Homeland Security

STATEMENT OF

JAMES C. MAY

PRESEIDENT AND CEO

OF THE

AIR TRANSPORT ASSOCIATION OF AMERICA, INC.

CONCERNING THE STATUS OF THE

COMPUTER ASSISTED PASSENGER PRESCREENING SYSTEM ("CAPPS II")

BEFORE THE

AVIATION SUBCOMMITTEE

OF THE

COMMITTEE ON TRANSPORTATION AND INFRASTRUCTURE

OF THE HOUSE OF REPRESENTATIVES

MARCH 17, 2004

The Air Transport Association has repeatedly expressed support for the development of appropriate measures to improve the Transportation Security Administration's ability to evaluate the security implications of those who present themselves for transportation on air carrier aircraft.  More particularly, we have supported the concept of the Computer Assisted Passenger Prescreening System (CAPPS II), which is under development by TSA.  Although we are not privy to the details of CAPPS II, it is envisioned to provide markedly more effective passenger screening capabilities for TSA, which should result in fewer security checkpoint delays for passengers.  This is a goal that we all share.   While the promise of CAPPS II is impressive, many significant issues concerning its nature, implementation, and personal privacy implications remain unresolved.   Any final judgment about CAPPS II, therefore, must await resolution of those issues.

Favorable resolution of those issues will require CAPPS II to meet three basic tests.  It must be efficacious, implemented economically and protect airline customers' privacy rights.  CAPPS II must be efficacious in the sense that it appreciably advances civil aviation security and does so efficiently.  CAPPS II must be implemented economically in the sense that it places minimal new demands on affected third parties, such as airlines, travel agents, and global distribution systems.  CAPPS II must protect airline customers' privacy rights because they are entitled to that protection and the public will not accept the program unless those rights are safeguarded.

Acceptance of CAPPS II will largely depend on the government generating public confidence, both in the United States and overseas, in the legitimacy of the System.  Importantly, however, public acceptance will also depend on a very practical consideration: avoiding CAPPS II-related delays during the reservation and airport check-in processes.  CAPPS II cannot be seen as contributing to the "hassle factor."  Achieving these objectives is imperative.  If they are not realized, the public could come to regard CAPPS II with suspicion or hostility. 

All of us in the commercial aviation community have a stake in this outcome.  If the public rejects CAPPS II, the very real risk could emerge that travelers will forgo the use of air transportation. 

             Fortunately, however, Congress has created benchmarks against which all concerned can evaluate CAPPS II as it proceeds through its developmental stages.  Congress in Vision 100 enacted two provisions, sections 607 and 608, which establish important pre-implementation certification and reporting requirements concerning CAPPS II.     Public Law No. 108-176, December 12, 2003.   Section 607 prohibits the Department of Homeland Security from proceeding beyond the test phase until the Under Secretary for Border and Transportation Security certifies to Congress that CAPPS II has met eight specified developmental, operational and personal privacy requirements.   The General Accounting Office last month submitted a report to Congress about the status of accomplishing those requirements.  U.S. General Accounting Office, Aviation Security:  Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges, GAO-04-385, February 2004.[1]  Section 608 of Vision 100 requires the Secretary of Homeland Security, after consulting with the Attorney General, to submit a report to Congress by March 12^th about the potential effect of CAPPS II on the privacy and civil liberties of U.S. citizens. 

            The February GAO report identified the ongoing challenges to the development of CAPPS II.   The report has attracted considerable attention because it described important CAPPS II developmental issues that remain to be completed.  Nevertheless, the GAO report and Vision 100's CAPPS II certification and reporting requirements demonstrate that authoritative evaluations of developmental, operational and privacy issues will be undertaken before CAPPS II is implemented.  This Congressional-ordered scrutiny should greatly facilitate public confidence in CAPPS II as it ultimately emerges as an operating system.

            That public acceptance would be greatly advanced if the scope of CAPPS II were narrowed.  The widespread impression is that CAPPS II is intended to assess the security risk that passengers pose and identify those who require additional security attention because of the possibility that they could commit acts of violence aboard a commercial aircraft.  In fact, however, the scope of CAPPS II as presently conceived would go beyond identifying potential terrorists or hijackers.  It would also include those with outstanding state or Federal arrest warrants for crimes of violence.   The desirability of identifying such individuals is beyond dispute but this remains a federal law enforcement responsibility.  The problem, however, is that the acceptability of CAPPS II will depend on convincing the public of its unbreachable, tightly focused purpose.  Including a surveillance system for a non-terrorist category of individuals could undermine achieving that support.

Implementation Considerations

Implementation and application of CAPPS II will impose substantial new requirements on passengers, airlines and other reservation and distribution entities.  Passenger name records do not contain all the categories of information that TSA contemplates will be required for CAPPS II.  CAPPS II will consequently require airlines to change significantly their practices for acquiring information from customers. 

The essential implications about the anticipated CAPPS II passenger information collection requirements are:

·        Airline reservation systems and the reservation systems of global distribution systems and online reservation systems will have to be reprogrammed to respond to the new information collection requirements. This will create substantial new resource demands on airlines and other providers of reservation services.  

·        Because of the necessary reservation system reprogramming and revision of reservation agent practices to accommodate CAPPS II, airlines will need to know the technical requirements for and implementation schedule of CAPPS II well in advance of its startup.  TSA, however, has not yet provided airlines with specifics about the CAPPS II system architecture and initially suggested that the system would pull the required data elements from computer reservation systems.  Representatives from the Office of National Risk Assessment now indicate that reservation systems will be required to push data to TSA's CAPPS II system, which will result in additional programming and operating costs for airlines and other reservation system operators.

