Focusing public attention on emerging privacy and civil liberties issues

Passenger Profiling

Latest News

  • Homeland Security Revised Traveler Screening Violates Federal Privacy Act: The Transportation Security Administration and Customs and Border Protection, components of the Department of Homeland Security, have announced plans for agency record disclosures without Privacy Act notifications. The agencies Common Operating Picture ("COP") program would permit TSA and CBP to exchange personal information held by the agencies to place travelers on federal watch lists. Although TSA and CBP have proposed new uses for personal data, the agencies have declined to solicit public comments as required by the Privacy Act. Currently, the agencies use the Automated Targeting System to perform "risk assessments." EPIC has called for DHS to suspend "risk-based" passenger profiling and to make public the algorithms that are used to assess travelers. For more information, see EPIC: Secure Flight, EPIC: Passenger Profiling, and EPIC: Air Travel Privacy. (Feb. 10, 2014)
  • Government Audit Finds TSA's Behavioral Analysis Program "Ineffective": The Government Accountability Office issued a report to Congress finding that the Transportation Security Administration's behavioral analysis program, known as "Screening of Passengers by Observation Techniques" (SPOT), is ineffective. The GAO determined that there is no scientifically valid evidence for behavior indicators, and that TSA screeners cannot reliably interpret passenger behavior. The GAO report also notes that the there have been significant concerns over racial and ethnic profiling. There are around 3,000 TSA officers currently assigned to the SPOT program, which has cost approximately $900 million since 2007. The GAO recommended the Congress reduce further funding of the program. In testimony before the 9/11 Commission in 2003, EPIC warned that "It is easy to construct a device that can determine whether a person is carrying a gun before he boards an airplane. It is much more difficult to construct a device that can probe his thoughts and determine his intent to commit a crime." Since that time, EPIC has objected to the DHS's practice of assigning threat profiles based on race, ethnicity, and gender. EPIC has also called upon the TSA to undertake a comprehensive audit of the civil rights impact of airport screening policies on racial and religious minorities. For more information, see EPIC: Passenger Profiling. (Nov. 14, 2013)
  • EPIC Objects to Secret Profiling of Air Travelers: EPIC has submitted comments to the Department of Homeland Security, objecting to the agency's plan to secretly profile U.S. air travelers and remove Privacy Act safeguards. The DHS proposed to exempt TSA PreCheck from the federal privacy law. The PreCheck database contains detailed personal information, including name, birthdate, biometric information, Social Security Number, and financial information. The TSA plans to release applicant data to federal, state, tribal, local, territorial agencies and foreign governments. However, the TSA proposes to remove the rights of PreCheck applications concerning notification, access, and correction. The agency also intends to keep secret the basis for approving PreCheck applicants. EPIC described the substantial privacy and security risks of Precheck, urged the DHS to narrow the Privacy Act exemptions, and recommended that the DHS withdraw routine use disclosures. For more information, see EPIC: Secure Flight, EPIC: Passenger Profiling, and EPIC: Air Travel Privacy. (Oct. 10, 2013)
  • TSA Resurrects Use of Commercial Data for Passenger Screening: The TSA is considering the use of commercial data to screen passengers, a controversial practice that was previously blocked in Washington. In 2005 Congress suspended funding for Secure Flight, a program that relied on the use of commercial data, after EPIC, the General Accounting Office, and others identified security and privacy vulnerabilities. TSA's current effort also comes as the Federal Trade Commission is studying the practices of the data broker industry. For more information, see EPIC: Secure Flight and EPIC: Passenger Profiling. (Jan. 17, 2013)
  • EPIC Calls for Suspension of Homeland Security's "Risk-based" Profiling System: EPIC submitted comments to Customs and Border Protection, a component of the Department of Homeland Security, urging the agency to suspend the Automated Targeting System. Although the System was initially created to screen shipping cargo, the agency now monitors individuals, and creates "risk-assessment" profiles on Americans who are not suspected of any crime. The agency makes determinations about individuals based on such factors as race, ethnicity, and gender. The agency even collects information on political opinions and religious beliefs. An unfavorable "risk-based" evaluation by ATS m can subject individuals to investigation, government surveillance, and denial of the right to travel. For more information, see EPIC: Automated Targeting System, EPIC: Passenger Profiling, and EPIC: Air Travel Privacy. (Jun. 22, 2012)
  • EPIC Joins Coalition Seeking Audit of TSA Racial Profiling: Over 30 organizations, including EPIC, have asked DHS Secretary Janet Napolitano to undertake an independent audit of the TSA to determine whether TSA airport screeners are engaged racial profiling. According to news reports, TSA agents have subjected Mexican, Dominican, and Sikh travelers to additional screening based solely on race. In EPIC v. DHS, a federal court of appeals in July ordered the TSA to undertake a formal rulemaking, but the agency has yet to solicit comments from the public on its airport screening procedures. For more information, see EPIC: Air Travel Privacy and EPIC: Passenger Profiling. (Dec. 5, 2011)
  • EU and US Groups Object to EU-US Passenger Data Agreement: Over 20 organizations in the EU and the US have sent an open letter to the European Parliament, opposing a new agreement that would allow European companies to transfer the personal data of European travelers to the United States government in apparent violation of the EU Data Protection Directive. The European Court of Justice struck down the original Passenger Name Record (PNR) agreement in 2006 after members of the European Parliament charged that there was no legal basis to disclose the data to the US. The revised agreement is still subject to approval by the Parliament, which has also gained new legal powers since the earlier dispute. For more information, see EPIC: EU-US Airline Passenger Data Disclosure, EPIC: Air Travel Privacy, EPIC: Passenger Profiling. (Dec. 5, 2011)
