Security vs. Privacy
[Sorry, the video for this story has expired, but you can still read the transcript below. ]
MARGARET WARNER: Top airline executives met in Washington today to begin work on an industry-wide standard for sharing confidential passenger information with federal antiterrorism officials. Their meeting comes as the Transportation Security Administration, part of the Homeland Security Department, is developing a new screening system to flag potentially dangerous passengers. It would cross-reference airline passenger information like name, address, date of birth, and phone number, with other commercial databases. The proposal, known as the Computer-Assisted Passenger Prescreening System, or CAPPS 2, would replace a screening procedure now in use that’s based on much more limited information. So far the airlines have declined to voluntarily provide the information to test the new system. Here to explain and debate the proposal are Asa Hutchinson, undersecretary of border and transportation security at the Department of Homeland Security; and David Sobel, general counsel for the Electronic Privacy Information Center. Welcome to you both.
Secretary Hutchinson, explain how CAPPS 2 would work and what it would do.
ASA HUTCHINSON: Well, the purpose would be to confirm the identity of a passenger and to make sure they pose no risk to the aircraft or the people onboard. It would very simply… right now, we have a name that could be confusingly similar with many other names that could be on a terrorist watch list. And so we want to be able to narrow that so we do not have to secondarily screen 14 percent of the passengers, but we can narrow that down to a very smaller number based upon confirming their identity. The government would not retain any data. There would be a firewall between what the government would be looking at and what the commercial databases would be checking. And we’d confirm the identity and then we’d come back, we’d check it against a terrorist watch list and that would eliminate much of the secondary screening that we are presently doing.
MARGARET WARNER: So in other words, you would… were we correct that you’d want name, address, phone number and date of birth?
ASA HUTCHINSON: That is correct. And this is information that is given to the airlines, it would be asked of them to take, and then that would be received by our system to confirm identity.
MARGARET WARNER: What’s wrong with that?
DAVID SOBEL: Well, first of all, nobody questions the need for aviation security. But I think it’s really a question of whether this particular approach, first of all, is effective from a security perspective; and secondly, we need to look at the privacy implications of this approach. Now, the secretary has described one aspect of the system, which is the verification of passenger identity. But then there’s a second part of the process, which is checking other information, which TSA is not prepared to describe publicly, to provide some type of risk assessment for each individual passenger. TSA’s position is that, that part of the process is classified and secret. So we really don’t know what the full range of information that TSA would be looking at is. And that raises some very serious questions under the Privacy Act of 1974, which Congress passed after Watergate, and raises, in our view, some very serious due process questions.
MARGARET WARNER: All right, explain what you mean, though. Are you saying that your information is– and we’ll ask the secretary to tell us whether this is the case– that they would be, what, developing sort of profiles of likely terrorists as well as just checking whether I am who I say I am?
DAVID SOBEL: Well, apparently that’s the case. As I say, the first part of the process, which has been described, is to verify that you are who you say you are when you’re boarding a plane. But beyond that, there’s also an assessment made based on information that’s otherwise available about you from other government databases and presumably other sources of information, to determine the threat that you might pose to that flight. Now, TSA has said that they will not, in that process, look at medical information or what they describe as creditworthiness information. But apparently, everything else is fair game, and that is one of the big concerns about the system.
MARGARET WARNER: One, is that the case and how would that work?
ASA HUTCHINSON: One, not everything else is fair game. These are publicly available commercial databases that would be looked at one side of the wall to confirm their identity, and then it would come back across to the government side and presently we’re checking names against terrorist watch lists, no-fly lists. That would continue. And so Jim is correct that we certainly need to protect individual privacy and that’s why the government would not retain data in this system.
MARGARET WARNER: No, but what about the other point he’s making, that it’s about more than identity verification; it’s also about creating profiles of people to see if they are likely terrorists?
ASA HUTCHINSON: No, we’re not going to be creating profiles on individuals because we’re not retaining the data to do that. We would have a system that would be able to check against certain watch lists, and there would be… and he’s right, we’re not going to give all the details because we don’t want to disclose that to the terrorists, but as we test this system, there may be some capacity to… if there is a specific threat from a particular area and we wanted to have a closer screening of those passengers, that’s a possibility. But we are currently looking to test this system, and that’s where you look at what works, what’s effective and what meets the privacy concerns of individuals and the groups that we’re working with.
