theory
04-07-2003, 08:08 PM
Private Info Becoming Plane Truth
By Elliot Borin | Also by this reporter Page 1 of 1
02:00 AM Sep. 16, 2002 PT
Initial rollout of what may eventually become the world's largest silicon repository of personal data could be less than 90 days away. As expected, civil liberties groups aren't happy about it.
The Computer Assisted Passenger Prescreening System II (CAPPS II) is designed to scan multiple public and private databases for information on individuals traveling into and out of the United States. The system will feed the results to an analysis application that mathematically ranks travelers' potential as security threats.
A brainchild of the Transportation Department's Transportation Security Administration (TSA), CAPPS II is a quantum expansion of the current system used to identify potential terrorists attempting to board airplanes. In addition to accessing FBI, National Crime Information Center (NCIC) and State Department databases, CAPPS II is expected to spider IRS, Social Security Administration, state motor vehicle and corrections department, credit bureau and bank records.
Though the TSA has stated that people whose records are pockmarked with unpaid parking tickets, unfiled tax returns and overdue child-support payments have nothing to fear from CAPPS II when trying to fly from point A to point B, civil liberties advocates aren't so sure.
"A basic issue in privacy is 'function creep,'" said Lee Tien, senior staff attorney for the Electronic Frontier Foundation. "Once a surveillance system is put in place for a particular function, for example, aviation security ... it can be used for many other functions as well. We've seen this with Social Security numbers on the government side and, of course, with customer databases on the private side.
"The trick is to tie this kind of surveillance to some kind of benefit or transaction that large numbers of people must periodically sign up for or renew, like car registration or renewing a driver's license. You don't have to chase people down; they come to you."
Tien notes that CAPPS II also raises backend issues such as an individual's right to view and correct errors in files and securing the database against hacking by outsiders and misuse by insiders.
Independent Institute President David Theroux believes that security would be enhanced and the threat to civil liberties diminished if all airport operations -- including terrorist screening -- were privatized.
"Many European airports have been privatized," he said, "resulting in improved service, including security and accountability. Firms (operating airports) should be made totally subject to competitive pressures to perform and should be held fully accountable for any breaches in the civil-liberty rights of passengers. If such systems fail to protect passengers and employees, they would be held accountable."
But the government isn't known for its careful handling of citizens' private information, Theroux said.
"Federal agencies have been repeatedly shown to engage in grotesque abuses of surveillance powers for political purposes," he said. "The experience with the FBI's COINTELPRO to neutralize political dissidents is just one of many examples of what we must guard against.
"The power of TSA to systematically process and maintain a central repository of financial, educational, political, family and other personal info ... is especially dangerous."
LAW&TECHNOLOGY: CAPPS II
By Deborah Pierce
Mar 11, 2003 --
SOME OF the government’s surveillance plans have made the headlines recently, with front page news articles and op-ed pieces about TIA (Total Information Awareness) and PATRIOT II (the possible sequel to the PATRIOT Act). Most of the articles discuss the potential threats to our liberty that these surveillance systems pose, while questioning the purported security we would gain from them.
CAPPS II (the Computer Assisted Passenger Pre-Screening Program), by contrast, has not received much press at all. A notice on this massive surveillance system in the Federal Register in January stated that if no public comments were received by Feb. 24th, the rule (CAPPS II) would go into effect; despite the fact that over 100 comments were received, testing is slated to being in March. An additional round of comments is due March 17th; the “What you can do” section at the end of the article has a pointer to a site with more information about those comments.
Vast surveillance systems like CAPPS II should be thoroughly debated before they are put in wide use, not stealthily published in a document that most people have never even heard of. This article explains what CAPPS II does, how it affects the Privacy Act of 1974, and what you can do.
What is CAPPS II?
Think of CAPPS II as TIA’s slightly smaller brother or sister. Where TIA would have focused on gathering information about potentially every citizen, CAPPS II “only” gathers data about every air traveler.
But, the goal of CAPPS II is the same as TIA: gather enough information about a person to determine whether or not that person poses some kind of terrorist threat. In the case of CAPPS II, the threat would be to airline safety.
CAPPS II would pull information from disparate sources, your credit and financial information, public records information (like property taxes, or whether you vote), criminal records, and intelligence information (ever been to a political demonstration?). All of this information would be fed into a database which would then perform a risk assessment on you. Recent news paper articles have discussed the possibility that individuals will be given color codes depending on the risk assessment: “green” means regular security measures will apply to you, “yellow” means you pose a higher risk and therefore are subject to more scrutiny, “red” means you are highly likely to pose a threat. If you’re marked “red”, it’s essentially the equivalent of being on a “no-fly” list.
How do you get off of a no-fly list?
The short answer is “we don’t know”.
The longer answer has to do with why we don’t know.
