Counter Terror Gazette

Data Collection, Fusion Centres and Civil Liberties: implications for civil aviation

20 Dec 2011

Amid the plethora of technological innovations that help define the era of globalisation, few have more serious and far-reaching implications for air travel than the collection, analysis and focused dissemination of information. Also referred to as “data mining”, powerful engines can and do collect immense items of information from public and private sources.

This information is collected, collated and analysed in “fusion centres”. Created after the 9/11 attacks, fusion centres have been defined as “…a collaborative effort of two or more federal, state, local or tribal government agencies that combines resources, expertise, or information with the goal of maximising the ability of such agencies to detect, prevent, investigate, apprehend and respond to criminal or terrorist activity.”[1]  By September 2006, there were 38 such centres; by February 2008, 58, by November 2010, 72.  At the present time, there are fusion centres in every state, and 22 more in major urban centres[2].

This article will examine some of ways that data and the centres themselves have been utilised in the context of civil aviation security.

The lure of data, to paraphrase an old song, has a very strong appeal. The computer-assisted passenger profile system (CAPPS), developed by the U.S. Federal Aviation Administration is a case in point. Underlying the programme was the assumption that people meeting certain criteria would be subject to enhanced screening. The information existed in the form of data resident in government and airline computer systems. In 2003, the Transportation Security Administration proposed an expanded version of this programme, named CAPPS II. CAPPS II would rely on airline computer databases to identify people attempting to board aircraft who met specific criteria.  It also sought to expand these databases to include extra fields, e.g., a full street address, date of birth, and a home telephone number. Data would then be cross-referenced with government records and private sector databases to ascertain the identity of the person, and other details about that person. Risk scores would then be calculated and printed (in code) on the passenger’s boarding pass.  The code would dictate the level of screening given to the individual.

CAPPS II came under fire from various watchdog organisations and other federal agencies.  In February 2004 The Government Accountability Office (GAO) wrote a report critical of the TSA’s implementing plan and reiterating privacy concerns first voiced by members of Congress.[3]  As a result, CAPPS II was terminated shortly thereafter.  It was replaced, however, by a similar programme called “Secure Flight”.[4]

Despite the demise of CAPPS, the call for more data as a tool to combat terrorism continues.  At their recent annual meeting, the Airline Pilots Association (ALPA) produced a White Paper, “Meeting Today’s Aviation Security Needs, A Call to Action for a Trust-Based Security System.”  In the Paper, ALPA calls for a “…proactive and adaptive…approach in order to…maintain an advantage over terrorists in order to meet this ever-changing threat.”  Rather than concentrating on the historical “…interdiction of threat objects…” ALPA calls for a paradigm shift.  The proposed system would “…positively identify known, trustworthy passengers…and concentrate our finite high-technology and behavioural screening resources on the small percentage of passengers whose trustworthiness is unknown or in doubt.”[5]  This end is achieved by determining a passenger’s trustworthiness “…to the greatest practical extent before being given a seat on an airliner.”[6]   Cutting to the chase, the Paper makes the point that “In our data-rich society, there is so much publicly available information about every citizen that a basic determination of trustworthiness is readily achievable.”[7] Thus, the default to data.

As the TSA discovered during the rush to implement CAPPS II and other agencies have found to their chagrin, data mining as a means to counter terrorist groups and operations is a slippery slope.[8]  Without examining the efficacy of data mining per se as a means to combat terrorism (a separate, albeit valid issue), advances in processing and utilisation of personal data has raised issues involving civil liberties.  Reports discussing the challenges inherent in data-mining and fusion centres have been generated by organisations ranging from the American Civil Liberties Union[9] and the Congressional Research Service (CRS)[10] to the GAO.[11]

In addition to concerns over civil liberties, fusion centres have been criticised for operating in an atmosphere of excessive secrecy, which only serves to heighten suspicions regarding their methods and mission.  The so-called ‘no-fly list’ is a case in point.

Some of the challenges inherent in fusion of data have ramifications for air travellers.  Almost two years ago, this writer chronicled the story of Mrs. Glenda Hutton, a 66-year-old retired Canadian schoolteacher who found herself on a no-fly list.  Two years, two thousand dollars and a television appearance later, Mrs. Hutton was able to fly again.  She was never told why, or how, her name appeared on such a list.  The continued growth of fusion centres, given their lack of accountability and transparency, make this a scenario more and more likely to be repeated.  The call for more data and a commensurate growth in computer engines to control the data flow is indicative of tandem trends: First, the increasing use of data, analysis and fusion to reveal trends and suspect behaviour. Second, an over-arching assumption on the part of the fusion centre user that this process will result in deliverables that a discrete beneficiary can utilise to a comprehensible advantage. Questions over underlying philosophy have been examined in reports critical of the mission of fusion centres, to include the CRS.[12]

The use of data mining engines and fusion centres to help identify and combat risks from terrorism, criminal activity and even natural hazards is increasing. Techniques to manage data flow, “fuse” and compare information from various sources are becoming more sophisticated. As the ALPA White Paper demonstrates, a strong bias exists among some organisations towards increasing fusion centre data applications to strengthen security processes.  This is especially true in the area of civil aviation security, where such techniques have been utilised for years.  CAPPS I & II, Secure Flight and other data collection efforts have been, and continue to be viewed as effective means by which passenger data can be collected, processed and analysed.

As panellists from one roundtable examining the issue of fusion centres and information control noted, “…the horse is out of the barn.”[13]  If this is indeed the case, the no-fly list can only grow, along with other ‘lists’ within which suspect persons might reside.  The example de jure is the TSA’s Trusted Traveller Programme.  The programme is described in a CNN article:

The idea is that if the TSA can gather enough information about someone to show that he is a reduced risk to security, then they can have a reduced level of physical security at the checkpoint itself. So, if you as a traveller want to give a lot of personal information, there is now hope that you can leave your shoes on and keep your laptop in your bag.[14]

At this point, the programme is under construction and open to only a few; primarily frequent fliers and people who currently utilise existing Customs and Border Protection (CBP) programmes to expedite entry into the United States.  Should it succeed (and it is difficult to see how it would not – who doesn’t want faster passage through the security screening checkpoint?), it has the potential to grow to include all travellers.  At that point, data matters.  Despite the voluntariness of the programme in its present form, the data must undergo verification.  And this presupposes a system by which one’s information is vetted through a database.

CAPPS, Watch Lists, Trust-based systems, Trusted Traveller – as the national security paradigm moves continually towards data collection and analysis and as data manipulation becomes more facile, programmes such as these will proliferate.  And many of them will exist within the ambit of civil aviation security.  The challenge is not merely to improve the security product, but to demonstrate a commensurate concern for its use.