CAPPS II abuses

From SourceWatch
Jump to navigation Jump to search

CAPPS II abuses, stemming from the implementation of the second generation of the Computer Assisted Passenger PreScreening System II (CAPPS II), have begun to surface.

A January 19, 2004, news release from the CAPPS-monitoring organization Don't Spy On Us announces the "SCANDAL: US Census Data Used in Government Passenger Profiling Test."

"The US government used data from the 1990 census and the records of close to a half million Northwest Airlines passengers in a test of a CAPPS II-like program.
"A paper titled 'Near Linear Time Detection of Distance-Based Outliers and Applications to Security' was delivered on May 3, 2003 at the Workshop on Data Mining for Counter Terrorism and Security in San Francisco. This paper, combined with recently FOIA'ed documents relating to Northwest Airlines's collaboration with NASA CAPPS II testing paint an ugly data mining picture involving the misuse of US census data and air passenger records.
"The authors of the paper, Stephen Bay and Mark Schwabacher used the full Passenger Name Records (PNRs) of 439,381 Northwest passengers and detailed, definable, individual and household data from the 1990 US census in an attempt to find 'outliers' - people that do not conform to predetermined norms and therefore could be a 'threat'.
"The Northwest Airlines passenger data was turned over by the airline, without the knowledge or permission of the passengers concerned, and given to NASA's Ames Research Center. Bay and Schwabacher conducted their research for the Center.
"Bay is a research scientist at the Institute for the Study of Learning and Expertise, an organization that receives substantial funding from DARPA, the defense group responsible for Total Information Awareness.
"Schwabacher is employed by the National Institute of Standards and Technology an agency with formal ties" to the Department of Homeland Security.
"The government's use of census data to single-out and profile American citizens is not only outrageous, but possibly illegal. The dangers of the misuse of data mining census data was pointed out in a research paper almost three years ago. The author remarked that 'as many as 70% of the persons {in the 1990 US census} were unique in terms of a combination of 42 simple personal and household characteristics.'
"If the US census is turned into yet another tool Homeland Security uses to spy on our own people, the census will become worthless. Who in their right mind would tell census-takers the truth if it were known the information one gave would be used by the state to snoop? The US census would become about as useful as the information given when one registers with a website: we would become a nation that - at least on paper - was populated by 99 year-old millionaire grandmothers from Albania.
"The use of the census as a spy tool must stop. With so many functions of government dependant on accurate census data, we cannot as a nation afford for this information to be made unusable."

On January 22, 2004, dontspyon.us posted "Bureau 'Not Amused' Being Dragged Through the CAPPS II Mud":

"The US Census Bureau has never, nor will it ever, provide any personally identifiable information for CAPPS II testing or any other Homeland Security program, Census official Gerald W. Gates told Don't Spy On Us.

"Gates, the US Census Bureau official responsible for confidentiality and privacy issues, stated in an exclusive interview that the census data used by NASA scientists in the ongoing Northwest Airlines scandal was a Census product available to anyone known as Public Use Microdata.

"While Gates is convinced of the security of the Microdata, he said that if the authors of this NASA report were even attempting to reverse engineer the data, then the Census Bureau was very unhappy. He reiterated his belief that NASA researchers could not possibly be successful in any reverse-engineering attempts.

"Beth Givens, founder and director of the respected Privacy Rights Clearinghouse, explained that Public Use Microdata 'is in the aggregate only, and is not individually identifiable. In addition, if the data can be reverse engineered to indeed identify an individual, Census mixes up the data so reverse engineering cannot be used.'

"For details on how the Census protects Microdata, go here and click on the 'confidentiality' link on the lower left-hand side of the page.

"Nonetheless, Gates made it clear that the Census is not at all happy with finding itself associated with NASA's rogue CAPPS II-like data mining operation. He said that The Census Bureau has never, nor would it ever give detailed individual data to any government agency. Gates says that if he or anyone did, it would mean 5 years in jail and a 200k fine for the offender.

"For now, giving the Census the benefit of the doubt seems appropriate. But lest we forget, it was the misuse of census data that facilitated the internment of 120,000 of our fellow citizens during a previous national crisis."

Related SourceWatch Resources

External links

General Data

Articles & Commentary

  • 10-11 December 2001: "Air Travel Privacy FOIA Documents", Electronic Privacy Information Center (EPIC): "NASA Ames Research Center. Northwest Airlines Briefing."
  • 23 September 2003: "JetBlue privacy--under federal wings?" by Declan McCullagh, CNet News: " JetBlue secretly turned over my personal information and details on some 5 million other passengers to a private contractor that's working on a data-mining project for the Bush administration. ... A presentation prepared by contractor, Torch Concepts of Huntsville, Ala., describes how it merged the JetBlue database with U.S. Social Security numbers, home addresses, income levels and vehicle ownership information it purchased from Acxiom, a company that sells consumer data. Not all the details are clear, but the presentation discusses how Torch, on behalf of Uncle Sam, tried to rate each passenger's security risk level by analyzing the merged databases. ... That kind of disgraceful privacy intrusion demonstrates that it's high time to amend the Privacy Act of 1974, which restricts databases that the U.S. government compiles but does not regulate how agencies access databases the private sector runs."
  • 17 January 2004: "Confidential Passenger Data Used for Air Security Project" by Sara Kehaulani Goo, Washington Post.
  • 18 January 2004: "Northwest Airlines Gave NASA Personal Info on Millions of Passengers; Disclosure Violated Privacy Policy," Electronic Privacy Information Center.
  • 19 January 2004: "Northwest Airline Gave Passenger Data to Government" by Jon Swartz, USA Today.
  • 20 January 2004: "Groups advise NWA to back down" by Martin J. Moylan, Pioneer Press.
  • 17 March 2004: "U.S. to Force Airlines to Provide Traveler Data" by Andy Sullivan, Reuters: "... the U.S. Transportation Security Administration plans to seek public input to allay concerns that the system will violate passenger privacy, TSA Acting Administrator David Stone told a congressional subcommittee. ... As a result, the new Computer Assisted Passenger Profiling System will be delayed by several more months, Stone said. Officials had hoped to begin background checks on passengers by the beginning of 2004."