Features

net.wars: Securing flight

There are so many government initiatives to keep track of that we nearly missed spotting that if anyone wants to complain to the US government about its plans for "Secure Flight", as the remix of CAPPS-II is known, you need to do it by Monday.

CAPPS-II was the privacy-invasive plan to converge data from government and commercial databases to pre-check passengers before they boarded flights. People didn't like the sound of this, and eventually after some very loud objections from folks like EPIC, and our favourite travel data privacy crank, Ed Hasbrouck (just kidding, Ed) everyone broke out the banners to celebrate the death of CAPPS-II. Everyone also knew it was only a matter of minutes before CAPPS-II was reinvented as something else.

Well, Secure Flight, coupled with its companion, the Registered Traveller program, is that something else.

Or it's one-half of something else. The other half is US-VISIT (or, in full, the "U.S. Visitor & Immigration Status Indication Technology System"), the initiative that has all foreigners being face-scanned and fingerprinted at the US border. This Welcome Wagon for tourists is initially being circled just at airports, but in another few weeks Mexicans and Canadians can look forward to it, too, when they add "land ports of entry" to the list. The announcement of this trial expansion notes, however, that at land ports of entry US-VISIT will only collect biometrics as part of secondary inspection. The announcement also mentions a few figures: US-VISIT became operation at 115 airports and 14 seaports on January 5, 2004, since when more than 10 million foreigners have been processed and nearly 300 "criminals or immigration violators" have been caught. We note in passing that he detailed list of who they've caught includes only one of the Four Horsemen: drug traffickers. No organised crime, paedophiles, or - and this might be the important one considering this is what the system is supposed to be for - terrorists. Is it worth harassing 9,999,700 innocent foreigners to catch a few convicted rapists?

Secure Flight and Registered Traveller are more inclusive: they're fun for everyone. The idea is, you register in advance with a whole load of personal detail - Hasbrouck notes that you may be asked to list everywhere you've lived for the last five years as well as give fingerprints and iris scans - and thereafter you get to use a sort of express line. In a sense, we already have the rudiments of such a system in the form of airline frequent flyer programs, and unsurprisingly it's these frequent travellers who are expected to be "offered" the chance to register first. How preferential. Registration will be voluntary. For uncertain values of "voluntary".

One of the reasons non-US citizens might like to submit comments on Secure Flight is the testing they're currently proposing. The Transport Security Administration wants the airlines to hand over all the passenger record data from June 2004. Under EU law, this ought to be illegal in at least some cases, since people who might have bought their tickets as much as a year before can hardly be described as giving consent to this use of their data. On the other hand, since sometime last year, airlines have added spoken notices to their telephone line welcomes to the effect that they will turn over any and all data as required by any government. I don't understand why the EU doesn't take stronger stance on this. What's the US going to do? Ban all Europeans from entering the country? Forty million Irish-Americans marching on Washington, DC for the right to be visited by their relatives -

Meantime, in an effort to prevent more incidents like the Cat Stevens capture of a few weeks ago, the TSA is considering "compelling the birth date" before passengers fly.

Should we be trying to keep terrorists off planes? Obviously. Is this the way to do it? I don't think so, and one reason is this paper, which talks about how to "game" the original CAPPS system by sending through enough test subjects to find out what gets through. Many of the 9/11 terrorists had valid IDs; many had flown many times before without blowing up planes. Some flew the same morning to get to the meeting point, and posed no risk on those initial flights. If frequent flyers are trusted travellers, then terrorists will spend the money and time to become frequent flyers. Study all the biometrics you want; you will not find the guy with the blameless past who has been preparing for just this moment. But you will build a huge infrastructure by which you can monitor and control the movements of ordinary citizens.

I hope many more people submit comments about these initiatives, because some of the ones already posted are pretty alarming. One, from a "global travel director", looks forward to the system's being extended to hotel check-in, car rentals, and bank accounts, has this enthusiastic comment to make about the whole thing: "Eventually, without such predatorial, it would be impossible to purchase travel in the United States."

So that's where we're headed, is it? I feel sure that I've heard of countries where all travel must be pre-authorised. I'm fairly sure the US used to look down on their lack of basic freedoms. How people forget.