CAPPS II: A Case Study of Homeland Security Computer Applications Marcia Hofmann Staff Counsel Electronic Privacy Information Center Computer Freedom &

Slides:

Advertisements

Similar presentations

FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.

Advertisements

Department of Defense FOIA Website Compliance March 6, 2008 Internet Requirements Internet Requirements.

[Code of Federal Regulations] [Title 49, Volume 9] [Revised as of October 1, 2009] From the U.S. Government Printing Office via GPO Access [CITE: 49CFR ]

NBTA International Convention & Expo Wednesday, August 26th.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flag Rules: What they are? & What you need to do

Transit Security: An Overview of Activities Since 9/11 Eva Lerner-Lam President Palisades Consulting Group, Inc. ITE 2003 Annual Meeting August 24-27,

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

The PATRIOT Act, Technology and Records Privacy David L. Sobel General Counsel Electronic Privacy Information Center ECURE 2004 Arizona.

Information Security Policies Larry Conrad September 29, 2009.

COMP 006: Computers Make It Possible 25 August 2004.

Passenger Data Exchange

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

GSA Expo 2009 Impact of Secure Flight Program on DoD Travel Mr. George Greiling GSA Expo June 2009.

Information Privacy Policy in Canada Presented By: Sue Wu.

BOEING is a trademark of Boeing Management Company. Copyright © 2006 Boeing. All rights reserved AVICI_Welcome_1 The US Department of Transportation’s.

Brad Butt MP February 10, – criminalize the advocacy or promotion of terrorism offences in general; – counter terrorist recruitment by giving our.

CUSTOMER RELATIONS IN THE TRAVEL INDUSTRY 6.06 Recognize the importance of safety and security in the travel industry.

Private Sector Federation PRIVATE SECTOR FEDERATION THE LAWS, REGULATIONS AND DECISIONS THAT IMPACT ON THE TOURISM INDUSTRY IN RWANDA CHAMBER OF TOURISM.

Allows FBI to request (from FISA court judges) access to certain business records, including Common carriers (airlines, bus companies, and others in the.

Exposing the Myths, Exploring the Solutions Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Security: Seeking the.

PUSHING THE BORDERS BACK: Passenger Operations U.S. CUSTOMS AND BORDER PROTECTION FIELD OPERATIONS JFK INTERNATIONAL AIRPORT.

School Law Presentation Amy Ellis 4/19/12. Family Education Rights & Privacy Act (also called the Buckley Amendment) A federal statutory law enacted by.

Strengthening General Aviation Security November 2011.

1 New Zealand’s Advance Passenger Screening and Biometrics Presentation to : BALI AHEG II Identity Management Workshop 17 March 2004 Rob Bolton Chief Information.

The Patriot Act Protecting the US or Violating People’s Freedoms.

Homeland Security. Learning Topics Purpose Introduction History Homeland Security Act Homeland Defense Terrorism Advisory System Keeping yourself safe.

OSEP National Early Childhood Conference December 2007.

1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Interim Executive Director June  Financial Management Practices Audit Results Fiscal Year Audit Results Fiscal Year Internal.

Exposing the Myths, Exploring the Solutions Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Security: Seeking the.

1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.

The Emerging Global Identity & Tracking System October 28, 2004 Barry Steinhardt Director, Technology & Liberty Project American Civil Liberties Union.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,

 The use of telecommunications technology to provide, enhance, or expedite health care services.  Accessing off-site databases, linking clinics or physicians'

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

Audit Planning Process

Session Title: FERPA: What You Need To Know Presented By: Jeffery Loggins Institution: Mississippi Valley State University September 15, 2015.

Improving Data Quality Tuscaloosa County School System STI Office/District, McAleer PR.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

NOAA Aviation Safety Board Meeting May 16, 2006 Lieutenant Commander Debora Barr NOAA Aviation Safety Program.

AML Compliance Findings & Observations Wyn Clark U.S. Treasury.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Registered Traveler Jody Blanke Mercer University ALSB, Ottawa August 19, 2004.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Security in Air Transportation

“Executive Departments & Cabinet” “Independent Agencies and Regulatory Commissions.

FERPA for the Financial Aid Office NCASFAA Fall Conference November 2012.

New York State Center of Excellence in Bioinformatics & Life Sciences R T U Discovery Seminar /UE 141 MMM – Spring 2008 Solving Crimes using Referent.

