Wednesday, September 29, 2004

Flight Passenger Data -- and the problem of "mission creep"

As I wrote in an earlier post, one of the core problems with privacy -- given today's technological possibilities -- is that once the data have been collected they will invariably give rise to temptations. Ever new purposes how the data could be used will be found.
Thanks to the people at the Electronic Privacy Information Center there is now firm proof that the data collection for CAPPS II was subject to exactly this sort of "mission creep" -- a slow shifting of the goals that are to be accomplished with the program.

As the New York Times summarizes it (19.9.2004, p. 35):
"But what began as a program intended to focus narrowly on terrorism in air travel expanded greatly as it developed. The agency developed a series of 'Privacy Impact Assessments' for Capps 2 as required by federal law. These assessments are the documents that the privacy center obtained. The first draft of the privacy assessment stated the purpose of the program in one concise paragraph, saying that Capps 2 information 'may be disclosed to federal, state, local and international law enforcement officials who have jurisdiction over the airframe and/or the individual who is a known or suspected foreign territorial or who is a threat to aviation safety, civil aviation or national security.'
By the third draft, in July 2003, there were 15 paragraphs, saying the system could be used in other cases of violent crime by 'appropriate federal, state, local, international, or foreign agencies or authorities.' The third version of the privacy statement also included contractors, consultants, 'other federal agencies conducting litigation, as well as the General Services Administration and the National Archives.' The expansion of the program's mission has been reflected in public statements by Homeland Security officials, as well."

The new "Secure Flight" program is, according to the Transportation Security Administration, not to be subject to such a development. Surely EPIC will have made a mental bookmark to check on that some time in the future...

(The complete text of the NYT article can be found here. The CAPPS II privacy assessments obtained by EPIC under the Freedom of Information Act are here, here and here).


Post a Comment

<< Home