Computer Assisted Passenger Prescreening System (CAPPSII)

TSA cancelled CAPPS II in August 2004 and announced its new initiative - Secure Flight.

The enhanced Computer Assisted Passenger Prescreening System (CAPPS II) is a limited, automated prescreening system authorized by Congress in the wake of the Sept. 11, 2001 terrorist attacks. The system, developed with the utmost concern for individual privacy rights, modernizes the prescreening system currently implemented by the airlines. It will seek to authenticate travelers' identities and perform risk assessments to detect individuals who may pose a terrorist-related threat or who have outstanding Federal or state warrants for crimes of violence.

CAPPS II will become a critical element in TSA's "system of systems" approach to security which includes thorough screening of baggage and passengers by highly trained screeners, fortified cockpit doors in all airliners, thousands of Federal Air Marshals aboard a record number of flights, and armed Federal Flight Deck Officers.

Under CAPPS II, airlines will ask passengers for a slightly expanded amount of reservation information, including full name, date of birth, home address, and home telephone number. With this expanded information, the system will quickly verify the identity of the passenger and conduct a risk assessment utilizing commercially available data and current intelligence information. The risk assessment will result in a recommended screening level, categorized as no risk, unknown or elevated risk, or high risk. The commercially available data will not be viewed by government employees, and intelligence information will remain behind the government firewall. The entire prescreening process is expected to take as little as five seconds to complete. Under the revised plan as of July 31, 2003 , TSA will not allow commercial data providers to acquire ownership of passenger name records, or to retain or commercially use those records or passenger scores. Also, CAPPS II will not use bank records, records indicating creditworthiness or medical records.

Once the system has computed a traveler's risk score, it will send an encoded message to be printed on the boarding pass indicating the appropriate level of screening. Eventually, the information relevant to the appropriate screening process is planned to be transmitted directly to screeners at security checkpoints.

In the rare instances where a particular traveler has been identified as having known or suspected links to terrorism or has an outstanding Federal or state warrant for a crime of violence, appropriate law enforcement officers will be notified (so-called "red" passengers are said to be flaged just a few times out of the two million airline passengers per year). A small percentage of passengers will require additional screening at the security checkpoint (so-called "yellow" passengers recieve a hand-held wand scan). The vast majority of travelers will go through the normal screening process (so-called "green" passengers).

DHS plans also call for establishing a Passenger Advocate Office for passengers to contact if they believe CAPPS II has inaccurate information about them. The Advocate will work on behalf of passengers to identify the source of any erroneous data and take appropriate corrective action.

Some critics have erroneously contended that a parking ticket or late credit card payment would keep someone from flying. This is simply inaccurate. Indeed credit ratings - bad or good - will not lead to enhanced scrutiny at the airport.

Under the terms of a competitively awarded contract, Lockheed Martin Management and Data Systems (Lockheed) will assist TSA in developing the passenger risk assessment and prescreening system. Lockheed will develop, integrate, deploy and operate for TSA, a Risk Assessment System through a five year task order contract that provides flexibility to TSA to accomplish the goals as outlined in the Aviation and Transportation Security Act.

A vital element of TSA's layered approach to security is to ensure that travelers who are known or potential threats to aviation are stopped before they or their baggage board an aircraft. CAPPS II is an integral part of that approach. It provides:

A stronger prevention system - CAPPS II will provide a more reliable screening result than is provided by the current airline operated prescreening system. It will seek to authenticate a passenger's identity and conduct a risk assessment. It also allows for updates as new intelligence is received and the threat level is modified. Shorter waits at checkpoints -- By reducing the number of selectees requiring additional screening, CAPPS II will help speed up the screening process for the vast majority of travelers. Focus for resources -- CAPPS II will enable DHS to focus its screening resources and as DHS is better able to assess the potential risks to passengers and aircraft, it will be able to allocate resources such as the Federal Air Marshals.

CAPPS II is scheduled to be implemented after testing and after Congressional requirements are met.

Most passengers will notice little change in the check-in process. Many will actually see improvements. For example, some travelers who receive secondary screening today because they are flagged in the outdated CAPPS I system will no longer be flagged and inconvenienced under the more sophisticated CAPPS II system. CAPPS II will improve aviation security because screening decisions will be more closely aligned with current intelligence information and threat levels.

CAPPS II Obstacles

As of January 1, 2004, TSA has not fully addressed seven of the eight CAPPS II issues identified by the Congress as key areas of interest, due in part to the early stage of the system's development. These issues relate to (1) the effective management and monitoring of the system's development and operation and (2) the public's acceptance of the system through the protection of passengers' privacy and enabling passengers to seek redress when errors occur. The Department of Homeland Security (DHS) has addressed one of the eight issues by establishing an internal oversight board to review the development of major DHS systems, including CAPPS II. DHS and TSA are taking steps to address the remaining seven issues, however, they have not yet

• determined and verified the accuracy of the databases to be used by CAPPS II,
• stress tested and demonstrated the accuracy and effectiveness of all search tools to be used by CAPPS II,
• completed a security plan to reduce opportunities for abuse and protect the system from unauthorized access,
• adopted policies to establish effective oversight of the use and operation of the system,
• identified and addressed all privacy concerns, and
• developed and documented a process under which passengers impacted by CAPPS II can appeal decisions and correct erroneous information.

CAPPS II also faces a number of additional challenges that may impede its success. These challenges are developing the international cooperation needed to obtain passenger data, managing the expansion of the program's mission beyond its original purpose, and ensuring that identity theft-in which an individual poses as and uses information of another individual-cannot be used to negate the security benefits of the system. The GAO believes believe that these issues, if not resolved, pose major risks to the successful development, implementation, and operation of CAPPS II.