Since returning from Vietnam in the early 1970s, Adm. James Loy has carried a copy of the US Constitution in his briefcase. He says it helps frame his life and work.
Recently, he's become keenly aware of its import. As head of the Transportation Security Administration (TSA), the admiral is charged with creating a massive, antiterrorist computer system to detect a terrorist before he or she ever gets a boarding pass, let alone reaches the gate.
Called the Computer Assisted Passenger Pre-Screening System II, or CAPPS II, it will use data-mining technology to scour government and private databases to assure that each John Smith who boards a plane is indeed who he says he is.
The system was first envisioned amid the smoldering wreckage of the World Trade Center as a tool to ensure there would never be another 9/11.
But more than two years later, the project is stalled, a product of fears both here and abroad that the computer system, which would track more than a million flyers a day, represents a dangerous step toward a Big Brother world of privacy invasion. At the same time, a growing number of security experts question whether it will ever be able to successfully fulfill its primary task, which is to identify elusive and adaptable terrorists.
Domestic airlines have so far balked at providing passenger information to test the system, saying they want more assurances that information will be properly protected. The European Union, whose cooperation is key, is also refusing to sign on, noting concerns that citizens' privacy could be invaded without providing them the proper legal recourse.
Negotiations are underway on both fronts. Meanwhile, Admiral Loy has remained steadfast in his insistence that CAPPS II can be designed to detect terrorists at the same time it protects privacy.
"Anyone who would give up even a moment of liberty for a period of safety deserves to have his head examined," says Loy. "It's a constant balance, which was what those guys in Philadelphia talked about when they wrote the Constitution." Loy's commitment has won him praise even among some of CAPPS II's greatest critics, including the American Civil Liberties Union's Barry Steinhardt, who nonetheless believes Loy is creating a "surveillance monster that won't make anyone safer."
The reason is the very nature of the CAPPS II system. It will take four pieces of passenger information - name, address, telephone number, and itinerary - and run them through government and private computer systems, to track things like driver's licenses, credit, and other types of information stored in cyberspace. CAPPS II will then assign each flyer a color - Green to go, Yellow for extra scrutiny, and Red for stop - you don't even get to buy a ticket.
Initially, the TSA said this information would be used only to track terrorists. Later, it decided that it could also be used to ferret out any lawbreaker. That caused an uproar and TSA backed down. It's now saying CAPPS II will track only terrorists and violent criminals with outstanding arrest warrants.
That's one of the issues that disturbs the EU. Leaders want to be sure information will be used only to fight terrorism. It also objects to the fact that the US wants to store the personal data for a period of time.
They are also worried about proper legal recourses if misinformation gets in about European citizens, or the data is misused or leaked out to other government or private agencies.
The Air Transport Association, which represents America's commercial airlines, is just as adamant that proper protections be put in place before they give anyone's private information to the government. They're particularly sensitive since the recent controversy over JetBlue, which provided a defense contractor passenger information, without the passenger's knowledge.
"We're in very intense negotiations with the TSA," says the ATA's Doug Wills. "You can't have higher levels of protection without taking steps to secure customers' private information."
Steinhardt also shares that concern. While the TSA has set up an appeals process for passengers who feel they've been unfairly tagged, it must on some level stay secret in order to operate as a security system. As a result, Steinhardt calls the appeals process "a joke." He also has another big problem: it's too easy to become somebody else.
"The cruel irony here is that the people whom we're looking for, the actual terrorists, will easily be able to evade the system by identity theft," he says. "The four pieces of information required are easily obtained on the Internet on virtually every American for $35. Another six or seven hundred dollars will get you a legitimate appearing ID on the black market." That's less than a thousand dollars, not a lot of money for someone bent on blowing up a multi-million dollar airline, he notes.
Security experts raise another warning. They worry that passengers tagged as Green will get less scrutiny than they do now, since the computer says they're good to go. They'll be assumed to be safe and so won't have their carry-ons swabbed for explosives with the same vigilance.
"CAPPS could be used as an excuse to reduce other security measures. In that case it could do more harm than good," says MIT's Arnold Barnett, one of the nation's leading aviation experts.
Loy insists that will not be the case. CAPPS II will be part of a many-layered security approach - from the metal detectors to the reinforced cockpit doors to the presence of air marshals, which is designed to create many checks and balances in the system.
He also notes that the TSA is taking the 8,000 public comments about CAPPS II to heart. But he still believes it's critical for the system to be tested with real passenger information currently on file with the airlines. "It's enormously important that we press forward and be able to test the system with real data," he says. "It's like taking yourself out of the fantasy world and putting yourself in the real world."
Loy argues the country's founders understood this is a world of trade-offs. And if he can prove CAPPS will work effectively, he believes that could go a long way toward answering privacy concerns. "They don't want to give an inch until we can prove it can work, and I understand that," he says. "So we have to do that."