In February, when Eleanor Holmes Norton, a congressional delegate for the District of Columbia, traveled between Washington and Guantanamo Bay, Cuba, she changed planes in Miami. There she took a test drive of the new U.S. Visitor and Immigrant Status Indicator System, or US-VISIT.
The US-VISIT system, now in operation at 115 airports and 14 seaports to the tune of $330 million, requires that everyone who enters the country with a visa be fingerprinted and digitally photographed so the government can keep track of them. Getting cleared through the system took Norton longer than the 15 seconds advertised by the Department of Homeland Security, but she told a congressional hearing on March 4 that she was impressed with how quickly the system worked.
"I don't envy those who have to come up with a system that keeps us secure and also keeps commerce and tourism going," Norton told Congress.
Another challenge is protecting the privacy of average citizens.
Since the attacks of September 11, 2001, the U.S. government has taken a variety of steps to safeguard citizens and keep terrorists out of the country. The Patriot Act, enacted soon after the attacks, gives the government considerable leeway in how it investigates potential criminals. US-VISIT and other new Homeland Security initiatives use technology to weed out bad guys; but in doing so, they collect personal data about millions of law-abiding citizens. Some privacy advocates worry that data could be abused; but not everyone is fretting.
They'll Know All About You
US-VISIT is designed to verify travelers' identities by comparing biometric identifiers such as fingerprints, confirming the authenticity of travel documents, and checking personal information against law enforcement and intelligence databases. It's supposed to flag visitors who may be security threats while speeding along those who are simply traveling for work, pleasure, or education.
There's another, more controversial, system in development: the Computer Assisted Passenger Prescreening System II, known as CAPPS II. The new system will check passengers' full names, birth dates, home phone numbers, and home addresses against information in government and commercial databases before allowing passengers to board U.S. flights. Passengers flagged as security risks will be subject to questioning or search.
These and other initiatives have raised the hackles of groups such as the Electronic Frontier Foundation. At stake are passengers' rights to privacy and to travel without giving up constitutionally protected freedoms, according to the San Francisco nonprofit group. The EFF is fighting the implementation of the CAPPS II system.
Lee Tien, a senior staff attorney at the EFF, says systems like the CAPPS II start society down a slippery slope toward even greater government oversight. He points outs that the scope of the program has already expanded beyond improving aviation security and catching potential terrorists to identifying wanted criminals and immigration violators.
"It might not seem like a really big deal to force people to go through more and more screening, but it does matter," Tien says. "Once you put a social surveillance in place, it's really easy to find other uses. I'm concerned about a whole world where everywhere we go looks like the airport."
For its part, the Department of Homeland Security says it's working to ensure that people's personal information remains private. Nuala O'Connor Kelly, the department's chief privacy officer, says the data collected by CAPPS II will be thrown out within hours of a flight taking off or arriving. The Department also promises that government employees will never see commercial data that flows into CAPPS II, and intelligence data will remain behind a firewall.
Will the government's safeguards work? Time will tell. Kelly says that before CAPPS II is launched, it will be thoroughly tested to make sure it flags people who truly are security risks and not those who have recently moved or changed their names. But testing alone could prove a challenge. First, the government needs data--and JetBlue Airways and Northwest Airlines have been hit with class-action lawsuits for secretly giving the government passenger information so it could test the system.
Do Most Folks Care?
Although it's true the government is taking steps to collect more and better information about us, many people think the ends justify the means. According to a March 2003 Harris poll, 26 percent of U.S. residents believe they've lost much of their personal privacy and don't want to give up any more. But most people surveyed--64 percent--say that while they are concerned about privacy, they are willing to allow use of their personal information when they understand the benefits of doing so and believe the data will not be misused.
A study published in February by the Ponemon Institute, a privacy think tank in Tucson, Arizona, found similar sentiments among more than 6000 people surveyed about the privacy protections of 60 government agencies. The group was trying to measure the extent to which people trust government institutions to protect their privacy. The average Privacy Trust Score for government agencies was 52 percent, meaning that just over half of respondents trusted government agencies to protect their privacy.
Larry Ponemon, who chairs the institute, says that although that score isn't stellar, it doesn't reflect strong negative opinions of government privacy protections. Ponemon says that debriefings after the survey revealed that many people believe the use of personal information in the name of homeland security is appropriate if the information is shared with a small number of people.
"One elderly lady said 'I really don't want the Department of Homeland Security or the CIA to get an A+ rating in privacy, because it's not their mission. I want them to protect my family. Probably a C level is good enough for them,'" Ponemon said.
The EFF's Tien says the problem is that the government has rushed into using biometrics and other security technologies without adequately measuring the pros and cons.
"Ostensibly, the use of biometrics is to prevent terrorists from entering the country," Tien says. "But it doesn't do you any good to know who someone is. What you really want is to know is whether he is a terrorist. For that, you rely on good watch lists and good intelligence outside the United States."
Tom Conaway is a contractor at Unisys, which is evaluating technologies for the U.S. Transportation Security Administration that will protect restricted areas at the nation's 429 airports. The TSA is the arm of the Department of Homeland Security that handles airport security. Conaway says biometrics can catch suspected terrorists, even though the technology's success might not be obvious to average citizens.
"If the government does catch a bad guy, they won't tell us how they did it," he says.
What's important now is that the government communicates to citizens what information is being collected and how it is being used, says Amy Santenello, a senior analyst at the META Group in Stamford, Connecticut.
"Constituents need to understand where that collection takes place and how data is being used, which they don't right now," she says.
Ponemon agrees. His survey found that many people overestimate the technology used in the airport screening process.
"People would say 'When I'm going through the TSA line at the airport, they take a scan of my body shape.' While those technologies do exist, they really aren't being rolled out," Ponemon says. "I still think there are risks and the privacy advocates have valid concerns, but the public doesn't need to think they are in an episode of the TV program 24."