The Transportation Security Administration intends to access the
airline ticketing technology used by travel agents to obtain
passenger information for its security screening system.
New details of the TSA’s controversial Computer Assisted
Passenger Prescreen-ing System, otherwise known as CAPPS II, were
published recently in the Federal Register.
The system, as it now is envisioned, will use an airline’s
passenger reservation system or a global distribution system to
access a traveler’s Passenger Name Record.
The TSA notes that a passenger’s name, home address, home phone
number and date of birth are the main pieces of information needed
for the CAPPS II program, but it plans to use all of the
information entered into the PNR.
The TSA has reduced the information it intends to collect and
the length of time that information will be kept.
However, the new proposal now leaves questions about the ability
of travel agents and corporate travel managers to protect sensitive
client information that is often used when booking airline
“We’re certainly concerned about it,” said Mark Williams,
president of the Association of Corporate Travel Executives.
“Again, the concerns are about who is going to have access to that
data. There are still a lot of unknowns.” Once PNR data is
collected, it will be analyzed in commercial databases in order to
confirm a passenger’s identity.
The agency has not said which commercial databases will be
The TSA, which is part of the Department of Homeland Security,
is responsible for developing a new security system for the
commercial airline industry.
Privacy activists and members of Congress criticized the
original CAPPS II system, introduced last January, as too
intrusive, prompting the TSA to refine its scope.
The original proposal sought to access credit history and
medical records and to hold the data for 50 years.
Once CAPPS II has a passenger’s data, it will run an internal
risk assessment using national security information provided by the
federal government. Based on the outcome, a “risk score” will be
assigned to each passenger. The revised system still “will enable
TSA to have a reasonable degree of confidence that each passenger
is who he or she claims to be,” the notice states.
The TSA, which can adopt its own regulations after following
review procedures, has said it will not keep information on law
-abiding U.S. citizens any longer than a few days after the
completion of their trips. It has said it intends to have the
system in place by January 2004.
The TSA has been testing the CAPPS II system since it first was
proposed, but it has not been using real passenger data.
Limited testing with personal data will be done, but is still
several months off, according to the TSA.
The notice does not mention by name any airlines or GDS
companies that will be involved in future tests.
However, Galileo has said it held limited discussions with the
TSA and it will cooperate with testing.