[14261] in cryptography@c2.net mail archive
Please submit public comments on CAPPS 2 / JetBlue
daemon@ATHENA.MIT.EDU (John Gilmore)
Wed Sep 24 11:55:26 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com, gnu@new.toad.com
Date: Wed, 24 Sep 2003 02:12:16 -0700
From: John Gilmore <gnu@toad.com>
[Moderator's note: This isn't about crypto, but I have a tradition of
forwarding John's appeals on such topics. --Perry]
There's something you can do *right now* that will stop pending abuses
of air travelers' private data. And your chance to do it will expire
this coming Tuesday (Sept 30).
The government has published a Privacy Act notice about its CAPPS-2
program, which would require all airlines to provide JetBlue-style
information (full PNRs) to the government -- all the time, before
every flight. It's like another JetBlue database dump that happens
again and again, day after day, month after month, airline after
airline. Affecting everyone who ever flies.
CAPPS-2 is the real thing, for which the Torch Concepts/JetBlue
contract was one of the test runs. The government is taking public
comments on the CAPPS-2 proposal, by email or postal mail, between now
and September 30th. After that, if you send them your opinion,
they'll ignore it (even more than usual).
Address your email like this:
To: privacy@dhs.gov
Subject: DHS/TSA-2003-1
Then tell them whatever you want. If the government is honest, then
they would stop CAPPS-2 if they got individual notes from 10,000
people saying "KILL CAPPS-2! Don't sacrifice the privacy of 600
million travelers each year in a foolish attempt to catch less than a
dozen actual terrorists each year." If they are dishonest and don't
care what the public thinks, then they would at least be on notice
that 10,000 honest and involved people are watching them.
You can write them pages and pages of details on how terrible CAPPS-2
is, and how corrupt they are to propose it, instead of a short note.
But I suggest reading the details of what they propose, if you're
going to that much trouble. You can find their proposal (in
proprietary PDF format) here:
They claim that they're putting up the comments for public viewing on
http://www.dhs.gov, but if they have done so, I can't find them there.
You can find an earlier round of 282 overwhelmingly negative public
comments on CAPPS-2 here, if you click "Simple Search" and enter
"1437": http://dms.dot.gov
As a brief overview, CAPPS-2 would require airlines to collect
peoples' full legal name, residence address, home phone number, and
date of birth (none of which is currently used by airlines today)
before they can even make a flight reservation. They would be
required to hand this information, and everything else in the PNR
(flight reservation), to the government, LONG BEFORE the flight takes
off. Then the government (or its "contractors") would do the same
kind of data matching that Torch Concepts did, hooking up your flight
reservations to credit databases and many other government and private
databases. The difference is that if YOUR data was one of those
"anomalous records" (that didn't fit one of the standard patterns of
your airline's customers), you would be singled out to be specially
searched, and/or kept off the airplane.
Torch Concepts' report blew the whistle on this secret program. The
report is at http://cryptome.org/jetblue-spy.pdf. On page 22,
Torch found two major groupings of JetBlue customers:
(1) Young Middle Income Home Owners with Short Length-of-Residence
(2) Older Upper Income Home Owners with Longer Length-of-Residence
Everybody else they categorized into "anomalous records". If you're
an oldster who moved to Florida recently -- or a renter -- or a lower
income person of any type -- you're anomalous. You're going to get
that special government search whenever you fly on JetBlue, if TSA
succeeds in imposing CAPPS 2.
(Oh, perhaps their final system will be more subtle than this clumsy
contractor was, but the basic problem is the same: the government will
forcibly identify each traveler, evalulate their lifestyle from
database records, and then make snap decisions about what civil rights
that person will have while traveling. They propose to permanently
withhold the right to anonymity; grant or withhold the right to
travel; and grant or withhold the right not to be searched without
probable cause. I thought rights were something that you had *all the
time*, not just if the government likes your lifestyle.)
CAPPS-2 also proposes that this "airport checkpoint" also be used to
try to catch various kinds of criminals, rather than solely to make
flying supposedly safer. It would also be used to catch foreign
visitors whose visa has expired or whose paperwork is snarled. And
once the public is used to it, of course I expect it would be expanded
to stop people for everything up to and including parking tickets.
The judges say that searching the general public without cause, in
order to catch criminals, is unconstitutional. But don't depend on a
judge to guard your rights. Complain to the government yourself,
right now!
Here's the best part. Besides the "blacklists" that today's CAPPS-1
system uses, the CAPPS-2 system will have "whitelists". Anyone with a
government security clearance, or a "position of trust and
confidence", will never get singled out, screened, or delayed. They
will be able to show up at the airport half an hour before their
flight, like everyone used to be able to do, and just walk on board.
There'll be one rule for "Party members" and another rule for the
"proletariat". CAPPS-2 assumes you are guilty until proven innocent
-- and assumes you are innocent if you work for the government. That
alone is reason enough to stop it.
EFF has also set up an Action Alert web site as another way to submit
your comments on CAPPS-2. See:
John Gilmore
and Electronic Frontier Foundation (EFF)
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com