Slashdot Mirror
American Airlines Is Third Company To Share Data
crem_d_genes writes "American Airlines has become the third U.S. airline to admit sharing passenger records with the government. They were proceeded in admissions by Northwest Airlines and JetBlue Airways. At the heart of the matter is the implementation of the of U.S. Transportation Security Administration's (TSA) use of the provisions known as CAPPS II. Some privacy advocates have expressed strong dissent with this plan. Some concerns have even been brought up in Congress, though for different reasons. The Department of Homeland Security has a site entitled CAPPS II: Myths and Facts."
Myth: CAPPS II will track where and when I travel and will store that information.
Fact: For U.S. persons, information will only be kept for a short period after completion of the travel itinerary, and then it will be permanently destroyed.
So all the passenger data that the EU is leeching to US is being permanently stored - i.e. US is building a database of all EU citizens who have ever travelled to US. scary.
I can't believe the EU sold us out.
SURELY NOT!!!!!
Actually,, legally... technically... TSA has not broken the Law. Yet.
But then it was was only natural that the Big Brother will pry out our travel details from the cold hands of Airlines.
My only worry is my partner working as an agent in TSA and finding out that i travelled to New Mexico without telling her for a fling with my.... THAT would make me sue TSA.!!!
-------- Cluster bombing from B-52s is very, very accurate -- the bombs always hit the ground.
From the Department of Homeland Security:
Sometime I hate my country. So, those of you who aren't from here: yet another reason to not come. Does the government not understand the manner in which science progresses? This is just going to destroy the US research community, which was once the greatest in the world. Goodbye, conferences.
That's the attitude they are probably counting on. Not that it's a bad thing: the majority of folks have nothing to hide. Privacy is nice for some things, but there is a point where it crosses over into paranoia. The sibling AC is correct, your unpopular view is either going to be modded down, or the mods are going to have an Over-rated fight this morning.
:P
Personally, I think the government is barking up the wrong tree with airplanes. What they should really be more worried about is the nation's subway systems. I hang my hat with the MBTA (Massachusetts subway system), and believe me when I say this: it would be trivial for someone to blow up a train. The collateral damage from an explosion going off at Park Street during rush hour would be devastating. But that's not really on-topic, I guess.
Auto-reply to ACs: "Truly, you have a dizzying intellect."
The way it works is called the carnival booth attack, and it is described in much detail in this paper.
The basic idea is very simple. A person gets a score from the system, which is based on how likely they are to be a terrorist. Then, CAPPS II has most of the searches directed at people with high scores. So, a terrorist group needs only do a number of test runs, and see who does and doesn't get searched. The people who don't get searched obviously have low scores, and so they use them for the attacks. And in case you were wondering, yes, the terrorists are already using this scheme -- it was used in the 9/11 attacks. The hijackers did test runs, on the same exact flights to make sure everything worked as planned.
So, if there was an actual tradeoff to be made, then a rational debate could be had about the appropriate tradeoffs to make. But when they try to take away my privacy and as a result decrease the security, that I have a serious problem with.
Myth: CAPPS II will track where and when I travel and will store that information.
Fact: For U.S. persons, information will only be kept for a short period after completion of the travel itinerary, and then it will be permanently destroyed. The prescreening process will be conducted anew each time you fly.
I don't think this will be possible at all. Consider the fact that the information that they collect about a person will have to be backed up to other media to provide recovery options in case of system failures in the CAPPPS II system. Then it will be virtually impossible to permanently remove data.
This is the same situation that Google recognized when it said that their GMail service cannot be guarantee that emails will be permanently deleted.
Fair enough - don't you think the parties concerned should be honest about it though? From what I've read so far AA and USTSA denied that there was any sharing of data - why?
If my GP (doctor) asks me if it's OK to share my medical history with a surgeon I'm unlikely to object. If she fails to ask my permission I will object strongly. If she lies, and claims that she didn't share my data - well, that's worthy of more than just an objection.
...Oh, and by the way, some schmuck will find a way to blow up planes with or without data sharing, internment, shoot-to-kill policies, bloody-great walls, compulsory ID cards, razing villages, etc.
NB. I'm not suggesting that all of the above are current tactics against terrorism: they have all been tried at some point in recent history.
This is where the serious fun begins.
Don't worry--I'm sure Ashcroft and company are hard at work on a national database to be checked against a swipe of your National ID (a.k.a. "standardized driver's license or state ID") when you board any public transporation. At that point, known terrorist (or deadbeat dads, or those with unpaid parking tickets, or people with questionable political affiliations) can be arrested and searched.
