The ongoing controversy over who knew of which terrorist threats and when has
obscured one specific and telling finding from the commission investigating the
9/11 attacks. The commission revealed earlier this year that nine of the 19
hijackers were identified as safety risks by already-existing security measures
when they checked in for their flights. Luggage checked by those nine men was
inspected, but the killers boarded their flights with no trouble because none
were questioned or searched personally.
If security personnel couldn't employ information identifying suspect
passengers to keep even one of those killers from their mission, how can the
Bush Administration justify the proposed Computer Assisted Passenger
Pre-screening System II (CAPPS II), a massive surveillance program that would
create dossiers on every U.S. airline passenger? It's a critical time to
ask, for CAPPS II soon could compromise both the privacy and safety of most
On March 17, the federal government announced that it will require airlines
to collect and hand over selected information on all passengers to the Transportation Security Administration,
an agency of the "Homeland Security"
Department, to begin testing of CAPPS II.
This would initiate the largest surveillance program in U.S. history.
CAPPS II purportedly would help focus security resources by identifying
airline passengers who pose the greatest risk of committing terrorist acts. The
2 million or so passengers flying to or from a U.S. airport each day would
receive a risk assessment of green, yellow or red. Passengers rated green would
receive routine screening. A yellow rating generates additional scrutiny. Red
means say goodbye to your ticket and hello to law-enforcement agents--you won't
be boarding your flight.
Here's how it works: When you make a flight reservation, the booking agent or
airline records your name, address, phone number, date of birth and travel
destination (that's just for starters--the TSA could later expand the
requirements). The data goes to the TSA, which forwards it to a company
contracted to verify your identity. The TSA then feeds your data into a computer
program to generate your risk assessment using government databases and
So what criteria can label you yellow or red, and how does one challenge
inaccurate data? Incredibly, the TSA provides passengers no right to know why
they are deemed a security threat or to examine the accuracy of the government's
This is just one glaring problem cited recently by the U.S. General
Accounting Office (GAO) -- an independent investigative arm of Congress. A GAO report on the CAPPS II plan faulted the TSA for lacking
a credible budget, a timeline, adequate privacy protection policies, and any
procedure for citizens victimized by false data to correct their record. Of
eight critical concerns identified by Congress, the GAO said only one was
addressed adequately. TSA officials insist the failures could be corrected.
Since even the most narrowly devised criteria will produce far more false
positives than IDs of true security threats, CAPPS II is generating resistance
well beyond privacy watchdogs, including business travel associations. Among their concerns: If only 2
percent or so of passengers are coded red, as the TSA claims, 12 million people
would be detained annually!
To appease businesses, the TSA will test a "registered traveler program" this
summer whereby individuals able and willing to pay a fee and submit to a more
invasive background check will be given a special ID card that entitles them to
use an"express lane."
TSA officials claim CAPPS II has been scaled back in response to earlier criticism that
passengers would be forced to check their Fourth Amendment rights along with
their bags. The TSA initially will not collect credit histories, for example,
and promised to discard information soon after a passenger's travels.
This promise is meaningless, however, since the "Patriot Act" empowers the
government to procure these records at will from the contracted companies (which
may retain and sell those records). At a minimum, the government would be
creating dossiers of our lifetime travel histories. And though the information
the TSA says it will collect initially may seem inoffensive, the registered
traveler program would coerce people to "volunteer" much more information in
order to avoid second-class treatment and even longer airport lines.
Critics also are alarmed by TSA officials' admission of plans to employ CAPPS
II well beyond airports and for broader law enforcement purposes like catching
common criminals -- contradicting earlier promises to focus only on aviation
security. Some critics even question whether government may legally detain a
passenger unless a criminal charge can be filed against them.
A gift to terrorists?
The growing controversy over
privacy and civil liberties threatens to obscure another fundamental question:
can CAPPS II improve national security?
That's doubtful, for the weakness in its underlying logic renders the program
ineffective -- or worse. A legal advice column in the trade journal Travel
Weekly warned, "The system would be a terrorist's delight."
Why? CAPPS II proponents claim sacrificing privacy will allow most people to
check in with less hassle by enabling aviation security to focus on high-risk
passengers. Terrorist groups, however, easily could probe the system, determine
which travelers get green ratings and consistently minimal screening and take
advantage of that weakness.
Those members then could embark on a mission with greater confidence than
with a more random selection process or one that relies on well-trained
personnel to select passengers for intensive scrutiny.
And does any TSA official honestly believe that terrorists can't obtain a
false identification -- available on any college campus or over the internet?
According to federal investigators, at least two of the 9/11 hijackers'
passports "were clearly doctored." It's hard not to suspect they'll announce the
obvious later: the system is easily gamed, and Americans must therefore submit
to a national ID card connected with a database of fingerprints or retina scans.
