[Politech] News roundup on air travel privacy, CAPPS II [priv]

From: Declan McCullagh (declan@private)
Date: Mon Mar 22 2004 - 10:05:31 PST

  • Next message: Declan McCullagh: "[Politech] Consumers Union launches financial privacy web site [priv]"

    [Roundup courtesy of the Free Congress Foundation. --Declan]
    
    
    
    > *	Privacy Villain: FBI And Their Push For Online Privacy  
    > 
    > EU Parliament Threatens Legal Action
    > Over Collection Of Passenger Data
    > By Constant Brand
    > The Los Angeles Times
    > March 18, 2004
    > 
    > Editor's Note: According to the article: "If the EU's highest court finds
    > it does violate EU rules, it would nullify the pact."
    > 
    > A European Parliament committee on Thursday threatened to challenge in
    > court a deal allowing U.S. authorities to collect personal data on airline
    > passengers, saying it undermined the privacy of European Union citizens.
    > 
    > http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2004/03/18/international0635EST0501.DTL
    > 
    > CAPPS II Under Fire In Congressional Hearing
    > 
    > Editor's Note: The TSA claims 75,000 red and yellow alerts a day --
    > virtually none a bona fide terrorist -- is progress? How seriously can we
    > believe in the TSA's assertions that the misidentified will really have
    > recourse?  As Rep. Peter  DeFazio (D-OR) asserted "the Achilles heel' of
    > the CAPPS II system is that a sophisticated terrorist will be able to
    > assume an identity that it will not trigger a "yellow" (cautionary) or
    > "red" (definitely do not allow to board) rating. To paraphrase Stanley
    > Baldwin: "The  smart terrorist network will always get through CAPPS II."
    > By the TSA's own reckoning, 75,000 people a day -- virtually all who will
    > be innocent -- will not. This is progress?    
    > 
    > If a corporation were administering this system, it would trigger class
    > action lawsuits. Because it's the Federal Government's  Transportation
    > Security Administration singling out 300,000 passengers a day -- virtually
    > all innocent -- for extra questioning and inspections, the CAPPS system
    > has gotten a pass from a serious court challenge -- so far.     
    > 
    > TSA Defends Its Scrutiny
    > Of Airline Workers
    > By Jonathan Krim
    > The Washington Post
    > March 18, 2004
    > 
    > David L. Sobel, general counsel of the Electronic Privacy Information
    > Center, testified that the TSA's plan raises serious constitutional
    > questions and runs afoul of a 1974 privacy law.
    > "This is a secret, classified system," he said, with the TSA under no
    > obligation to tell passengers what data has been collected about them.
    > Nor, he said, would the public have any legal rights to correct
    > information that is wrong.
    >  
    > http://www.washingtonpost.com/wp-dyn/articles/A2916-2004Mar17.html
    > 
    > Excerpts from Testimony Of Kevin P. Mitchell, Chairman of the Business
    > Travel Coalition Regarding CAPPS II Before the U.S. House of
    > Representatives Committee on Transportation and Infrastructure
    > Subcommittee on Aviation
    > 
    > Editor's Note: Mr. Mitchell, as a representative of the business travel
    > industry, is to be commended for raising serious questions about CAPPS II.
    > No doubt many privacy advocates have a simpler recommendation to provide
    > to Congress: "SCRAP CAPPS II -- period." Nonetheless, Mr. Mitchell's
    > recommendations are quoted verbatim below and given that TSA may succeed
    > in using some system -- be it CAPPS II or something else -- the
    > recommendation that it come with the string of a sunset provision is
    > something that privacy advocates should bear in mind. The Electronic and
    > Privacy Information Center's David L. Sobel lays out the goals TSA must
    > meet to make CAPPS II acceptable from a civil liberties and privacy
    > standpoint. Now, it's TSA's move. Do they concede the legitimacy of
    > concerns, as expressed by David Sobel, by revising the system and its
    > policies? Or do they press on in their campaign to sell a big-budget
    > system that infringes upon our privacy and of very dubious effectiveness.
    > 
    > "Recommendations:
    > 
    > "1. CAPPS II should be strictly authorized for use only in aviation system
    > security. 
    > 
    > "2. The process and timeframe for U.S. citizens and foreigners to have
    > their risk profiles corrected needs to be efficient-to-a-fault, and
    > ironclad.
    > 
    > "3. The threshold requirements that Congress wisely placed on the TSA for
    > CAPPS II to be fully funded should be revised to reflect GAO's recently
    > published CAPPS II audit results as well as the ideas and concerns that
    > will come to light from a thorough public policy debate.
    > 
    > "4. An organization such as GAO answerable only to Congress, should have
    > sufficient national security clearances and attendant authority to monitor
    > all aspects of a CAPPS II including policies, programs and practices of
    > other supporting government agencies and private sector contractors. 
    > 
    > "5. CAPPS  II should be sunseted after 3 to 5 years to enable Congress to
    > carefully evaluate costs, efficacy and ongoing need for the program and
    > determine if it warrants reauthorization."           
    > 
    > Mr. Mitchell's Submitted Statement to the Committee can be read at:
    > 
    > http://btcweb.biz/c2testimony.htm
    > 
    > Excerpts From the Statement of David L. Sobel, General Counsel of the
    > Electronic Privacy Information Center Before the House Committee on
    > Transportation and Infrastructure Aviation Subcommittee on "The Status of
    > the Computer Assisted Passenger Prescreening System (CAPPS II). 
    > 
    > "DHS's Chief Privacy Officer [Nuala O'Connor Kelly] recently touted the
    > protections afforded by the Privacy Act, explaining that the law 
    > 
