| Transcript of
Press Conference Conducted by
Nuala Kelly, Chief Privacy Office of the DHS. Date: February 12, 2004. Source: Department of Homeland Security (DHS). |
 |
|
TRANSCRIPT OF MEDIA ROUNDTABLE WITH CHIEF PRIVACY OFFICER NUALA O’CONNOR KELLY
Q: What is the status of the investigation of Jet Blue?
A: Great question. Very close to completion.
Q: Could you define that?
A: I absolutely will not only because I have tried to define it twice before and been wrong and I saw myself chastised in an article recently saying that I had missed two deadlines. Of course those two deadlines were deadlines that I had imposed on myself. The delay is not from lack of interest but rather from having more documents to read that I had imagined that we would have and more people to interview both inside and outside the government.
Q: Were there any lawsuits hinging on the results of your investigation?
A: Well, there are lawsuits involving this incident. There are no lawsuits to my knowledge filed against the Department at this time but there are I believe a number of private-sector class-actions against Jet Blue.
Q: What is the range of actions that you can take? What are your authorities?
A: That’s a great question. The statutory authority for the Privacy Office is found in Section 222 of the Homeland Security Enabling statute that the office oversees Privacy Act, Freedom of Information Act and E-Government Act compliance. The main focus of my inquiry is “Was there any violations of those statutes and was there any violation of privacy policy by Department of Homeland Security employees or people who are currently employees.” At the time of the incident, there was obviously no Department of Homeland Security- these would have been Transportation Security Administration (TSA) employees employed by the Department of Transportation who now work for us.
Q: Are you doing any investigation of the Northwest/NASA?
A: I looked into it only enough to be sure that there was no nexus to our Department. So we are not involved with that.
Q: Have you set a date to meet with the airline executives to talk about a privacy policy for airlines and can you give us a sense of- if they have to get to 10 from 1, where are they?
A: That’s a great way to look at it. Well, as you all know I already met with them. It was very interesting to me that my schedule for that day became public and had such interest to so many other people. I have been meeting continually not only with members of the airline industry but members of other industries, other parts of the travel industry, other industries who share information or want to share information with the Department of Homeland Security to encourage all of them to evaluate their privacy policies so that we do not see a continuation of the kinds of events that we have all seen in the airline space. Can I say that there are not more of those revelations that will come forward that emanate from the days and weeks after 9/11? No, I couldn’t say for certain that those are the only two or three that have occurred. But, I think what we can say is that going forward, this Department will be having fairly strong rules that we will educate our employees about how to use private sector data and hopefully help inform the private sector about making sure their own customers and clients know what their expectations should be.
Q: If I could go back to Jet Blue- if your authority deals with the conduct or misconduct of Homeland Security employees, what are your options? What is the range of options?
A: The Privacy Act as you know includes civil and criminal penalties for violations so the range of options is everything from finding that there was no wrongdoing to finding a significant and severe violation of one of those statutes. I am still open to what those options are going to be- I haven’t made a final decision.
Q: Again that is looking at government employees, not Jet Blue?
A: That is absolutely correct.
Q: Back to the airline executives, they’ve acknowledged or realized that they need to do more than as you have said, “Put a privacy statement” on a web site. I think there is agreement that CAPPS II is not going to go forward until the airlines also have a privacy policy too- so how close are they? Do you have any sense at all?
A: I think it really varies from airline to airline. I can not say that I have reviewed every single domestic airline’s privacy policy nor would that necessarily be something that I would routinely do in the scope of my office’s work. I think they are probably equal to or current with most other industries by having an awareness that privacy policies are needed but they are also in a particularly unique situation of having a very close relationship with the Homeland Security Department because of the ongoing threat against civil aviation. So they are probably on the forefront of the issue of how to share information responsibly with the Department.
Q: What is the issue with the airlines? Is it a matter of them deciding what information they are going to give you or they’re willing to give you anything you want as long as they can be assured that you’ll keep it private?
A: I couldn’t speak for the airlines but speaking from a privacy policy standpoint, the issue is making sure that all companies have disclosed accurately what information is being shared with any other party. Whether it is with the government agency or a partner in the private sector making sure that they do not violate the privacy policies that are in place at the time the data is collected. I think there is support generally for the idea that passenger screening of some kind is necessary but I don’t hear an all out refusal to give information but simply an awareness that both parties, both the private sector party involved whether it be an airline or any other industry player and the Department have obligations on this issue to make sure that the American public know what information is going where and to what use that information is being put.