  • EPIC-led Coalition Calls For Suspension of Secret Government Watchlist: EPIC and a coalition of privacy, consumer rights, and civil rights organizations filed a statement to the Department of Homeland Security. The group opposed proposed changes to the Watchlist Service, a secretive government database filled with sensitive information. The agency has solicited comments on the program, which entails developing a real-time duplicate copy of the database and expanding the groups and personnel with immediate access to the records. The groups focused on the security and privacy risks posed by the new system, as well as The Privacy Act. Passed by Congress in 1974, the Act requires DHS to notify subjects of government surveillance in addition to providing a meaningful opportunity to correct information that could negatively affect them. EPIC has testified before Congress and published a "Spotlight on Surveillance" report about the Watchlist program. For more information, see EPIC: Secure Flight and EPIC: Passenger Profiling. (Aug. 5, 2011)
  • Top European Justice Official Opposes Body Scanners: In widely reported remarks, Viviane Reding, the Justice Minister for the 27-member European Union, has expressed opposition to the US proposal to deploy body scanners. Minister Reding told the European Parliament, "Our citizens are not objects. They are human beings." Ms. Reding also emphasized data protection and the Charter of Fundamental Rights, which establishes new rights for EU citizens, including a right to information privacy. Previous post-9/11 disputes between the US and the EU have involved the transfer of Passenger Name Records and financial information. For more information, see EPIC Passenger Profiling. (Jan. 12, 2010)
  • Registered Traveler Program Halted After Data Breach. The Clear registered traveler program suffered a security breach when a laptop was stolen. The laptop contains unencrypted personal information regarding approximately 33,000 travelers, including names and addresses, as well as passport and driver's license numbers. Government officials suspended new applications to the registered traveler scheme in the wake of the data theft. The Clear program permits users to bypass normal airport security lines after they enroll and undergo a background check. EPIC has warned of the privacy and security risks posed by registered traveler programs. (Aug. 5, 2008)
  • Spotlight: Secure Flight Should Remain Grounded. EPIC's Spotlight on Surveillance project focuses on the Secure Flight traveler prescreening program. Introduced in 2004, the Secure Flight has been roundly criticized (pdf) and the system was suspended in 2006, because it contained massive security and privacy vulnerabilities. Though Secure Flight has been revamped, it remains fundamentally flawed. The core of the program rests on watch lists so full of errors that the Department of Justice's Inspector General (pdf) has suggested that there is "a deficiency in the integrity of watchlist information." EPIC's Spotlight on Surveillance on Secure Flight. (September 28, 2007)
  • EPIC Recommends Continued Suspension of Secure Flight Traveler Prescreening Program. In comments (pdf) to the Department of Homeland Security, EPIC urged the agency to either continue to suspend or significantly revise its system of records notice for the Secure Flight program. EPIC explained that the watch lists that Secure Flight used to screen passengers were so error-filled that the Department of Justice Inspector General indicated (pdf) "a deficiency in the integrity of watchlist information." Also the proposed redress procedures are "poor substitutes" for the Privacy Act's judicially enforceable rights of access and correction. DHS suspended Secure Flight in 2006 for a "comprehensive review." Though substantial changes have been made, the program is still full of problems, and EPIC recommended the agency continue Secure Flight's suspension until the problems can be addressed. See EPIC's Secure Flight page. (Sept. 24, 2007)
  • Secure Flight Delayed Until 2010. Implementation of Secure Flight, a federal passenger screening program, will be delayed until 2010, at least five years behind schedule, according to the Transportation Security Administration. Secure Flight was suspended a year ago after two government reports detailed security and privacy problems. One report (pdf) found 144 security vulnerabilities. About $140 million has been spent on the program, and the TSA is seeking another another $80 million for proposed changes. For more information, see EPIC's page on Secure Flight. (Feb. 23, 2007)
  • EPIC Recommends Privacy Safeguards for Traveler Screening Program. In comments (pdf) to the Department of Homeland Security, EPIC urged the agency to fully apply Privacy Act requirements of notice, access, and correction to the new traveler redress program and the underlying watch list system. Instead of following the Privacy Act, the agency is asking the public to rely on its "internal quality assurance procedures." EPIC explained that these procedures aren't working and cited a government report (pdf) that found significant problems with the handling of personal information and violations of privacy laws by DHS. Tens of thousands of people have applied for redress after being mistakenly matched as federal officials have struggled to trim the bloated watch lists. (Feb. 20, 2007)

Overview

The second-generation Computer Assisted Passenger Pre-Screening System (CAPPS-II) proposes to sort all airline passengers into different categories by assigning a risk assessment "score" to each passenger: green for minimal, yellow to spark heightened security procedures, and red for those judged to pose an acute danger, who would be referred to law enforcement for possible arrest. At the core of CAPPS is the idea to focus scrutiny on the "high-risk" passengers while simultaneously reducing the hassle factor for "low-risk" travelers.

