Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Timeline for profiling problems

2002 - The Rise of CAPPS II and the Rise of Delays

  • In February 2002, the media reported that the U.S. government was working on a system for pulling together travel histories and a potentially wide array of other personal information on each traveller, and using data mining and predictive software to evaluate potential terrorist threats among the general population. Under the system, dubbed CAPPS II, each flyer would be assigned a code of red, yellow, or green, which determined their treatment at security.1
  • The system immediately created a firestorm as critics on both the left and the right, as well as in the travel industry, complained that the system would constitute an enormous invasion of privacy and lead to unfair targeting of innocent individuals without recourse.
  • In a May 2002 report to Congress, the Transportation Security Administration (TSA) promised that it would begin testing the system in the fall.
  • In September 2002, the Washington Post reported that CAPPS II was months behind schedule, and that supporters in Congress were uneasy that the TSA had not even begun a pilot program.2

2003 - Political and Legal Challenges Emerge

  • In January 2003, the TSA issued a notice in the Federal Register, as required by the Privacy Act, outlining its plans for the giant new databases that CAPPS II would require.
  • In February 2003, TSA officials announced that the agency would begin tests of the system the very next month, in March 2003.
  • In March 2003, the TSA declared that it "expects to test CAPPS II this spring and implement it throughout the U.S. commercial air travel system by the summer of 2004."3
  • The same month, consumer activists began an online campaign urging citizens to "Boycott Delta" because the airline was reportedly helping the TSA test CAPPS II. Delta eventually withdrew its co-operation with the government in this area.
  • In August 2003, having received fierce criticism for the sweeping nature of its January Federal Register proposal, the TSA issued a new notice attempting (unsuccessfully) to address some of the criticism the agency had received. The new notice expanded the scope of the system to include not just terrorists but also domestic criminals.
  • In September 2003, it was revealed that a U.S. carrier, Jet Blue, had "voluntarily" turned over to a contractor working for the government data on 5 million of its customers, sparking a public uproar and several lawsuits against the company.
  • Also in September 2003, Congress passed legislation prohibiting CAPPS II from being implemented until the General Accounting Office, the investigative arm of Congress, had certified that the system meet basic criteria of effectiveness and fairness.

2004 - The Fall of CAPPS II and Continuing Legal Challenges

  • In January 2004, the TSA announced that, since no airlines would voluntarily hand over their passenger records to the government for the purposes of testing and experimentation with the CAPPS II program, it was planning to compel them to hand over their records.
  • Also in January 2004, the TSA said it expected to roll out CAPPS II in the summer of 2004. Government sources, however, told reporters that the system was nowhere near ready.4
  • Also in January 2004, the Washington Post revealed that Northwest Airlines had shared millions of traveller records with the government to use in "data mining" threat-detection experiments.5
  • Despite this uncertainty, in April 2004, the European Commission signed an agreement with U.S. allowing for the transfer of Europeans' data to the government – meaning that at a practical level, the private data of Europeans was now more exposed to the U.S. government than that of American citizens, despite the Europeans' purportedly stronger privacy laws.
  • In February 2004, the General Accounting Office (GAO) warned that CAPPS II was not sufficiently protecting the privacy of individuals. The GAO found that the TSA failed 7 of the 8 tests set out by Congress for basic effectiveness and respect of privacy, including failures to provide for due process, a minimum level of accuracy, and proper security and oversight. The program was formally barred from going into effect until the GAO certified passage of all those tests.
  • In April 2004, the ACLU filed suit over the large number of innocent travellers who had been stopped, questioned, and worse because their names were on a secret government "no-fly" watch list of suspected terrorists, and their continuing inability to get their names removed from that list.
  • Also in April, yet another carrier, American Airlines, revealed that it had shared more than a million passenger itineraries with government contractors for the purpose of testing CAPPS II.
  • In May 2004, it was discovered that American, United and Northwest Airlines had each turned over millions (up to a year's worth) of customer records to the FBI, which sifted through the data in the hopes of detecting terrorist attacks.6
  • In July 2004, Homeland Security Secretary Tom Ridge announced that CAPPS II was being dismantled. The acting head of the TSA, David Stone, meanwhile, announced that the TSA was working on "reshaping" the CAPPS II program.
  • In August 2004, the TSA announced the launch of a passenger profiling program entitled "Secure Flight." The renamed program was largely a re-branded version of CAPPS II, except that it would not, according to descriptions by TSA officials, use computer algorithms to rate individuals' "threat to aviation," and would not expand its scope beyond terrorism. It did, however, draw on personal information held by private-sector databases, expand the personal information required in making a reservation, utilise secret, unreliable government terrorist watch lists, and lack meaningful due process protections.
  • Also in August 2004, Senator Edward M. Kennedy revealed at a committee hearing that he had been stopped and questioned at U.S. airports five times because his name was on a terrorism watch list, and that he had been unable to get removed from the list for more than three weeks despite being a U.S. Senator and brother of a former U.S. president.
  • In September 2004, the TSA announced that it would require the airlines to turn over the passenger name records (PNR) details of all their customers who flew during the month of June 2004, to be used for program tests.
  • In October 2004, the Secure Flight program director promised that the TSA was going to create a new office where passengers mistakenly labelled as potential terrorists could appeal their cases. The promise came as customers continued to find it difficult or impossible to remove their names from the government's secret "no-fly" and "selectee" terrorist watch lists, despite months and years of complaints and bad publicity.7
  • Also in October 2004, the president signed the Homeland Security 2005 budget legislation, which contained a provision barring TSA from testing commercial data for Secure Flight until the agency had developed "performance measures" for the test and those measures had been reported upon by the GAO.
  • In November 2004, program officials ordered the airlines to turn over customer data, declared that testing of the program would take place that November or December, and that the program would go into operation in "late spring or early summer of 2005."8
  • In December of 2004, it was reported that the TSA still had not identified either the kind of commercial data it would test or the commercial company that would participate in the test.9

