TSA finally starts talking to travel execs about CAPPS-II

The USA Transportation Security Administration held its first meeting with corporate travel managers and privacy officers last Friday, according to an announcement from the Association of Corporate Travel Executives:

"It's time for the Transportation Safety Administration to consult with corporate travel managers and privacy officers..." This is the conclusion of the Association of Corporate Travel Executives, following a special meeting held today with the TSA. ACTE leaders are attempting to head off a confrontation between the TSA and corporate America over possible CAPPS II violations of company privacy policies. A previous ACTE survey indicated that 78% of respondent travel managers said that the collection of PNR data in this manner could compromise corporate privacy policies.

"The time has come for the TSA to sit down and talk to business travel managers and corporate privacy officers before moving forward with any more plans to extract information," said Nancy Holtzman, ACTE's executive director. "We are in the process of assembling a working group of travel managers and corporate privacy officers to advise the TSA to avoid further confusion stemming from the development of CAPPS II....

"The travel industry is just beginning to see what those costs might be. Earlier this week, travel industry authorities indicated that TSA data requirements could cost millions in reprogramming systems and in training," said Holtzman.

Earlier this month, ACTE said that they are "solidly behind" the GAO's report on CAPPS-II:

"Business travel managers from the largest companies in the country are questioning the impact CAPPS II will have on both their companies travelers and the travel industry as a whole," said Nancy Holtzman, executive director for the Association of Corporate Travel Managers. "In the scramble to draw the lines for privacy, little has been said about the deleterious effect the unworkable aspects of CAPPS II may have on a fragile industry recovery," said Holtzman.

Ninety-five percent of survey respondents in a recent ACTE poll found CAPPS II unacceptable in its current form.

More than a year ago, in my comments on the CAPPS-II Privacy Act noticce, I pointed out the conflict between CAPPS-II and the privacy clauses in corporate travel management contracts. But this is the first time it has been discusssed by the TSA with the corporations whose confidential business information would be disclosed under the CAPPS-II scheme.

These same privacy clauses in travel management contracts were almost certainly violated when airlines (including jetBleu and Northwest), CRS's (including Sabre), and third-party PNR processing firms (including Airline Automation -- now part of the Amadeus CRS -- and Acxiom) shared PNR data with government contractors and agencies for profiling tests. As recognition of the issue grows, so does the likelihood that all these companies handling, and secretly disclosing, reservation data will face breach of contract lawsuits from corporate travellers, in addition to the current crop of class action lawsuits by individual passengers.

DHS Privacy Officer releases report on jetBlue Airways scandal

The Chief Privacy Officer of the USA Department of Homeland Security today released her Report to the Public on Events Surrounding jetBlue Data Transfer of the entire jetBlue Airways reservation archives to a military contractor.

The DHS also released a Transcript of Media Roundtable with Nuala O'Connor Kelly, Chief Privacy Officer, DHS conducted earlier this week. (Should I be surprised that, as the first to have uncovered and reported the jetBlue scandal, I wasn't invited?)

Perhaps the most important thing about the DHS Privacy Officer's report is its narrow focus:

This report is not intended to comment on allegations involving jetBlue's activities or the activities of Department of Defense employees or contractors, which in these circumstances is beyond the statutory purview of the DHS Privacy Office.

So the publication of this report should not be misunderstood to mean that the scandal has been "fully" investigated, much less "laid to rest".

The issues of privacy practices within the travel industry -- by jetBlue, Northwest Airlines, other airlines, CRS's/GDS's, travel agencies, and third-party PNR processing companies -- and of use of airline reservation data for other government programs including "Total Information Awareness", continue to demand a Congressional investigation that would extend well beyond the scope of next month's hearing on CAPPS-II.

Contradicting published reports by myself and other journalists (including the Times of London) that CAPPS-II contractors in 2002 received and used tapes of several million reservations on multiple airlines from the Sabre CRS, the DHS Privacy Officer says that, "At this time, there is no evidence that CAPPS II testing has taken place using passenger data." But no details are given as to what effort the Privacy Officer made to seek out such eveidence, or whether she even asked the members of the four 2002 CAPPS-II proof-of-concept contractor teams what data they used in their tests.

The DHS Privacy Officer's report concludes that:

TSA participation was essential to encourage the data transfer. As several airlines had refused to participate in this program absent TSA's involvement, it appears that, but for the involvement of a few TSA officials in these events, the data would likely not have been shared by jetBlue with the Department of Defense and its contractors.

The DHS report confirms that Torch Concepts received the jetBlue data as a subcontractor to SRS Technologies -- a relationship Torch excised from its Web site just days after I broke the jetBlue story, and SRS has been reluctant to admit.

SRS was the exclusive prime information technology contractor to the military's "Total Information Awareness" (TIA) program, but there's no mention in the DHS report of whether the Torch subcontract was under SRS's contract for TIA (and, once again, no indication that DHS Privacy Officer even asked). The relationship of the jetBlue/Acxiom/Torch/SRS project to the TIA program remains an open question, unlikely to be answered without a Congressional investigation.

The real bombshell in the report is the revelation that Acxiom Corp., a "data aggregator serving as a contractor for jetBlue", already had received all the jetBlue reservation data before it turned it over to military contractor Torch Concepts at the request of the TSA:

The actual transfer of the data, was, in fact, accomplished between Acxiom (acting as a contractor for jetBlue) and Torch Concepts.

In the USA, as the DHS Privacy Officer's report correctly points out, the Privacy Act only regulates the use of data actually held by the Federal government. So it wouldn't have prohibited jetBlue from giving copies of reservations to Acxiom or anyone else, as long as the government wasn't involved.

But this newly-disclosed earlier transfer of jetBlue reservations to Acxiom may have been an independent violation of jetBlue's privacy policy -- and, to the extent that privacy policy is legally binding, may provide an independent basis for legal action against jetBlue.

There's nothing particularly unusual in this sort of wholesale transfer of reservation data, without notice or consent from travellers, to companies travellers have never heard of or dealt with directly. As I've said all along, the only peculiarity of the jetBlue case is that jetBlue hosts its own database -- most airlines outsource hosting of their reservation databases to one of the big four CRS's/GDS's -- and that jetBlue actually has a privacy policy against the things it did.

The first reported tests of passenger profiling from reservation data after 11 September 2003 were conducted with several million reservations from the archives of another third-party PNR processing company that works as a contractor to airlines, Airline Automation, Inc. (now a division of the Amadeus CRS/GDS).

We don't know what Acxiom was already doing with the jetBlue records. (If the DHS Privacy Officer asked, she doesn't say in her report.) jetBlue has tried to excuse its gift of passenger data to a military contractor as a well-intentioned excess of patriotism, but jetBlue's newly-revealed prior "sharing" of passenger records with a data aggregator will be harder to justify. It's only one of a number of more recent signs of increasing efforts by travel reservation companies to "monetize" their archives of passenger data for targeted marketing and other purposes, including by aggregating them with other databases. (More on this in a future story I'm working on.)

But just as the fact that the TSA didn't violate the Privacy Act when they asked jetBlue to turn over their files to a military contractor is a sign of the need to close the loophole in the Privacy Act for commercial databases constructed at the government's behest, so the fact that jetBlue violated no law (except to the extent they violated their self-imposed privacy policy) when they gave their archives to a contractor to "aggregate" with other financial and government data is a sign of the need for a Federal travel privacy law protecting personal travel records in both corporate and government hands.