Q: But I gather that their concerns are going to be somewhat attenuated because you’re going to move up smartly and going to require them to give the information, so what is the nature of your conversations with the airlines now? To pat them on the hand and say, don’t worry- we’ll keep it safe? What are you supposed to do with their concerns if you are going to require them to give the information anyway?
A: The nature of the conversation is more to the impact that any government activity would have on the privacy policies already in place. I don’t think simply mandating a program or even asking for voluntary cooperation with a program absolves an industry player from having a privacy policy that’s accurate and descriptive of what information-sharing is going on with their customer’s data. Also, we have on-going obligations on our side of the fence under the Privacy Act, under the E-Government Act, under privacy impact assessments to be clear and thorough and equally transparent in what information is being shared and where it is going. There are actually some tandem concerns and PIAs for all intensive purposes are our version of a privacy policy- letting people know what information is being taken in, where it’s going, how it’s being used, how it’s being stored, how it’s being kept secure and how long it’s being kept.
Q: What’s PIA?
A: I’m sorry. Privacy Impact Assessment- that’s the requirement under Section 208 of the Electronic Government Act of 2002.
Q: Although they may not be saying it publicly, are a lot of these companies to you privately saying- “Please make us give you the information?” and take this burden off of our back?
A: They’re not saying it to me. You would have to ask TSA about that.
Q: But didn’t they issue a statement saying that- that we won’t do it voluntarily but if you make us we will?
A: I don’t know. My conversations have been limited to “What’s in your privacy policy, how do we make sure there is a robust awareness on both sides of the fence- the private sector and the public sector of how this information-sharing works.”
Q: The Under Secretary (Hutchinson) today discussed having an external review board for this. Is that a new addition to this CAPPS II thing or has it always been there?
A: That’s always been there. From my standpoint, there has always been a conversation about having a Privacy Advisory Board and that’s something that my office is working toward. I like Asa’s idea though about having a particular CAPPS II external advisory board because we’ve seen great success in other programs, particularly the US-VISIT program which has an advisory board and has rolled out a tremendous privacy program. It’s a model that I have also used in the private sector- having an external privacy advisory board to bring in stakeholders, constituents, advocacy community, academia and industry to have that conversation and also to look into ongoing operational concerns.
Q: I guess I’m trying to find out where in this timeline or where in this process that sort of entered the picture when it comes to CAPPS II? Is it something that developed once the airlines said we’re not giving you the information?
A: It’s certainly something we’ve been discussing but I think it’s something that Asa has made a firm decision in recent weeks on that. I couldn’t tell you the exact dates though- I’m sorry.
Q: It seems apparent but don’t know it to be a fact that this is in response to all of the privacy concerns and the airlines opposition.
A: Well, we’ve had an informal and even before I started working on the program at DHS, there were certainly informal contacts to the advocacy community. There were a number of… Mark (referring to Mark Hatfield- Acting Director of Communications- TSA) you weren’t here then either, I’m trying to remember what they called them- sort of stakeholder retreats and meetings and there were a series of them when both the program was at the Department of Transportation and when it was in its early days at the Department of Homeland Security. I think this formalizes that process and I think it’s a good thing to have formal process that’s both open and transparent and available to be applied for by whoever wants to be a part of it.
Q: As the privacy officer, are there any concerns you have with the GAO report?
A: For the most part, I think the GAO Report is quite fair and I think it’s accurate and I think it’s a fair statement to say that there is good work that has been done and a great deal of work that still remains to be done on my issues and on other parts of the program as well.
Q: I’m sorry, maybe this has been out there but has the decision been made about how long data will be retained? Is that finalized yet?
A: We do say in the privacy act notice from last August that the data will come into the system a certain number of hours before the flight departs and will be discarded for the majority of people within, I can’t remember if it… it’s a matter of hours. It’s fewer than a number of days but I don’t remember the exact hour.
Q: So it’s less than a day, though?
A: It’s after the completion of the itinerary and it may say “in a matter of days.” I think we’re talking in reality a number of hours before the flight leaves and a matter of hours after the last flight of your itinerary ends. The big distinction to me is that came down from 50 hours. I couldn’t tell you for sure the exact number of hours but when we’re talking about the difference between the initial proposal which was 50 years and a matter of hours or days.
Q: Now let me ask you about that. If you get these names a few hours before a flight is that really enough time to run it through the system? Are the privacy concerns limiting the effective use of the system, potentially?
