Intelligence and Privacy

Airline Watchlists - Overview

The Transportation Security Administration (TSA) was created by the Aviation and Transportation Security Act of 2001 and charged with overseeing the security of all modes of transportation. The TSA's current system for preventing terrorist access to airplanes relies on airline watchlists compiled from a variety of government sources. At least two types of watchlist are maintained: a "no-fly" list of terrorist suspects, and a "selectee" list targeting people who must be subjected to rigorous screening before they are allowed to fly. The TSA has refused to supply details of who is on the lists and why. However, according to TSA documents obtained through a FOIA suit filed by the ACLU, the list of targeted people has been growing daily in response to requests from the intelligence community, DHS, and other agencies.

To comply with the Aviation and Transportation Security Act, TSA also continues to develop a new passenger screening system called the Computer Assisted Passenger Pre-Screening System II (CAPPS II). CAPPS II will eventually replace the current program (CAPPS I), while retaining the same primary mission of "ensur[ing] passenger and aviation security." TSA initially indicated that CAPPS II would be used only to identify individuals (including U.S. citizens) with potential ties to international terrorist organizations. In an Interim privacy Notice issued on July 22, 2003, however, TSA made clear that CAPPS II's reach would be expanded to identify: (1) individuals with possible ties to domestic terrorism; (2) individuals with outstanding federal or state arrest warrants for violent crimes; and potentially (3) visa and immigration law violators.

In September 2003, Congress decided not to appropriate funds for deployment of CAPPS II until the GAO could certify that specific accuracy, security, and privacy concerns had been addressed. GAO's congressionally mandated report was released in February 2004; according to the report, "TSA is behind schedule in testing and developing initial increments of CAPPS II, due in large part to delays in obtaining passenger data . from air carriers because of privacy concerns." As of the beginning of 2004, GAO indicates that TSA has failed to fully address seven of the eight key areas of congressional interest regarding CAPPS II despite the existence of a DHS internal oversight board which monitors CAPPS II, along with other DHS programs. Other challenges related to privacy noted by the GAO report are ensuring that identity theft does not frustrate the goals of the CAPPS II system and that expansion of the system beyond its original mandate is responsibly managed.

CAPPS II has triggered concerns within the European Parliament (EP) that U.S. requirements that all international airlines provide full access to passenger data may violate the European Data Protection Law. European and U.S. officials are in the process of generating a final arrangement whereby passenger information is accessible, while privacy remains protected and airlines are able to comply with data protection laws.