In about ten years, we'll have an internal passport system for air, land, and sea transport that would have made Soviet Russia proud.
Call (206) 338-5780 COLLECT for information about a genuine BA, BS, MA, MS, MBA, or Ph.D.
Why is this even news? People, the days of anonymous traveling are coming to an end. It's just a fact. The government is determined to know who is going where, especially when using risky modes of transit, such as trains or airplanes.
I predict that within 20 years, USAmerican citizens will be ID'd even as they cross state borders. Adjust my prediction to 10 years, if there is another September-11-like attack in the near future.
Like woodworking? Build your own picture frames.
Yup, but this stops at the end of September. Except Canadians every terr^H^H^H^Hforeigner will be fingerprinted upon entry to the US.
If I'd be the US tourist industry I'd be in the process of shitting my pants from fear.
From a personal perspective: I've travelled the US about 15 times and spent a significant amount of my tourist Euro there.
This change of procedure however has the stench of assuming that I'm a criminal and doesn't give me the warm fuzzy feeling that I'm welcome.
I might be a tad over sensitive here (given the rotten track record of privacy protections in the US I'm not sure though), but I don't believe that I'm the only ex-US visitor with that view..
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
You think SPAM filtering is hard?
In 2003, there were 641 Million passengers on U.S. flights.
Zero of them actually attempted to destroy their flight. One of them would have been sufficient (the Shoe Bomber, for instance). The people tasked with finding this individual must thus be accurate to a level of one out of six hundred and forty one million.
By comparison, the odds of winning Powerball are approximately one out of one hundred and twenty million.
But people do win the lottery, quite regularly in fact. Lots of people have to lose, of course -- that's what funds the thing -- but it's not a particularly rare occurance.
That's sort of the idea here. Given enough "losing tickets", we'll beat the odds. And even if we don't -- at least we tried (which, ultimately, is what all the controversy is about right now -- not whether we succeeded in stopping the attacks, which we obviously didn't but whether "we tried".)
Hate to quote Scott McNealy, but like the man who sells the servers that store all our personal information says, "You have no privacy, get over it." Everyone gave up the flight info, because everyone was damn near thrown out of business. That's the bottom line.
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
In 2002, there were 42,815 traffic fatalities in the US. There was presumably a similar number of traffic fatalities in 2003, although I couldn't find the exact number. That's one death every twelve minutes. A September 11 every month. Why do we care so much about airplanes? What makes them so damned important that we can't stomach a single crash, while tens of thousands of people die on the roads every year?
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
We Americans have an exaggerated sense of danger - I don't know if it's because of all the violence in our media or we're just scared.
Another thing the nobody has stated yet is the fact that these databases are NOT completely accurate. We're going to be getting a lot of false positives. We've all read about what happens to the folks who are falsely fingered and what they have to go through.
Considering the inaccuracy of corporate data - that's right, that's where the TSA's data is coming from - how does one get it fixed? The TSA will just say that's what they got from the corps. If you go to the TSA's source, you'll just get the typical run around from them - "Oh, It's not our responsibility if there are errors because we get it from so and so." Or they may just blow you off. Don't believe me? Wait. This happened to a friend of mine. He couldn't get a loan because they had very old data that even the credit bureaus deleted. The bank just said "It's our policy and there's nothing to be done!"
I'll only be happy if there's a legal recourse for those wrongfully fingered and can't get the information fixed. That's right, feed the trial lawyers! But what are we supposed to do? Sit back and take it?
RTFA, didya?
The issue isn't as much the sharing of data with the gub'mint (although that _is_ a valid discussion, it's one for elsewhere); it's the fact that a contractor gave it to other companies at the government's bidding without AA's knowledge or consent.
And regarding your "conclusion", this poor schmuck's paranoia is not trumped by "the government" wanting to know that I'm travelling from point a to point b. What have CAPPS & friends (fingerprinting/photography at airports, massive visa lines at embassies, whatever) done besides terribly annoy a lot of possibly desirable immigrants and tourists, who'll now go vote with their wallets and go elsewhere? "Let 'em", you may say. "Fine, they will" I reply.
Cole's Law: Thinly sliced cabbage
People study where the best departments and research centers are. The US attracted many of the world's top students during the 70's, 80's and 90's, because in some fields, research was most advanced. Part of the reason was because not only was Europe devastated in WWII but many of its researchers emmigrated to the U.S. before and during the war as well as during the early phases of the Cold War. It became self-perpetuating. When the leading centers were in pre-war Europe, Europe was sought ought. When the leading centers were in post-war U.S., the U.S. was sought ought.
