1 / 19

CAPPS II: A Case Study of Homeland Security Computer Applications

CAPPS II A Case Study in Homeland Security Use of Technology. CAPPS II: A Case Study of Homeland Security Computer Applications. Marcia Hofmann Staff Counsel Electronic Privacy Information Center. Computer Freedom & Privacy 2004 April 20, 2004. After 9/11, a New Mission.

greinhart
Download Presentation

CAPPS II: A Case Study of Homeland Security Computer Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CAPPS II A Case Study in Homeland Security Use of Technology CAPPS II: A Case Study of Homeland Security Computer Applications Marcia Hofmann Staff Counsel Electronic Privacy Information Center Computer Freedom & Privacy 2004 April 20, 2004

  2. After 9/11, a New Mission “We must prevent first, prosecute second.” -- Attorney General John Ashcroft After the September 11, 2001 terrorist attacks, the government made defense of the United States the highest priority.

  3. CAPPS I • In use since 1998 • Run by airlines • Checks passenger information against a terrorist watch list • Then checks passenger information against CAPPS rules to identify terrorist-like behavior

  4. Aviation Security After 9/11 After 9/11, Congress demanded that a new, more effective air passenger screening program be developed to replace CAPPS. The new program that the Transportation Security Administration has designed is called the second-generation Computer Assisted Passenger Prescreening System, or CAPPS II.

  5. How CAPPS II Works • A passenger provides her name, address, phone number, and date of birth when she makes a reservation to fly on an airplane. • This information is entered into her Passenger Name Record, which also includes information such as travel itinerary and form of payment. • The PNR is transmitted electronically to TSA.

  6. How CAPPS II Works • Prior to the passenger’s flight, TSA transmits the information to one or more commercial data aggregators to verify the passenger’s identity. • The data aggregator(s) generate an score indicating the likelihood that the passenger-provided data are authentic, which is sent back to TSA.

  7. How CAPPS II Works • Then TSA conducts risk assessments using government databases, including classified and intelligence data, to determine the passenger’s likelihood of being a threat to security. • When the passenger checks in for her flight, TSA transmits her risk category to the check-in counter, which will determine the level of security she encounters.

  8. The Program’s Status • Congress is withholding funding until its concerns are addressed. • The General Accounting Office determined in February that seven of eight key concerns still remain. • Congress is considering the next step.

  9. Incomplete planning Effectiveness Accuracy Security Privacy Redress Function Creep Issues That Need To Be Addressed

  10. Incomplete Planning • TSA has yet to identify the specific system functionality to be developed, its schedule for completion, or its cost throughout development. • The agency also has not finalized policies concerning security, oversight, compliance with law, and redress.

  11. Effectiveness Early increments of CAPPS II have not been stress tested to assess the effectiveness of the system or its components. TSA reports that it has been unable to obtain actual passenger data to test CAPPS II, though a recent statement by one airline indicates this may not be accurate.

  12. Accuracy • TSA has not found a way to determine the error rate of the commercial and government databases that will be used by CAPPS II. • TSA has also not found a way to mitigate data errors.

  13. Security Safeguards • TSA has not yet developed a security policy to address system, personnel, and physical security controls. • TSA has not identified or assessed information security risks associated with CAPPS II. • There are no operational controls to protect against unauthorized access and misuse.

  14. Privacy Safeguards TSA exempted CAPPS II from numerous legal requirements of the Privacy Act, including: • Collection only of information that is “necessary and relevant” • Right of the individual to access information • Right of the individual to correct inaccurate information

  15. Privacy Safeguards • No privacy impact assessment has been finalized as required by the E-Government Act of 2002. • TSA has appointed a Privacy Officer and established an internal oversight board. However, the program lacks independent oversight.

  16. Redress TSA is developing a redress process for individuals adversely affected by CAPPS II. However, the process is highly discretionary and does not provide any right to judicial review as required by the Privacy Act.

  17. Function Creep “[A]t the moment we are charged with finding in the aviation sector foreign terrorists or those associated with foreign terrorists and keep[ing] them off airplanes. That is our very limited goal at the moment.” --TSA Administrator Admiral James Loy, May 2003

  18. Function Creep By August 2003, CAPPS II was expanded to include analysis of information regarding persons with outstanding state or federal arrest warrants for crimes of violence. It was also announced that CAPPS II would be linked with US-VISIT, which is intended to track visitors’ entry to and exit from the US.

  19. Challenges • The system’s changing goals • Responsible use of private and public sector data • Need for secrecy vs. rights of individuals in their information

More Related