A: I don’t feel the privacy concerns are limiting the effectiveness of the system. I believe that the proposal as it stands now allows TSA to take affirmative and preventative action if they find information. You certainly want to limit it to a certain number of hours before the flight because you don’t want to have keep re-running the system every time a change is made in an itinerary so you are looking at issues more of efficiency and cost-effectiveness versus what is the minimum amount of hours that we need in order to take preventative rather than privacy concerns.
Q: Let me ask you a very basic question that probably everyone here knows the answer to except me. Where is the data? Is it with the airlines? If I call to make a reservation two weeks ahead of time, they’ll still check me out at that point rather than waiting until a few hours before the flight?
A: Actually, no.
Q: OK, so where is the data that is going to be saved for a matter of hours rather than days.
A: Let me walk you through as I understand it. When you make a reservation with an airline or a website or on the telephone, wherever, the information is housed in any one of a number of places- computer reservation systems, global distribution systems, the various chain players in the airlines program. From the TSA standpoint, they plan to take the data in, again in a certain number of hours and when I say a certain number of hours, it may be 48 or 72- may not be three or four so it may be enough hours to- we may be talking about less than a week but more than a day and I couldn’t tell you- Mark do you know an exact hour figure?
A: Mark Hatfield- They’re still refining that.
A: Nuala O’Connor Kelly- OK. So to answer your question, I think it is adequate to do the investigations that they want to do. That comes into the TSA database, server, whatever you want to call it and at that point, then the process starts- the analysis, the authentication of identity. That sort of thing.
Q: And that’s the data that will be saved?
A: Length of itinerary plus a little buffer zone on the front and back end.
Q: And you have to decide what all you want the airlines to fork over when they do that?
A: And the proposal that has been on the table for some time has been a minimum of feel legal name, full home address, telephone number and date of birth.
Q: I don’t understand how it will work for foreigners, though?
A: Great question.
Q: Because if you have commercial database here but I am from a small village in Latvia?
A: I couldn’t agree with you more that is one of a number of outstanding questions that I still have from my office and that’s why- what are your reactions to the GAO Report? I would say they are right to point out that there are a number of unanswered questions- that is not to say that these are unanswerable questions but simply they have yet to be answered. That to me is one of the primary questions, I want to look at issues of disparate impact and not just the classic civil liberties disparate impact that people have concerns about but the unintentional or unexpected disparate impact of the kinds of concerns that you probably have heard- people that have moved recently or people who have changed their names since they got married or divorced that sort of thing. I want to make sure that this system is truly going to work for the people we are trying to pinpoint and not going to disadvantage any other particular group based on behavior, or category or whatever. Until we see that in operations or internal testing, it is hard to answer and you have hit on a key one. As you know we have been involved in tremendous negotiations with the European Union and we are very cognizant of their concerns, as well.
Q: Can I ask another question? Secretary Hutchinson said there was a possibility if this thing is working right- it may be able to flag someone who has stolen someone’s identity- at what point would that happen? When you get the data? When the person shows up at the airport and has to give the magic password? And what do you do then.
A: That’s a good question. To overly and grossly simplify CAPPS II versus CAPPS I- CAPPS I as I understand it is a static, rules-based system that involves “Did you buy a one-way ticket, did you pay with cash, are you the last person to check in for your flight, did you buy the ticket within one hour of the flight?” Those are very static rules- the same for every passenger plus the obviously name-based- “Are you a person that is a known terrorist or affiliated with a known terrorist on a watch list?” This is a simple two-part process and that analysis is happening today. We all need to remember that there is a CAPPS I and it’s not working beautifully so what is the alternative? We can not simply do away with the system and say OK- we’re not going to have anything. We have to have some kind of security so the question is what is that going to look like? The proposed CAPPS II system, as I see it, a three-part system. The first part is the authentication piece that to me coming into the Department was an area of concern because that is the proposal to use private-sector databases, private-sector data aggregators to validate and authenticate the identity that is given to the airline- John Doe at this address or phone number. The purpose of that is to again verify the identity, make sure we have a person who exists in the real world in front of us and thereby when we go to step two and three and we figure out if you are a known terrorist or affiliate of a known terrorist, that we actually have a real identity in front of us. That is where I believe where you would see the issues of identity theft where people who engage in identity theft very frequently get something wrong- a middle initial, a digit in a phone number, or match an address with a telephone number incorrectly those sorts of things. Again, I believe with the multiplicity of databases that they are considering using you would weed out the issues of “I’ve moved recently or changed my telephone number” because you would have more accurate, more up-to-date data. Having done privacy in both the public and private sector, I am actually quite confident that there is good intelligent use of technology and use of data in the private sector if we can leverage it in an extremely limited fashion and again, the proposal is to query those databases but not to bring that data into the government space- not to bring and permanently hold that date in a government database but merely to match it, to verify it, to say, “Do we have someone in the real world who exists who has this name, address and telephone number?”