Even the GAO report raises this scenario.
CAPPS II does have one sound premise: profiling of some kind can help
allocate passenger screening resources most effectively. It goes wrong in
relying so heavily on technology. Observation and questioning by a trained human
being (which admittedly could generate other concerns) can reveal tip-offs that
no computer ever will catch. Yet personal questioning of travelers who
raise suspicion -- the most critical component of an effective security program
for Israeli airline El Al (widely considered the most secure airline in the
world) -- is not even under serious discussion.
Why? Real security is not as "efficient" as placebos. We often are sold a
largely false choice: that we must sacrifice freedom or privacy to be secure.
Speed vs. safety, however, is a genuine trade-off. Effective passenger profiling
would result in some delays and inconveniences, impeding airline profits. Hence,
the airline industry welcomed the installation of million-dollar x-ray scanners
in more than 400 airports to check for luggage bombs, despite the intrinsic
inability of x-rays to detect explosives.
Ironically, this is the one security realm where technology could provide
help. But rather than investing in machines capable of detecting traces of
explosives from outside luggage, Homeland Security officials and airlines
preferred to project the illusion of increased safety.
Each expansion of federal power is framed as "fighting terror," but the most
effective terrorism prevention rarely demands sacrifices of our liberty. Such
measures as securing cockpit doors, strengthening cockpit security procedures,
and banning such potential weapons as box-cutters were all sensible moves that
left freedom completely unscathed.
The corporate profit motive vs. safety
which prevents a bag from flying unless its owner also is aboard, is an
effective measure that long has been standard practice in many countries. But
U.S. airlines have blocked full implementation domestically, claiming extra
costs from resulting flight delays would be crippling. This takes some nerve
after grabbing more than $14 billion in taxpayer subsidies above and beyond the
$1 billion in losses that were attributed to post - 9/11 shutdowns.
Although bag matching can't prevent a suicide bombing, unaccompanied luggage
bombs caused three of the worst air disasters of the 1980s including the
deadliest airline bombing ever, 329 deaths on Air India flight 182. Until 9/11,
the airline industry blocked requirements for secure cockpit doors despite 30
documented cockpit intrusions in the two years preceding the attack.
The role of corporate profit-seeking in creating the vulnerabilities that
enabled 9/11 remains remarkably under-reported.
We should seek further improvements in airline security, but focusing
backward on where terrorists last attacked, rather than identifying and securing
other vulnerable targets, may endanger our safety. "Even suicide terrorists are
extremely risk-averse," said Andrew Thomas, safety expert and author of
Aviation Insecurity . "They may perceive glory in killing, but not in
getting caught." So as passenger security improves, would-be terrorists
increasingly will seek less risky targets, thus demanding we shore up
vulnerabilities in other realms (including non-passenger aspects of airport
Securing our vulnerabilities
Identifying a terrorist is
hard -- "much harder than simply finding needles in a haystack," one Homeland
Security official said. It's relatively easy, however, to identify and secure
vulnerable targets that terrorists could strike and cause catastrophic damage.
As the Spain subway bombing demonstrated, physical defenses never will
insulate us from harm, but we should pay particular attention to preventing the
most deadly scenarios, like attacks on chemical or nuclear plants. Determined
efforts at those sites could dramatically improve our resistance to both
terrorist threats and accidental catastrophes that could dwarf the carnage
wreaked on 9/11. Yet the Bush Administration seems determined to invite disaster
by eliminating federal enforcement of many safety standards at nuclear weapons
facilities to promote business efficiency.
CAPPS II may distract public attention from the truth that basic security and
intelligence failures -- not a lack of information or power by law enforcement
officials -- allowed the 9/11 tragedy to occur. What CAPPS II does not do,
however, is make us safer. Congress should stop funding CAPPS II and rethink how
to allocate our finite security resources in ways most likely to save lives.
The rest of us should scrutinize new "anti-terror" measures and defend
ourselves against the reflexes of the Bush Administration and Congress to extend
federal dominion in the name of security. Most officials promoting these
expansions of power may be well-intentioned, but ultimately their policies
endanger both our freedom and our safety.
Milchen directs ReclaimDemocracy.org, a non-profit
organization working to restore citizen authority over corporations (get a free
sample of their newsletter). Kaplan is active in the group's San Francisco
Bay Area chapter. A shorter version of this article was published 4/18 in the Chicago Tribune.
Take action: CAPPS II is under increasing attack from
across the political spectrum. Help keep the pressure building by mailing
a letter expressing your thoughts on CAPPS II to your U.S. Rep or Senator and consider enclosing a copy of this
article for the detailed background. This action is especially valuable if your
Representative sits on the House Aviation subcommittee.
© 2004 ReclaimDemocracy.org