Wednesday, 17 March 2004

Congress to hear today from opponents of CAPPS-II

Testimony prepared for today's Congressional hearing on the status of the CAPPS-II airline passenger profiling and monitoring system reveals increasing unity of opposition from business travellers and organizations, and continued hypocrisy by the airlines with respect to prtecting travellers' privacy.

In a series of articles this week here and here and here , Business Travel News reports how organizations representing business travellers and the travel companies that serve them -- including the Business Travel Coalition (BTC), the Association of Corporate Travel Executives (ACTE), and the Travel Business Roundtable (TBR) -- have all been vying for the leading role as spokespeople for their members' and constituents' objections to CAPPS-II.

In addiiton to business critics of CAPPS-II, the House Transportation and Infrastructure Committee's Subcommittee on Aviation is also scheduled to hear testimony from the Electronic Privacy Information Center (EPIC) on behalf of privacy advocates.

The BTC, which will be represented at today's hearing by Executive Director Kevin Mitchell, is joined by several of the leading European business travel organizations in its prepared testimony against CAPPS-II. With respect to CAPPS-II implementation costs, the BTC says that, "Firms in the travel industry distribution business face unknowable costs at this time to reconfigure their systems in accordance with the requirements of a CAPPS II."

I'm at the Eye For Travel conference of travel distribution executives this week near Los Angeles. No one I've talked to here likes CAPPS-II, but few are prepared to say so publicly, and none have been given any clear guidance as to what the government plans to require them to do, what it will cost, or who is expected to pay for it.

Although they aren't scheduled to testify in person at today's hearing, ACTE has submitted written testimony against CAPPS-II including "a highly conservative estimate that gives CAPPS II the benefit of the doubt" that it would cost US$2 billion per year in additional travel expenses, plus additional costs of lost business, just from delays to business travellers. (That's in addition to the direct costs of CAPPS-II implementation for the travel industry, which I've estimated as likely to exceed US$1 billion.)

The TBR has released a broader white paper on the excessive and unnecessary burden of a wide range of "Homeland Security" measures, not just CAPPS-II.

The testimony of the Air Transport Association (ATA) -- the lobbying association for USA-based airlines -- is less forthright, according to advance reports on what ATA plans to say.

Reportedly, ATA plans to tell Congress that CAPPS-II shouldn't be implemented unless and until the government agrees to respect a set of minimal privacy principles for what travel data it will use, and how.

That's good, as far as it goes, and certainly reflects the collective recognition by airlines -- even those in the USA (Congress hasn't sought testimony from the worldwide airline organization IATA, which would likely be much more critical of CAPPS-II) -- that their customers do care about the privacy of the information about them contained in their reservations -- notwithstanding absurd denials like the recent one from Northwest Airlines.

But the airlines themselves have never respected any of the privacy principles that they are proposing be applied to government use of reservation data. If, as it should, Congress acts on what it hears today, and has been hearing for months, by enacting privacy legislation governing travel data, it needs to subject airlines and other travel companies, especially the computerized reservations systems, to the same standards as the government.

If airlines and other travel companies aren't included in any new Federal travel privacy rules or legislation, those rules will provide no effective protection for travellers' privacy.

For example, ATA argues (rightly) that the government shouldn't be allowed to retain the details of your reservations once your trip is completed. But such a restriction would be meaningless if the airlines were allowed (as they now are) both to retain those records indefinitely (as they now do) and to provide them to the government any time the government asks for them (as the jetBlue Airways and Northwest Airlines incidents make clear that they have done, and as they can be required to do, without warrant, notice, or prior opportunity for judicial review, under the Patriot Act).

The most dangerous and privacy invasive element of the current CAPPS-II (CAPPS 2.1) proposal is its requirement that all airline passengers have reservations (effectively outlawing unreserved travel and invalidating "open" tickets) containing specific new data -- never required, not provided for in reservation standards, and not usually entered at all -- for each prospective traveller.

The government claims (perhaps truthfully, though they've been too secretive for outsiders to tell) that its intent in requiring this additional information in reservations, and in proposing to require proof of identity from each travellers (in a form as yet unspecified -- current evidence-of-ID requirements are imposed by airlines, not the government, and are impermissibly vague for a government regulation) is to facilitate verification of each traveller's identity.

But the more significant consequence of requiring both this additional identifying information in reservations, and production credentials (a de facto national travel ID card) by travellers, will be to enable airlines, other travel companies (especially the CRS's which host most reservation databases), and the government to ndex previously discrete reservation records (PNR's from separate trips into lifetime travel histories for each traveller.

Those travel histories -- to be merged with, among other databases, the lifetime biographic and biometric border crossing histories from the US-VISIT program -- would be subject, in the current absence of travel privacy law in the USA, to a wide variety of potential future uses and abuses, both by diverse government agencies and by all sorts of travel and other commercial entities.

But ATA's only reported objection is that the travel agencies who make 75% of all reservations -- not the airlines -- should be required to bear the cost of collecting and entering this additional information.

As long as someone else (travellers, ultimately, through costs passed on in higher ticket prices and/or service fees) will have to pay to collect and enter this data, and as long as the airlines themselves will be under no constraints in their ability to retain, mine, use, sell, or rent this data for their own profit, they have no objection per se to doing whatever is necessary to enable individual airline reservations to be indexed into dossiers of each traveller's movements by air throughout their lifetime.

So much for airlines' phony claims to be looking out for their passengers' privacy.

Link | Posted by Edward on Wednesday, 17 March 2004, 07:12 ( 7:12 AM) | TrackBack (0)
Comments
Post a comment









Save personal info as cookie?