Q: Why haven’t you finalized the privacy plans especially given all of the criticism from a very active privacy advocacy group?
A: We have been working side-by-side- personally I have been spent more hours on this program than most anything else at the Department- but as the technology changes, as the proposal changes, as we learn more about how the system will work things like a privacy impact statement are revised. It’s not like we haven’t had one but we have to keep re-writing it as the program evolves and moves forward and development continues. I see that as an evolutionary process just like the building of new technology so it is not something that should come either before or after but should be evolving side-by-side with the development of a new program.
Q: Can we go back to the previous question? I asked in the other room and I am confused by the answer- supposed somebody shows up with my name, Matthew Wald, but he has the middle initial wrong or a digit wrong, etc., so your first responsibility is that you put him through secondary screening to see if he going to go to cockpit with a box cutter. Is it possible you would and another privacy issue which your more conversant than I am- is under what circumstances you’d use this airport security system to arrest people who are wanted for jaywalking in the District, murdering someone, whatever. So someone shows up with my information but something is wrong, how does this result in making the world a better place other than making sure he doesn’t hijack the airplane?
A: That’s a brilliant question because I have not thought about what happens when we see a clear case of identity theft. Do we arrest them on the spot? I do not know the answer to that- I have to honest with you. I think it’s a terrific question. I think the theory behind the authentication piece has simply been to inform the second and third pieces of the program and let me go to those which are the literal watch list- are you a known terrorist, are you someone who is wanted on a violent crime? It will clearly affect their score but do I know if there will be any law enforcement action taken, if any, I do not know.
Q: OK, can you compare that to what the Department has talked about previously which are, what are the legitimate law enforcement uses of airport security beyond securing the airport?
A: Absolutely, it is very clearly delineated in the Privacy Act notice of August of last year and that is- there is a misperception that we have grown that part of the program- it is more correct to say that we have significantly narrowed the proposal from January of last year. The language says that the program may be used to find persons who are on outstanding warrants for crimes of violence under a federal or state warrant.
Q: Which probably doesn’t include identity theft?
A: No, identity theft is not a crime of violence.
A: Mark Hatfield: I want to try to clarify something because I think it is a great question. The first piece which we know and there has been a lot of discussion on is what type of criminal warrant will flag action and we know that that has been narrowed significantly to an outstanding state or federal warrant for a violent felony. It would not be an outstanding warrant for credit card fraud. However, what you’re discussing- your scenario is a crime in progress and it would be very similar to someone presenting a stolen credit card at Macy’s- what are the options? They can call security, they can seize the credit card, the computer tells them something because something is wrong. I think we do need to come up with a policy how we deal with a crime in progress.
Q: Under that scenario, could he say his privacy was violated because CAPPS II was used in ways it wasn’t specified to be used?
A: Mark Hatfield- I think that aspect of this needs to be looked at and again it happens at the department store when you go to use a stolen credit card.
Q: But would you let them on the plane? At Macy’s you can’t buy the undies if they try to use someone’s credit card- would you let them on the plane? But what if there was a deadbeat dad that shouldn’t be crossing state line?
A: Nuala O’Connor Kelly- That is clearly addressed that a deadbeat dad does not qualify as a crime of violence under the federal criminal statute.
Q: But the government would be identifying people who are committing crimes?
A: Who have outstanding warrants- we’re actually not identifying them at all. The only people we are identifying are those who have outstanding warrants who actively evading a warrant for a crime of violence which is a defined term in the federal criminal statute. But your point is still an incredibly good one because you have also pinpointed a similarity that this is essentially off-the-shelf technology, this is extremely similar to the kinds of technology used to do risk analyses for credit card use or fraud detection that most Americans are quite comfortable with in that context but we need to make sure we have good rules to use, that kind of analysis in the security context. I think the answer is we do not have a fully developed process for law enforcement interdiction of identity theft. We certainly do have those processes for crimes of violence and we’d know which agency would be called.