The first generation CAPPS was introduced in 1996 as a stop-gap measure prior to the full screening of all bags for explosives. The second generation system that is currently in development purports to improve the screening of both dangerous things and people by relying on experimental data-mining algorithms to find patterns in the government and commercial databases available on individuals. In the future there is a risk that a CAPPS-II system might be deployed for the government to control access to all forms of transportation, including ships, trains, and buses, and might also encompass government buildings and public spaces.

CAPPS-II originally shared many of the same elements of the now defunct Defense Department's "Total Information Awareness" program, which aimed at profiling innocent people. While there is an important threshold question if any of these profiling programs will actually be effective, there is also a vital need to engage in a public debate over the appropriateness and the privacy and security risks of such systems. A crucial first step for the debate is greater transparency from the Transportation Security Administration (TSA). In January 2003, the TSA published a Federal Register notice announcing that the agency would create a new system of record called the "Aviation Security Screening Records" (ASSR) database. The notice described a system that would allow the government access to "financial and transactional data" as well as virtually unlimited amounts and kinds of data from other proprietary and public sources. The agency also indicated in that notice that many private and public entities might gain access to the personal information used in the passenger screening database. Yet the notice did not provide information about how passengers can challenge their "score" or otherwise seek redress for their treatment at airports if they think it is based on inaccurate information. The TSA issued a new Privacy Act notice (pdf) in July 2003 to take the comments it had received into account.

The TSA intended to test the profiling system with Delta Airlines in three mid-size airports in the Spring of 2003. However, Delta, after strong public opposition, decided not to provide its passengers' data. The TSA originally planned on rolling the system out nationwide by Summer 2004. They have thus far postponed that implementation until further notice, and testing until at least the end of 2004. Congress has begun to exercise their oversight power and the White House Office of Management and Budget is questioning the program's effectiveness. EPIC is actively engaged in open government law litigation to assist public oversight of the program and will make documents available through this web site.

History

The first generation CAPPS (CAPPS-I) was developed in 1996 by Northwest Airlines as a temporary measure to assist in passenger bag screening. A string of airline bombings from the 1970s, including Air India and Pan Am, prompted European airports to install explosive detection systems (EDS) to screen all bags and to create a passenger bag-matching program so that a passenger and his or her bags traveled on the same flight. American airlines and airports, who had primary responsibility for aviation security unlike the Europeans, resisted the introduction of EDS and passenger bag-matching citing the high costs and severe disruption to domestic airline traffic. The deadly crash of TWA Flight 800 in 1996, however, prompted American airlines to re-examine their security policies. An Aviation Safety Commission was formed, headed by Vice President Gore, to investigate how the system could be improved.

The Gore Commission reviewed the need for screening all bags for explosives and whether a passenger bag-matching program should be instituted. The Commission also considered a proposal to selectively search people's baggage on the basis of their risk profile developed from a computer program. A civil liberties advisory panel was created to debate the implications of using such a profiling technology and how its impact on civil liberties could be measured and possibly mitigated. In 1998 the Gore Commission ultimately recommended the deployment of CAPPS-I as a temporary measure while airlines installed systems to screen all checked baggage. Passenger bag matching was instituted for all international flights, but was deemed too onerous and impractical for domestic flights. CAPPS-I would be used to find "selectees" on each flight whose checked baggage would be subjected to additional scrutiny. A certain percent of selectees would also be drawn at random.

The Federal Aviation Administration issued a Notice of Proposed Rule Making (see NPRM) on April 19, 1999 to implement CAPPS-I. The computer program at the heart of CAPPS-I is a rule-based system that is reported to assign scores to passengers on the basis of how much information is available on them. The information relied on for this score comes solely from information provided by the passenger to the airline, including payment information. The program resides on the airlines' computer reservation system. The system was supposed to be designed to not discriminate on the basis of constitutionally protected categories such as gender or race. The Justice Department reviewed the program and concluded that it the program's design did not violate civil rights. Nevertheless, the Justice Department was required to conduct periodic reviews of the system to ensure that in practice it did not have a discriminatory effect. There are no reports on how effective the first CAPPS program has been.

Technological Considerations

  • What pattern is the computer algorithm searching for, i.e. what facts or relations will give rise to the inference that a passenger is a risk?
  • How will the system deal with the problem of false postives and false negatives?
  • What is the data quality of the underlying databases? How accurate is the data and how will errors in those databases be corrected?
  • What security mechanisms will be in place to protect the data from unauthorized access?
  • How can the system's effectiveness be assessed?

