Although the documents released by the TSA are heavily redacted -- on some of the pages provided, almost every single word is blacked out -- they shed light on the mechanics of the no-fly program and on why some people might have been mistakenly placed on watch lists. In one internal letter from October 2002, Claudio Manno, TSA's acting associate undersecretary for intelligence, says that a person is put on the list when one of several intelligence or law enforcement agencies asks the TSA to do so -- but the agencies empowered to do this have been kept hidden, as have been any steps the TSA might take to make sure that the person is actually a threat.

"The placement of individuals on the No-Fly or Selectee lists has been guided by two primary principles," Manno writes -- but the principles are blacked out. One page is headed "Problems and Recommendations," and every single problem and recommendation is kept secret. If you're on one of these lists, how can you be removed? When you are "no longer assessed to be a threat to the U.S."

Mihir Kshirsagar, a policy analyst at the Electronic Privacy Information Center, says that he was most surprised that "there is no independent entity responsible for verifying this list. It sounds like the intelligence service pulls these names together, and it doesn't sound like they do anything more than that. We were always wondering, Where's the oversight? Who's going to verify it? Our worry is, if the FBI starts putting people who are on the most-wanted list for other things, how would you know that they are there?"

The identities of the people complaining about being constantly stopped at airports have been kept secret, so one can't say why the TSA might have put those people on the watch lists. Do they all share names with those of wanted terrorists? A few of them say that they are Arabs, and one person says he has a "Spanish name" and feels he's being "unfairly" singled out because of it. The angriest letters, though, come from people who insist that they couldn't possibly fit a terrorist profile; these people indicate that they're "American-born" or "Caucasian," and give other characteristics -- being "a grandmother," for instance -- that would tend to rule out terrorist intentions.

The TSA concedes that this is a problem. The department uses "a series of protocols that we have found aren't the best way of dealing with things," says Heather Rosenker, a TSA spokeswoman. "They aren't as clean as they need to be -- we don't just find the needle in the haystack, we pick up lots of hay in the haystack as well." Hence the need for CAPPS II.

The TSA was charged with building the new passenger-profiling system in the Aviation and Transportation Security Act, which Congress passed immediately after Sept. 11. It began talking about CAPPS II last year, but the system became embroiled in controversy early in 2003, when Delta Airlines agreed to test it. In response, Bill Scannell, a software executive in the Silicon Valley, put up a site called Boycott Delta which brought significant press attention to what the agency had hoped would be a low-profile plan. Several newspapers around the country, including USA Today and the New York Times, have since called for the TSA to change its plans.

But TSA insists that it will work to ensure privacy rights in CAPPS II. The system, says Rosenker, is still in its very earliest stages, and the developers are paying attention to civil liberties at every step of the process. The agency also says that the media has carried much misinformation about CAPPS II. Contrary to some reports, the system will not make a determination on whether you can fly based on your credit rating. It will also not take into account a passenger's "race, religion, ethnicity or physical appearance," says Rosenker, and it cannot be used to track how people travel around the country, as all records of inquiries are destroyed by the time your trip ends. Finally, Rosenker says that no airport agents get to see any private data. At the end of a person's CAPPS II check -- which TSA hopes will take less than five seconds per passenger -- the passenger is given a color coding. Green is go. Yellow requires further security checks. A red would prevent the passenger from flying, and the airport may call in the police.

Here is how CAPPS II will work. When you check in to a flight, the system will feed in your name, address, telephone number and date of birth -- information that airlines already have about each passenger -- into a commercial database. This step would try to determine whether "you are who you say you are," Rosenker says. The computer could get from these databases the same sort of information that many businesses easily have access to -- your known addresses, your employer, whether you own or rent your home, that kind of thing. Rosenker says that CAPPS II will analyze this information to check that you're "rooted in the community," meaning "that you routinely are where you say you are."

Rosenker describes CAPPS II as being a kind of progressive system -- it would scan as few databases as it needs to determine that someone checks out. "If every single commercial database says, yes, there's a Farhad Manjoo with this address and this date of birth and this phone number, the system says you're OK. What this allows us to do is not complicate the lives of people who don't need more checking." On the other hand, she says, "if it comes up that this person has only been living here for four months and there's no sign of him before that, then we'd need to go to the next level of identification."

This next level would check law-enforcement databases to determine whether you're on a watch list or, "if need be, your behavioral patterns," she says. "But that's only if need be -- and you don't need to do the same degree of testing for every person."

This last test of behavioral patterns is the most mysterious thing about the system. The TSA won't say what kind of behavioral patterns it means, because if terrorists find out what the agency is looking for, they'll change their behavior. Recently, to show that it was concerned about civil liberties, the agency held CAPPS II briefings for a number of privacy groups. Lee Tien, an attorney at the Electronic Frontier Foundation who attended one of these briefings, says that the department said nothing about what factors it uses to deem someone a threat.

But he has his suspicions: They'll check everything, he says. "Let's suppose you've got an FBI file, you've got a record" -- the TSA may look at that. But there may well be other inquiries, he says, "because there's really nothing that prevents them from checking everything they can. Think TIA."

Recent Stories