Security agency looks to profiling
Page 1A

May 19, 2002

The government will soon measure your trustworthiness as an airline passenger, at least in part, by whether or not you own a house. Or have a job. Or by how often you use your credit card.

The Transportation Security Administration plans a system designed to "pull together every passengeršs travel history, living arrangements, and other personal and demographic information," according to a memo circulated to lawmakers by the staff of the aviation subcommittee of the House Transportation and Infrastructure Committee, which held a hearing on passenger profiling in February.

"The plan is to establish a computer network linking every reservation system in the U.S. to private and government databases," staff members wrote.

A number of developments show the process is well under way. On March 8, the Federal Aviation Administration invited companies to submit proposals to restructure and expand the computer-assisted passenger prescreening system (known as CAPPS) now used to select passengers for closer than usual scrutiny.

The TSA, which will oversee the revamp, is looking for a company with experience in developing complex software and with working relationships with financial or credit-card institutions using risk-assessment and fraud-prevention technology.

In June, the agency plans to award a five- to 10-year contract worth $1 billion or more, the electronic magazine Federal Computing Week reported Tuesday. In comparison, the supplemental spending bill the House takes up this week includes just $44 million for the Federal Bureau of Investigation to buy data-mining tools. A source involved in the contest said Friday that the TSA has pared a list of some 50 applicants down to about five finalists.

The agency won't say who's in the running, but industry insiders say the competition has been fierce, despite the potential for bad publicity: Companies don't want to advertise that the information they collect from consumers will be used for airline-security purposes.

"Everybody is talking about this and working on this project, but no one wants to go public with it," said one communications policy expert who works with a consortium of 20 financial firms that have vast quantities of the data the TSA wants.

As early as February, The Washington Post identified two groups already designing systems in anticipation of the government's need.

One group includes HNC Software of San Diego; PROS Revenue Management, a company that maintains a record of the seat assignments of nearly every U.S. airline passenger; and Acxiom Corp., the Arkansas-based database marketing company. Acxiom collects land records and information on car ownership, projected income, magazine subscriptions and telephone numbers. Acxiom officials declined comment, saying they are in a "quiet period."

Chicago-based Accenture, which until February was known as Andersen Consulting, headed the other group. It was working with Delta Air Lines, according to the Post.

A "Neural network"
Why would the agency need to know if you own a house or have a job before it clears you to fly?

"Terrorists can't attend meetings or have regular jobs, so by defining the parameters of a normal life as compared to the life a terrorist has to live, we can score who's more likely to be a risk," Joseph Del Balzo, former acting administrator of the FAA, said in an interview.

X-ray machines and bomb-detection equipment aren't enough, Del Balzo said.

"We've got to stop looking for things, and start looking for people." By his own account, Del Balzo is heavily involved in the TSA's effort to create a "neural network" that can be used to flag abnormal or suspicious behavior. "People don't like to use the word "profiling," because the connotation is that it is racial bias," he said. "If one tried to develop a profile that is racially biased, it would be doomed to failure."

Doomed, he said, not because of civil-rights concerns but because of terrorists' guile.

"The terrorists will keep trying to test the system, and test it. If they get a sense of any bias, they would defeat it. The next terrorists wouldn't look like the last ones at all. That's why we need a computer doing the selecting, with no fixed rules, just a computer looking for abnormal transactions or behavior."

Some behavioral experts who profile criminals for a living say that can't be done.

"You can't use profiling to predict crimes, only analyze crimes that are past. Assembling a system like this is like trying find the mark of Cain. It's nonsensical," Brent Turvey, a forensic scientist and criminal profiler who has lectured on domestic terrorism issues, said in an interview.

"The government's approach is nothing short of using profiling to give a voice to their prejudices," Turvey said. "Just because you have a computer, it gives you an air of science, but you still have people assembling databases and people determining what their interpretation of risk is."

Civil-rights advocates are also wary.

"Passengers' personal information is the engine that feeds a computerized profiling system," American Civil Liberties Union attorney Katie Corrigan told the House Transportation and Infrastructure's Subcommittee on Aviation in February.

"Congress should place meaningful limits on information sharing," she said. "Otherwise, air-security personnel could access all kinds of personal information contained in federal databases that have nothing to do with air
security at all."

Meaningful Limits?
What might a 'meaningful limit' be? In another hearing, earlier this month before the House Judiciary Committeešs Subcommittee on Commercial and Administrative Law, the ACLU addressed that question.

Corrigan and ACLU Associate Director Gregory Nojei testified in support of Rep. Bob Barr's privacy-protection bill, the Federal Agency Protection of Privacy Act. The Georgia Republican proposes that all privacy issues be reviewed before any new policy is adopted by any federal agency, and that a 'privacy impact analysis' be published, detailing what information would be given out and how people could find out what was being disseminated about themselves.

Such a review, Nojei said, would restrict the information the Transportation Security Administration could access in determining if a passenger was a risk, as in the proposed 'trusted traveler,' or smart-card, scenario outlined in the Aviation and Transportation Security Act passed in November.