The Privacy Act of 1974 was passed so that people would know if the government is keeping particular files about people. The general idea is that there should be no secret files kept on US citizens by their government. There are, however, several exceptions to the general rule; one of those being that access can be denied to an individual if there is a threat to national security. Until now, these exceptions have been fairly narrow.
CAPPS II, by contrast, is very broad, and allows the very type of harms that the Privacy Act was meant to prevent. CAPPS II exempts risk assessments and profiles from the Privacy Act, as well as the information that went into those reports. This means that you can be denied the ability to travel on a plane (a very heavy burden for some) based on a computer profile that may itself be based on inaccurate or biased information. You will have no ability to access those profiles and risk assessments to correct any incorrect information.
Because you will never be able to see the information that was used to construct the profile or risk assessment, if you’re placed on a blacklist or “no fly” list, there is effectively no way that I know of to get off such a list.
What’s the likelihood of incorrect or biased information ending up in my profile?
Delta Airlines is the first airline to test the new CAPPS II program. Passengers will be asked for names, addresses, and date of birth before they can board the plane. The information that passengers give will be used to do credit checks on passengers. Although no details of how these credit checks will be done have been released, it seems likely that the airline is actually looking at a consumer credit report – and we know from previous studies that credit reports contain on average, a 30% error rate. Some of the errors are serious enough to cause a consumer to be denied credit. Would the same error rate cause a consumer to be denied passage on a plane? Unclear, at best.
As for biased information ending up in a risk assessment report, several newspaper articles have covered how the police in Denver, CO had been compiling dossiers on citizens who peacefully protest. A 70 year old nun was labeled by police as an “extremist”. That is very inflammatory language. If that language were to appear in a risk assessment, what would that do to the individual? Would the person be labeled as too risky to let on board? Again, the answer is “who knows?”
Something that proponents of systems like CAPPS II tend to gloss over is it is not at all clear that they will actually help security. Do terrorists have bad credit ratings? I don’t know; and apparently nobody else does either. Moreover, some computer security experts have argued that any profiling system is more vulnerable than random search. [See the “Carnival Booth” paper in the sidebar for a very technical description of this.]
Surveillance systems like CAPPS II have the potential to eviscerate civil liberties and harm privacy, with no clear benefits to security. Before we allow such a system to go forward, we owe it to ourselves to thoroughly debate the issue out in the open.
What you can do
It’s not too late; there are many things you can do.
• Support boycottdelta. The site lists a host of things you can do.
• Send in comments for the next round, due on March 17th. See the PrivacyActivism web site for more details beginning on March 10, 2003.
• Call or write your congress person and request that they not support such a stealthy surveillance system
By Elliot Borin | Also by this reporter Page 1 of 1
02:00 AM Sep. 16, 2002 PT
Initial rollout of what may eventually become the world's largest silicon repository of personal data could be less than 90 days away. As expected, civil liberties groups aren't happy about it.
The Computer Assisted Passenger Prescreening System II (CAPPS II) is designed to scan multiple public and private databases for information on individuals traveling into and out of the United States. The system will feed the results to an analysis application that mathematically ranks travelers' potential as security threats.
A brainchild of the Transportation Department's Transportation Security Administration (TSA), CAPPS II is a quantum expansion of the current system used to identify potential terrorists attempting to board airplanes. In addition to accessing FBI, National Crime Information Center (NCIC) and State Department databases, CAPPS II is expected to spider IRS, Social Security Administration, state motor vehicle and corrections department, credit bureau and bank records.
Though the TSA has stated that people whose records are pockmarked with unpaid parking tickets, unfiled tax returns and overdue child-support payments have nothing to fear from CAPPS II when trying to fly from point A to point B, civil liberties advocates aren't so sure.
"A basic issue in privacy is 'function creep,'" said Lee Tien, senior staff attorney for the Electronic Frontier Foundation. "Once a surveillance system is put in place for a particular function, for example, aviation security ... it can be used for many other functions as well. We've seen this with Social Security numbers on the government side and, of course, with customer databases on the private side.
"The trick is to tie this kind of surveillance to some kind of benefit or transaction that large numbers of people must periodically sign up for or renew, like car registration or renewing a driver's license. You don't have to chase people down; they come to you."
Tien notes that CAPPS II also raises backend issues such as an individual's right to view and correct errors in files and securing the database against hacking by outsiders and misuse by insiders.
Independent Institute President David Theroux believes that security would be enhanced and the threat to civil liberties diminished if all airport operations -- including terrorist screening -- were privatized.
"Many European airports have been privatized," he said, "resulting in improved service, including security and accountability. Firms (operating airports) should be made totally subject to competitive pressures to perform and should be held fully accountable for any breaches in the civil-liberty rights of passengers. If such systems fail to protect passengers and employees, they would be held accountable."
But the government isn't known for its careful handling of citizens' private information, Theroux said.
"Federal agencies have been repeatedly shown to engage in grotesque abuses of surveillance powers for political purposes," he said. "The experience with the FBI's COINTELPRO to neutralize political dissidents is just one of many examples of what we must guard against.