Now the have been two generations of post-war reconstruction and there is increasing incentive for them to stay home or return back home. The pull of good centers is augmented by the push provided by the Dept. Homespun Security, Patriot Act I-III, etc.
So the U.S. is losing the safe haven benefit and the dynamic equilibrium is changing. This will eventually stabilize even with things like CAPPS II and a general increasingly anti-research climate (many businesses have already cut their R&D, even Xerox PARC is gone).
However, a real tipping effect can be achieved by adding quality of life and economic issues to the equation. Many businesses have been cutting health coverage. And while there are still some good areas many cities are lacking in basic services like public transportation (could you commute if you wished?) and decent schools (where hard math and science is mastered). Furthermore, businesses have been downsizing and look to be doing so making it a hard climate. The climate is getting harder as the interest rates are at the bottom and both the national decificit and trade deficits are growing. Add the weak dollar to the mix, which might be hiding deflation behind the trade deficit, and it might be better to earn instead of $.
Then you have patents and litigation to deal with, if some corporation objects to your results -- e.g. Felton.
Behaviors like that are just going to ensure that a few more researchers choose to go home and build their centers in Europe, Aus/NZ, India or China.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
As many others have pointed out, there are two major problems with this:
1) The watchlists are horribly broken, and include many people who are not actually suspicious (there's even been a lawsuit filed by several people for interference with their free movement over this). If the watchlists actually *worked*, you might have a point. But, they don't.
2) This system actually gives attackers an advantage by allowing them to test what we're looking for. It therefore allows them to be more confident that if they don't fall under our criteria, they will have more leeway as to what they can smuggle on board a plane.
Truly random searches are the only way to go, honestly. While that will piss people off, and leads to ridiculous searches of grannies & the like, it's also the only way to be sure that attackers can't game the system.
Of course, airline security is only rarely about actually securing the flight, so I guess I shouldn't be surprised.
Security is a process. Find a hole in the process and the pieces you have bypassed are meaningless. At airports the assumption is that your ticket was matched to your ID at the metal detectors before entering the "Secure Zone" where the gates are located.
Even the name "Secure Zone" implies that by virtue of being there, everyone near the gates is authorized and not a threat.
So all a terrrorist would have to do is buy/steal a ticket (or boarding pass for that matter) for a name that passes CAPPSII and then get into the secure zone.
Every pen test we read about shows how easy avoiding the checkpoints are. Once at the gate, you show your boarding pass and walk onto the plane. O'Hare and many other airports no longer check the ID again at the gate.
Alternately, you just avoid the gate completely and have your team access the plane directly from the tarmac or via the ramp by penetrating one of the lower, non-public levels of the terminal.
So 9/11 isn't behind us. Another one is possible just a soon as the assets are in place and the timing is right (like just before the next presidential election)
Reason I really hate the idea of your "Credit Rating" saying how secure you are is the fact that just becuase someone has bad credit does not mean they're a bad person.
:)
So all the people that have been laid off due to bush's bad economic policies and a war we did not want are now bad people becuase they've had to default on loans or worse.
I recently tried to see about better insurance rates than my current state farm insurance. I was quoted rates 2-3 times what I'm currently paying. This was with Progressive, Nationwide, and Geico. After some digging around and a credit alert from equifax about the inquiries (Paying for that credit watch finally pays off) I call Geico and ask for a manager and after asking them why I get a quote 3x my state farm premiums they said I dont have enough credit for lower rates. I'm ask him what my credit has to do with my driving habits and he said people with bad credit are usually bad drivers. Personally I think this is bull and I ask him if those studies are publically available and he said no.
So my point here is that there may be studies about this and maybe there's a point to the higher rates. However I've been in one wreck when I was 16 and 10 years later I've never had a ticket, accident, or even looked at funny by a cop for bad driving. But now they'll use the same lame excuses about how I'm a security risk becuase of low credit despite having never caused a problem for anyone.
Just remember if you like me have less than perfect credit wear shoes you can slip on and off easily and be prepared to find your luggage ruffled through and items missing on the other end.
Last time I flew my baggage was opened 3 times on it's way from Fargo International to Dallas Tx. Once when I arrived at the airport they opened it and when I got home and reopened it I found 3 seperate inspection notes in there. God knows why it was inspected all those times but I really dont like that many people leafing through my luggage.