MARGARET WARNER: Mr. Sobel , there seems to be a dispute here about what this will be used for. Give us a specific example, a made-up one obviously of what you’re talking about, the second use.
DAVID SOBEL: Well, I mean it’s not only a question of second use. I think…
MARGARET WARNER: No, but what you were saying to me earlier, how would this work?
DAVID SOBEL: Well, the problem is we don’t know. TSA has exempted itself from the requirements of the Privacy Act, which generally requires federal agencies, when they’re collecting information about individuals, to do that openly, to explain to the public what information is being accessed, to give the affected citizens rights to access that information, to correct any inaccuracies that might exist in the information. TSA has exempted itself from those Privacy Act requirements. So really what we’re talking about is the government creating information in a black box that the affected citizens can’t have access to. And when somebody runs afoul of this system, when CAPPS 2 flags somebody as a security risk, if that individual wants to challenge that and clear their name and eliminate the problems that they have when they try to board planes, TSA’s position is going to be, sorry this is classified information, we can’t share that with you, and that, as I say, raises very serious due process problems.
MARGARET WARNER: Would that be TSA’s position?
ASA HUTCHINSON: No. That’s incorrect. It would be very important that there is a process for citizens that were wrongfully flagged on this to have a process that they can look at to clarify that information. And so that would be a system of redress available to the citizens. Secondly, we’re not exempt from the privacy requirements, and we’ve issued a privacy notice that’s already been published in regards to the system. We have a chief privacy officer that has that responsibility working very aggressively on it.
MARGARET WARNER: Just very briefly, there were earlier controversies in the last six months when it’s come to light that Jetblue and on a different occasion NASA — excuse me — Northwest Airlines shared passenger data with an army contractor and with NASA. Is this system, as far as you both understand, quite different from that?
DAVID SOBEL: Well, it’s a little bit hard to tell. We’re not really clear on what the nature of the research was in the case of the Jetblue information or the Northwest information. But I think the important point to make about those two incidents is that once those passengers on those airlines learned of those disclosures, it was very controversial. Passengers expressed broad-based opposition, and I think that’s the reason why to date, the airlines have not been willing to voluntarily share information with TSA in order to test CAPPS 2. So this strikes a real chord with passengers.
MARGARET WARNER: Are these very different, or is there any connection?
ASA HUTCHINSON: Totally different. Totally different. You know, those are different government agencies. And I think, from the public’s standpoint, they are concerned about privacy. But they give this information to the airlines. I think they understand that this is effectively used to assure a safe flight. They think that’s appropriate.
MARGARET WARNER: Can you assure us that now that Homeland Security is up and running and TSA, under it, transportation security, that there aren’t a lot of these other agencies out there trying to do the same thing?
ASA HUTCHINSON: It would sure be a waste if that were the case, and as far as I know, that we are the only ones that are looking at this. And that’s certainly what would be appropriate. We’re not coordinating with anyone. We’re looking at it, and when the information is collected, it will be used for homeland security purposes, and there would be strict requirements as to whether that could be passed along or it could not be passed along unless it’s for legitimate law enforcement or national security purposes.
MARGARET WARNER: How soon do you expect to roll this out, and will it take Congress to give a further okay to do so?
ASA HUTCHINSON: Congress is still looking at this. We’re… GAO, Government Accounting Office, is to make a report to Congress on it. But we can proceed on once the testing is done and those congressional requirements are met.
MARGARET WARNER: Are you going to try to stop this, and how can it be stopped?
DAVID SOBEL: Well, I think the way that it can be stopped is through Congress. Congress has already raised some serious issues. Congress mandated the GAO report that we’ve talked about, and it remains to be seen whether in the first instance, Congress is satisfied that this is a system that is going to really be effective from a security point of view and, also that it’s going to be protective of citizen privacy. But the jury is still out on those questions.
MARGARET WARNER: Mr. Sobel, Mr. Hutchinson, thank you both.