"The power of TSA to systematically process and maintain a central repository of financial, educational, political, family and other personal info ... is especially dangerous."
LAW&TECHNOLOGY: CAPPS II
By Deborah Pierce
Mar 11, 2003 --
SOME OF the government’s surveillance plans have made the headlines recently, with front page news articles and op-ed pieces about TIA (Total Information Awareness) and PATRIOT II (the possible sequel to the PATRIOT Act). Most of the articles discuss the potential threats to our liberty that these surveillance systems pose, while questioning the purported security we would gain from them.
CAPPS II (the Computer Assisted Passenger Pre-Screening Program), by contrast, has not received much press at all. A notice on this massive surveillance system in the Federal Register in January stated that if no public comments were received by Feb. 24th, the rule (CAPPS II) would go into effect; despite the fact that over 100 comments were received, testing is slated to being in March. An additional round of comments is due March 17th; the “What you can do” section at the end of the article has a pointer to a site with more information about those comments.
Vast surveillance systems like CAPPS II should be thoroughly debated before they are put in wide use, not stealthily published in a document that most people have never even heard of. This article explains what CAPPS II does, how it affects the Privacy Act of 1974, and what you can do.
What is CAPPS II?
Think of CAPPS II as TIA’s slightly smaller brother or sister. Where TIA would have focused on gathering information about potentially every citizen, CAPPS II “only” gathers data about every air traveler.
But, the goal of CAPPS II is the same as TIA: gather enough information about a person to determine whether or not that person poses some kind of terrorist threat. In the case of CAPPS II, the threat would be to airline safety.
CAPPS II would pull information from disparate sources, your credit and financial information, public records information (like property taxes, or whether you vote), criminal records, and intelligence information (ever been to a political demonstration?). All of this information would be fed into a database which would then perform a risk assessment on you. Recent news paper articles have discussed the possibility that individuals will be given color codes depending on the risk assessment: “green” means regular security measures will apply to you, “yellow” means you pose a higher risk and therefore are subject to more scrutiny, “red” means you are highly likely to pose a threat. If you’re marked “red”, it’s essentially the equivalent of being on a “no-fly” list.
How do you get off of a no-fly list?
The short answer is “we don’t know”.
The longer answer has to do with why we don’t know.
The Privacy Act of 1974 was passed so that people would know if the government is keeping particular files about people. The general idea is that there should be no secret files kept on US citizens by their government. There are, however, several exceptions to the general rule; one of those being that access can be denied to an individual if there is a threat to national security. Until now, these exceptions have been fairly narrow.
CAPPS II, by contrast, is very broad, and allows the very type of harms that the Privacy Act was meant to prevent. CAPPS II exempts risk assessments and profiles from the Privacy Act, as well as the information that went into those reports. This means that you can be denied the ability to travel on a plane (a very heavy burden for some) based on a computer profile that may itself be based on inaccurate or biased information. You will have no ability to access those profiles and risk assessments to correct any incorrect information.
Because you will never be able to see the information that was used to construct the profile or risk assessment, if you’re placed on a blacklist or “no fly” list, there is effectively no way that I know of to get off such a list.
What’s the likelihood of incorrect or biased information ending up in my profile?
Delta Airlines is the first airline to test the new CAPPS II program. Passengers will be asked for names, addresses, and date of birth before they can board the plane. The information that passengers give will be used to do credit checks on passengers. Although no details of how these credit checks will be done have been released, it seems likely that the airline is actually looking at a consumer credit report – and we know from previous studies that credit reports contain on average, a 30% error rate. Some of the errors are serious enough to cause a consumer to be denied credit. Would the same error rate cause a consumer to be denied passage on a plane? Unclear, at best.
As for biased information ending up in a risk assessment report, several newspaper articles have covered how the police in Denver, CO had been compiling dossiers on citizens who peacefully protest. A 70 year old nun was labeled by police as an “extremist”. That is very inflammatory language. If that language were to appear in a risk assessment, what would that do to the individual? Would the person be labeled as too risky to let on board? Again, the answer is “who knows?”
Something that proponents of systems like CAPPS II tend to gloss over is it is not at all clear that they will actually help security. Do terrorists have bad credit ratings? I don’t know; and apparently nobody else does either. Moreover, some computer security experts have argued that any profiling system is more vulnerable than random search. [See the “Carnival Booth” paper in the sidebar for a very technical description of this.]
Surveillance systems like CAPPS II have the potential to eviscerate civil liberties and harm privacy, with no clear benefits to security. Before we allow such a system to go forward, we owe it to ourselves to thoroughly debate the issue out in the open.
What you can do
It’s not too late; there are many things you can do.
• Support boycottdelta. The site lists a host of things you can do.
• Send in comments for the next round, due on March 17th. See the PrivacyActivism web site for more details beginning on March 10, 2003.
• Call or write your congress person and request that they not support such a stealthy surveillance system