Sabo blasts technology, legal protections for CAPPS II

Data-mining technology used in the Homeland Security Department's controversial Computer Aided Passenger Prescreening System II (CAPPS II) program should have been more closely scrutinized to ensure it protected privacy before it was granted full protection from legal liability, according to a senior Democratic congressman.

Rep. Martin Olav Sabo (D-Minn.), the ranking Democrat on the House Appropriations Subcommittee on Homeland Security, wrote to DHS Secretary Michael Chertoff to protest the granting of legal protections in June 2004 to Lockheed Martin Corp.'s Risk Assessment Platform, which was used in CAPPS II.

Under the Support Antiterrorism by Fostering Effective Technologies Act of 2002 (Safety Act), approved counterterrorism technologies are protected against losses from liability lawsuits resulting from a terrorist attack.

Sabo said he is objecting now, a year after the Safety Act certification was granted to the risk-assessment platform, because he only recently became aware that Lockheed Martin's platform is generic and may be utilized in other government programs.

"I was concerned to begin with about Safety Act protection for a CAPPS II-related platform," Sabo wrote in his letter. "However, I am even more troubled if the department is limiting liability for a much broader system that utilizes personal data obtained from commercial entities. This 'generic' system could be used to assess the 'risk' of American citizens for any number of reasons that are unrelated to its original aviation passenger screening purpose."

In the letter, Sabo requests that Chertoff and DHS Privacy Officer Nuala O'Connor Kelly "assess whether Safety Act protection should be afforded to technology that utilizes personal commercial data." He also asked whether other Safety Act approvals are in the works for additional data-mining technologies.

In June 2004, Lockheed's risk-assessment platform was awarded the Safety Act designation. It is described on a department Web site as a "data-mining knowledge management tool leveraging commercial data and subject matter expertise to provide authentications and risk assessment information to its operators." It employs "tailored algorithms and rules responsive to specific application requirements to aid the decision making process."

That platform was used in development of CAPPS II, developed by the Transportation Security Administration to screen passengers at U.S. airports, said Lockheed spokeswoman Emily Donavan.

CAPPS II was canceled in summer 2004 after criticism that it was too intrusive and did not adequately protect the privacy and constitutional rights of citizens. The TSA began work in August 2004 on a successor passenger screening program called Secure Flight, which also has been controversial because of delays and fears about privacy breaches.

Lockheed Martin received $12.8 million under the initial CAPPS II contract and continued to remain involved in the development of Secure Flight until May 2005, when it halted its participation, Donavan said.

Lockheed's risk-assessment platform is not being used anywhere at this time, Donavan said.

Asked if the risk-assessment platform had been used in Secure Flight's development from August 2004 to May 2005, Donavan referred questions to DHS. She also declined to say whether there was a specific contract awarded to Lockheed related to Secure Flight, and the total value of the contract. "Because of the sensitive nature of the program, we will let [DHS] discuss the nature of it," Donavan said.

Donavan declined to comment on Sabo's letter because Lockheed had not received it.

Donavan said the platform does protect privacy while performing threat analysis, and described it as a "real-time, event-driven threat analysis" tool that can be applied to a number of problems.

DHS officials did not respond to a phone call requesting comment.