excerpt from my book on technology, terrorism, and
DHS, tentatively titled "Skating on Stilts." (If you want to
read the excerpts in a more coherent fashion, try the categories on the
right labeled "Excerpts from the book." I'm afraid I can't fix the bug
in TypePad that prevents me from putting them in the category in
reverse-chronological order, but I have started putting chapters up in
pdf form from time to time.) Comments and factual quibbles
are welcome, either in the comments section or by email:
firstname.lastname@example.org. If you're dying to order the book, send
mail to the same address.
DHS was brand-new in 2003. One of its priorities was to do exactly what the talking heads have been demanding in the wake of the Christmas Day attack. It wanted to transform TSA’s screening system from one that looked mainly for weapons to one that looked for terrorists as well. The tool for doing that would be a second generation of the Computer Assisted Passenger Prescreening System, or CAPPS II. CAPPS II would process passengers’ travel reservations to identify possible terror suspects much earlier and screen them more carefully -- both before they got to the checkpoint and while they were there.
Until 2003, because it lacked access to travel reservation data, TSA had relied on the airlines to do the screening. It sent over a list of names, and the airlines checked to see if anyone with that name had made a reservation. If the person was on the no-fly list, the airline refused to give him a boarding pass. If he was on a selectee list, his boarding pass was marked so that screeners could single him out for additional screening.
That system was deeply unsatisfactory for many reasons, particularly as information sharing took hold, and a consolidated list of terrorism suspects was assembled from the many separate databases that existed before 9/11. Once these names had been assembled, the list was long and sensitive. No one wanted to trust unknown airline personnel with the crown jewels of US counterterrorism intelligence, so giving them the entire list was out of the question.
Plus, the airlines weren’t that good a figuring out when they had a name that matched. They’d flag Abdulmutallab for screening if that was the name they received from the government. But not Abdul Mutallab. Or Abdulmuttallab. If even the US government can’t manage to match a misspelled Abdulmutallab to the real thing, it’s asking too much to expect the airlines to do better. So, to make sure that planes were not brought down by a typo, the government tried to supply all the likely variants and misspellings and aliases for every suspect’s name.
But that created a new problem. Millions of Americans have names that resemble those on the list. Of course they have different addresses and birthdates, so a halfway decent computer system would not flag those people for scrutiny. The problem was that the many in the perennially bankrupt airline industry didn’t have a halfway decent computer system, and they weren’t eager to spend money upgrading their systems just to do the government’s screening job for it.
So in 2003, DHS proposed to take over the processing of the list. The idea was straightforward. TSA would collect reservation data from the airlines and run its terror suspect lists against the reservations. The reservation data would help resolve ambiguities where two people had similar names. It would also provide new security capabilities, allowing TSA to identify connections between suspects that were on its list and previously unknown passengers who shared addresses or phone numbers with the suspects and who might be conspiring with them.
In short, it would create the one tool that could have stopped the attacks of 9/11. It would give security officials quick and easy access to domestic travel reservations. If they’d had that in August of 2001, officials could have first located the two known al Qaeda operatives and then spotted most of the others through links in their reservation information.
With that background, the new system must have seemed like a no-brainer to the leadership of DHS. But, fresh from their victories over TIPS and TIA, the privacy coalition had other ideas.