Legal & Policy Considerations

  • What databases will be searched? How will the passenger profiling system comply with the Privacy Act of 1974? If commercial databases are used, does the collection and handling of the information follow the Privacy Act and Fair Information Practices?
  • How long will data be retained about passengers? What other government agencies or private entities will have access to the data or score?
  • What are the consequences of being flagged? How can an individual contest a risk score? What rights will individuals have to access records on them and correct errors? What type of due process rights will be incorporated into the system?
  • Is the system good at catching terrorists or is it more effective at other applications such as an all-purpose law enforcement stop? What will prevent mission creep?

EPIC Related Pages

News Items

Documents Obtained under the Freedom of Information Act (FOIA)

Resources

Previous Newss

  • Government Report: Thousands Misidentified on Watch Lists. More than 30,000 travelers have been mistakenly linked to names on terror watch lists when they crossed the border, boarded commercial airliners or were stopped for traffic violations, according to a report (pdf) by the Government Accountability Office. EPIC has repeatedly (pdf) warned that the false positive problem -- when a person who is not a suspect is mistakenly matched to a watch list -- is difficult to fix. The watch lists include 325,000 names of terrorism suspects or people suspected to aid them, more than quadruple the 75,000 names on the lists when they were created in 2003. (Oct. 14, 2006)
  • Registered Traveler Hits Turbulence. The Transportation Security Administration says security concerns have delayed the controversial air passenger prescreening program Registered Traveler, which was to be rolled out beginning Tuesday. EPIC has testified previously (pdf) and submitted comments (pdf) about the flawed program, warning that problems with watch list errors have not been resolved, that there are no legal safeguards to prevent misuse, and that "mission creep" is almost certain. For more information, see EPIC's Spotlight on Surveillance page. (June 22, 2006)
  • EPIC Urges Privacy Safeguards for Traveler Database. In comments (pdf) to Customs and Border Protection, EPIC opposed the agency's plan to exempt a vast database from legal requirements that protect privacy and promote government accountability. The Global Enrollment System would include employment history and biometric data. Among many possible activities, the agency will use this system to determine which travelers are "low risk" and eligible for the "Trusted Traveler" program. EPIC warned that the absence of effective redress procedures would leave many travelers improperly designated as "high-risk." (May 22, 2006)
  • Fliers Must Complete Search Process Once It's Begun, Federal Court Says. Last week, the Ninth Circuit Court of Appeals ruled (pdf) in United States v. Aukai that travelers who begin the security screening process at airports cannot change their minds. The court said passengers who walk through airport metal detectors implicitly consent to a search, and they can't revoke that consent even if they are chosen to undergo a more extensive "secondary screening" process. The court did not rule on whether a passenger could refuse searches that are more invasive than simple pat-downs. (Mar. 22, 2006)
  • Federal Court Rejects Challenge to Unpublished ID Rule. The Ninth Circuit Court of Appeals recently ruled (pdf) for the government in Gilmore v. Gonzales, a case that challenged an unpublished federal rule requiring passengers to show ID before boarding commercial airplanes. EPIC filed a "friend of the court" brief (pdf) in the case, stating that secret law violates constitutional due process rights. (Feb. 2, 2006)
  • EPIC Urges Suspension of Passenger Profiling System. About 30,000 air passengers have reported being wrongly matched to federal watch lists. These frustrating problems flow from the failure to fully apply privacy protections to watchlist databases, especially the right of individuals to access and correct their records, EPIC said in comments (pdf) to the Transportation Security Administration. EPIC urged the suspension of the Registered Traveler program, one version of which is administered by a private contractor not subject to any Privacy Act obligations, until security and privacy problems can be resolved. For more information, see EPIC's Spotlight on Surveillance page. (Dec. 15, 2005)
  • Court Hears Arguments in Air Travel ID Case. The Ninth Circuit Court of Appeals recently heard arguments in Gilmore v. Gonzales, a case challenging an unpublished federal rule that passengers show ID before boarding commercial airplanes. EPIC filed a "friend of the court" brief (pdf) stating that secret law violates constitutional due process rights. (Dec. 14, 2005)
  • Government Agency Seeks New Power to Track Air, Ship Passengers. The Centers for Disease Control and Prevention has proposed a rule that would greatly expand the powers of the federal government to track travelers. Airline and shipping industries would be required to gather passenger contact and health information, maintain it electronically for at least 60 days, and release it to the CDC within 12 hours of a request. The public has 60 days to comment on this rule. EPIC and Patient Privacy Rights are calling for strong medical privacy protections in an online petition. For more information, see EPIC's Medical Privacy page. (Nov. 23, 2005)
  • Draft Privacy Impact Assessments Show CAPPS II Mission Creep. Through Freedom of Information Act litigation with the Transportation Security Administration, EPIC has obtained three heavily redacted draft privacy impact assessments the agency performed for the now-defunct second generation Computer Assisted Passenger Prescreening System (CAPPS II). The drafts, dated April 17, 2003 (pdf), July 29, 2003 (pdf), and July 30, 2003 (pdf), reflect a dramatic expansion over just three and a half months in the ways passenger information collected for the program would have been shared. (Sept. 16, 2004)
