Friday, 7 November 2003
TSA lies to Congress about CAPPS-II
Testifying at a hearing on aviation security Wednesday before the U.S. Committee on Commerce, Science, and Transportation, Transportation Security Administration (TSA) Deputy Administrator Stephen McHale repeated the same tired lies about CAPPS-II that the TSA has been telling for months.
I found McHale's prepared testimony on the State Department public relations Web site. It's odd that they think it would make effective propaganda, especially abroad. His responses to Senators' reportedly extensive questions may not not be available online for some time (let me know if you find them).
- McHale testified, "CAPPS II will ... us[e] information provided by passengers during the reservation process -- including name, date of birth, home address and home phone number." But the first time CAPPS-II concepts were tested by the Department of Transportation with real reservation data, before the TSA was even created, they learned that none of these 4 items are necessarily included in reservations. And my comments to the DOT and DHS/TSA should have made clear -- if they read them, as McHale claimed they were "in the process of reviewing the many comments" they received -- that data in reservations are rarely provided by passengers, but are provided primarily by third parties and intermediaries (travelling companions, travel agents, and so forth).
- McHale said that under CAPPS-II, "The "risk score" includes an "authentication score" provided by running passenger name record (PNR) data..." But the TSA has known for many months that the specific data it has requested (and which McHale had just listed) aren't in PNR's at all; indeed, current PNR data structures don't even provide fields for them, if someone wanted to try to enter them.
- McHale described the current CAPPS (CAPPS 1) airline passenger profiling and selection system as "airline-controlled". In fact, airlines are required by a (secret) government security directive to use a specific, government-supplied algorithm and "watch lists". Airlines are expressly forbidden from exercising any control over the profiling and selection criteria. Airlines themselves have publicly contradicted McHale's lie on this point. For example, in reponse to a racial profiling lawsuit filed earlier this week against Southwest Airlines by a University of Wisconsin business professor, the campus newspaper reported that, "The attorneys [for Southwest] interviewed the Southwest personnel involved in the incident and concluded the guards did not choose Mohammed independent of the technology... "In this case, what we believe is that Southwest personnel did not select Mohammed for specific screening, and it was done by CAPPS computers." "
- McHale told the Senators, "We are committed to continuous testing, evaluation and assessment of the system that is designed to ensure compliance with privacy policies -- by our own experts, independent overseers, and the public." I guess that's why they have proposed to exempt the system from the Privacy Act, have failed to meet deadlines for responding to Freedom Of Information Act requests, and have forced public interest groups to sue to compel even minimal compliance with FOIA requirements for public access to the information required for independent or public evaluation, assessment, and oversight.
- McHale claimed that, "CAPPS II would not retain data on U.S. passengers who are permitted to fly.... Information would not be kept after completion of the traveler's reserved itinerary, apart from a necessary audit trail that would not be searchable by passenger name or other personal identifier." This is by far the most categorical and significant of his, and the TSA's, ongoing campaign of lies. No current USA law, nothing in the CAPPS-II proposal, and no other proposal yet suggested by the TSA, the DHS or its Chief Privacy Officer, or the DOT (which still regulates the CRS's that store most reservation data), would place any restrictions whatsoever on the ability of CRS's, travel agencies, airlines, or anyone else to keep the data collected for CAPPPS-II (under government mandate) for as long as they like, to use it for anything they like, or to sell, rent, or disclose it to whomever they please, without notice or consent from travellers or anyone else. And the DHS/TSA have repeatedly rebuffed requests from the European Union that they adopt such retention and usage restrictions as the preconditon to transfers of data from the EU for use in the CAPPS-II system.
The last time I checked, lying to Congress was still a crime, especially when done by government employees, under oath, with intent to defraud.
There's also a lengthy story about the hearing and related developments in the San Francisco Chronicle . Particularly noteworthy is the strength and unanimity of opposition from international airlines to police state measures by the USA government that are likely to reduce foreign visitorship to the USA . According to the Chronicle story:
Link | Posted by Edward on Friday, 7 November 2003, 07:24 ( 7:24 AM)
Spokesmen for several European airlines refused to speak on the record about CAPPS II, but said their carriers have not been consulted in formulating the regulations. "The Bush administration says, 'This is what you guys are going to do.' We don't have any input,'' said the communications director for a major European carrier.... "There should be a sign in every American airport that says, 'Welcome to the United States, you're under arrest,' '' said a spokesman for a major Asian airline who asked for anonymity.