Lawmakers cited unresolved privacy, technical and civil rights issues for the Computer Assisted Passenger Pre-Screening System II in a letter to David Stone, acting director of the Transportation Security Administration. Twenty-two lawmakers signed the letter, which was initiated by Rep. Dennis Kucinich, D-Ohio.
"New powers granted to government anti-terror initiatives must require that the power is necessary to thwart future attacks, and that the benefit of the new power outweighs its adverse effects on liberty," the letter stated. "In its current form, CAPPS II fails both of these requirements."
The Homeland Security Department issued a fact sheet Friday in defense of the system, which would check a passenger's name, address, phone number and birth date against terrorist watch lists, law enforcement information and commercial databases, then assign each passenger a color-coded risk assessment.
The fact sheet said CAPPS II is a critical element of TSA's approach to aviation security, which also includes screening baggage and passengers, fortifying cockpit doors in all airliners, placing thousands of federal air marshals aboard flights and adding armed federal flight deck officers.
"The system, developed with the utmost concern for individual privacy rights, modernizes the pre-screening system currently implemented by the airlines," the fact sheet said. "It will seek to authenticate travelers' identities and perform risk assessments to detect individuals who may pose a terrorist-related threat or who have outstanding federal or state warrants for crimes of violence."
The department also issued another fact sheet Thursday aimed at refuting myths about the system.
Public criticism of CAPPS II, however, continues to mount as privacy and civil rights advocates oppose deploying the system until safeguards are guaranteed.
On Thursday, the General Accounting Office released a much-anticipated report that concluded TSA has failed to meet seven out of eight congressional requirements for the system, including plans to prevent identify theft and privacy abuses. The only requirement the agency did meet was the creation of an oversight board made up of privacy, consumer and airline industry representatives to review the system.
"Key activities in the development of [the system] have been delayed and the Transportation Security Administration has not yet completed important system planning activities," the GAO report concluded.
On Friday, Sen. Patrick Leahy, D-Vt., a member of the Senate Appropriations Committee, said the GAO report shows that TSA does not have the ability to assess data accuracy, allow for corrections in data, address data security issues, prevent identity theft, address potential hacking problems, ensure the effectiveness of search tools, and provide for appeals.
"GAO confirms the concerns that passengers, airlines and several of us in Congress have continued to raise since the program's trial run," Leahy said. "The bottom line is that CAPPS II is not ready for prime time. The program's weaknesses may limit its effectiveness and it lacks sufficient protections for the civil liberties of ordinary, law-abiding travelers."
CAPPS II would assign a color code indicating a threat level to each passenger's boarding pass. Travelers labeled "yellow" would have to undergo more intensive searches before boarding, while those labeled "red" would not be allowed to fly and would likely be referred to authorities for questioning.
TSA wants to launch the system this summer but, under federal law, has to meet all eight of the issues identified by Congress before launching CAPPS II. The agency, however, can test the system using passenger data.
DHS Chief Privacy Officer Nuala O'Connor Kelly said in a recent interview that the GAO report is only one of three hurdles that CAPPS II faces before it can be deployed. The other two are developing a privacy impact assessment for the system and for TSA to notify airlines of the exact information they have to provide to the system.
Kelly said her office received about 15,000 comments on the system while drafting the privacy impact assessment, which should be issued this month. Many airlines have refused to turn over passenger information for the system, raising the possibility that DHS will have to order the airlines to do so.
DHS also wants the European Union to provide information on European passengers flying to the United States. After months of negotiations, the department reached an agreement with the EU that would allow passenger data on European citizens to be used for internal testing of CAPPS II. The European parliament has not yet ratified an agreement that would allow passenger data to be used for any other purpose.
"I think that we need to be able to test not only using domestic data but also using data from foreign carriers to make sure that we treat people equally, that we're not pinpointing people from particular countries unfairly and that we are looking for people who are known threats," Kelly said. "I think it's the right decision to go forward with testing first before final deployment, both from a technology standpoint and also from a policy standpoint."