Panel urges passenger-screening plan similar to CAPPS II

The commission that investigated the Sept. 11, 2001, terrorist attacks believes the Bush administration should require airlines to provide passengers' personal information to the government in order to screen individuals before boarding airplanes.

The proposal follows an announcement last month by Homeland Security Secretary Tom Ridge that the department has scrapped an existing, albeit besieged, initiative to do just that.

A Homeland Security spokesman said Monday that officials are reconfiguring the Computer-Assisted Passenger Prescreening System, known as CAPPS II, and are moving forward to develop an advanced way to check passengers' biographical data such as names, home addresses and birthdates against databases with names of suspected terrorists.

Recommendations released Thursday by the commission investigating the attacks included a proposal to utilize terrorist watch lists to detain or prohibit suspected terrorists or criminals from boarding airplanes.

"This screening function should be performed by the TSA [Transportation Security Administration], and it should utilize the larger set of watch lists maintained by the federal government," the commission report said. "Air carriers should be required to supply the information needed to test and implement this new system."

Lawmakers, civil-liberties groups and the travel industry have criticized the CAPPS II plan over privacy concerns and potential inconvenience to travelers, as well as delays in testing the system. Airline companies are reluctant to provide the data unless TSA mandates it and privacy protections are implemented. But civil-liberties groups and others have complained that the program lacks adequate safeguards to protect privacy rights.

In February, the Government Accountability Office found that the department had failed to meet seven of eight privacy criteria for CAPPS II. The uproar inspired House and Senate appropriators to significantly reduce funding for the program next year.

Homeland Security recently announced that more airlines than previously reported gave passenger data to four companies working on the risk-assessment program. The companies under contract with the department to test CAPPS II violated privacy law by not notifying the public about its record system, according to the Senate Governmental Affairs Committee. The law requires government contractors to publicly describe the type of information obtained and how people can gain access to their information.

After months of unrelenting criticism of CAPPS II, Ridge in July said it was dead but could be replaced with a new version. The department is considering feedback from civil-liberties groups and others for the new program.

"Not trying to build in privacy protections from the beginning ended up tripping them up," said Lara Flynt, staff counsel with the Center for Democracy and Technology.

Flynt argued that it is possible for the department to build a passenger-screening system that both enhances national security and civil liberties. "But CAPPS II isn't it," she said.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.