon as the GAO report is formally submitted to Congress this Friday.
Congressional concern about the surveillance and monitoring of travellers, the privacy of travel records, and the "sharing" of travel data, has been focused -- quite properly -- on CAPPS-II. With the release of the GAO's failing report card, it's time for Congress to put a stake through the heart of CAPPS-II.
Congress should, of course, move promptly to block any resumption of wasteful and privacy-invasive tests of CAPPS-II (currently suspended pending talks with Canada on the protection of personal information collected in Canada and included in reservations to be used in the tests).
But it's also time for Congress to move forward on the underlying, and larger, issues.
As I discuss in What's wrong with CAPPS-II? And what should be done about it?, Congress should now:
- Investigate and hold public hearings on the privacy and personal information handling and usage practices of the travel industry, including what really happened with the jetBlue Airways and Northwest Airlines passenger records and the role of government agencies and corporations including the DHS/TSA, DOT, NASA, the military, Torch Concepts, SRS Technologies, Acxiom, other airlines, and the CRS's/GDS's.
- Enact a comprehensive consumer privacy law (which I would suggest be modeled on the successful Canadian example) requiring fair information practices in the handling of personal information -- including travel records -- by both government agencies and private companies. At a minimum, Congress should enact travel data privacy rules (focused on the CRS's/GDS's as the principal repositories of travel records) giving travel data as least as much protection as is currently given to medical and financial data.