  • Transportation Dept. Dismisses EPIC's Claims Against Northwest. The Department of Transportation dismissed (pdf) EPIC's complaint against Northwest Airlines, which had alleged that the airline violated its privacy policy by disclosing millions of passenger records to NASA for use in a data mining study, thus committing an unfair and deceptive trade practice. The Department concluded that Northwest's privacy policy "did not unambiguously preclude it from sharing data" with NASA, and that "even if it did, such a promise would be unenforceable as against public policy[.]" EPIC will petition the Department for review of the decision. (Sept. 14, 2004)
  • Court Says Government Must Make ID Arguments Publicly. The Ninth Circuit Court of Appeals has rejected (pdf) the Justice Department's request to make its arguments secretly in Gilmore v. Ashcroft, a case challenging an unpublished federal regulation that requires passengers to show ID before boarding commercial airplanes. The agency had asked that its arguments be kept secret from Gilmore and the public, stating in court papers that disclosure "would be detrimental to the security of transportation." EPIC has filed a "friend of the court" brief (pdf) in the case, arguing that meaningful judicial review is necessary to prevent the government from imposing secret law upon the public in violation of constitutional due process rights. (Sept. 14, 2004)
  • TSA to Test New Passenger Prescreening Program. The Transportation Security Administration has announced it will begin testing Secure Flight, a new passenger prescreening system, in November. The program, which is intended to replace the now-defunct CAPPS II, will compare passenger records to expanded "selectee" and "no fly" lists already in use. Passengers whose records match names on the lists will be subject to commercial background checks to verify their identities. The agency stated that it plans to have a redress process for individuals improperly flagged by Secure Flight, but it is unclear how this process will work. (Aug. 26, 2004)
  • Army Finds JetBlue Passenger Data Use Legal. The Army Inspector General has concluded (pdf) that neither the Army nor a defense contractor violated the Privacy Act by using of millions of JetBlue Airways passenger records in a military data mining project without the knowledge or consent of the affected passengers. The report was obtained through the Freedom of Information Act by journalist Ryan Singel. In September, JetBlue conceded that the disclosure violated its own privacy policy. (Aug. 24, 2004)
  • EPIC Files Brief Arguing Against Secret Law. EPIC has filed a "friend of the court" brief (pdf) in Gilmore v. Ashcroft, a case challenging a federal district court's refusal to determine the basis for the government's unpublished requirement that passengers must present identification to fly upon commercial airlines. EPIC's brief argues that the district court's failure to examine the government's authority to enforce the requirement permits the government to impose secret law upon the public, thus avoiding meaningful review by courts as required by the Constitution. (Aug. 9, 2004)
  • Court Rejects Agency Effort to Withhold CAPPS II Info Sought by EPIC. A federal judge has rebuffed (pdf) the Transportation Security Administration's claim that it does not have to release factual information, which is generally not shielded from disclosure under the Freedom of Information Act, within agency documents that are not finalized. The agency had refused to disclose to EPIC factual information within draft privacy impact assessments performed for the second generation Computer Assisted Passenger Prescreening System (CAPPS II) because such facts would "expose the deliberative process." Judge Colleen Kollar-Kotelly has ordered the agency to review the documents again for factual information that can be released, or to justify to the Court why it is unable to do so. (Aug. 3, 2004)
  • Tom Ridge Says CAPPS II is Dead. It has been reported that Department of Homeland Security Secretary Tom Ridge has said the controversial second generation Computer Assisted Passenger Prescreening System, more commonly known as CAPPS II, has been scrapped. David Stone, acting administrator of the Transportation Security Administration, indicated earlier this week that the agency would not move forward with CAPPS II as originally envisioned. Stone acknowledged that CAPPS II's intrusion upon personal privacy contributed to the decision to reconsider the program. (July 14, 2004)
  • EPIC Calls for Suspension of Registered Traveler Program. In formal comments (pdf) to the Transportation Security Administration, EPIC has urged the agency not to deploy the final phase of the Registered Traveler program until it conducts a full evaluation of the program's privacy implications. Citing the agency's record of secrecy and little regard for individual privacy interests in the development of programs such as CAPPS II, EPIC recommended that TSA revise its information collection and maintenance practices to comply fully with the intent of the Privacy Act. (July 1, 2004)
  • TSA: More Airlines Disclosed Passenger Data. Acting Transportation Security Administration administrator David Stone has admitted (pdf) to the Senate Governmental Affairs Committee that Delta, Continental, America West, JetBlue and Frontier Airlines disclosed passenger records to the agency's contractors in 2002 to test CAPPS II. The admission follows repeated denials to the public, Congress, General Accounting Office and Department of Homeland Security Privacy Office that the agency had acquired or used real passenger data from airlines to test the controversial passenger profiling system. Stone further disclosed that two of the world's largest airline reservation centers, Galileo International and Sabre, also provided passenger information to the agency. (June 23, 2004)