    > 		`provides substantial notice, access, and redress rights for
    > 
    > 		citizens and legal residents of the United States whose 
    > 		information is held by a branch of the federal government. 
    > 		The law provides robust advance notice, through detailed 
    > 		"system of records" notices, about the creation of new
    > techno -
    > 		logical or other systems containing personal information.
    > The 
    > 		law also provides the right of access to one's own records,
    > the 
    > 			right to know and to limit other parties with whom
    > information
    > 			has been shared, and the right to appeal
    > determinations regarding    
    > 		the accuracy of those records or the disclosure of those
    > records.' 
    > 
    > "TSA, however, has sought to exempt CAPPS II from nearly all of the
    > Privacy Act provisions Ms. O'Connor Kelly described."
    > 
    > [quotation of Ms. O'Connor Kelly is from: Remarks of Nuala O'Connor Kelly
    > Before the 25th International Conference of Data Protection and Privacy
    > Commissioners, Sydney, Australia, September 11, 2003]
    > 
    > "As the recent GAO report found, TSA has failed to adequately address the
    > very real privacy and due process issues that permeate the proposed
    > system. Based upon TSA"s Privacy Act notice for the system, I believe
    > there is reason to doubt whether the system, as currently envisioned, can
    > ever function in a manner that protects privacy and provides citizens with
    > basic rights of access and redress. In order for CAPPS II to pass muster
    > from a privacy and civil liberties perspective, TSA must, at a minimum:
    > 1.) ensure greater transparency through the establishment of a
    > non-classified system; 2.) provide individuals enforceable rights of
    > access and correction; 3.) limit the collection of information to only
    > that which is necessary and relevant; and 4.) substantially limit the
    > routine uses of collected information. Further, development of the system
    > should be suspended until TSA provides a final Privacy Impact Assessment,
    > discloses it to the public and receives public comments. Finally, the
    > agency should not acquire personal information, even for testing purposes,
    > until it has revised its policies and procedures as suggested above."
    > 
    > 
    > 
    > Mr. Sobel's Submitted Statement  On CAPPS II Can Be Read At:
    > 
    > http://www.epic.org/privacy/airtravel/capps_testimony_3_04.pdf  
    > 
    > Also, see: 3/18/04 Associated Press story on "TSA Plans To Test Low-Risk
    > Flyer Program" (posted on The New York Times webpage)
    > 
    > http://www.nytimes.com/aponline/national/AP-Airline-Passenger-Screening.ht
    > ml  
    > 
    > Kevin Mitchell, chairman of the Business Travel Coalition, said he wasn't
    > sure passengers would embrace the ``registered traveler program'' because
    > of privacy concerns.
    > ``We are, as an organization, very much in favor of it,'' Mitchell said.
    > ``But I'm not sure there are a lot of business travelers willing to pay to
    > turn over all that information.''
    > And: 3/17/04 Reuters Article On "U.S. To Force airlines To Provide
    > Traveler Data"(posted on The New York Times webpage)
    > 
    > CAPPS II would check government intelligence and consumer data amassed by
    > companies like Acxiom Corp. to verify passengers' identities and determine
    > if they have criminal records or links to groups such as al Qaeda.
    > 
    > http://www.nytimes.com/reuters/news/news-airlines-security.html
    > 
    > And: 3/18/04 United Press International Article by Shaun Waterman on
    > "Privacy Officer, Board To Oversee Profiling System"(posted on The
    > Washington Times webpage)
    > 
    > Privacy specialists cautioned that the oversight board, to be truly
    > effective and independent, would need to include people willing to
    > challenge and question the agency. 
    > 
    >  "They ought to include persistent critics of the program," said one
    > longtime privacy professional who asked not to be named. "If they're all
    > ex-TSA employees, that will be a danger sign."
    > 
    > http://www.washtimes.com/national/20040317-110813-1393r.htm
    >  
    > And: 3/17/04 Associated Press Story on "Airlines OK Security Plan" Posted
    > on Wired News.com
    > 
    > The Air Transport Association said it supports the concept of the
    > Computer-Assisted Passenger Prescreening System, or CAPPS II, provided the
    > government follows seven "privacy principles." The Associated Press
    > obtained the list of principles Tuesday, a day before they were to be
    > revealed at a House hearing.
    > 
    > http://www.wired.com/news/privacy/0,1848,62701,00.html  
    > 
    > Read The 3/16/04 AP Story Listing The  Air Transport Association's Seven
    > Privacy Principles 
    > 
    > ...TSA shall provide passengers with effective and expeditious means to...
    > resolve complaints about the collection, accuracy, processing or use of
    > personal information.
    > 
    > http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2004/03/16/fi
    > nancial0225EST0007.DTL
    > 
    > And: 3/17/04 Federal Computer Week Article By Sarita Chourey On "Norton
    > Raises CAPPS II Liability Fears"  
    > 
    > "May I suggest that this program is going nowhere until you get an opinion
    > on liability," Norton said. 
    > She assailed what she characterized as an assumption that CAPPS II would
    > not have any liability concerns. CAPPS II officials must be prepared "to
    > deal with what happens to people who... in any imperfect  system, will be
    > misidentified and will have major losses as a result," Norton said.
    _______________________________________________
    Politech mailing list
    Archived at http://www.politechbot.com/
    Moderated by Declan McCullagh (http://www.mccullagh.org/)
    



    This archive was generated by hypermail 2b30 : Mon Mar 22 2004 - 10:47:28 PST