Report Warns of Airline Security Shortcomings

A computer system being developed by the government to flag potential terrorists from among millions of airline passengers has run into “significant challenges” that pose “major risks” to its deployment and public acceptance, congressional investigators warn in a new report.

The Transportation Security Administration has not resolved a number of issues, among them the rights of wrongly accused travelers and the system’s basic technical reliability, the General Accounting Office concluded after a four-month investigation.

“Uncertainties surrounding the system’s future functionality and schedule alone result in the potential that the system may not meet expected requirements, may experience delayed deployment, and may incur increased costs,” GAO investigators wrote in a report requested by the congressional committees that oversee transportation.

The Times obtained a draft of the report, which is scheduled for release Friday. A spokesman for the transportation agency was not available for comment.

Criticism from the nonpartisan GAO, the investigative arm of Congress, is likely to bolster the case of privacy advocates and other opponents of the new system. However, it was unclear whether Congress would cancel the project, which has strong support in the Bush administration and the airline industry.

Despite the problems it identified, the GAO concluded that such a system “holds the promise of providing increased benefits.”

The new system, known as CAPPS II, would replace the Computer Assisted Passenger Pre-Screening System administered by the airlines and based on calculations about traveler behavior patterns.

Under CAPPS II, passengers would provide their names, birth dates, home addresses and phone numbers when making reservations. That information would be transmitted to government contractors, who would check commercial databases to verify identity. The government would then check the passenger against national security and law enforcement watch lists of more than 100,000 suspects.

Each traveler would receive a risk rating -- green, yellow or red. The vast majority of travelers would be given a “low risk/green light” rating and undergo routine airport screening. About 4% of passengers would be rated “unknown risk/yellow light” and receive closer screening, such as shoe checks and physical searches of carry-on items. An average of only one or two people a day would be rated “high risk/red light” and be stopped from boarding or arrested.

Government officials have said that CAPPS II would greatly reduce the number of people who must undergo intensive searches at airports, now estimated to be 15% to 20% of travelers. But the GAO report found that the agency has not adequately addressed seven of eight concerns raised by Congress.

These include preventing abuses, protecting privacy, creating an appeals process, assuring the accuracy of passenger data, testing the system, preventing unauthorized access by hackers and setting out clear policies for the system.

GAO investigators concluded that, though the agency was making advances in all these areas, progress was incomplete. The agency has complied with one congressional requirement, establishing an independent oversight board.

The government has already committed more than $105 million to the development of CAPPS II and had planned to start using the system this year. But GAO investigators said the system seems far from ready.

Part of the problem is that airlines have been unwilling to voluntarily share passenger data that could be used to test the system. The disclosure that some airlines had provided information to the government without telling passengers has sparked a consumer backlash.

As a result, the agency has tested the system only with 32 simulated passenger records created from itineraries of its staff and contractors. “These 32 records are not a sufficient amount of data to conduct a valid stress test of the system,” the report said.

Many issues regarding consumer complaints remain unresolved. For instance, the agency plans to give passengers access only to the information they provide when making a reservation. “That raises concerns that inaccurate personal information will remain uncorrected and continue to be accessed by CAPPS II,” the report said.

The agency has begun to develop an appeals process for wrongly accused passengers, but important details remain unresolved. Travelers would be able to take their complaints to a passenger advocate within the office of the agency’s ombudsman.

But because CAPPS II is designed to delete a passenger’s information shortly after the safe completion of a flight, it is unclear whether the passenger advocate could do much good. Also unresolved is the level of access the passenger advocate would have, and the process for correcting information, some of which could be in secret databases.

Such concerns prompted House Minority Leader Nancy Pelosi (D-San Francisco) to write President Bush on Tuesday, seeking clearer safeguards.

“We urge the adoption of a specific policy that makes clear the role of the airlines in sharing consumer information with the federal government,” wrote Pelosi, joined by 23 other Democrats.

“First, we should anticipate a clear explanation as to the boundaries of any information-sharing between the airlines and the federal government. Second, consumers must be clearly informed at the time they purchase their airline tickets as to how their personal information will be used.”

The agency has already said that it would spell out the rules for consumers before it began using CAPPS II.

Congress required the GAO report last fall as a condition for further funding of CAPPS II. The numerous concerns raised by investigators are certain to invite closer congressional oversight and supervision, and may delay the start of the program by a year or more.