Congressional hearing on CAPPS-II set for 11 March 2004

The Subcommittee on Aviation of the USA House Committee on Transportation and Infrastructure has scheduled a public subcommittee hearing on Thursday, 11 March 2003, on the proposed Computer Assisted Passenger Prescreening System, version 2 (CAPPS-II).

The Aviation Subcommittee Charperson, Rep. John Mica (republican of Florida) has been strongly critical of the Department of Homeland Security's Transportation Security Administration, but has to date stopped short of endorsing other House members' calls for suspension or termination of the CAPPS-II program.

Congress is in recess this week, and the list of witnesses who will testify at the CAPPS-II hearing has not yet been announced. The agenda for the hearing does not appear to include the privacy policies or practices of the travel industry, or any legislation to protect the privacy of travel records, so it's important to keep the pressure on Congress to address those larger issues.

This will be the first public inquiry into the billion-dollar plus scheme (the largest domestic intelligence program in USA history) to:

• profile all air travellers (and eventually all travellers by surface common carriers);
• conscript airlines and travel agents into collecting additional personal information to enable the indexing of reservations into lifetime travel dossiers (held by private reservation services, but accessible to the government at any time, and including information on travel industry workers, travel planners, and many other people besides travellers);
• require for the first time in USA history a de facto domestic passport for the exercise of the right of the people peacably to assemble, protected under the First Amendment; and
• begin the process of integrating airline reservation systems and government databases and networks, creating a new global surveillance insfrastructure for monitoring and recording the movements of people

While the DHS and its predecessor, the Department of Transportation, twice last year requested public comments on portions of the CAPPS-II scheme, many of the comments they received -- the largest volume of comments of any Privacy Act notice ever, almost all of them strongly critical -- are still being withheld from public release.

The DHS's purported "Analysis of Comments" failed even to ackowledge that any comments had been received concerning most of the main criticisms actually raised during the public comment periods: whether CAPPS-II would be Constitutional, whether it was authorized by law, whether it would include information on other people besides travellers, how much it would cost, its impact on the travel reservations industry, and so forth.

Written questions from several members of Congress concerning CAPPS-II and other government use of airline reservations for passenger profiling have gone unanswered by the TSA, DHS, and other agencies.

And more questions were raised by the report of Congress's General Accounting Office on the TSA's (lack of) success in meeting the prerequisites set by Congress for any further CAPPS-II funding.

One day of hearings can't begin to answer all these questions, but it's a welcome, and long overdue, start on bringing them into the limelight. I hope to be there, and will keep you posted.

Call for Congressional hearings on CAPPS-II and travel privacy

A coalition of privacy groups from across the political spectrum today jointly called on Congress to hold hearings on "on the threat to privacy and civil liberties posed by government collection and use of airline passenger name records (PNRs)."

In a letter sent to the Chairperson and Ranking Minority Member of the House Committee on Transportation and Infrastructure, the privacy coalition says:

We are particularly concerned about the Computer Assisted Passenger Prescreening System (CAPPS II) being developed by the Transportation Security Administration (TSA), but in the wake of the JetBlue and Northwest Airlines scandals, it has become clear that there are too many unanswered questions generally about the government's use of PNR data and the state of our travel privacy. In the interest of transparency, hearings held by your committee will shed some light on this important issue and answer the following questions:

1. What passenger information is collected, how is it shared and with whom?
2. How long is the information retained?
3. What are the names and numbers of government contractors (Torch), data-brokers and other third parties as well as their level of involvement in the PNR process?
4. What rights do passengers have to correct information, as they do their credit reports?
5. What rights do passengers have to view their personal data, as they do their medical records?
6. What recourse do passengers have if they believe they have been wrongly "flagged"?
7. Will CAPPS II be effective for identifying individuals who pose a threat to aviation security?
8. How much will it cost the travel industry as a whole to comply with requirements to provide TSA with data not currently collected by the agency?

Before federal agencies further determine uses for our personal information, Congress itself needs to examine the issue, beginning with the collection of PNR data and the threat it poses to personal privacy.

The letter was signed by representatives of the Electronic Frontier Foundation, Free Congress Foundation, Electronic Privacy Information Center, Center for Democracy and Technology, People for the American Way, American Civil Liberties Union, Common Cause, Business Travel Coalition, Americans for Tax Reform, and DontSpyOn.US.

You can send your own letter to Congress supporting this call by filling out this form on the EFF Web site. EFF also has an updated backgrounder on their Web site, Why EFF Is Concerned About CAPPS II: Government Surveillance via Passenger Profiling .

Key themes of the privacy coalition letter to the House committee are echoed in another letter sent last week to the Transportation Security Administration by the Chairperson and Ranking Minority of the Senate Committee on Governmental Affairs, questioning the role of the TSA in requesting that jetBlue Airways give a copy of its reservation archives to a military contractor:

Press reports have indicated that TSA was involved in the transfer of millions of Passenger Name Records (PNR) to the Army contractor. Although the Department of Homeland Security (DHS) has indicated that TSA's role was limited, it has come to our attention that this may not have been the case. Army officials recently indicated to Committee staff that airlines were reluctant to provide PNR data to Torch Concepts without TSA's approval. It is our understanding that TSA did provide such approval in the form of a written request to JetBlue asking the airline to provide PNR data to Torch Concepts.

If TSA's involvement in the JetBlue incident is greater than previously acknowledged, then TSA needs to fully disclose its actions and swiftly move to reassure the public that it will act with greater concern for privacy rights in the future. This is especially important given that, in order to test and implement the new Computer Assisted Passenger Prescreening System (CAPPS II), TSA will likely need to compel airlines to turn over PNR data. Americans, in turn, need to know that TSA will be forthright in how it handles information about them. That reassurance can only come following a complete public accounting of TSA's role in the JetBlue incident.

"Specifically," according to their press release, "the Senators requested copies of any written communications from TSA to JetBlue Airways related to the Army's research project conducted by Torch Concepts, as well as an explanation of why this information might not have been previously disclosed."

Both the privacy coalition letter to the House Transportation and Infrastructure Committee leadership , and the Senators' letter to the TSA, reflect growing recognition that the potential for government abuse of travel data is inextricably linked with the privacy policies of "private" (but, of course, government licensed and heavily government subsidized) airlines, as well as travel agencies, CRS's/GDS's, and everyone else in the reservation data "food chain".

Meanwhile, the General Accounting Office is also turning its attention to the role of airlines and computerized reservations services (CRS's) in CAPPS-II. Business Travel News quotes Cathleen Berrick, co-author of GAO's latest report on CAPPS-II: "We have started initial interviews with airlines and reservations companies to assess the impact on them and on the traveling public." BTN picks up on the fact that, according to the GAO's recent audit, the TSA's "estimated life cycle cost of over $380 million through fiscal year 2008" for CAPPS-II did "not include air carrier, reservation company or passenger costs."

In my comments submitted to the Departments of Transportation and Homeland Security on the CAPPS-II Privacy Act notices, I estimated CAPPS-II implementation costs to the travel industry at US$1 billion or more . Since those were the only comments from anyone in the travel industry concerning the cost of CAPPS-II, it's more than a little shocking that they were ignored, that it's taken this long before anyone in the government has begun to pay attention to the cost of CAPPS-II, and that this is being done first by the GAO -- not the TSA or DHS, which ought to have had some concern for the cost implications of their schemes. Let's hope the GAO also looks into the impact on the tens of thousands of travel agents in the USA, and several times more around the world, who will be conscripted into doing the lion's share of the work (unpaid, presumably, or paid for by travellers in higher fares and/or service fees) of collecting and entering the additional tracking data required for CAPPS-II, in order for reservations to be indexed into lifetime travel dossiers.