  • EPIC Sues Agencies for Passenger Data Disclosure Info. In court papers (pdf) filed today, EPIC is seeking the expedited release of records from the Transportation Security Administration and Federal Bureau of Investigation detailing the agencies' efforts to obtain passenger information from major commercial airlines. A document (pdf) obtained by EPIC earlier this year led to the revelation that the FBI collected a year's worth of passenger information from numerous airlines after 9/11. Despite substantial media coverage of the matter and Congressional concern about government acquisition of such data, the FBI has refused to expedite EPIC's disclosure request. For more information about passenger data disclosures, see EPIC's page on the Northwest Airlines disclosure. (June 9, 2004)
  • EPIC Lawsuit Reveals Massive Disclosure of Air Passenger Data to FBI. According to information obtained by EPIC through Freedom of Information Act litigation, the Federal Bureau of Investigation obtained one full year's worth of Northwest Airlines passenger data after 9/11. The amount of personal data was so large that Northwest provided the data to the FBI on 6000 CDs. In an article based upon this new information, the New York Times has confirmed the disclosure of passenger data to the FBI -- by Northwest as well as other U.S. air carriers. Other information obtained by EPIC details the acquisition and use of Northwest passenger data by the National Aeronautics and Space Administration. See EPIC's Northwest Data Disclosure page for additional information and links to relevant documents. (Apr. 30, 2004)
  • EPIC, PI hold Big Brother Awards. EPIC and Privacy International held the 2004 US Big Brother Awards at the Conference on Computers, Freedom and Privacy. California Senator Liz Figueroa received a Brandeis Award for her excellent work to protect and champion privacy. "Most Invasive Proposal" went to Seisint for its role in creating the Multistate Anti-Terrorism Information Exchange Program (MATRIX). "Worst Agency" went to the Transportation Security Administration for its operation of the "No-Fly" lists. "Greatest Corporate Invader" went to NorthWest Airlines for its provision of passenger information to the government. For more information, see the Privacy International Big Brother Awards Page. (Apr. 21, 2004)
  • Senators Want Answers About Passenger Data Collection. The Chairman and Ranking Member of the Senate Committee on Governmental Affairs have sent a letter (pdf) to the Department of Homeland Security demanding information about American Airlines' disclosure of more than a million passenger records in 2002 to government contractors at the agency's request. The airline's admission contradicted the agency's previous assurances that it had never used passenger data to test the controversial CAPPS II passenger profiling system. (Apr. 15, 2004)
  • American Admits Disclosing Passenger Data. American Airlines has announced that Airline Automation, a vendor working for the airline, turned over 1.2 million passenger records in June 2002 to four companies that were competing for contracts with the Transportation Security Administration. The airline authorized the records to be disclosed to the agency, which then directed Airline Automation to give the data directly to the potential contractors. JetBlue and Northwest have made similar disclosures of passenger information. The Northwest disclosure was revealed through EPIC's FOIA work. (Apr. 9, 2004)
  • EPIC Testifies on CAPPS II Profiling System. In testimony (pdf) today before the House Aviation Subcommittee, EPIC General Counsel David Sobel said there is reason to doubt whether the CAPPS II passenger profiling system can ever function in a manner that protects privacy and provides citizens with basic due process rights. Sobel cited recent General Accounting Office findings (pdf) that serious privacy problems in the system have not yet been addressed. (March 17, 2004)
  • EPIC Replies to Northwest's Defense of Privacy Policy Breach. EPIC has filed a reply (pdf) to Northwest Airlines' attempt to justify (pdf) its unlawful disclosure of millions of passenger records to the federal government. EPIC pointed out that Northwest did not tell passengers that it would disclose personal information to the government without the knowledge or consent of those passengers, despite the fact that the airline specifically mentioned other uses of passenger information in its privacy policy. EPIC also noted that after JetBlue Airways disclosed passenger information to a Defense Department contractor, a spokesman for Northwest and the airline's CEO assured the public that Northwest would not make such disclosures. For more information, see EPIC's page on the Northwest disclosure. (March 9, 2004)
  • Northwest Defends Breach of Privacy Policy. In reply to a complaint filed by EPIC, Northwest Airlines has attempted to defend (pdf) its disclosure of millions of passenger records to NASA in violation of the airline's publicly posted privacy policy. Northwest claims that September 11 diminished "whatever minimal expectation of privacy in air travel [that] existed before." In January EPIC filed a complaint (pdf) with the Department of Transportation, arguing that the airline engaged in an unfair and deceptive practice when it disclosed passenger records to the federal government. A recent report (pdf) on a similar disclosure by JetBlue suggested that the federal Privacy Act was violated. For more information, see EPIC's page on the Northwest disclosure. (March 3, 2004)
