 May 07, 2003
Steve McHale, deputy administrator of the Transportation Security Administration (TSA) in that department, told a European Parliament committee in Brussels that TSA is committed to building the "most stringent state-of-the-art privacy controls" into the new version of Computer Assisted Passenger Prescreening System, knows as CAPPS II, which aims to prevent terrorists from boarding commercial airplanes. He said May 6th that the system will "minimize the amount of information on travelers coming into the system, collecting only the information needed to authenticate the passenger's identity and conduct a risk assessment." Lockheed Martin Management and Data Systems is assisting TSA in developing CAPPS II, which will confirm a passenger's identity and identify any potential terrorism-related threat to aviation in less than five seconds, according to a March 11th TSA news release. TSA emphasized that CAPPS II will use commercial databases that are routinely employed by private enterprises in hiring or market research. McHale said that CAPPS II will be equipped with a system of "firewalls" to ensure the security of passenger data. "Commercial data companies assisting with the authentication process will not acquire traveler personal information and TSA will not have access to data about passengers from commercial databases," he said. McHale said that the system will not profile passengers, conduct surveillance, or employ sophisticated automated data analysis techniques such as data mining. Nor will it use ethnic, religious or racial data in selecting passengers for additional security checks, he added. McHale said that TSA will operate CAPPS II under a "strict privacy protection protocol" worked out through discussions with privacy advocacy groups and the general public, and establish a "comprehensive" complaint process to enhance passenger rights. McHale was responding to concerns raised by EU officials and European privacy groups about the adequacy of passenger data protection in the airline security regime introduced in the United States after the September 11, 2001, terrorist attacks in New York and Washington. During the same hearing another U.S. official assured the commission that the data the U.S. authorities receive through passenger name record (PNR) will be processed fairly and lawfully for a "specified and legitimate purpose." Passenger name record is the generic name for the files created by airlines for each journey any passenger books. These files are stored in the airlines' reservation and departure control databases. The aviation security law enacted by Congress in November 2001 requires all airlines operating in the United States to provide U.S. border authorities with electronic access to PNR. In February the United States and the European Commission reached an interim agreement that would allow European airlines to comply with this requirement without compromising EU privacy laws. The two sides also agreed to continue to work toward a bilateral agreement to reconcile, if necessary, U.S. requirements with the EU data protection law. Some European parliamentarians argued that the interim agreement does not conform to this law and was reached under the threat of U.S. penalties. Subsequently, they called on the European Commission to suspend the agreement until it can be realigned with the European data privacy requiremnts.
Source of Information:
|