For Official Use Only (FOUO) and Similar Designations NPS Security Office

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

November 19, 2002 – Congress passed the Homeland Security Act of 2002, creating a new cabinet-level agency DHS activated in early 2003 Original Mission.

You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device.

Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.

Understanding Privacy An Overview of our Responsibilities.

Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.

T Trade in Services Pilot project in

Data Protection Legislation

US-VISIT Goals Enhance the security of our citizens and visitors

FOIA, Privacy & Records Management Conference 2009

Disability Services Agencies Briefing On HIPAA

Quiet Skies Program Controversy

Data Breach of United States Office of Personnel Management

Presentation transcript:

CAPPS II: A Case Study of Homeland Security Computer Applications Marcia Hofmann Staff Counsel Electronic Privacy Information Center Computer Freedom & Privacy 2004 April 20, 2004 CAPPS II A Case Study in Homeland Security Use of Technology

2 After 9/11, a New Mission “We must prevent first, prosecute second.” -- Attorney General John Ashcroft After the September 11, 2001 terrorist attacks, the government made defense of the United States the highest priority.

3 CAPPS I In use since 1998 Run by airlines Checks passenger information against a terrorist watch list Then checks passenger information against CAPPS rules to identify terrorist- like behavior

4 Aviation Security After 9/11 After 9/11, Congress demanded that a new, more effective air passenger screening program be developed to replace CAPPS. The new program that the Transportation Security Administration has designed is called the second-generation Computer Assisted Passenger Prescreening System, or CAPPS II.

5 How CAPPS II Works A passenger provides her name, address, phone number, and date of birth when she makes a reservation to fly on an airplane. This information is entered into her Passenger Name Record, which also includes information such as travel itinerary and form of payment. The PNR is transmitted electronically to TSA.

6 How CAPPS II Works Prior to the passenger’s flight, TSA transmits the information to one or more commercial data aggregators to verify the passenger’s identity. The data aggregator(s) generate an score indicating the likelihood that the passenger-provided data are authentic, which is sent back to TSA.

7 How CAPPS II Works Then TSA conducts risk assessments using government databases, including classified and intelligence data, to determine the passenger’s likelihood of being a threat to security. When the passenger checks in for her flight, TSA transmits her risk category to the check-in counter, which will determine the level of security she encounters.

8 The Program’s Status Congress is withholding funding until its concerns are addressed. The General Accounting Office determined in February that seven of eight key concerns still remain. Congress is considering the next step.

9 Issues That Need To Be Addressed Incomplete planning Effectiveness Accuracy Security Privacy Redress Function Creep

10 Incomplete Planning TSA has yet to identify the specific system functionality to be developed, its schedule for completion, or its cost throughout development. The agency also has not finalized policies concerning security, oversight, compliance with law, and redress.

11 Effectiveness Early increments of CAPPS II have not been stress tested to assess the effectiveness of the system or its components. TSA reports that it has been unable to obtain actual passenger data to test CAPPS II, though a recent statement by one airline indicates this may not be accurate.

12 Accuracy TSA has not found a way to determine the error rate of the commercial and government databases that will be used by CAPPS II. TSA has also not found a way to mitigate data errors.

13 Security Safeguards TSA has not yet developed a security policy to address system, personnel, and physical security controls. TSA has not identified or assessed information security risks associated with CAPPS II. There are no operational controls to protect against unauthorized access and misuse.

14 Privacy Safeguards Collection only of information that is “necessary and relevant” Right of the individual to access information Right of the individual to correct inaccurate information TSA exempted CAPPS II from numerous legal requirements of the Privacy Act, including:

15 Privacy Safeguards No privacy impact assessment has been finalized as required by the E- Government Act of TSA has appointed a Privacy Officer and established an internal oversight board. However, the program lacks independent oversight.

16 Redress TSA is developing a redress process for individuals adversely affected by CAPPS II. However, the process is highly discretionary and does not provide any right to judicial review as required by the Privacy Act.

17 Function Creep “[A]t the moment we are charged with finding in the aviation sector foreign terrorists or those associated with foreign terrorists and keep[ing] them off airplanes. That is our very limited goal at the moment.” -- TSA Administrator Admiral James Loy, May 2003

18 Function Creep By August 2003, CAPPS II was expanded to include analysis of information regarding persons with outstanding state or federal arrest warrants for crimes of violence. It was also announced that CAPPS II would be linked with US-VISIT, which is intended to track visitors’ entry to and exit from the US.

19 Challenges The system’s changing goals Responsible use of private and public sector data Need for secrecy vs. rights of individuals in their information