Rounding out today's debates on the integration of passenger surveillance capabilities into the infrastructure of airline reservations, the European Parliament's Committee on Citizens' Freedoms and Rights, Justice and Home Affairs (LIBE) was scheduled to resume its consideration in Brussels of both a draft Report on the level of protection provided by the USA on air passenger name records (PNR) and of a Spanish initiative, Obligation of [air] carriers to communicate passenger data . Statewatch has more details on the continuing opposition from governmental and non-governmental organizations throughout Europe to both proposals, as well as to future plans for biometric/RFID travel documents .

[Addendum, 20 February 2004: full text of letter from Senators Collins and Lieberman to the DHS]

DHS spin doctors respond to GAO critique of CAPPS-II

Transcript of Media Roundtable with Nuala O'Connor Kelly, Chief Privacy Officer, DHS
(17 February 2004)

Transcript of DHS Undersecretary Hutchinson's Remarks at a CAPPS II Media Roundtable
(13 February 2004)

DHS 'Fact' Sheet: CAPPS II at a Glance
(13 February 2004)

CAPPS II: 'Myths' and 'Facts' from the DHS
(13 February 2004)

TSA Video News Release on CAPPS-II:

• Real Player, 1.4 MB
• Microsoft Windows Media, 6.5 MB

Most of this recent propaganda is merely a misleading attempt at "spin doctoring", but some of it is simply false -- especially the video news release.

DHS Chief Privacy Officer Nuala O'Connor Kelly manages to fit four of the DHS's biggest lies about CAPPS-II into a single (no doubt carefully crafted) sentence of her one sound bite of the video news release -- a sound bite constructed entirely of out-and-out lies.

Speaking about the changes from the earlier CAPPS 2.0 to the current CAPPS 2.1 proposal , she says:

1. "We've actually reduced the amount of information we're collecting,..."
   In fact, one of the most significant changes from CAPPS 2.0 to CAPPS 2.1 was to increase the amount of data collected, by requiring airlines and travel agents to enter and pass on to the TSA additional information -- never previously required, and rarely if ever collected -- in each reservation.
   
   
2. "...limited the ways that information will be used,..."
   In fact, there are no limitations whatsover in the CAPPS-II Privacy Act notices, or any other publicly-disclosed government regulation or policy, limiting the ways that airlines, reservation services, or travel agencies -- to whom travellers will be required by government order to provide their personal information -- can use that information. They will remain free under USA law, as they are now, to use or sell that information commercially, or give it to any government agency, for any purpose, without asking permission from, or giving notice to, the people whose personal data is to be disclosed.
   
   
3. "...and also reduced the length of time the information will be kept...."
   In fact, neither are there any restrictions whatsoever in any current or proposed USA government rules on the lngth of time airlines, reservation services, and/or travel agencies are allowed to keep reservation records. Under the latest CAPPS-II proposals, they will remain free to retain them indefinitely, as lifetime travel history archives.
   
   
4. "...We're also building systems where passengers can see their information and correct it if necessary."
   In fact, as the GAO noted in its audit report, nothing in current USA laws or regulations, or the CAPPS-II proposals, would require airlines, reservation services, or travel agencies to show travellers their reservation records, or correct them. As the GAO also noted, it's not clear that the TSA or DHS would have the authority to order private compnaies to change reservation records, even if the TSA or DHS wanted to.

"Government Data Rules Eliminate Hope of Privacy for US Air Travelers"

Government Data Rules Eliminate Hope of Privacy for US Air Travelers
(Gene J. Koprowski, TechNewsWorld, 13 February 2004)

Most airlines outsource their domestic reservation databases, known as Passenger Name Records (PNRs) to organizations with clever names like Sabre, Amadeus and Worldspan.

"With the cost of storage dropping, retention times have been increasing, but they've always been at least three to five years," said Edward Hasbrouck, the travel guru at Airtreks.com , an Internet travel agency. "PNRs are kept in live storage until the completion of travel, after which they are moved to permanent archival storage."

Since 9-11, the government has been closely eying that domestic travel data, through the jurisdiction of the U.S. Patriot Act, and other measures. As a result, travelers in the United States "shouldn't have confidence in the privacy of their reservations" said Hasbrouck.

Experts believe that, unless the U.S. Congress passes an act to ensure privacy of travelers, unlikely, due to national security concerns, the collection of data on travelers will intensify, giving government users and some commercial entities with access the ability to track your travels -- and expected comings and goings too....

"There's an 'if you build it they will come' aspect to data collection and maintenance in such systems," said Hasbrouck.

"Once the data exists, even if technology restricts access to authorized users, technology can't determine who should be authorized. Decisions about authorization for access are policy choices, and can change long after the data is collected. Unless the records are destroyed, data can be used for purposes that weren't anticipated or authorized when it was collected."

Hasbrouck observes that as long as the data is kept, it can be requested by the DHS or TSA, regardless of whether the government maintains its own "mirror" of these data archives.

"The distinction between data retained by the government and by the private sector is largely meaningless in light of the Patriot Act provisions for the government to demand privately-held data, in secrecy, without the need of a court order," said Hasbrouck.

Why CAPPS-II would cost a billion dollars

Several people have asked for the basis of my cost estimate for CAPPS-II, quoted today in Business Travel News online and elsewhere.

My estimate of US$1 billion or more in in infrastructure and implementation costs to airlines, computerized reservations systems (CRS's), travel agencies and agents, other intermediaries, and software and information technology service providers, in order to be able to provide the additional data about each prospective passenger in each PNR demanded for CAPPS-II ("full name", "home address", "home phone number", and date of birth) is an extrapolation from the IATA comments to the INS (see page 11) on the cost of the additional data collection required for the enahnced Advance Passenger Information System(APIS) system, based on the the relatively greater complexity and number of databases, intermediaries, interfaces, protocols, and API's required for CAPPS-II, as compared with APIS.

I've previously published my estimate in an article on my Web site, Total Travel Information Awareness , and in my comments to the DOT and DHS (see pp. 9-10, 50-52) last year, as excerpted below.

From my article, "Total Travel Information Awareness":

Personal data about travellers passes through a long "food chain" of people and information systems, in many cases, before it gets to the airline. In a typical case, it might go like this: You give your travel information to a travel arranger (travelling companion, family member, business associate, assistant, etc.). They provide your information, perhaps through a Web site (user interface, Web server, and booking engine) to an offline or online travel agency. They enter it (through a GUI, command-line interface, booking engine API, or third-party CRS interface) into a computerized reservations system (CRS), also known as a global distribution system (GDS). (The USA Department of Transportation regulations governing their operations refer to them as "CRS's", and that's the term usually used by travel agents. The companies themselves prefer to describe themselves as "GDS's".) The travel agent's CRS sends the relevant portions of the information (using bilaterally agreed inter-CRS data protocols, or the standard AIRIMP protocol) to the CRS of the airline on whose flight you are booked. If your trip involves travel on multiple airlines, or a "codeshare" flight actually operated by a different airline, your information is passed on again, perhaps to yet another CRS (again using bilaterally agreed protocols or the AIRIMP).

