NCJ Number
204693
Date Published
March 2004
Length
25 pages
Annotation
This report presents information on the development status of the new Computer-Assisted Passenger Prescreening System (CAPPS II) and reviews the challenges to its implementation.
Abstract
In the wake of the September 11th terrorist attacks in the United States, Congress passed the Aviation and Transportation Security Act, which required that a computer-assisted passenger screening system be implemented for the evaluation of all passengers. The Transportation Security Administration’s (TSA) Office of National Risk Assessment became responsible for developing CAPPS II. It is anticipated that CAPPS II will significantly improve the security of air travel. However, the General Accounting Office (GAO) found that important system planning activities by TSA in the development of CAPPS II have been delayed. TSA is behind schedule in testing and developing initial increments of CAPPS II, mainly due to delays in obtaining passenger data because of privacy concerns. Furthermore, TSA is behind schedule in establishing a plan for specific system functionality, delivery, and cost. TSA has only addressed only one of eight issues identified by Congress as main areas of interest related to the development, operation, and public acceptance of the system. Challenges facing the development and implementation of CAPPS II include questions about the accuracy of data, abuse prevention, preventing unauthorized access, international cooperation, managing expansion of the system, and preventing identity theft. If left unresolved, these issues threaten the successful deployment of the system. A previous GAO report on the development of CAPPS II recommended that TSA create guidelines for maintaining the focus of the project and reaching intended system results by identifying the specific functionality that will be delivered during each increment of CAPPS II, as well as its associated milestones for completion and its costs. It was also recommended that TSA create a schedule for critical security activities, a strategy for lower risks associated with system and database testing, and an oversight mechanism that enhances the protection of the system from misuse. The additional development of results-oriented performance goals would further ensure that the system operates as it should. Figures, appendix