The Computer Assisted Passenger Prescreening System (often abbreviated CAPPS) is a counter-terrorism system in place in the United States air travel industry. The United States Transportation Security Administration (TSA) maintains a watchlist, pursuant to 49 USC § 114 (h)(2) ^*, of "individuals known to pose, or suspected of posing, a risk of air piracy or terrorism or a threat to airline or passenger safety." The list is used to pre-emptively identify terrorists, or perceived terrorism threats, attempting to buy plane tickets or board planes traveling in the United States. This system (CAPPS I) was first implemented in the late 1990s, in response to the perceived threat of U.S. domestic and international terrorism after incidents like the explosion of TWA Flight 800 and the Centennial Olympic Park bombing several days later in 1996. It determined selectee passengers for additional security measures.

It was first administered by the FBI and FAA. In November 2001, control was transferred to the TSA, where it has "...expanded almost daily as Intelligence Community (IC) agencies and the Office of Homeland Security continue to request the addition of individuals..." ^*

In 2003, the Transportation Security Administration (TSA) presented a proposal for an expanded system (CAPPS II), which was reviewed by Congress and later canceled by the United States Department of Homeland Security (DHS).

Overview

These systems rely on what is known as a Passenger Name Record, often abbreviated PNR. When a person books a plane ticket, certain identifying information is collected by the airline: full name, address, etc. This information is used to check against some data store (i.e., a TSA No-Fly list, the FBI ten most wanted fugitive list, etc.) and assign a terrorism "risk score" to that person. High risk scores behoove the airline to subject the person to extended baggage and/or personal screening, and to contact law enforcement if necessary.

CAPPS II

CAPPS II was a proposal for a new CAPPS system, designed by the Office of National Risk Assessment (ONRA), a subsidiary office of the TSA, with the contracted assistance of Lockheed Martin. Congress presented the TSA with a list of Requirements, for a successor to CAPPS I. Some of those requirements were:

• The government, not the airlines, will control and administer the system
• Every ticketed passenger will be screened, for instance not just those who check bags
• Every airline and every airport will be covered by the system

Like its predecessor, the CAPPS II proposal would rely on the PNR to uniquely identify people attempting to board aircraft. It would expand the PNR field to include a few extra fields, like a full street address, date of birth, and a home telephone number. It would then cross-reference these fields with government records and private sector databases to ascertain the identity of the person, and then determine a number of details about that person. Law enforcement would be contacted in the event that the person:

• is present on a terrorist or most-wanted list
• has outstanding Federal or state arrest warrants for violent crime

Otherwise, the software would calculate a "risk score" and then print a code on the boarding pass indicating the appropriate "screening level" for that person: green (no threat) indicates no additional screening, yellow (unknown or possible threat) indicates additional screening, and red (high risk) indicates no boarding and deferral to law enforcement. How this risk score would be calculated was never disclosed nor subject to public oversight of any kind outside of the TSA.

The system was jeapordized in a critical report (pdf) by the U.S. General Accounting Office in early 2004 and increased opposition from watchdog groups like the ACLU, ReclaimDemocracy.org and EPIC. Advocacy groups that believed it would undermine both privacy and safety (because terrorists allegedly could use it to their advantage), and may be unconstitutional.

CAPPS II was cancelled by the TSA in the summer of 2004. Shortly thereafter, the TSA announced a successor program, called Secure Flight, that would work much the same as CAPPS II. TSA hoped to test Secure Flight in August 2005 using two airlines. In February of 2006 Secure Flight was cancelled for being potentially insecure.

External links

• The Electronic Privacy Information Center (April 2003). Documents Show Errors in TSA's "No-Fly" Watchlist.
• TSA customer service

CAPPS II

• CAPPS II Section of HR 2115, the "Century of Aviation Reauthorization Act" The language of proposed legislation (aclu.org)
• The Transportation Security Administration, promoters of CAPPS II
• The Dangerous Illusion of CAPPS II A critical article exploring multiple concerns with CAPPS II (reclaimdemocracy.org)
• ACLU page on CAPPS II
• "Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges" (pdf) summary of report on CAPPS II by the General Accounting Office
• blog providing regular updates on CAPPS II

Personal identification | Security | Aviation in the United States | Terrorism