None of these systems, interfaces, or protocols provide any way, much less any standard way, that the data the TSA plans to require under CAPPS 2.1 could be entered. Each of these systems and interfaces will have to be modified -- all in consistent and compatible way, and while continuing to handle millions of reservations every day -- to support the TSA's plans for CAPPS 2.1. There is no evidence that the TSA has even considered the cost (or who would pay it) or time required for these changes.

Airlines have put the cost of even much smaller IT infrastructure changes, limited to airlines' own internal systems, in the hundreds of millions of dollars. The best clue of likely CAPPS-II costs are the estimates, and commentary on them, in the comments of IATA, the international airline trade association, on the BCIS proposals to require airlines to collect passenger manifest data at check-in:

"IATA advised that the figures it was providing were estimates only and likely to be extremely conservative. The figures ... indicate that the estimated cost of the program's implementation will be approximately $164 million dollars. We believe now, based on a sampling of additional estimates now being reported by various airlines, that the actual costs for both initial implementation and data collection / airport operations will rise significantly higher."

Because data collection for the BCIS scheme would only occur at check-in, and would be done directly by the airlines, there would be no impact on travel agents, and no need to modify the interfaces between airlines. CAPPS 2.1 would implicate many more systems, interfaces, and protocols, and be much costlier.

IT implementation costs of CAPPS 2.1 would likely exceed a billion dollars, and even with funds in hand the work would likely take several times longer than the TSA has budgeted. Since the TSA's budget for CAPPS-II is only US$35 million in fiscal 2004, during which CAPPS-II is supposed to be put into full operation, it appears that the TSA expects the travel industry -- airlines, CRS's, and travel agencies -- to foot the bill themselves. That's unlikely to be possible, given the state of their cash reserves in the current travel climate. In effect, CAPPS 2.1 will conscript travel agents, airlines, and other travel data intermediaries into service as involuntary, unpaid servants of the government's surveillance, monitoring, and data collection agenda.

Collecting the additional data the TSA wants for CAPPS 2.1 will also require changes to business procedures, and require additional labor, especially for travel agents and airline reservations and ticketing staff. Travel agents will bear most of the burden of collecting and entering information about travellers, as well as complying with requirements to provide notice and obtain consent for disclosure of passenger data to the government (and keeping records that this has been done). CAPPS-II, in any of its variants, will also invade the confidentiality of travel agents' relationships with their clients: travel agents would be required to provide specified passenger data to the government, even if that information is subject to a contractual non-disclosure agreement and wasn't previously entered in PNR's.

From my comments on the CAPPS 2.0 Privacy Act notice (23 February 2004, pp. 46, 50-52):

The economic impact of the proposals would be immense. If the ... system were not exempted from the Privacy Act, and if airlines, CRS's/GDS's, airline hosting systems, and travel agencies could comply without violating the EU Data Directive or the Canadian Personal Information Protection and Electronic documents Act (all of which seem extremely unlikely to be possible), compliance would cost the travel industry at least hundreds of millions of dollars, probably billions, and take many months to implement....

Addition of entirely new fields to PNR data models is a slow and expensive process. So far as I know, the last time changes were made to a CRS's/GDS's data structure to enhance privacy protection was in April of 2002 when, in response to my criticisms of the disclosure of PNR data over the Internet without a password, Sabre (the largest CRS/GDS), began using the contents of the "passenger e-mail address" field in the Sabre PNR as a pseudo-password for access to Sabre PNR data through Sabre's Virtually There Web gateway. (See Who's Who's watching you while you travel? .)

This process took about two and a half months, even though it involved only adding a new function for the contents of an existing PNR field. Mr. David Houck, Sabre's Vice President, Industry Affairs, and chief privacy and regulatory compliance officer, told me in an interview that the reason Sabre chose to use the e-mail address as a pseudo-password, rather than a password stored as a separate field in the PNR (which would have been more secure, and standard data security and privacy practice in other industries), was that adding a new field to each PNR would take substantially longer and be prohibitively expensive.

Further indication of the potential cost of compliance with this proposal is contained in the comments of the International Air Transport Association (IATA) on the INS Notice of Proposed Rulemaking on Manifest Requirements , Docket No. INS 2182-01, RIN 1115-AG57, comments dated 3 February 2003.

According to these recent comments by IATA, the direct costs to the airlines alone of implementation of a system to provide the Federal government with post-departure batch access (not real-time or continuous access) to passenger manifest information (limited to a small finite number of specified data fields, not the entire PNR), for international flights only (not all flights), would be "significantly higher" than IATA's initial "extremely conservative" estimate of US$164 million. The cost of implementation of the ASSR [CAPPS-II] proposals at issue in this rulemaking proceeding would undoubtedly be substantially higher still....

For all these reasons the proposal should be withdrawn at least until the Department has conducted the requisite analysis of its impact as a significant regulatory action, particularly given its likely immense economic impact and its likely critical direct impact on tens of thousands of small travel businesses....

That analysis should include public hearings and expert and public testimony on the potential impact of the proposals, particularly on individual privacy, confidentiality of business information, personal and business data handling by small and large online and offline travel agencies, and related impacts on personal information practices in the travel industry.

From my comments on the CAPPS 2.1 Privacy Act notice (30 September 2003):

"A PNR may include each passenger's full name, home address, home telephone number, and date of birth."

This may be the most economically significant of all the misstatements in the Supplementary Information and the Notice.

In reality, most PNR's cannot now contain all this information, because current PNR formats, data structures, and interline data interchange and messaging protocols do not support these additional (currently optional, and some rarely used) data items.

It's not clear whether the Department has developed the CAPPS-II scheme in isolation from, and in ignorance of, how airline passenger information is handled, or whether the Department is knowingly trying to mislead the public and the Congress about the likely total cost of this proposal.

The Department's budget of US$35 million in 2004 for completion of development, testing, and deployment of CAPPS-II is ludicrously inadequate for this task. As I discussed in detail in my comments on the original Notice, the International Air Transportation Association (IATA) estimated earlier this year, in comments filed on a parallel but much more limited proposal by the INS (now also part of the Department of Homeland Security), that the cost of providing much more limited access to a smaller subset of PNR data on international flights only would be "significantly higher" then IATA's initial "extremely conservative" estimate of US$164 million. That proposal would have involved information collected from passengers directly by the airlines at check-in, so it would not have required any changes by travel agencies, CRS's, or any other intermediaries.

Either the Department is completely clueless about the implications of this proposal, and doesn't yet realize what sweeping changes in airline industry information technology infrastucture, protocols, and interfaces this proposal would require. Or the Department does know, and intends to impose implementation costs of US$1 billion or more on an airline industry that can ill afford them, and that will be obliged to pass them on to passengers in the form of higher fares.

"CAPPS II Faces Massive Technical Challenges"

Industry: CAPPS II Faces Massive Technical Challenges
(Business Travel News online, 13 February 2004)

On top of myriad concerns already being debated (BTNonline, Feb. 12), sources said technical challenges to garnering additional passenger data for the planned computer assisted passenger prescreening system not only have gone unstudied, but may be so immense that implementation of CAPPS II before this summer is impossible....

American Civil Liberties Union technology and liberty program director Barry Steinhardt yesterday cited Edward Hasbrouck, a travel agent and traveler advocate, as the source of one estimate that reprogramming systems could cost up to $1 billion....

