A CAPPS by Any Other Name

The controversial Secure Flight passenger pre-screening system, or CAPPS III as some have dubbed it, is riddled with faults and should be shelved until it meets strict criteria laid out by Congress.

That's according to Rep. Loretta Sanchez (D-California), members of the American Civil Liberties Union and computer security expert Bruce Schneier, who held a press call Thursday to bring attention to an upcoming report by the Government Accountability Office, which they hope will fault Secure Flight for failing to meet several criteria for its implementation required by Congress.

The GAO report, which was mandated by Congress last year in the Department of Homeland Security Appropriations Act of 2005, is likely to be released Monday. But Sanchez and others said they were concerned that the Transportation Security Agency, which will implement Secure Flight, is trying to ignore Congress by taking steps to roll out the system on two national airlines this August, before the program can be certified by the GAO or cleared by Congress.

Sanchez also said they were speaking out now out of concern that the GAO could be pressured to certify Secure Flight before it's ready to go forward.

TSA spokeswoman Amy Von Walter would not comment on the GAO report's contents before its release, but she said the TSA had been working closely with Congress and the GAO "to ensure we are meeting their requests and requirements as we move through the testing phase" and that they would continue to do so "to ensure they're in agreement before implementing the program in August."

Although there has been some talk that the August rollout might be only a test, Von Walter confirmed that it is the first stage of officially implementing Secure Flight. The TSA had yet to determine which two airlines would participate in the rollout.

Currently, airlines screen individual passengers, rejecting or singling out some for extra screening if their name or a name similar to theirs appears on a government watch list. Under Secure Flight, that screening will now be in the hands of the TSA. Airlines will be required to provide passenger records to the TSA, which will also use third-party commercial databases to screen passengers against a unified watch list.

The use of commercial databases, like those sold by the recently beleaguered ChoicePoint, has created controversy because the data contained in such databases is often incorrect.

Von Walter said the TSA had not concluded that it would use commercial databases.

She said the TSA had recently completed testing on name records supplied by airlines from June 2004. And last Friday the agency began testing commercial data to determine if it could assist in verifying the identity of passengers. The tests are expected to be completed in late April, at which time the TSA will determine whether to use commercial data in August. The agency will release information about the tests to the public when the analysis is completed.

Tim Sparapani, legislative counsel for the ACLU, does not think the TSA will be able to meet requirements set out by Congress for Secure Flight by August.

He acknowledged that his group had no direct knowledge of what the GAO report will say or whether the GAO planned to certify Secure Flight, but he said Secure Flight had all the same problems that doomed CAPPS I and CAPPS II. By changing only the program's name, the government has done little to address the issues that drew so many previous complaints about the passenger-screening programs, he said.

"They have a lot of work to do," he said. "Even if they've made some progress, the message should be to slow down. Get this right. Do the hard work. Scrub the list so that they're really focused on terrorists and not on other junky names before you roll out."

Among the problems Sparapani cited was the system's lack of transparency. He said the TSA still had not developed a viable process whereby innocent passengers could determine how they got on a no-fly or watch list and clear their names effectively. Even in private conversations with the TSA, members of Congress still had not received sufficient answers about what criteria or formula is used for placing people on a list.

"To the extent that these watch lists are bloated (and) they're over-inclusive, it's an ineffective terrorism-protection method, which only gives us the illusion of improved security without providing any of the real benefits," he said.

Bruce Schneier, founder and CTO of Counterpane Internet Security and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World, said the system was likely to be riddled with two kinds of false positives: "the Ted Kennedy problems, (in which) I'm not on the list but my name is or a name similar to mine is," and "the Cat Stevens problem, (in which) I'm on the list, but we have no idea why."

TSA's Von Walter said the TSA had recognized that there were problems with CAPPS I and II in that those programs placed the onus for screening passengers on airlines, and she said the TSA had addressed that with Secure Flight. She also said the agency is fully committed to having redress procedures in place to help falsely targeted passengers determine how they got onto a list and how they could get off.

"The purpose of Secure Flight is to reduce the number of passengers who are unnecessarily delayed during the check-in process," she said. "And in fact we believe that the program of Secure Flight will not only reduce that number of passengers who are delayed but also will reduce the number of passengers identified for additional screening."

But Schneier said the system was also riddled with security holes that terrorists could easily exploit by flying under an assumed name or by printing a boarding pass under another name, as a recent story illustrated.

"I believe that whenever you build a security system with an easy way through and a hard way through, you invite the bad guys to take the easy way," he said.

Schneier, who serves on an advisory board for the TSA -- the Secure Flight IT/Privacy Working Group, which is looking into the privacy implications of Secure Flight -- said that although the system had improved somewhat since CAPPS I and II, ultimately any system for matching airline passengers against a watch list is an ineffective way to spend security dollars.

"Let's say you had a list of people who are known terrorists and very dangerous.... Would you either build a passive system to wait for these people to get onto an airplane or would you hire a bunch of FBI agents to go and investigate these people?" he asked. "Building a system that only works if they happen to get on an airplane ... seems like a really bad way to spend money."