Acxiom is watching you

In an interview with Salon last April, Heather Rosenker, a spokeswoman for the Transportation Security Administration, described how CAPPS II, the TSA's passenger-screening system, would work. In order to make a reservation with an airline, she said, a passenger will be required to provide a name, a home address, a telephone number and a date of birth. Then, when the passenger checks into the flight, the computer will send the identifying information to commercial databases like Acxiom's to see if the passenger is "rooted in the community," Rosenker said, meaning "that you routinely are where you say you are." At the same time, the computer would check federal law enforcement databases to make sure that you aren't on a terrorist watch list or wanted for a violent crime. Depending on the results of these tests, each passenger will be given a green, yellow or red flag. Green means go. Yellow prompts more rigorous searching. Red calls in the police.

With its dependence on commercial databases to check a passenger's identity and perform quick risk assessments, CAPPS II appears almost identical to the insurance-fraud-inspired passenger-screening system Acxiom envisioned in the fall of 2001. The government's test to see if passengers are rooted in the community is the same kind of test Acxiom performs for the financial industry, and one that the company has long been saying would benefit the airlines. For instance, in a speech to the U.S. Chamber of Commerce in December 2001 -- a speech attended by Ted Kennedy and James Ziglar, then the chief of the Immigration and Naturalization Service -- Jerry Jones, an Acxiom executive, declared that "technology used every day by the finance and business industries can be applied to enhance airline safety." He went on to ask why, if background checks are considered routine for insurance, they aren't used for airlines. "Because airport security today remains overly focused on finding weapons as opposed to finding terrorists," Jones answered.

The mechanism behind CAPPS II is almost completely secret; privacy advocates routinely complain that the TSA is silent on the inner workings of the system, a silence that grew so deafening by October of last year that Congress ordered the program halted until the General Accounting Office performs a rigorous study on the system. (That study is due in the middle of February.) Still, what the TSA is willing to say about CAPPS II fits exactly with what Jones outlined at the U.S. Chamber of Commerce -- CAPPS II changes the focus of the airport authorities from searching for weapons to searching for terrorists, implanting data mining at the core of transportation security. For a company like Acxiom, that has got to be a dream come true.

But Acxiom has not been the only company pushing the government toward a passenger-screening system to secure air travel. Since 2001, Jason Karosec, the CEO -- actually, "chief eagle" -- of EagleCheck, a small company in Cleveland, has also been meeting with aviation security officials to sell them on his firm's screening system, a program that he says is both more effective at catching terrorists and more respectful of privacy rights than CAPPS II. EagleCheck's system was, like Acxiom's, inspired by the 9/11 attacks. When Karosec and David Akers, his business partner, examined the records of the hijackers, they too concluded that many of the attackers might have been stopped by a computerized screening system. As the firm points out on its Web site, many of the hijackers used multiple aliases, listed different birthdays on different forms, and used stolen Social Security numbers. Some were wanted by federal authorities.

To Karosec, an engineer whose expertise is in credit-payment systems, all of this seemed like "easily catchable" stuff. "Why should people be getting in planes with fake I.D.'s?" he asks. So the company, which is funded by private investors, set to work on its system. The program that it eventually came up with is still likely to irk privacy advocates, though probably less than CAPPS II does. Instead of relying on commercial database aggregators -- like Acxiom -- Karosec says that EagleCheck would look up passengers in source databases (like your state's DMV or the federal government's electronic Social Security number database), so that no central pool of passenger data will need to be accumulated for EagleCheck. And unlike CAPPS II, EagleCheck would not rely on the airlines passenger-reservation records -- instead, the system would get your data right from your driver's license, which you'd swipe through a reader at the airport. This way, you wouldn't have to worry about the airline keeping your information after you've flown, which is one of the major concerns with CAPPS II.

Karosec is heartened by the fact that the government actually seemed to be listening to EagleCheck in the many meetings he had with officials. Despite the differences, the more he reads about CAPPS II, Karosec says, the more it sounds just like EagleCheck. "From a societal point of view, the more CAPPS II looks like EagleCheck, the better off we all will be," he says. "So we know we've influenced them. We were in there October of 2001 meeting with them. So part of me feels vindicated. They're adopting my ideas."

As a businessperson, though, Karosec is frustrated by the government's imitation of his product, and he doesn't rule out enforcing EagleCheck's patents against the government. Because, notwithstanding its claims to protect passengers' privacy, EagleCheck was not eventually awarded a contract to work on CAPPS II.

Part of this might have had to do with its size: "We're a small company in Cleveland, Ohio, and I don't know if the government wants to hand over this project to us," Karosec says.

Far better to give it to a company with the resources to hire as a lobbyist a prominent retired general with an eye on the White House.

Editor's note: This story has been corrected since its original publication.

Story finder (3 ways to search Salon)

Search terms:

Salon the Web

Salon Directory (browse by topic)