In that scenario, a person would submit a fingerprint, and perhaps other biometric information, as well as personal information, to be encoded on a chip on a small card. Once certified as 'trusted,' he could get express security screening at airports.

Transportation Secretary Norman Mineta and Attorney General John Ashcroft both like the idea. John Magaw, who heads the TSA, isn't sold.

Last week, the Allied Pilots Association, which represents American Airlines' 13,800 pilots, criticized the TSA for dragging its feet, especially as 'trusted traveler' relates to crew members. It cited the arrest of an American Airlines pilot May 9 in Hawaii as proof that the current screening system isn't working.

When he was singled out for shoe screening, the pilot, Capt. Harry Hartsough, tossed his shoes at the screener. The screener later contended he was injured when he bent to pick them up. Hartsough was arrested on an assault charge.

"It is insulting for pilots to be treated like criminals in full view of the traveling public," Allied Pilot President Capt. John Darrah said. "When you stop to consider that pilots are entrusted with the lives of hundreds of passengers and an aircraft worth tens of millions of dollars, you begin to realize the absurdity of treating pilots as part of the security problem, rather than a fundamental part of the solution."

Profile versus Card
But Magaw prefers profiling to a trusted-traveler card.

Rafi Ron, who for five years was the chief of security for Ben-Gurion Airport in Tel Aviv, is another advocate of profiling, which he said has enabled El-Al, Israelšs national airline, to avoid hijackings and thwart bombing plots for 32 years.

"The lack of further attacks gives credence to the assumption that this method is a strong deterring factor, since it is difficult to assume that Palestinian terrorism lost its interest in Israel's aviation," Ron told the aviation subcommittee of the House Transportation and Infrastructure Committee in February.

"There has been criticism against the use of this method on the ground of racial discrimination. Most if not all of this criticism is unfounded," Ron said. The fact that El-Al's system selects so many Palestinians "merely reflects the fact that most of the terrorists acting against it are Palestinian."

"The civil-rights issue can be controlled, and the creation of an operational method for pattern recognition is feasible," Ron testified. Lance J. Hoffman, founder of George Washington University's Cyberspace Policy Institute, is skeptical that a computer can be programmed to make the right profiling choices.

"I'm pretty leery on both privacy grounds and operational grounds," he said in an interview. "Is it a plausible research idea? Maybe, but there are lots of problems with living in the fishbowl it could create."

While he doesn't have a better suggestion, he is concerned that a profiling database would "create a system that rewards conformity."

NOT Foolproof
The computer-assisted passenger prescreening system, CAPPS, is now in use at just 20 of the United States' 429 commercial airports, mostly on international flights. The FAA was in charge of the system until February, but the TSA has complete control of the program now.

CAPPS was created in 1997 after terrorism was suspected in the 1996 crash of TWA 800 off Long Island. The system employs 26 criteria to flag passengers for more thorough screening. The criteria are secret, but government and airline officials say race and religion are not among them.

Nationality, sex and age are.

CAPPS assesses tickets in airline reservation systems and displays one of two codes to the gate agent. Green means a passenger is cleared for travel. Red means he is a "selectee," and his luggage should be screened. Randomly selected passengers also get the red code.

The system flagged at least four people on two of the Sept. 11 flights, according to an FAA memo that became public last month. Two were women on United Flight 93, which crashed into a Pennsylvania field. Two were on American Flight 77, which crashed into the Pentagon, but no information about them has been disclosed.

Neither the FAA nor the FBI has said whether CAPPS flagged anyone on American Flight 11 or United Flight 175, both of which crashed into the World Trade Center.

CAPPS also singled out Richard Reid, who in December was subdued by passengers after police say he tried to ignite explosives in his shoes on a Paris-to-Miami flight. Reid was tagged because he did not have a verifiable address, he bought a one-way ticket, he had no clear travel plan and no luggage, and he used cash to buy his ticket.

His additional security search did not include a check of his shoes.

Rep. John Conyers of Michigan, ranking Democrat on the House Judiciary Committee and an outspoken critic of profiling, cites the Reid case as an example of the system's flaws.

"If people really believed that race and ethnicity made it easy to detect criminals, we'd be arresting every 22-year-old white male right now to make sure theyšre not putting [pipe] bombs in mailboxes," he told the Arkansas Democrat-Gazette.

The FAA noted CAPPS' shortcomings in an internal research report in February.

"Current passenger prescreening does not assess the true identity of the passenger nor does it identify passengers who are a potential risk or threat based on historical patterns or known identification inconsistencies," the report said.

More simply put, anyone could produce a fake driveršs license when he bought a ticket, and, until other databases are integrated for cross-checking, driver's licenses should not be deemed reliable forms of identification. The report suggested that CAPPS could be modified to expand the criteria (i.e. add Intel[ligence] criteria, travel patterns, passport data) and application uses (scenarios for flights into or out of specific cities ... ) to identify automatically individuals, groups, flights, and situations that necessitate extraordinary security scrutiny.

Cite: Harder, A. "Security agency looks to profiling," Arkansas Democrat-Gazette, May 19, 2002