<?php

include("eff_setup2.php");

$smarty = new EFFSmarty;

$smarty->assign('title','Letter to Committee on Homeland Security Regarding CAPPS II');

// if breadcrumb == true, then it fill in the right trail in the issue
// array
$smarty->assign('breadcrumb','true');

// example:
$issue = array("Issues" => "/issues/", "Privacy" => "/issues/privacy/", "TIA" => "/issues/privacy/tia/");

$smarty->assign('issue',$issue);

$content  = '
<div id="featuretext">

<p>
March 25, 2003
</p>

<p>
The Honorable Christopher Cox<br />		
Chairman<br />	
Select Committee on Homeland Security<br />
United States House of Representatives<br />
Washington, DC  20515
</p>				

<p>
The Honorable Jim Turner<br />
Ranking Member<br />
Select Committee on Homeland Security<br />
United States House of Representatives<br />
Washington, DC  20515
</p>


<p>
We write as a nonpartisan coalition of national organizations to urge
Congress to stop the deployment of the Transportation Security
Administration\'s (TSA) second-generation airline passenger profiling
system known as CAPPS II ("Computer Assisted Passenger Prescreening
System") unless it can be shown to be both effective and consistent with
privacy and due process principles.  CAPPS II would attempt to assess
the security risk of every single airline passenger based on commercial
and government data.  As a result, innocent people could be branded
security risks on the basis of flawed data and without any meaningful
way to challenge the government\'s determination.  At a minimum, Congress
should require the TSA to answer key questions about both the
effectiveness of CAPPS II and its implications for privacy and civil
liberties before the program is fully developed and TSA constructs the
infrastructure for a general-purpose domestic risk assessment system.
</p>

<p>
In January, the TSA published a Federal Register notice announcing the
Aviation Security Screening Records (ASSR) database.  The Federal
Register notice described a system that would allow the government
access to "financial and transactional data" as well as virtually
unlimited amounts and kinds of data from other proprietary and public
sources.  TSA also indicated in that notice that many private and public
entities might gain access to the personal information used in the ASSR
database.   Yet the notice did not provide information about how
passengers can challenge their "score" or otherwise seek redress for
their treatment at airports if they think it is based on inaccurate
information.  Over 100 individuals and organizations filed comments on
the ASSR database that were almost universally critical of the program.
</p>

<p>
TSA plans to revise the Federal Register notice to more specifically
reflect the evolving nature and scope of CAPPS II and the agency has
begun a series of meetings with privacy organizations, industry groups
and other stakeholders to explain the program in more detail.
</p>

<p>
In the past few weeks, TSA officials have clarified the basic structure
of CAPPS II.  First, TSA officials said the program would gather only
four pieces of information about each passenger from the airlines: full
name, home address, home phone number and date of birth.  That
information would then be checked against  "credit header" information
and other data held by various data aggregators - private corporations
that maintain files on the commercial activities of most American
citizens - in an effort to verify the traveler\'s identity.  However,
credit header information can be inaccurate and identity thieves could
easily sidestep the identity check by presenting a false driver\'s
license or passport, undercutting the system\'s entire mission, which is
why we believe that effectiveness is a threshold issue.
</p>

<p>
After attempting to verify identity, CAPPS II would conduct a check
against government databases (including intelligence and law enforcement
databases) to assign a risk assessment "score" to each passenger: green
for minimal, yellow to spark heightened security procedures, and red for
those judged to pose an acute danger, who would be referred to law
enforcement.  The good news is TSA does not plan to retain data on
individuals.  The bad news is that CAPPS II puts the riskiest element of
the program - the determination of risk and the construction of rules
for conducting background checks - into the realm of the more secretive
intelligence and law enforcement programs and databases.  We appreciate
that TSA plans to develop some mechanism for individuals to request a
re-evaluation of their color code but it now appears that CAPPS II is
rooted in the secretive box of law enforcement and intelligence data
(which itself could include data mined from innocent people\'s commercial
information).  This heightens the concern that the program will be
beyond meaningful public review and oversight.
</p>