Hasbrouck came up with the $1 billion estimate by extrapolating from a $164 million estimate last year by the International Air Transport Association -- which it called "extremely conservative" -- on the cost of collecting passenger data for international flights at checkin with associated modifications to the airlines' host reservations systems, as part of a U.S. Immigration and Naturalization Service proposal that Hasbrouck called "parallel to but more limited" than CAPPS II. It related to the Advance Passenger Information System co-developed by INS and the U.S. Customs Service.

"But that IATA estimate does not address what CAPPS II would, which includes modifications at every intermediary layer of the distribution system," Hasbrouck said. "All the application programming interfaces have to be modified, starting with the airline interline messaging protocols, then the airlines' host systems, the GDSs, then the third-party software with their user interfaces, such as corporate booking tools."

Hasbrouck said that even these challenges leave out the facts that many business travelers simply walk up to buy a ticket and do not make reservations; group reservations often are made without using names; travelers can have multiple "home addresses" or, in the case of continuously flying consultants, no address at all; "full names" often exceed the space granted them in the PNRs or contain complicating characters; and more.

"Altogether, collecting and delivering the proposed data in a standardized format cannot take place in less than several years," Hasbrouck claimed....

As for the GDS companies, Hasbrouck said, they "are aware that their role and the abilities they would have, if unrestricted, would not withstand public scrutiny, so their main goal right now is to stay out of the spotlight."

One GDS company spokesperson agreed, calling "loaded" a question about the technical challenges to modifying the PNR data to serve CAPPS II. Another public relations representative called the same question anything but innocuous, reverting to a stock statement that, "We haven't been asked to disclose any customer data." Two of the four GDS firms did not return messages left yesterday about the issue.

Cendant Travel Distribution Division chairman and CEO Sam Katz last November said he wished he could answer a question from Hasbrouck about CAPPS II, but could not because it [CAPPS II] was no more than "an idea."

DHS did not immediately respond today to a request for additional information...

40 members of Congress call for CAPPS-II delay or suspension

In two different letters sent this week, a total of 40 members of the USA House of Representatives have asked that the CAPPS-II airline passenger surveillance and profiling system not be implemented unless and until their, and their constituents', privacy and civil liberties concerns are addressed.

The first letter was sent Wednesday to President Bush, signed by 24 members led by Democratic Minority Leader Nancy Pelosi, and said in part:

Many of our constituents have contacted our Congressional offices concerned that their privacy rights have been violated by airlines turning over personal consumer information to the federal government without their knowledge or consent....

Before the Computer-Assisted Passenger Pre-Screening Program (CAPPS II) is implemented, we urge the adoption of a specific policy that makes clear the role of airlines in sharing consumer information with the federal government. Such a policy should articulate what information can be shared by airlines and how such information is to be shared. First, we would anticipate a clear explanation as to the boundaries of any information-sharing between airlines and the federal government. Second, consumers must be clearly informed at the time they purchase their airline tickets as to how their personal information will be used.

Currently there are no such policies at all, so by urging that they be adopted before CAPPS-II is implemented, the letter implictly calls for an indefinite postponement of CAPPS-II implementation.

The CAPPS-II Privacy Act Notice includes some limited restrictions on TSA contractors and providers of commercial data other than reservation data . But DHS Chief Privacy Officer Nuala O'Connor Kelly told me specifically that airlines, travel agencies, computerized reservation systems, and other providers of information in reservations will not be considered "contractors" or "commercial data sources" and will not be subject to those restrictions. In fact, they would be subject to no legal restrictions whatsoever, under either current USA law or the CAPPS-II proposals, on their use or sharing, commercially and/or with any government agency, of any data in travel reservations.

Since travellers can purchase tickets up to a year prior to their intended travel date, requiring notice at the time of ticket purchase would imply waiting at least a full year after implementing such a notice requirment before all passengers showing up for flights could be counted on to have received notice when they bought their tickets that their reservation data might be provided to the government.

The second, much stronger, Congressional letter was initiated by Republican Rep. Ron Paul, and sent today to Rear Admiral (Retired) David M. Stone, Acting Administrator of the TSA. It was signed by 6 of the signatories of the earlier letter, and 16 additional members of Congress (making a total of 40 signers of one or both of the letters):

In today's letter, the 22 Representatives say:

We write to you out of concern regarding recent reports that, despite broad opposition from across the political and business spectrum, the Transportation Security Administration (TSA) will push forward with plans to implement the Computer Assisted Passenger Prescreening System II (CAPPS II), a vast computerized network to probe the backgrounds of the 100 million Americans who fly each year in order to determine their "risk" to airline safety....

... We have serious concerns about the effectiveness and powerful dangers this system will pose to the civil rights and liberties of millions of Americans....

Members of Congress and the public also have reason to fear that CAPPS II will eventually be expanded to the further detriment of civil liberties. Former TSA Director Loy explicitly indicated that the agency envisions utilizing CAPPS II at other transportation hubs. If the system is indeed broadened for use in venues such as bus stations, highway toll-booths, or public events, the current proposal for CAPPS II appears to set the initial ground-work for the eventual implementation of a system of internal government checkpoints reminiscent of totalitarian regimes....

... One wonders if once implemented, the program will continue to morph into something similar to the Pentagon's "Total Information Awareness" concept, an over-arching system to monitor all available data sources in search of suspicious patterns of activity. The Congress soundly rejected this proposal.

New powers granted to government anti-terror initiatives must require that the power is necessary to thwart future attacks, and that the benefit of the new power outweighs its adverse effect on liberty. In its current form, CAPPS II fails both of these requirements. We ask that the program be suspended indefinitely until these serious concerns are addressed.

We await your prompt response to these issues.

With any further government spending on CAPPS-II prohibited by Congress (except for testing) as a result of yesteday's GAO report that seven out of eight Congressional criteria have not been met by the TSA, the ball is in the TSA's court to jusify any continuation of the testing, or to come back to Congress to seek permission and funding to proceed. And the responsibility is on Congress, if the TSA continues to ignore their concerns, to cut off funds for CAPPS-II testing, end the program entirely, and enact meaningful privacy protections against both commercial and government misuse of personal information in travel reservations.

[Addendum, 13 February 2004: Full text of today's letter, as released by signatory and Presidential candidate Rep. Dennis Kucinich.]

GAO report on CAPPS-II released

Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges.
(GAO-04-385, 12 February 2004)

Most useful languages for world travel

A reader writes:

I enjoy your blog, especially your focus on privacy issues, and your coverage of "The Amazing Race".

What do you consider to be the most useful languages for a world traveller to know?

Certainly the most useful language to know, if you want to travel to a wide variety of countries around the world, is English. There are few large cities or heavily-touristed places anywhere in the world where you can't find some people who speak at least a little basic tourist English.

There are places where no one speaks any language except the local one(s), but it's possible to communicate basic travel needs ("food", "toilet", "place to sleep", "transport to the place I'm pointing to on this map") with no mutual language at all. A well-designed set of pictographs helps -- the best are the laminated Kwikpoint cards, and I'd rate them an absolute "must", if they are allowed, for contestants on "The Amazing Race". You'll get more out a visit if you know a language understood by at least some of the locals, but not knowing any locally-understood language shouldn't stand in the way of going wherever you really want to go.