  • Homeland Security Privacy Office Releases JetBlue Report. The Department of Homeland Security's Chief Privacy Office has released a report (pdf) criticizing the Transportation Security Administration's role in the controversial transfer of JetBlue passenger information to Defense Department contractor Torch Concepts for use in a data mining study. The report finds that "The TSA employees involved acted without appropriate regard for individual privacy interests or the spirit of the Privacy Act of 1974." In September, EPIC submitted a complaint to the Federal Trade Commission alleging that JetBlue and data broker Acxiom committed unfair and deceptive trade practices by disclosing personal information to Torch Concepts in violation of their publicly posted privacy policies. The complaint is still pending. (Feb. 20, 2004)
  • GAO Report Casts Doubt on Future of Air Profiling System. A General Accounting Office report to Congress (pdf) finds that the Transportation Security Administration has failed to resolve seven of eight specific concerns raised by the controversial Computer Assisted Passenger Prescreening System, putting the program's future in doubt. The report also finds that TSA has failed to provide an "assurance that the system will fully comply with the Privacy Act." In September Congress blocked deployment of the program until the GAO could certify that, among other things, CAPPS II is accurate and ensures privacy, that safeguards exist to reduce the likelihood of abuse, and that a redress process exists for passengers who are mistakenly identified as threats. In related news, twenty-five members of Congress have sent a letter to President Bush urging "the adoption of a specific policy that makes clear the role of airlines in sharing consumer information with the federal government." (Feb. 12, 2004)
  • Bush Requests Increased Funding for CAPPS II. In the fiscal year 2005 budget request, the Bush administration has proposed that $60 million be allotted for the Computer Assisted Passenger Prescreening System, known as CAPPS II, in 2005. The administration requested $45 million for fiscal year 2004. Additional funding for CAPPS II will depend on the results of a congressionally mandated study of the program's privacy implications, which is expected from the General Accounting Office on February 15. (Feb. 4, 2004)
  • CAPPS Director Questioned About Passenger Profiling. Admiral Loy was questioned before a hearing of the National Commission on Terrorist Attacks on the United States about the operation of the Computer Assisted Passenger Profiling System. Loy acknowledged that 14.5% of all passenger are currently designated as "selectees" and that CAPPS is "gameable" and can be compromised. Statement of Admiral Loy. (Jan. 28, 2004)
  • EPIC Sues NASA for Passenger Info Disclosure Records. EPIC has filed a Freedom of Information Act suit (pdf) against the National Aeronautics and Space Administration (NASA) seeking more information about Northwest Airlines' disclosure of passenger information to the agency. EPIC recently obtained documents revealing that the airline disclosed millions of passenger records to NASA for use in data mining and passenger profiling research. For more information, see EPIC's page on the Northwest disclosure.(Jan. 22, 2004)
  • EPIC Files Privacy Complaint Against Northwest Airlines. In a complaint (pdf) filed with the U.S. Department of Transportation, EPIC alleges that Northwest Airlines engaged in an unfair and deceptive practice when it disclosed millions of passenger records to the federal government. The complaint requests a DOT investigation and the imposition of appropriate sanctions. See EPIC's page on the Northwest disclosure for additional information. (Jan. 20, 2004)
  • EPIC FOIA Request Reveals that Northwest Gave NASA Info on Millions of Passengers. Documents obtained by EPIC under the Freedom of Information Act reveal that Northwest Airlines, in violation of its stated privacy policy, released records concerning millions of airline passengers to the National Aeronautics and Space Administration. The information was used in support of research into government data mining and screening systems. NASA retained the data for almost two years, and returned it to the airline only after the public outcry over a similar improper disclosure by JetBlue. See EPIC's press release for more information and links to relevant NASA documents. (Jan. 18, 2004)
  • Senators Request JetBlue Investigation. A trio of senators have sent a letter to Secretary of Defense Donald Rumsfeld, calling for an investigation into whether the Department of Defense violated Privacy Act regulations in its dealings with JetBlue Airways. In the letter, Susan Collins (R-Me.), Joe Lieberman (D-Conn.), and Carl Levin (D-Mich.) call on Rumsfeld to determine why Torch Concepts, a Department of Defense contractor, solicited passenger information from JetBlue and whether or not this action was a violation of the Privacy Act of 1974. EPIC has filed expedited Freedom of Information Act requests with several federal agencies to learn more about the uses of the disclosed JetBlue passenger records. (Oct. 21, 2003)
  • EPIC Urges Halt to CAPPS Air Profile System. Concluding that the controversial CAPPS II air passenger profiling plan is "precisely the sort of system that Congress sought to prohibit when it enacted the Privacy Act of 1974," EPIC has urged the Transportation Security Administration (TSA) to suspend its development until its significant privacy issues are addressed. The recommendation is contained in formal comments (pdf) EPIC submitted to the agency in response to a Privacy Act notice TSA published two months ago. (Sept. 30, 2003)
  • TSA: No Privacy Assessment for CAPPS II. In response to a Freedom of Information Act lawsuit filed by EPIC, the Transportation Security Administration has revealed (pdf) that it has not yet finalized a "Privacy Impact Assessment" for the controversial CAPPS II passenger screening system. The system has been under development for almost two years and the subject of public and Congressional privacy concerns. The disclosure comes as Congress has blocked deployment of CAPPS II until the GAO studies its privacy implications. See EPIC's press release for more information. (Sept. 25, 2003)
