By Robert O'Harrow Jr. Washington Post Staff Writer Friday, February 1, 2002; Page A01
Federal aviation authorities and technology companies will soon begin testing a vast air security screening system designed to instantly pull together every passenger's travel history and living arrangements, plus a wealth of other personal and demographic information.
The government's plan is to establish a computer network linking every reservation system in the United States to private and government databases. The network would use data-mining and predictive software to profile passenger activity and intuit obscure clues about potential threats, even before the scheduled day of flight.
It might find, for instance, that one man used a debit card to buy tickets for four other men who sit in separate parts of the same plane -- four men who have shared addresses in the past. Or it might discern an array of unusual links and travel habits among passengers on different flights.
Those sorts of details -- along with many other far more subtle patterns identified by computer programs -- would contribute to a threat index or score for every passenger. Passengers with higher scores would be singled out for additional screening by authorities.
As described by developers, the system would be an unobtrusive network enabling authorities to target potential threats far more effectively while reducing lines at security checkpoints for most passengers. Critics say it would be one of the largest monitoring systems ever created by the government and a huge intrusion on privacy.
Although such a system would rely on existing software and technology, it could be years before it is fully in place, given that enormous amounts of data would need to be integrated and a structure would need to be established for monitoring passenger profiles.
At least one carrier, Delta Air Lines, has been working with several companies on a prototype. Northwest Airlines has acknowledged that it is talking with other airlines about a similar screening system. Federal authorities hope to test at least two prototypes in coming months or possibly sooner, according to government and industry sources familiar with the effort.
"This is not fantasy stuff," said Joseph Del Balzo, a former acting administrator of the Federal Aviation Administration and a security consultant working on one of the profiling projects. "This technology, based on transaction analysis, behavior analysis, gives us a pretty good idea of what's going on in a person's mind."
The screening plans reflect a growing faith among aviation and government leaders that information technology can solve some of the nation's most vexing security problems by rooting out and snaring people who intend to commit terrorist acts.
But a range of policy and technical questions still need to be answered before the system can become a reality. The Transportation Security Administration, for example, must decide on a set of standards so technology companies and airlines can begin building a system. They must also figure out how to pay for the system and its operation. Industry officials said they hope the system will cost, on average, much less than $2 per ticket.
Officials at the TSA declined to comment, saying they did not want to disclose any details that might undermine aviation security.
Government officials and companies also face questions about privacy. In interviews, more than a dozen people working on two parallel projects said they were taking pains to protect individual privacy. They intend to limit the personal information shared with airlines and security officials.
But developers face restrictions on how much information they can use. Industry officials have already discussed with lawmakers the possible need to roll back some privacy protections in the Fair Credit Reporting Act and Driver's Privacy Protection Act to enable them to use more of the credit and driver's-license data.
Civil liberties activists said they fear the system could be the beginnings of a surveillance infrastructure that will erode existing privacy protections. When told about the system, Barry Steinhardt, associate director of the American Civil Liberties Union, said it would be "a massive complex system of surveillance."
"It really is a profound step for the government to be conducting background checks on a large percentage of Americans. We've never done that before," he said. "It's frightening."
Some critics also worry that law enforcement authorities will be tempted to use it for broader aims, such as snaring deadbeat parents or profiling for drug couriers.
"If you can profile for terrorists, you can profile for other things," said Richard M. Smith, an independent computer security and privacy specialist. "The computer technology is so cheap and getting so much cheaper, you just have to be careful: Turn up the volume a little bit, and we just use the air transportation system to catch everybody."
Airlines rely on a couple dozen variables to screen passengers, such as how they bought tickets, whether they're flying one-way and travel history, people familiar with the system said. The details of that system, known as Computer Assisted Passenger Screening, or CAPS, are closely guarded. But security specialists regard that system -- expanded after Sept. 11 -- as limited.
