was meant to be a rule-based system that used information provided by the passenger (name, address, telephone number, and date of birth) when purchasing an airline ticket to determine whether the passenger required additional screening or should be prohibited from boarding.

CAPPS II would have examined both commercial and government databases to assess the risk posed by passengers. In an effort to address privacy and security concerns surrounding the program, DHS issued a press release about what it called myths and facts about CAPPS II.3 For instance, it stated that retention of data collected would be limited—that all data collected and created would be destroyed shortly after the completion of a traveler’s itinerary. It also said that no data mining techniques would be used to profile and track citizens, although assessment would have extended beyond checking against lists and would have included examining a wide array of databases. A study by GAO in 2004 found that TSA was sufficiently addressing only one of eight key issues related to implementing CAPPS II.4 The study found that accuracy of data, stress testing, abuse prevention, prevention of unauthorized access, policies for operation and use, privacy concerns, and a redress process were not fully addressed by CAPPS II. Despite efforts to allay concerns, CAPPS II was abandoned in 2004. It was replaced in August 2004 with a new program called Secure Flight.

Secure Flight is designed to fulfill the Congressional directive while attempting to address a number of concerns raised by CAPPS II. For instance, unlike CAPPS II, Secure Flight makes TSA responsible for cross-checking passenger flight information with classified terrorist lists rather than allowing such checking to be done by contracted vendors. Although the possibility of using commercial databases to check for threats is still included, the use of commercial data is now precluded.5 Other differences between CAPPS II and Secure Flight include limiting screening to checking for terrorism threats, not criminal offenses (although this was initially included), and using only historical data during testing phases. TSA states that the mission of Secure Flight is “to enhance the security of domestic commercial air travel within the United States through the


U.S. Department of Homeland Security, “CAPPS II: Myths and facts,” February 13, 2004, available at http://www.dhs.gov/xnews/releases/press_release_0348.shtm.


U.S. Government Accountability Office (GAO), Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges, GAO-04-385, GAO, Washington, D.C., February 2004.


U.S. Transportation Security Administration, “Secure Flight: Privacy Protection,” available at http://www.tsa.gov/what_we_do/layers/secureflight/secureflight_privacy.shtm.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement