Tuesday, 17 February 2004
Call for Congressional hearings on CAPPS-II and travel privacy
A coalition of privacy groups from across the political spectrum today jointly called on Congress to hold hearings on "on the threat to privacy and civil liberties posed by government collection and use of airline passenger name records (PNRs)."
In a letter sent to the Chairperson and Ranking Minority Member of the House Committee on Transportation and Infrastructure, the privacy coalition says:
We are particularly concerned about the Computer Assisted Passenger Prescreening System (CAPPS II) being developed by the Transportation Security Administration (TSA), but in the wake of the JetBlue and Northwest Airlines scandals, it has become clear that there are too many unanswered questions generally about the government's use of PNR data and the state of our travel privacy. In the interest of transparency, hearings held by your committee will shed some light on this important issue and answer the following questions:
- What passenger information is collected, how is it shared and with whom?
- How long is the information retained?
- What are the names and numbers of government contractors (Torch), data-brokers and other third parties as well as their level of involvement in the PNR process?
- What rights do passengers have to correct information, as they do their credit reports?
- What rights do passengers have to view their personal data, as they do their medical records?
- What recourse do passengers have if they believe they have been wrongly "flagged"?
- Will CAPPS II be effective for identifying individuals who pose a threat to aviation security?
- How much will it cost the travel industry as a whole to comply with requirements to provide TSA with data not currently collected by the agency?
Before federal agencies further determine uses for our personal information, Congress itself needs to examine the issue, beginning with the collection of PNR data and the threat it poses to personal privacy.
The letter was signed by representatives of the Electronic Frontier Foundation, Free Congress Foundation, Electronic Privacy Information Center, Center for Democracy and Technology, People for the American Way, American Civil Liberties Union, Common Cause, Business Travel Coalition, Americans for Tax Reform, and DontSpyOn.US.
You can send your own letter to Congress supporting this call by filling out this form on the EFF Web site. EFF also has an updated backgrounder on their Web site, Why EFF Is Concerned About CAPPS II: Government Surveillance via Passenger Profiling .
Key themes of the privacy coalition letter to the House committee are echoed in another letter sent last week to the Transportation Security Administration by the Chairperson and Ranking Minority of the Senate Committee on Governmental Affairs, questioning the role of the TSA in requesting that jetBlue Airways give a copy of its reservation archives to a military contractor:
Press reports have indicated that TSA was involved in the transfer of millions of Passenger Name Records (PNR) to the Army contractor. Although the Department of Homeland Security (DHS) has indicated that TSA's role was limited, it has come to our attention that this may not have been the case. Army officials recently indicated to Committee staff that airlines were reluctant to provide PNR data to Torch Concepts without TSA's approval. It is our understanding that TSA did provide such approval in the form of a written request to JetBlue asking the airline to provide PNR data to Torch Concepts.
If TSA's involvement in the JetBlue incident is greater than previously acknowledged, then TSA needs to fully disclose its actions and swiftly move to reassure the public that it will act with greater concern for privacy rights in the future. This is especially important given that, in order to test and implement the new Computer Assisted Passenger Prescreening System (CAPPS II), TSA will likely need to compel airlines to turn over PNR data. Americans, in turn, need to know that TSA will be forthright in how it handles information about them. That reassurance can only come following a complete public accounting of TSA's role in the JetBlue incident.
"Specifically," according to their press release, "the Senators requested copies of any written communications from TSA to JetBlue Airways related to the Army's research project conducted by Torch Concepts, as well as an explanation of why this information might not have been previously disclosed."
Both the privacy coalition letter to the House Transportation and Infrastructure Committee leadership , and the Senators' letter to the TSA, reflect growing recognition that the potential for government abuse of travel data is inextricably linked with the privacy policies of "private" (but, of course, government licensed and heavily government subsidized) airlines, as well as travel agencies, CRS's/GDS's, and everyone else in the reservation data "food chain".
Meanwhile, the General Accounting Office is also turning its attention to the role of airlines and computerized reservations services (CRS's) in CAPPS-II. Business Travel News quotes Cathleen Berrick, co-author of GAO's latest report on CAPPS-II: "We have started initial interviews with airlines and reservations companies to assess the impact on them and on the traveling public." BTN picks up on the fact that, according to the GAO's recent audit, the TSA's "estimated life cycle cost of over $380 million through fiscal year 2008" for CAPPS-II did "not include air carrier, reservation company or passenger costs."
In my comments submitted to the Departments of Transportation and Homeland Security on the CAPPS-II Privacy Act notices, I estimated CAPPS-II implementation costs to the travel industry at US$1 billion or more . Since those were the only comments from anyone in the travel industry concerning the cost of CAPPS-II, it's more than a little shocking that they were ignored, that it's taken this long before anyone in the government has begun to pay attention to the cost of CAPPS-II, and that this is being done first by the GAO -- not the TSA or DHS, which ought to have had some concern for the cost implications of their schemes. Let's hope the GAO also looks into the impact on the tens of thousands of travel agents in the USA, and several times more around the world, who will be conscripted into doing the lion's share of the work (unpaid, presumably, or paid for by travellers in higher fares and/or service fees) of collecting and entering the additional tracking data required for CAPPS-II, in order for reservations to be indexed into lifetime travel dossiers.
Rounding out today's debates on the integration of passenger surveillance capabilities into the infrastructure of airline reservations, the European Parliament's Committee on Citizens' Freedoms and Rights, Justice and Home Affairs (LIBE) was scheduled to resume its consideration in Brussels of both a draft Report on the level of protection provided by the USA on air passenger name records (PNR) and of a Spanish initiative, Obligation of [air] carriers to communicate passenger data . Statewatch has more details on the continuing opposition from governmental and non-governmental organizations throughout Europe to both proposals, as well as to future plans for biometric/RFID travel documents .
[Addendum, 20 February 2004: full text of letter from Senators Collins and Lieberman to the DHS]Link | Posted by Edward on Tuesday, 17 February 2004, 16:26 ( 4:26 PM)