That said, the most useful languages other than English for world travellers are those that are:

1. used by at least a significant subset of people
2. throughout a large area
3. where English isn't widely used.

Depending on the region of the world in which you are most interested (and leaving aside the varying difficulty of learning different languages),
that would include:

• Spanish (useful throughout Latin America -- even in Brazil spoken Spanish is widely understood, and knowledge of written Spanish is adequate for understanding much written Portuguese)

• Mandarin (useful throughout East Asia, and to a lesser degree in mnay other places)

• Russian (English is not widely spoken in the former USSR, and some people speak Russian in surprisingly many other places)

• Arabic (used as a second language by the literate classes throughout the Islamic world, even where Arabic isn't the primary language)

Other less widely useful possibilities (either less widely spoken, or spoken in places where English is more common) would include:

• French (mainly useful in west and central Africa, but losing ground rapidly to English)

• Hindi or Urdu (useful in a large region of South Asia, but in most of that region it's relatively easy to get around in English)

• Swahili (ditto in eastern Africa)

• German (the lingua franca and most common second language of much of central Europe, having largely displaced Russian in that role over the last decade)

I invite readers to add their additional suggestions in the comments.

"Big business joins fight against new airport screening"

Big business joins fight against new airport screening
(Christian Science Monitor, 12 February 2004)

Corporate America has joined privacy advocates in raising alarm over the Transportation Security Agency's (TSA) plans to put a massive airline-passenger screening system in place by this summer....

More than 100 members of the Business Travel Coalition sent a letter to Congress this month urging more hearings. "The awesome new power of linked and mined public- and private-sector databases" demands more scrutiny, they wrote....

For longtime critics of CAPPS, like Barry Steinhardt of the American Civil Liberties Union, the addition of the business community to the roster of concerned flyers is "pivotal." "It's crucial that business travelers who make up the backbone of the traveling public, the travel agencies, and the airlines themselves begin to wake up and realize this enormous surveillance system is going to be built and we - the traveling public - will be asked to foot the bill," says Mr. Steinhardt. "The TSA has not demonstrated that it can actually make it work or make us any safer."

[Addendum, 13 February 2004: Business Travel Coalition Statement Regarding CAPPS II, from the new BTC CAPPS II Watch]

AP, UPI say the GAO will give "thumbs down" on CAPPS-II

A draft of the forthcoming General Accounting Office (GAO) report on CAPPS-II obtained by the Associated Press and UPI reportedly says that the Transportation Security Administration (TSA) has failed to meet seven of the eight tests (see section 519) specified by Congress last fall as the prerequisites for any further spending on CAPPS-II, "except on a test basis".

Unless President Bush disregards the Congressional mandate, as he threatened when he signed the law requiring the GAO audit and restricting CAPPS-II spending, or unless Congress changes its mind, CAPPS-II deployment will be a dead issue as soon as the GAO report is formally submitted to Congress this Friday.

Congressional concern about the surveillance and monitoring of travellers, the privacy of travel records, and the "sharing" of travel data, has been focused -- quite properly -- on CAPPS-II. With the release of the GAO's failing report card, it's time for Congress to put a stake through the heart of CAPPS-II.

Congress should, of course, move promptly to block any resumption of wasteful and privacy-invasive tests of CAPPS-II (currently suspended pending talks with Canada on the protection of personal information collected in Canada and included in reservations to be used in the tests).

But it's also time for Congress to move forward on the underlying, and larger, issues.

As I discuss in What's wrong with CAPPS-II? And what should be done about it?, Congress should now:

1. Investigate and hold public hearings on the privacy and personal information handling and usage practices of the travel industry, including what really happened with the jetBlue Airways and Northwest Airlines passenger records and the role of government agencies and corporations including the DHS/TSA, DOT, NASA, the military, Torch Concepts, SRS Technologies, Acxiom, other airlines, and the CRS's/GDS's.
2. Enact a comprehensive consumer privacy law (which I would suggest be modeled on the successful Canadian example) requiring fair information practices in the handling of personal information -- including travel records -- by both government agencies and private companies. At a minimum, Congress should enact travel data privacy rules (focused on the CRS's/GDS's as the principal repositories of travel records) giving travel data as least as much protection as is currently given to medical and financial data.

CAPPS-II director "retires" on eve of GAO audit report

Not waiting to face the music when the General Accounting Office reports on its audit of his CAPPS-II airline passenger surveillance and profiling program later this week, the director of the Transportation Security Adnministration's "Office of National Risk Assessment" (ONRA), whose principal task was to develop CAPPS-II, has submitted his resignation, according to this article in today's Washington Post .

The resignation of Ben H. Bell II leaves the TSA's ONRA, and the attempt to get funding for implementation of CAPPS-II from an increasingly skeptical Congress, in the hands of ONRA Deputy Director Stephen Thayer , whose greatest previous political success was in escaping his own impending impeachment or criminal prosecution.

Thayer was allowed to resign his previous job as Justice of the New Hampshire Supreme Court in the midst of an investigation of his attempts to influence his colleagues in their consideration of his appeal of the judgement in his divorce. The Chief Justice, whom Thayer had tried to influence improperly, refused to resign and was impeached. "On March 29, 2000, Justice Thayer offered to submit his resignation from the Supreme Court in return for the Attorney General's forebearance from presenting criminal charges against him to the grand jury," according to the Attorney General's report on the case.

One has to take Bell's intent to "retire" with a grain of salt: the last time he "retired", after a career as a Marine Corps "intelligence" (surveillance) officer, he turned right around and went back to work in a series of jobs managing intelligence programs for nominally-civilian government agencies including the INS and most recently the TSA.

Given the prevalence of (former?) Navy, Coast Guard, and Marine Corps officers in the leadership of the TSA, perhaps it's appropriate to ask if the rats are leaving the sinking CAPPS-II ship: the heads of both the TSA and the ONRA have now resigned, and their deputies are functioning as acting directors. No replacement directors have been nominated at either level, probably because Senate hearings on their confirmation would provide a forum for unwanted questions about CAPPS-II.

The ONRA and CAPPS-II have recently come under increasing suspicion for their possible ties to the military's "Total Information Awareness" program.

The Post also reports that the TSA's schedule for CAPPS-II testing has been postponed again, but without any postponement of the planned deployment date: "Testing of the [CAPPS-II] system is scheduled to begin in late spring. If successful, officials expect to start phasing in CAPPS II this summer." If true, that probably means that the recently-begun talks with the Canadian government have quickly revealed that CAPPS-II testing can't start without Canadian approval for the inclusion of legally protected data collected in Canada. But the lack of commensurate postponement of CAPPS-II deployment makes the schedule even less realistic or feasible that ever. There's a limit to how fast software changes can be implemented, no matter how much money you're prepared to throw at the problem.

As for the cost of CAPPS-II, I didn't know whether to laugh or cry when I came across a job posting dated January 2004 for a "CAPPS II Cost Analyst" for the ONRA. If, as indeed seems likely from everything else they have said, the TSA is only now beginning to investigate the likely cost of their plans, they are in for a rude awakening -- if it doesn't come sooner in the GAO audit report, which is due by this Sunday, 15 February 2004 (probably meaning that it will be releases Friday afternoon).

House, Senate members call for action on travel privacy

Prompted by grassroots outrage at CAPPS-II and the jetBlue Airways and Northwest Airlines privacy scandals, especially from business travellers, members of both the House and Senate have begun calling for Congressional action.

