Airlines and hotels face customer concerns arising from anti-terrorism efforts
The Transportation Security Administration said last week that it may force airlines to provide information on passengers to test a new counterterrorism program, raising hackles in an industry that's already facing lawsuits filed by passengers for having previously shared such data without their knowledge. The outcome of the dispute could set a precedent for how much data companies share with federal agencies in the name of national security.
The latest development involving the Computer Assisted Passenger Prescreening System II, or CAPPS II, shines a light on a growing concern among airlines and other travel-related companies that counterterrorism efforts increasingly involve requests for information about their customers.
"The airlines will not voluntarily turn over this data," says Doug Wills, VP of external affairs for the Air Transport Association, the trade organization for the major U.S. airlines. While the association supports the concept of CAPPS II, its members want more privacy guarantees before they supply data for any purpose.
David Stone, acting administrator for the TSA, told the House of Representatives' aviation subcommittee that the agency is prepared to propose a rule forcing airlines to hand over passenger data to test CAPPS II's security and privacy safeguards. A TSA spokeswoman says the administration wants to work closely with the airlines. "We really want to ensure that we have an open, transparent, acceptable process that includes interactive discussion on all the issues associated with CAPPS II," she says.
The government is as concerned about privacy as businesses are, Homeland Security's O'Connor Kelly says.
Photo of Nuala O'Connor Kelly by David Deal
Airlines and other businesses are caught between their duty and desire to help prevent terrorism and the need to maintain customer loyalty. Two airlines face pending class-action suits: JetBlue Airways, for giving a government contractor customer data to test an experimental Defense Department data-mining project; and Northwest Airlines, for giving similar data to NASA for an unspecified research test. Nuala O'Connor Kelly, chief privacy officer for the Department of Homeland Security, which oversees the TSA, last month concluded that the administration violated the spirit of federal privacy laws when it compelled JetBlue to provide its customer data to the federal contractor in 2002.
Stone testified that CAPPS II will flag fewer innocent passengers for security review. Under the current CAPPS system, airlines' reservation systems check passenger information against a government-supplied watch list. Putting the passenger-screening system and process in the federal government's hands would ensure a consistent approach, Stone said. The TSA also believes that consolidating the data would allow for more effective use of up-to-date intelligence information and make it easier to identify higher-risk flights and airports.
Passengers' identities would be authenticated by matching airlines' data against a TSA database maintained by a private-sector data aggregator such as LexisNexis or Acxiom Corp., then checked against a federal terrorism database and lists of individuals who have outstanding warrants for violent criminal acts. Precautions to protect privacy include installing private networks between the TSA and the airlines that would pass only encrypted data; requiring the data to pass through a multitier firewall before entering the TSA system; and implementing a 24-hour audit trail that documents all access to data, Stone said.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.