2005 - Increasing Doubts and Delays for 'Secure Flight'

  • In March 2005, the GAO issued a review of Secure Flight in which it found that TSA had only achieved one of ten Congressional requirements – establishing an internal oversight board – and had not yet even finalised a "draft concept of operations."10
  • In June 2005, the DHS's Chief Privacy Officer announced that she was investigating the use of private-sector commercial databases by the Secure Flight program, which the TSA was prohibited from doing without public notice under the Privacy Act's ban on secret databases. In response, the TSA rushed a post-hoc public notice into the Federal Register.11
  • In July 2005 the GAO issued a report finding that passengers' personal information was used in violation of the federal Privacy Act during testing of Secure Flight in 2004.
  • Also in July 2005 the head of Secure Flight said that the government planned to use commercial databases to detect terrorist sleeping cells among airline passengers. This announcement undid the most significant improvement of Secure Flight over CAPPS II, by re-opening the possibility that the government would use secret computer algorithms based on commercial databases and other sources.12
  • In August 2005, with testing of Secure Flight still not underway, the Department of Justice's Inspector General issued a report saying that DOJ's Terrorist Screening Center (or TSC, which had been created to maintain the U.S. government's watch lists) could not plan to assist in Secure Flight because TSA failed to even establish a working flow chart for Secure Flight.13 "The TSC does not know when Secure Flight will start, the volume of inquiries expected. . . the quality of data it will have to analyze and the specific details" of how the program would be developed.
  • In September 2005, TSA's internal Secure Flight Working Group concluded that "Congress should prohibit live testing of Secure Flight until it receives ... a written statement of the goals of Secure Flight signed by the Secretary of DHS" along with safeguards against abuse and expansion of the program.14
  • In December 2005, a panel of independent experts advising DHS found that "the program is not yet fully defined."15


  • 1. Robert O'Harrow, "Intricate Screening of Fliers in Works," Washington Post, Feb. 1, 2002; online at
  • 2. Robert O'Harrow, "Air Security Focusing on Flier Screening," Washington Post, Sept. 4, 2002; online at
  • 3. TSA Press Release, March 11, 2003.
  • 4. Jeremy Tobin, "Passenger Coding System Not Even Close to Ready, Critics Say," Congressional Quarterly Homeland Security, Jan. 14, 2004.
  • 5. Sara Kehaulani Goo, "Northwest Gave U.S. Data on Passengers," Washington Post, Jan. 18, 2004; online at
  • 6. John Schwartz and Micheline Maynard, "Airlines Gave F.B.I. Millions of Records on Travelers After 9/11," New York Times, May 1, 2004.
  • 7. Caitlin Harrington, "TSA Promises New Advocacy Office to Clear Errors on No-Fly Lists," Congressional Quarterly Homeland Security, Oct. 26, 2004.
  • 8. Sara Kehaulani Goo, "Airlines Must Hand Over Records", Washington Post, Nov. 13, 2004.
  • 9. Caitlin Harrinton, "Airline Passenger Screening Plans Still Drawing Jitters," Congressional Quarterly Homeland Security, Dec. 3, 2004.
  • 10. U.S. Government Accountability Office, "Aviation Security, Secure Flight Development and Testing Under Way, but Risks Should be Managed as System is Further Developed," March 28, 2005.
  • 11. See,,2933,160179,00.html.
  • 12. Leslie Miller, "U.S. May Use Airline Data to Find Sleepers," Associated Press, July 23, 2005.
  • 13. "Review of the Terrorist Screening Center's Efforts to Support the Secure Flight Program," U.S. Department of Justice Office of the Inspector General, Audit Report 05-34, August 2005, page (ix).
  • 14. Report of the Secure Flight Working Group, Presented to the TSA, Sept. 19, 2005, at 32.
  • 15. Department of Homeland Security Data Privacy and Integrity Advisory Committee, "Recommendation on the Secure Flight Program," Adopted Dec. 7, 2005, at 1, 2.