The Oakland Tribune reports that 16 members of the House of Representatives have signed a letter to TSA Acting Administrator David M. Stone listing some of the problems and unanswered questions about CAPPS-II, and asking, "that the program be suspended indefinitely until these serious concerns are addressed." The joint Congressional appeal to the TSA was initiated by a Dear Colleague letter from Congressmen Ron Paul, Gerald Kleczka, and Presidential candidate Dennis Kucinich.

Republican Senator Gordon H. Smith of Oregon last week asked Chairman John McCain of the Senate Committee on Commerce, Science, and Transportation to hold a Committee hearing on privacy issues, particularly, "the sharing of customers' private information between domestic companies and federal agencies."

In his letter to Sen. McCain, Sen. Smith said he had recently written to both the Administrator of NASA and the CEO of Northwest Airlines, "requesting information about the NASA aviation security study which gathered private Northwest Airlines passenger information and may have failed to account for ... privacy considerations." Sen. Smith's letter also referred to the Committee's privacy concerns about "the submission of passenger records for the new Computer Assisted Passenger PreScreening Program (CAPPS II) by airlines and airline reservation companies."

Meanwhile, Business Travel News reports on interviews with corporate travel managers questioning whether they can trust airlines or the government with confidential business data in travel reservations, and the latest polls of travel managers on CAPPS-II, the Northwest and jetBlue scandals, and related travel privacy issues by the Business Travel Coalition and the Association of Corporate Travel Executives .

And, hard on the heels of the latest release of an internal TIA e-mail message casting more suspicion on the relationship between Acxiom Corp., the Transportation Security Administration, and the "Total Information Awareness" program, there are detailed investigations of Acxiom's involvement with these projects in Fortune magazine, "Never Heard Of Acxiom? Chances Are It's Heard Of You." (summary; news release; full text available online only to paid subscribers) and Salon.com , Acxiom is watching you .

"Last-minute travel: Does it pay to wait?"

I'm featured today in the travel section of USA Weekend , the Sunday magazine supplement to Gannett newspapers throughout the USA:

Last-minute travel: Does it pay to wait?

It used to be a steadfast rule of travel: Plan ahead, save a bundle. But more and more vacationers are waiting until the last minute to book their trips, often with the hope of saving money. A poll taken by the Travel Industry Association of America found that nearly two-thirds of 2002's leisure travelers planned their vacation within two weeks of departure. And the United States Tour Operators Association says 86% of its members have reported an increase in last-minute bookings. So why the change?

It's largely a post-9/11 misconception, says Edward Hasbrouck, author of "The Practical Nomad: How to Travel Around the World." When travel fell sharply after the 2001 terrorist attacks, hotels and airlines reacted by lowering prices at the last minute. "This was exacerbated when travel suppliers were reluctant to acknowledge the extent of the decline in demand," he says. "Acting on exaggerated hopes for speedy recovery, they left advance prices high and kept being forced to lower them at the last minute when the recovery didn't materialize. As a result, travelers got the idea that prices will always get lower at the last minute."

Sometimes that's true, but often it's not....

The article in USA Weekend is mainly about hotels, but the same goes for airline tickets. For more of my advice on this topic, see "The Practical Nomad Guide to the Online Travel Markeplace" and the airfare chapter of "The Practical Nomad: How to Travel Around the World".

E-mail hints at use of jetBlue Airways reservations for Total Information Awareness

A newly-released e-mail message to John Poindexter, director of the USA military's "Total Information Awareness" (TIA) program, heightens my suspicion that the use of jetBlue Airways passenger reservation archives by a military contractor in 2002 was related to -- perhaps even central to -- the TIA program.

The 26 May 2002 e-mail message from "rpopp" (presumably Poindexter's Deputy Director at the Information Awareness Office, Dr. Robert L. Popp ) in reply to Lt. Col. Doug Dyer of the IAO, was provided to the Electronic Privacy Information Center (EPIC) last month in response to a Freedom of Information Act request.

A few days earlier, Lt. Col Dyer had submitted a set of recommendations (copied in the reply message that was released) for how the TIA program could make use of the data aggregation and data mining company Acxiom Corp. Dr. Popp replied, "Doug, did you broach w/ Acxiom the costs of performing #1 and #2??"

The items on Dyer's list that Popp referred to were:

1. "Engage Acxiom .. to identify all the relevant [commercial] databases."
2. "Have Acxiom provide us with a statistical data set ... for use in the TIA critical experiment (I don't know if we have a name for this one yet, but it's the one which involves discovering the red-team signature, discerning bad behavior form odd or normal behavior. We can use this real, large, but private data set to accelerate our critical experiment."

Both Dyer's message and Robb's reply were copied to only one other person, Poindexter himself.

There's no mention of jetBlue Airways in the recently-released e-mail message. But the next month, April 2002, DARPA selected SRS Technologies as "the single prime contractor to support DARPA's Information Awareness Office."

The month after that, May 2002, SRS Technologies awarded Torch Concepts, Inc. a "subcontract to apply its ACUMEN technology for intelligent pattern recognition in identifying latent relationships and behaviors that may help point to potential terrorist threats. Torch will perform a Security Enhancement Study that the Government plans to use in identifying abnormal events or activities that may indicate rebel actions before damaging events occur."

That sounds very similar to the "TIA critical experiment" as Dyer had explained it to Poindexter and Robb.

Even before the contract was awarded, according to a Torch presentation that I found on the Web in September 2003, Torch had been working on getting access to "the necessary data base being used by CAPPS II contractors". In the end, Torch didn't get exactly the same data that was being used in the summer of 2002 by the 4 competing teams of contractors testing CAPPS-II prototypes. (That data included several million of real reservation records from major USA-based airlines.) Instead, Torch was given the entire reservation archives (about 5 million reservations) of a single, smaller airline, jetBlue Airways.

Torch sent the jetBlue reservations to Acxiom, which matched as many of them as it could with Acxiom files. Torch then purchased these Acxiom records, merged the reservation and Acxiom records, and experimented with trying to identify "normal" demographic patterns and "anomalous" data in the composite passenger data.

This, too, sounds like exactly the sort of use for Acxiom data and "commercial databases" that the TIA office now turns out to have been considering.

Ever since I called attention to Torch's use of jetBlue reservations in its work, Torch has been extremely anxious to avoid having its project associated with SRS Technologies. The day after I first publicized the Torch-SRS connection, and the possibility that it indicated that the Torch research using jetBlue and Acxiom data had been subcontracted under the TIA program, the reference to SRS Technologies as the source of the Torch contract was removed from the press release on the Torch Web site. Later, the entire press release was removed from the press relase archive on the Torch Web site.

SRS Technologoes is the most prominent link in the chain of suspicion between Torch's use of jetBlue and Acxiom data, and the TIA program. The most plausible explanation for the attmept to hide the Torch-SRS Technologies relationship from public notice would be that the Torch project was actually part of the TIA program, subcontracted to Torch by SRS Technologies under its TIA prime contract -- and that someone doesn't want the jetBlue scandal publicly linked with the Poindexter and TIA.

The recently-released e-mail heightens those suspicions, and goes further in suggesting that the Torch work with jetBlue and Acxiom data may in fcat have been part of "the TIA critical experiment" in profiling and categorizing people and the identification of relevant databases for doing so.

