This
is
another
excerpt from my book on technology, terrorism, and
DHS, tentatively titled "Skating on Stilts." (If you want to
read the excerpts in a more coherent fashion, try the categories on the
right labeled "Excerpts from the book." I'm afraid I can't fix the bug
in TypePad that prevents me from putting them in the category in
reverse-chronological order, but I have started putting chapters up in
pdf form from time to time.) Comments and factual quibbles
are welcome, either in the comments section or by email:
[email protected]. If you're dying to order the book, send
mail to the same address.
--Stewart Baker
DHS was brand-new in
2003. One of its priorities was to do exactly
what the talking heads have been demanding in the wake of the Christmas Day
attack. It wanted to transform TSA’s
screening system from one that looked mainly for weapons to one that looked for
terrorists as well. The tool for doing
that would be a second generation of the Computer Assisted Passenger
Prescreening System, or CAPPS II. CAPPS
II would process passengers’ travel reservations to identify possible terror
suspects much earlier and screen them more carefully -- both before they got to
the checkpoint and while they were there.
Until 2003, because it lacked
access to travel reservation data, TSA had relied on the airlines to do the
screening. It sent over a list of names,
and the airlines checked to see if anyone with that name had made a reservation. If the person was on the no-fly list, the
airline refused to give him a boarding pass.
If he was on a selectee list, his boarding pass was marked so that
screeners could single him out for additional screening.
That system was deeply unsatisfactory
for many reasons, particularly as information sharing took hold, and a
consolidated list of terrorism suspects was assembled from the many separate
databases that existed before 9/11. Once
these names had been assembled, the list was long and sensitive. No one wanted to trust unknown airline
personnel with the crown jewels of US counterterrorism intelligence, so giving
them the entire list was out of the question.
Plus, the airlines weren’t
that good a figuring out when they had a name that matched. They’d flag Abdulmutallab for screening if
that was the name they received from the government. But not Abdul Mutallab. Or Abdulmuttallab. If even the US government can’t manage to
match a misspelled Abdulmutallab to the real thing, it’s asking too much to
expect the airlines to do better. So, to
make sure that planes were not brought down by a typo, the government tried to
supply all the likely variants and misspellings and aliases for every suspect’s
name.
But that created a new
problem. Millions of Americans have
names that resemble those on the list.
Of course they have different addresses and birthdates, so a halfway
decent computer system would not flag those people for scrutiny. The problem was that the many in the
perennially bankrupt airline industry didn’t have a halfway decent computer
system, and they weren’t eager to spend money upgrading their systems just to
do the government’s screening job for it.
So in 2003, DHS proposed to
take over the processing of the list.
The idea was straightforward. TSA
would collect reservation data from the airlines and run its terror suspect
lists against the reservations. The
reservation data would help resolve ambiguities where two people had similar
names. It would also provide new
security capabilities, allowing TSA to identify connections between suspects
that were on its list and previously unknown passengers who shared addresses or
phone numbers with the suspects and who might be conspiring with them.
In short, it would create the
one tool that could have stopped the attacks of 9/11. It would give security officials quick and
easy access to domestic travel reservations.
If they’d had that in August of 2001, officials could have first located
the two known al Qaeda operatives and then spotted most of the others through
links in their reservation information.
With that background, the new
system must have seemed like a no-brainer to the leadership of DHS. But, fresh from their victories over TIPS and
TIA, the privacy coalition had other ideas.
Comments