Friday, August 10, 2007

US unveils more privacy-friendly no-fly list

Apparently the American government is about to implement its latest version of the no-fly list, without data mining using commercial sources. It looks a lot like the Canadian "Passenger Protect" program:

Even Bruce Schneier thinks it shows common sense.

Feds offer simpler flight screening plan on Yahoo! News

By MICHAEL J. SNIFFEN, Associated Press Writer

Thu Aug 9, 6:34 PM ET

The government proposed a new version of its airline passenger screening program Thursday, stripped of the data mining that aroused privacy concerns and led Congress to block earlier versions.

It's been three years since the Sept. 11 Commission recommended and Congress ordered that the government take over from the airlines the job of comparing passenger lists with watch lists of known terrorist suspects to keep them off flights. Even this new version of the Secure Flight program is open for public comment and will be tested this fall before it can be implemented fully in 2008.

The third version of the program, once known as CAPPS II, drew positive reviews from privacy advocates and members of Congress who had objected to more elaborate earlier versions. Congress enacted legislation blocking earlier plans to collect private commercial data — like credit card records or travel histories — about all domestic air travelers in an effort to predict which ones might be terrorists.

The new plan would require passengers to give their full name when they make their reservations — either in person, by phone or online. They also will be asked if they are willing to provide their date of birth and gender at that time to reduce the chance of false positive matches with names on the watch lists.

"Finally, this appears to have a coherent, narrow and rational focus," said James Dempsey of the Center for Democracy and Technology, a privacy advocacy group. "This is a vast improvement over what we've seen before."

Even Democrats in Congress were cautiously positive.

"They've been slow to admit that minimizing invasions and breaches of Americans' privacy is part of their job," said Senate Judiciary Committee Chairman Patrick Leahy, D-Vt. "We will evaluate these steps to see if they measure up."

House Homeland Security Chairman Bennie Thompson, D-Miss., said he hoped the administration would stay alert to privacy issues. "I am extremely disappointed it has taken three years and passage of several pieces of legislation to get us to step one."

Thompson added that he hoped it was a sign of foresight that the new plan was announced along with new screening arrangements for international travelers.

At a news conference at Reagan National Airport, Homeland Security Secretary Michael Chertoff also announced that starting six months from now airlines operating international flights will be required to send the government their passenger list data before the planes take off rather than afterward, as is now the case.

Earlier sharing of passenger information is designed to give U.S. authorities more time to identify terrorists like Richard Reid, who attempted to light a shoe bomb on a trans-Atlantic flight in December 2001, and keep them off planes.

"Now the airlines give us their manifests after the plane has left the ground and that is too late," Chertoff said.

The Homeland Security chief said he was unaware of any specific, credible threat against airlines. But based on recent car bomb attempts in Great Britain and public statements by terrorists, he repeated his view that "we are entering a period where the threat is somewhat heightened."

"Look at the history of al-Qaida," Chertoff said. "The airplane has been a consistent favorite target of theirs."

On the domestic side, transferring watch-list checks to Transportation Security Administration officers "should provide more security and more consistency, and thus reduce misidentifications" that have frustrated passengers, Chertoff said.

Existing screening has been widely ridiculed because people like Sen. Edward M. Kennedy, D-Mass., other members of Congress and even infants have been blocked from boarding or delayed because their names are similar to names on the lists.

Chertoff said the new domestic system will avoid activities envisioned earlier that raised privacy concerns.

"Secure Flight will not harm personal passenger privacy," Chertoff said. "It won't collect commercial data (about passengers). It will not assign risk scores and will not attempt to predict behaviors."

Such plans alarmed Congress so much that it barred implementing the program until it passed 10 tests to ensure privacy and accuracy. The Government Accountability Office, Congress' auditing arm, found the previous version failed almost all of them.

Currently, only a passenger's full name is required when reservations are made although date of birth and gender usually become known to transportation security officers later in the boarding process.

Transportation Security Administrator Kip Hawley said volunteering those two items earlier would reduce misidentifications in watch-list matching.

"With the full name, we can resolve 95 percent of the cases correctly. The date of birth adds 3.5 percent to that, and the gender adds another one percent," Hawley said.

Privacy advocates like Dempsey and Bruce Schneier, chief technology officer at the security company BT Counterpane, also were pleased with limits on how long most records will be kept. A check that produces no match — which will be the case for the vast majority of travelers — would be kept only seven days. A false positive match would be kept seven years. Confirmed matches would be kept 99 years.

"On the surface, it looks pretty good," Schneier said. "I'm cautiously optimistic. It's nice to see some common sense."

No comments:

Post a Comment