A government report demanded by Congress is set for release today and will decide the fate of an airline passenger screening program that combines personal and consumer information to spot potential terrorists.
Privacy advocates say they expect the Secure Flight program, which has been in the testing phase since early this year, to get a failing grade from the Government Accountability Office (GAO), which would mean the program could not become operational.
Rep. Loretta Sanchez, California Democrat, said lawmakers familiar with the report have told one another that the eight mandated criteria on protecting privacy have not been met.
“It has to be fixed before Congress appropriates funding,” said Miss Sanchez, who had not seen the report.
The Transportation Security Administration (TSA) has been working on the program, previously known as the Computer-Assisted Passenger Prescreening System, or CAPPS II, to replace CAPPS I, the system in use since September 11.
“We do look forward to working through the next steps with GAO and others as we finalize Secure Flight,” said TSA spokesman Mark Hatfield.
“This program, when finished, will have undergone precedent-setting security and tests to ensure it delivers on both security enhancement and privacy protection,” he said.
The system will compare information provided to the airlines with information provided by companies that collect personal data for marketing and credit scoring, and then match it to terrorist watch lists.
Lawmakers questioned the effectiveness of the watch list after high-profile members were flagged for secondary screening. They included Sen. Edward M. Kennedy, Massachusetts Democrat, Rep. Don Young, Alaska Republican, and Rep. John Lewis, Georgia Democrat.
Privacy advocates say the Secure Flight program is a repeat of the abandoned CAPPS II program, and are critical of attempts to use personal information to determine who can board aircraft and who cannot.
“To a larger extent, this is the CAPPS system risen from the dead and it will have all the same problems; the underlying data will not be reliable, we will still be getting false accusations and still not being able to pick out the terrorists,” said Barry Steinhardt, director of the American Civil Liberties Union’s Technology & Liberty Project.
A Feb. 23 GAO briefing paper for congressional staff said testing was not performed on how to use information to improve safety, and that the tests “do not generally reflect attributes of successful performance measures for this purpose.”
The new GAO report says in its title that “risks should be managed as developed,” indicating that privacy problems have not been resolved, a GAO spokeswoman said.
Bruce Schneier, a security analyst and chief technical officer of Counterpane Internet Security, says he is concerned about abuse.
“The urge to use the system for other things will be irresistible. It’s too easy. Once the system is built they’ll say, ‘Let’s use it for trains and buses, and by the way, the Super Bowl is next week, let’s use it there,’” Mr. Schneier said.