The systems under development would include a thousand or more minute details and computer-derived conclusions about a person's travel, daily activity over time and whether he or she has coordinated activity with other passengers, possibly on other flights, according to the groups developing the systems.
Two leading prototypes are being developed. One group is led by HNC Software, a risk-detection specialist that works for credit card issuers, telephone companies, insurers and others. HNC is working with several companies, including PROS Revenue Management, which has access to seating records of virtually every U.S. passenger, and Acxiom Corp., one of the world's largest data-marketing companies, which collects such information as land records, car ownership, projected income, magazine subscriptions and telephone numbers.
"We can quickly build a system that is much more effective than anything in place today," said Joseph Sirosh, executive director of advanced technology solutions at HNC Software. "There is a night-and-day difference."
A second group is being led by Accenture. It has worked for months on a prototype with a variety of companies, including Delta. Data giant Equifax, Sabre Inc. (which is responsible for about half of U.S. airline reservations), IBM and other companies have also been working on profiling efforts.
Both systems are designed to use travel information and other data to create models of "normal" activity. Then they will look for variations in individual behavior that might suggest risk. Both may eventually make use of some sort of biometric system that uses iris scans, fingerprints or other immutable characteristics.
Officials at both HNC and Accenture said they take care with the personal information their systems collect and parse. The HNC prototype, for instance, does not link a passenger's personal information to a passenger's threat index. Officials also pledged that there will be no racial profiling, in part because ethnicity often has no bearing on potential risk.
The HNC prototype uses software known as neural networks, which can "learn" subtle patterns and relationships by processing millions of records, to predict when a particular transaction is likely to be fraudulent. The company already uses neural networks software to accurately profile the activity of millions of credit card owners, telephone callers and people receiving insurance benefits to crack down on fraud.
The HNC prototype would allow authorities, based in control rooms, to examine potential threats across the aviation system. One computer screen, for instance, includes a "prioritized passenger list" with passengers on a particular flight ranked from the highest risk to the lowest. The same screen also includes a box called "passenger coordination" with the names of other travelers that the computer has somehow linked to a high-risk passenger. Other screens show an aggregate threat for planes, airports and the entire system.
The Accenture system also creates a threat index, using massive computing power and relational database software. It examines travel data to look for things such as routes involving odd destinations or flying patterns. To search for threads linking individuals, the system will sift huge amounts of travel records, real estate histories and "seven layers" of passenger associates, according to Accenture partner Brett Ogilvie.
For instance, it would note if an individual lived at the former address of someone considered high-risk. Theoretically, the system could be calibrated to watch for people with links to restaurants or other places thought to be favored by terrorist cells. It might also note phone calls and match individuals against government watch lists. A potential link to a threatening character or region could boost a passenger's score, he said.
A limited model report, generated by Accenture on one individual, looked like any number of publicly available dossiers provided by information services. It included all his addresses for the past two decades, the telephone numbers and former addresses of people who now occupy those residences, and the names, ages, addresses, telephone numbers and partial Social Security numbers of possible relatives. Some of the information was incomplete or, apparently, unrelated to the passenger.
The company said it would eventually like to have more data in the analysis, including embassy warnings, passport information, foreign watch lists. Eventually, with government approval, they would link the system to a national ID or some sort of biometric or both.
The index would send color-coded signals to airlines. Green would indicate no problem. Yellow would indicate the need for more questioning. Red means apprehend. Ogilvie said the company would try to offer the same sort of service to cruise ships and other facilities that want to bolster security.
"The data is there and the technology is there," Ogilvie said. "There's a lot of value. There's a lot of data."
Paul Werbos, a senior National Science Foundation official and a neural networks specialist, said such systems need to be used carefully. While there is no doubt that profiling can improve security, Werbos said, "we have to be very careful not to create punishments, disincentives, for being different from average."
© 2002 The Washington Post Company
===== Kevin Dean Buffalo, NY ICQ: 8616001 http://www.yaysoft.com
__________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com