More Checks on U.S. Travelers By Ryan Singel 02:00 AM Jan. 23, 2003 PT
Connecting the dots is usually child's play. But privacy advocates say that a government plan to apply sophisticated computer algorithms and "fuzzy logic" to unconnected databases to sniff out terrorists violates the privacy of American travelers.
Transportation Department officials counter that it's just another way they're using technology to rout terrorism.
Last week, the Transportation Security Agency announced its intent to create a new passenger-screening database that will be the centerpiece of a system to scan for potential terrorists by instantly checking every domestic traveler's credit history, arrest record and property tax data.
Unlike the controversial Total Information Awareness research project, the central database of the Computer Assisted Passenger Pre-Screening Program II, or CAPPS II will contain permanent financial records, intelligence reports and law enforcement records only on those suspected of posing a national security risk, according to the Jan. 15 Privacy Act notice.
While data about nonthreatening passengers will be purged when a trip is completed, all travelers will be checked before departure against other public databases as well as private data sources like Axciom and ChoicePoint, which keep a database of 18 billion records.
ChoicePoint, used by financial services groups and every government law enforcement agency, aggregates information from publicly available records -- including telephone directories, bankruptcy filings, business license registrations and court filings -- to create comprehensive reports on individuals.
"The new system will be like shopping for a diamond bracelet at Tiffany's," said Chet Lunner, spokesman for the Department of Transportation. "Tiffany's will let you buy the bracelet after swiping your credit card. But if the credit card authorization shows you have a history of ripping off jewelry stores, then you won't get the bracelet."
But privacy advocates worry the new system is too invasive, despite assurances from the government that citizens can easily remove incorrect information.
"It's a giant suspicion-generating machine with no oversight agency," said Lee Tien of the Electronic Frontier Foundation. "This is a system where people are being asked to make an enormous down payment in terms of a loss of privacy for a questionable payoff."
CAPPS I, introduced in 1997, was primarily used to select passenger baggage for additional screening prior to the Sept. 11 terrorist attacks. The system's use was then expanded and augmented with a "no-fly" list, though both the TSA and its critics disparage the current system.
"The current system is old and clumsy and its workings have been compromised by publicity post-9/11," said Lunner. "Presently it's possible to be stuck in the computer system if you have the same or a similar name to someone on the no-fly list. We want to create a prompt responsive system for citizen complaint resolution."
The new system calls for hiring an ombudsman who has the authority to investigate complaints, and bringing in an outside auditor, Lunner said.
The agency will spend $80 million this year to replace the current system's triggers, such as a one-way ticket purchase paid in cash, with neural networks, or fuzzy logic decision trees, that can detect more subtle indicators of a potential threat.
The idea of computers acting on hunches vexes Tien.
"The holy grail is that these systems will learn and adjust their suspicion calculators on their own, untethered from human input," he said. "But if you can't document the basis for a score or a decision, then you have a serious due process problem."
The TSA awarded preliminary grants last spring to Lockheed Martin, Infoglide Software, Ascent Technology and HNC Software, none of which responded to requests for comment.
Ben Bell, who led the Foreign Terrorist Tracking Taskforce at the Department of Justice, will run the program through the newly created Office of National Risk Assessment.
However, the program could be frozen if the proposed Data-Mining Moratorium Act passes.
The database-matching plan remains open for public comment until Feb. 24.