·        The required CAPPS II information, which must be collected from every passenger, will be more intrusive for the passenger than today.

·        Information in many instances will be obtained from passengers orally and entered manually into reservations systems.  Reservation call "talk time" will increase markedly, affecting the length of time a consumer is on a reservation call and the cost of such calls to air carriers.  This will not only impose greatly expanded resource demands on airlines, it will also place new demands on the time of customers.  

·        Airlines do not control third parties, such as travel agents and online booking entities, through which the majority of air transportation is purchased.  Any failure of such a party to obtain mandated information will have to be remedied at the airport, which will delay passenger processing and inconvenience customers.

·        Airlines are concerned about the potential international applicability of CAPPS II.  This is a serious consideration which must be addressed because foreign governments presumably would be responsible for conducting additional screening of selectee passengers if CAPPS II is applied overseas.

One of the foregoing points bears special emphasis: because the majority of reservations are made through third parties, most notably travel agents, airlines often do not have direct contact with the passenger until he or she arrives at the airport.  This means that airlines cannot assure that information is collected from such customers at the time of reservation.  Any CAPPS II rule must recognize this fundamental characteristic of airline distribution and mandate that third parties collect needed information at the time of their first contact with the customer.  The failure to do so will result in serious delays for airline passengers at airport check-in, where airline customer service agents will have to collect from them the information that is necessary for CAPPS II.

The foregoing is not meant to be an exhaustive explanation of the implications of the mandatory collection of CAPPS II passenger information.  It is intended, instead, to underscore that changes in the reservation and passenger processing environments will have substantial consequences, including added expenses and the likelihood of increased customer processing times.

Privacy Considerations

Customers must be confident about the legitimacy of the government's access to, handling of and disposition of personal information that it will use in evaluating them.  Legitimacy in this context intertwines both the issues of the effectiveness of the System's privacy protections and the efficacy of CAPPS II, which we discussed above.  Concern about the legitimacy of CAPPS II was evident in public comments reacting to TSA's January 15, 2003 Privacy Act-related notice of proposed rulemaking.  68 Fed. Reg. 2002 (Jan. 15, 2003); see Department of Transportation Docket OST-1996-1347, accessible at http://dms.dot.gov.  TSA, to its credit, has responded to the critical public comments that it received about that proposal.  TSA in its August 1, 2003 interim final Privacy Act notice clarified its intentions about the application of CAPPS II and modified several of the System's routine uses to respond to concerns expressed in those comments.  See 68 Fed. Reg. 45265, 45267-68 (Aug. 1, 2003).   

Even with the modifications that TSA described in its interim final Privacy Act notice, however, CAPPS II will require airline customers to sacrifice an appreciable amount of privacy if they are to be permitted access to air transportation. 

The implication of this is clear.  If the public is not comfortable with the various facets of CAPPS II, its acceptance will be imperiled.  Were that to occur, air transportation would suffer because some passengers would regard the privacy demands of CAPPS II as personally too costly to justify traveling by air.  Thus, the government's development of CAPPS II personal data privacy protections should be thorough and its explanation of those measures should be clear.  In addition, it should be made clear who within TSA will have access to the information gathered under the program.

TSA discussed these matters in its interim final Privacy Act notice.  We foresee, however, that this will be an important, persistent concern of the public.  Indeed, this predictable concern is likely to be more pronounced because of the involvement of commercial entities in the CAPPS II passenger authentication process.   Such an explanation from TSA, therefore, would allay the very understandable concern about whether the scope of an authorized individual's access to and use of information will be as limited as practicable and directly tied to her or his aviation security responsibilities.  TSA should also explain what penalties will be imposed for unauthorized access to or misuse of that information. 

            We also believe that when CAPPS II is implemented the TSA needs to notify the public on its Web site and through other channels of the measures that it has undertaken to assure the privacy of passenger information.  TSA is the only authoritative source of such an assurance.  Consequently, providing such notices should not be the responsibility of airlines.

Registered Traveler Program

In the aftermath of 9/11, ATA suggested the creation of a "trusted" traveler program.  Our view then, and it continues today, is that more should be known of those presenting themselves for air transportation.  Greater attention should be paid to who the passenger is, rather than continuing to rely disproportionately on the screening of objects to provide aviation security.   For that reason, recent indications from TSA that it is considering a registered traveler program are intriguing.  More, however, needs to be known about such a program before it proceeds.  In particular, its benefits need to be clearly articulated and who will pay for it needs to be determined; our view is that airlines should not be required to pay for it.  These issues should be resolved promptly so that all concerned can determine if this is a viable concept.

International Considerations

There is an important international component of the CAPPS II data privacy issues.  The Department of Homeland Security and the Department of State have met with European Commission data protection officials to discuss privacy issues associated with the Bureau of Customs and Border Protection's access to passenger name record data for customers on flights to the United States.  Those discussions, which were recently completed, have highlighted European concerns about the adequacy of U.S. data privacy protection practices.  European authorities have specifically expressed those same concerns about CAPPS II.  We hope that U.S. and EC officials can agree in their future discussions on data protection principles that will be applicable to CAPPS II when it is introduced and thereby eliminate the possibility that U.S. airlines will be caught between conflicting U.S. and EC regulatory requirements.

******

We believe that public acceptance, both in the United States and overseas, of CAPPS II will depend on the Federal government's assurance of suitable privacy protections and passengers' understanding of them.  We also believe that the implementation and operational issues associated with CAPPS II need to be clearly recognized and addressed before the startup of the system is authorized. These are indispensable considerations in the development of CAPPS II.