While the TIA office has been disbanded, many of its projects continue under the auspices of other departments and agencies. The March 2002 e-mail to Poindexter quoted a "key suggestion" of Acxiom's chief privacy officer, Jennifer Barrett:

People will object to Big Brother, wide coverage databases, but they don't object to use of relevant data for specific purposes that we can all agree on. Rather than getting all the data for any purpose, we should start with the goal, tracking terrorists to avoid attacks, and then identify the data needed (although we can't define all of this, we can say that our templates and models of terroroists are good places to start). Already, this guidance has shaped my thinking.

Is CAPPS-II in part a stalking horse for continuation of the "TIA critical experiment" by the Transportation Security Administration's shadowy Office of National Risk Assessment (ONRA)? We don't yet know, but my travel industry sources all say that the point when the CAPPS-II project became an entirely "black" program, cut off even from the aviation security community, was when it was transferred to the newly-created ONRA. And the ONRA has reportedly been at the center of government stonewalling on requests for information about the jetBlue scandal.

We still aren't likely to get to the bottom of the jetBlue Airways and Northwest Airlines data "sharing" scandals without a full Congressional investigation, including public hearings. But the latest disclosures make it seem more and more likely that the experiments with jetBlue reservations were central to the TIA program, and that airline reservation records, to be obtained by the government through CAPPS-II, were expected to be one of the key data inputs to the TIA program.

Newly revised and updated 3rd edition of "The Practical Nomad: How to Travel Around the World" now in bookstores

• Worldwide retail and wholesale ordering information
  (In stock as of today for immediate shipping from all major USA bookstores and distributors -- ask your local bookstore to order a copy)
• Reviews of previous editions
• Reader feedback
• Booksignings and other author events
  (more to be announced)
• PracticalNomad.com

If you've pre-ordered a copy, you should have it within days; some people already have received their copies. If you've ordered a copy and it doesn't arrive soon, or your local bookstore has trouble getting copies in stock, please let me know and I'll work with my publisher to make it right.

The first opportunity to get signed copies of the new edition will be at Easy Going Travel Shop and Bookstore in Berkeley, CA, on Thursday, 19 February 2004, at 7:30 p.m. They've already gotten their shipment of the new book, and have plenty of copies on hand. See you there!

US Airways may be liquidated.

Airline news is often unduly alarmist, especially when it comes to safety issues. But recent headlines like, US Airways losing altitude quickly and US Airways in trouble again are for real, and should be taken seriously by US Airways passengers.

US Airways (IATA code "US" -- they bought the code from the USA government a few years back, after changing their name from Allegheny Airlines to escape the "Agony Airlines" sobriquet) was reorganized under bankruptcy protection in 2002-2003. Since the reorganization, they've continued to lose money, and have been operating on loans guaranteed by USA government. US$900 million of these loans come due in June 2004. If US defaults on the loans, it will go bankrupt again. This time, the likely fate would be liquidation, not reorganization.

In a last-ditch effort to meet the loan repayment deadline, US has invited offers to sell off its most valuable assets: the Boston-New-York-Washington shuttle and its hub operations (facilities, equipment, leases, and gate and takeoff/landing "slot" allocations) in Philadelphia, Pittsburgh, and Charlotte. But the offers for those assets reportedly total only US$300 million , which may not be enough to stave off default. And since US Airways has only been able to make money from price-is-no-object business shuttle travellers (and even there has been losing ground to Amtrak's excellent Acela Express service) or from hubs where its dominant position allows it to extort higher-than-average fares, selling those off would leave US even weaker. The result, as with TWA, would be a downward spiral that would only delay, not escape, the eventual "controlled flight into terrain".

Even if US keeps its hubs, its monopoly position won't last. Southwest Airlines has announced that they will start service to and from Philadelphia this May, and US has already admitted that they expect to have to reduce average prices 30 percent to compete with Southwest.

The question is no longer, "Will US Airways survive?" It won't, at least not in anything resmbling its present form. (Since the name itself is a saleable asset, there might be another airline called "US Airways" even if the present corporation is liquidated, as happened with the Pan Am name.)

The real question for travellers is whether some portion of US Airways will be acquired by another airline that willl continue to honor US tickets (as happened when American Airlines bought the last remnants of TWA), or whether it will go out of business like Pan Am, leaving ticket-holders and frequent flyers S.O.L.

I'm not a gambler, and I'm not going to speculate on which fate for US Airways is more likely. But my advice to ticket-holders, potential ticket buyers (don't), and holders of frequent flyer mileage credits (use them up ASAP) is in my FAQ on Airline Bankruptcies . Note especially that the US Federal law requiring other USA-based airlines serving the same route to transport passengers holding tickets on insolvent airlines (under extremely limited conditions) expired entirely in January 2004. Other airlines now have no legal obligation whatsoever to holders of tickets on bankrupt airlines.

[Addendum, 10 September 2004: That law was later extended, but only through 18 November 2004.]

"EU Commission plots global travel surveillance system"

EU Commission plots global travel surveillance system
(John Lettice, The Register , 4 February 2004)

So actually, we're not talking about a battle between US Big Brother on the one hand and freedom and privacy loving Europe on the other; we are talking about a general, and effectively global, effort to neuter, circumvent or overthrow privacy protection legislation. As the Privacy International report says, "Starting with a simple law in the US, the European Commission has negotiated a global surveillance system tracking the movement of people."...

ICAO, the International Civil Aviation Organization, is the chosen vehicle for taking the surveillance system international. The US and EU plan to take the issue to ICAO with a view to constructing an international regime... Privacy International argues that the Commission, by abandoning the protection of European privacy rights will remove Europe as an ally for other countries coming under pressure from the US to weaken their privacy regimes, and that the result will be "a race to the bottom for global privacy protection."

The Register points out that the USA Department of Homeland Security currently has unrestricted access to the airlines' host CRS's. "So for example they could access free text data in the comments field [footnote], and data on flights which neither go to nor come from the US." That's not just a possibility, but a fact, as I reported last month and as will be exposed if the EU or anyone else ever obtains an independent, technically competent audit of the logs of DHS use of their CRS access.

In the footnote, Lettice recounts an experience a few years back at LAX airport, shoulder-surfing the "content of the free text section of the database BA staff were using as part of the wait-list collation process. 'Africa correspondent of the Financial Times,' one said (right, we thought, and I'm Lech Walesa...), while another pithily noted: 'Hopelessly out of control.'

That sort of thing is still routine. The "remarks" field in each PNR (item 19 of 34 in the list of PNR data categories in the proposed USA Undertakings on PNR transfers) can be, and is, used for pretty much anything any travel agent or airline employee feels like, including unverified and/or derogatory personal opinions from "VIP" TO "TROUBLEMAKER". Watch out: give the gate agent too much grief, and they could flag your PNR for the rest of your trip, or your frequent flyer record with that airline for the rest of your travelling life. All of which, under CAPPS-II, US-VISIT, and similar systems, will be grist for the mill of the global surveillance state.

(FWIW, I've cleaned up my previously posted analysis of the categories of possible data in PNR's today to make it a more useful reference, and corrected the categorization of a couple of items. Keep in mind, though, that usage of PNR fields varies widely, and there are no formats in the AIRIMP messaging protocol for the transfer between CRS's and host systems of many fields in those individual hosts.)

Many questions, few answers on jetBlue scandal

What's come out of the inquiries into the jetBlue Airways privacy scandal four months ago?

Nothing , Ryan Singel con