  • EPIC Files Complaint with Federal Trade Commission about JetBlue and Axciom, Also Seeks Government Records on Secret Government Profiling Program. Today the Electronic Privacy Information Center filed a complaint with the Commission alleging that JetBlue and Axciom violated federal consumer law when they transferred information on passengers in violation of their own privacy policies. EPIC also filed expedited Freedom of Information Act requests with several federal agencies. Press briefing at 1 pm EDT. For more information, see the European Digital Rights Initiative webpage. (Sept 22, 2003)
  • JetBlue Confirms Sharing Passenger Data. JetBlue Airways has confirmed that in 2002 it had provided 5 million passenger itineraries to a defence contractor for proof-of-concept testing of a Pentagon project unrelated to airline security, without the passengers' consent. The contractor, Torch Concepts, then augmented that data with Social Security numbers and other sensitive personal information, including income level, to develop what looks to be a study of whether passenger-profiling systems such as CAPPS II are feasible. JetBlue clearly violated its own privacy policy by transferring its passenger data. Such a violation could be grounds for an investigation of unfair business practices by the Federal Trade Commission, which has the authority to fine companies and issue injunctions. Read more about JetBlue's transaction in Wired magazine.(Sept 18, 2003)
  • EPIC Lawsuit Compels Release of Profiling Info One day after EPIC applied for an emergency court order (pdf) requiring the immediate release of documents concerning the Computer Assisted Passenger Prescreening System (CAPPS II), the Transportation Security Administration (TSA) has relented. In a formal submission (pdf) filed with the federal court in Washington, TSA has agreed to complete processing the material by September 25, five days before public comments are due on TSA's proposed Privacy Act notice for the controversial system. (Sept 8, 2003)
  • Air Passenger Profiling System Revised. The Transportation Security Administration (TSA) has published a revised notice (pdf) concerning the controversial Computer Assisted Passenger Prescreening System (CAPPS II). In response to hundreds of critical comments received on an earlier notice, TSA will limit the amounts of personal data collected and shorten the retention period. But CAPPS II will be used for enforcement purposes beyond aviation security, and sources of data may not be disclosed to the public. TSA is soliciting public comments for 60 days. See TSA's press release. (July 31, 2003)
  • EPIC Sues for Air Profiling Info. EPIC today filed suit (pdf) against three federal agencies, seeking disclosure of information concerning the controversial CAPPS II airline passenger profiling system. Named as defendants in the FOIA case are the Department of Homeland Security, the Transportation Security Administration and the Department of Defense. See EPIC's press release for more details. (June 11, 2003)
  • EPIC Suit Uncovers Watchlist Errors. EPIC has uncovered agency documents through the Freedom of Information Act that raise important questions about how the Transportation Security Administration currently operates the "No-Fly" watchlist. The concerns surrounding the agency's administration of the list previews several potential problems with the proposed roll out of CAPPS-II, the Enhanced Computer Assisted Passenger Pre-screening System. For more information, see EPIC's analysis of the FOIA documents. (Apr. 1, 2003)
  • EPIC Criticizes Profiling at EP Hearing. At a European Parliament Committee on Citizens' Freedoms and Rights hearing on traveler profiling in Brussels, EPIC submitted a statement (pdf) identifying the threats that extensive US profiling programs raise for European and American travelers' privacy. These threats include reversal of the presumption of innocence, widespread spying and third party data sharing, long-term retention of passenger records, lack of access and judicial remedies, and absence of public oversight. See EPIC's EU-US Airline Passenger Data Disclosure page for more information. (Mar. 27, 2003)
  • Coalition Urges Congress to Stop Passenger Profiling. EPIC joined a broad coalition of national organizations urging Congress to stop the deployment of the Transportation Security Administration's second-generation airline passenger profiling system known as CAPPS-II (Computer Assisted Passenger Pre-Screening System). The coalition letter asks Congress to carefully and deliberately assess the program's effectiveness as a security measure, its cost in economic terms, and its impact on civil liberties before allowing the agency to move forward with the surveillance program. (Mar. 26, 2003)
  • Senators Want Answers on Air Profiling. The Senate Commerce Committee has unanimously agreed to an amendment (pdf) by Sen. Ron Wyden (D-OR) that would require the Transportation Security Administration to report to Congress on the privacy and civil liberties implications of the controversial CAPPS-II air passenger profiling system. The amendment is to the Air Cargo Security Act, S 165. (Mar. 13, 2003)
  • EPIC Comments on Air Travel Database. EPIC submitted comments on a Transportation Security Administration (TSA) proposal [PDF] to create a new database of Aviation Security Screening Records on all airline passengers. EPIC argued that the proposed system did not provide sufficient information for the public to contribute meaningfully to this rule-making procedure, and that the proposed system would infringe on the Constitutional right of association and travel. See TSA Docket for more information and public comments. (Feb. 24, 2003)