<p>
Although the TSA\'s recent outreach to stakeholders is welcome, Congress
should not allow the TSA to develop unilaterally a tool that could
invade individual privacy and brand innocent airline passengers a
security risk without meaningful review.
</p>

<p>
Congress should carefully and deliberately assess the program\'s
effectiveness as a security measure, its cost in economic terms, and its
cost to civil liberties before allowing TSA to move forward with CAPPS
II.  To start, Congress should ask TSA the following questions:
</p>

<h3>Effectiveness of the Program</h3>

<ul>
	<li>How will the CAPPS II program work? What information will be examined about passengers?  From where will the data be collected? Who will handle the data? How will the risk assessment be made? Under what circumstances would a passenger be prevented from flying? What risk levels will be assigned (e.g. red, yellow, and green) and what will be the consequence to the passenger of each level?</li>

	<li>Has CAPPS II (or any of its component programs) been evaluated or have any determinations been made as to effectiveness or feasibility as an air security measure? If so, what are the results of these evaluations or feasibility studies?</li>

	<li>What is the presumed error rate of the underlying data (in both government and commercial databases)? How would error rates affect the "scoring" of airline passengers? </li>

	<li>What is the presumed error rate of the algorithm used to determine a passenger "score"?</li>

	<li>What is now being tested by Delta Airlines? Is this simply a test of whether reservation information could be used in a CAPPS program or is some version of CAPPS II with the assignment of risk scores or other actual screening of passengers taking place?</li>
</ul>

<h3>Privacy of Personal Information</h3>

<ul>
	<li>What passenger data will be retained and by whom - the government or a private contractor?  (The answer may vary for different sets of data and at different points in the system.)</li>

	<li>What internal oversight mechanisms would be in place for either government or commercial databases used for CAPPS II (e.g. data quality standards, audit controls, ombudsman or complaint process)? </li>

	<li>What external oversight mechanisms would be in place for these same databases (e.g. judicial review)?</li>

	<li>How could CAPPS II be used by law enforcement, intelligence, and other federal, state, or local government agencies? What specific agencies have expressed interest in the program to date? For what activities? </li>

	<li>In the view of the government, what laws govern the use and unauthorized use or collection of the data to be used in CAPPS II?</li>

	<li>What private entities could gain access to the personal information used by TSA or to the risk assessment (either the actual "score" or fact of the color code)? For what purposes? What limitations would there be on third party use of that information? </li>
</ul>

<h3>Air passengers\' "Risk Assessment"</h3>

<ul>
	<li>Who or what would conduct the so-called "risk assessments"? </li>

	<li>How would passengers challenge their "score" - or even find out what it is? What procedures would be in place for passengers to correct or challenge a "risk assessment"? What rights would an individual have at the airport to remedy the assessment? </li>
</ul>

<h3>Cost of CAPPS II</h3>

<ul>
	<li>What would be the cost of developing and initially implementing the program including personnel, technology, and oversight mechanisms to federal, state and local governments and private industry?  What would be the ongoing costs of the program?</li>

	<li>What private contractors, including private industry and academic researchers, have received funding for research, development and implementation of CAPPS II to date? How much?</li>
</ul>

<p>
It is important that Congress exercise its oversight role and start asking questions about CAPPS II now, because the project is moving ahead with a pilot program at Delta Air Lines.  And air travelers are worried about CAPPS II; according to The New York Times, in a recent survey conducted by the Association of Corporate Travel Executives, 82 percent of respondents considered the program an invasion of privacy.
</p>

<p>
Thank you for your consideration of this matter.  
</p>

<p>
Sincerely,
</p>


<p>
American Civil Liberties Union<br />
American Conservative Union<br />
American Defense Council<br />
Americans for Tax Reform<br />
Center for Democracy and Technology<br />
Christian Coalition<br />
Eagle Forum<br />
Electronic Frontier Foundation<br />
Electronic Privacy Information Center<br />
Free Congress Foundation<br />
People for the American Way<br />
</p>

<p>
cc:	Members of the House Select Committee on Homeland Security
</p>


</div>
';

global $REQUEST_URI;
$smarty->assign('content',$content);
$smarty->display('generic.tpl',$REQUEST_URI);

?>