I sure hope they liked smelling the dirty laundry in there
there is only one way to effectively win a war the following is how it was done in Oman
22 SAS were sent to assist and an elaborate 5 front hearts and minds campaign, conceived by Watts, was rapidly instigated. The essence of the strategy was to eliminate Omani dissatisfaction; Quabus began a large works programme that would propel Oman into the twentieth Century. The problem now was how to get this message across to the rebels and to get them to understand the truth that there was no longer any need to fight. The commander felt that the original rebels did have right on their side because they simply wanted a better way of life. Part of Watt's plan was psychological; he made certain that the Sultan's far-reaching policies became common knowledge, along with the offer of amnesty to any surrendering rebels. From these defectors it was hoped that levies would be raised to fight the defectors, Watt's strategy was spot on and within month's defectors started to cross the lines. These men (furcats) trained and later became the backbone of fighting in Oman; by mid 1971 support from the local tribes was gradually being won.
This is the UK equivalent of Vietnam in that the fight was against communist insurgents, the difference in the tactics employed by US and UK and the results could not be more glaring. Time and time again it has been shown that firepower is not what wins wars (fights yes) but brain power which earns you the support of the population.
Terrorist Etc can only be defeated if you remove there support, not by killing the son/daughter mother/father of a potential terrorist recruit
Saying Apple is better than MS is like saying Botulism is better than rabies.
Within minutes, he's reading back to me recent payments, credit card balances, bank account info, etc... basically, my entire financial history. He knows that we were late on our electric bill in November, and comments on how nice it is that our car payments are so low.
Anyone who thinks that CAPPS II is a serious invasion of privacy is seriously naive. The average person no longer possesses any privacy to speak of. The sad fact of the matter is that you can be tracked no matter where you go:
- Your credit card purchases and ATM withdrawals track where you go and how much you spend.
- Even the small bills ($20) are tagged with RFID's, so cash no longer guarantees privacy. Plus, it's not likely that you'll find a good job which pays cash only.
- Your grocer records your every purchase, linked to your discount, bank, or credit card. The FBI can have this information simply for the asking...
- Your library viewing habits are now subject to Federal review, thanks to the PATRIOT act.
- Your medical practitioner is bound by law to turn over your medical records in cases where they suspect certain crimes have been committed. (Child abuse, for example. And yes, most practitioners consider any injury beyond a minor scrape or bruise "potential" child abuse.)
- Your ISP and phone company are required to possess the cabability to intercept your communications. The FBI can eavesdrop on these with no oversight or accountability whatsoever.
So, in light of the above, does CAPPS even matter? Even before 9/11, the FBI could get very detailed information about a person simply by asking people around the suspect. For example, in the Ruby Ridge fiasco, the FBI knew the suspect's daughter's menstrual cycle - the school nurse volunteered the information!Hate to say it, but your privacy is already gone. A person cannot function in today's society without consenting to monitoring of their every move. Why does CAPPS matter when the FBI already knows what you eat, which movies you watch, which books you read, how much you owe, and with whom you associate? CAPPS is more or less a "feel-good" government program - it's designed to assuage passengers' fear of flying while providing jobs to people who would otherwise be out of work.
The society for a thought-free internet welcomes you.
Coincidentally I was fortunate to spend most of the '80s living in Oman (north, round Muscat, though I did occasionally get to visit Dhofar and stare at a distant border with the then Peoples Democratic Republic of Yemen).
I couldn't agree with you more. Creating martyrs never works; improving infrastructure (schools, hospitals, roads) usually works. Within 10 years Communist insurgency in Oman was limited to geurillas crossing the border from Yemen: the local Dhofaris had no sympathies for the insurgents.
Fascinating link, by the way.
This is where the serious fun begins.
As has been proven by something called Carnival Booth any system for screening potential threats that does not have a sufficiently random element can be beaten. The system will supposedly screen some people everytime and will screen some people none of the time. This means if I'm a terrorist and me and 9 terrorist friends get on a plane, and one of us doesn't get screened, we send him on 5 more flights, if he never gets screened there's a good chance he never will (assuming nothing changes his risk status). He's then a good candidate to do bad things. Basically, the system provides a way for terrorists to find out who's a good candidate that wont be stopped while trying to get onto the plane.
That's my objection to the system. Furthermore, why is racial profiling considered evil? It's not saying, oh you're arabic, you must be a terrorist, it's saying you're arabic, x% of terrorists we've found are arabic, so if we screen more people who look like you, we might catch more terrorists. Obviously we shouldn't screen based solely on race but why is it bad to single out people who fall into a group that historically has been more likely to be a problem as opposed to senator's w/ metal in their hips or old grandmothers w/ hip replacements?