Revised Proposal for Air-Travel Screening Addresses Privacy Concerns

The government yesterday proposed a new version of its program to screen airline passengers, stripped of the data mining that aroused privacy concerns and led Congress to block earlier versions.

It's been three years since the

9/11 commission recommended and Congress ordered that the government take over from the airlines the job of comparing passenger lists with watch lists of known terrorist suspects. The new version of the Secure Flight program is open for public comment and will be tested this fall before it can be implemented fully in 2008.

The third version of the program, once known as CAPPS II, drew positive reviews from privacy advocates and members of Congress who had objected to more elaborate earlier versions. Congress enacted legislation blocking earlier plans to collect private commercial data -- such as credit card records or travel histories -- about all domestic air travelers in an effort to predict who might be a terrorist.

The new plan would require passengers to give their full names when they make their reservations -- either in person, by phone or online. They also are to be asked if they are willing to provide their date of birth and sex to reduce the chance of false-positive matches with names on the watch lists.

"Finally, this appears to have a coherent, narrow and rational focus," said James Dempsey of the Center for Democracy and Technology, a privacy advocacy group. "This is a vast improvement over what we've seen before."

Democrats in Congress were cautiously positive.

"They've been slow to admit that minimizing invasions and breaches of Americans' privacy is part of their job," said Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.). "We will evaluate these steps to see if they measure up."

At a news conference at Reagan National Airport, Homeland Security Secretary Michael Chertoff also announced that starting six months from now, airlines operating international flights will be required to send the government their passenger data before planes take off rather than afterward, as is now the case.

On the domestic side, transferring watch-list checks to Transportation Security Administration officers "should provide more security and more consistency, and thus reduce misidentifications" that have frustrated passengers, Chertoff said.

Existing screening has been widely criticized because members of Congress and infants have been blocked from boarding or delayed because their names were similar to names on the lists.

Chertoff said the new domestic system would avoid activities envisioned earlier that raised privacy concerns. "It won't collect commercial data" about passengers, he said. "It will not assign risk scores and will not attempt to predict behaviors."

Currently, only a passenger's full name is required when reservations are made, although birth date and sex usually become known to transportation security officers later in the boarding process.

Kip Hawley, head of the Transportation Security Administration, said volunteering those two items earlier would reduce identifications errors.

"With the full name, we can resolve 95 percent of the cases correctly. The date of birth adds 3.5 percent to that, and the gender adds another 1 percent," he said.

Privacy advocates including Dempsey and Bruce Schneier, chief technology officer at the security company BT Counterpane, also said they were pleased with limits on how long most records will be kept. A check that produces no match -- which will be the case for the vast majority of travelers -- would be kept only seven days. A false positive match would be kept seven years. Confirmed matches would be kept 99 years.

"On the surface, it looks pretty good," Schneier said. "I'm cautiously optimistic. It's nice to see some common sense."