Q: That’s my next question. I would assume that this is not exactly a privacy issue but everyday in the course of everyday security work at an airport, you find guns, drugs, huge volumes of cash, other things. What do you do- do you arrest those people?
A: Mark Hatfield- Our enforcement power is through the local law enforcement agency of jurisdiction in a given airport.
Q: And they are there? If you find a gun in a checked bag or cash?
A: Mark Hatfield- That’s our standard operating procedure to call law enforcement.
A: Nuala O’Connor Kelly- So it’s likely to follow a similar procedure where they’ll be referred to local law enforcement and law enforcement makes the decision whether they are going to take action.
Q: Sounds like this could happen but you don’t have it quite flushed out? But I thought the whole point was that the right people are getting on the airplane- I thought if you find out that this isn’t Matthew Wald, presumably you won’t let him get on the plane, right- if someone hasn’t stolen his identity?
A: Nuala O’Connor Kelly- I think if we can’t verify the true identity of the person standing in front of us- you’re likely right that the person won’t fly.
Q: I thought that was the whole purpose of the program? But they assign a risk level and that person is sent to secondary screening because of that risk level and they may or may not know- it won’t come up positive for Matt Wald or negative for Matt Wald?
Q: Could I take the questioning about identity theft a little further- I understand that there are about 50 airports that have no law enforcement presence at all- these are very, very small airports and the regional airlines are very concerned because they have to fly people but there are maybe four TSA screeners in Klamath Falls and a violent killer or terrorist shows up- I mean what are they going to do- hit them with their wands?
A: Mark Hatfield- No, they send in law enforcement at each of those airports- it has actually been looked at each of those airports because you are correct because there are some that don’t have resident law enforcement. They have to be within a certain response time and in fact we have actually gone back and made special arrangements at some- there are a couple in upstate New York- where the response time was outside of an acceptable range so we have actually provided funding to bring an officer back to have a stationed duty at the airport.
Q: Do you know if you can’t verify someone’s identity- does that make them a red or does that make them a yellow?
A: Nuala O’Connor Kelly - As I understand it right now, it sends them to secondary screening.
Q: And if it still can’t be identified that Joe Smith is Joe Smith, are they still allowed to fly?
A: Nuala O’Connor Kelly - I don’t know.
Q: But I thought the whole purpose of the CAPPS II program was to confirm that the person who was flying was the person who was flying? If that can’t be confirmed, can that person fly?
A: Nuala O’Connor Kelly - Number one purpose of the program is to prevent known terrorists and affiliates of known terrorist and those with outstanding criminal warrants from getting on the airplane. The secondary purpose is to prevent identity theft and prevent people from flying who are using someone else’s identity and if we absolutely can not confirm an identity, I think then you would bring in law enforcement through the same procedures you would bring in for any other ongoing crime that is happening in front of you. Ultimately, the law enforcement piece is in the discretion of the law enforcement agency whether it is federal, state or local agency they decide what action is taken if there is an ongoing crime in front of them.
A: Dennis Murphy, Communications Director, Border and Transportation Security, Department of Homeland Security - I think it’s important- what Asa was talking about was that there are varying degrees- there are identity questions and then identity theft. What he was saying was that there are varying degrees that if after the checks there is a question that the system has raised, clearly then that person needs to be screened to make sure that they are not a threat to the plane but if all of a sudden there is a total disconnect with the identity of that person we don’t know that that person is Matthew Wald- then that becomes a potential threat to the plane and that person is assuming a different identity, we need to validate that before we let that person on the plane. Now how you do that, the protocols you follow and then what happens when you have a person with a complete set of identity but is not that person then that has to be the law enforcement protocol at that point but the first step is- you see that major disconnect then that becomes the question of whether or not that person is who say they are and should they or should they not be allowed to fly so there are varying degrees as he was pointing out.
Q: Can I be a nattering nabob of negativism here but it seems to me that there are a lot of questions that no one knows the answers to? We’re pretty far down the path- let alone the part that we don’t have consolidated watch lists yet to even figure out at the second and third stage that if we have someone how reliable is it going to be that we’re going to know who is at the other end? It seems to me that it’s really still pre-testing stage still?
A: Dennis Murphy - Well, we haven’t tested.
Q: But the whole point is you want to get to testing- that’s my point is this really even ready for testing?
A: Nuala O’Connor Kelly - I would actually challenge what you just said- these are the types of questions that will need to be answered through testing. That is exactly right. These are the same questions that I have, these are the same questions that the advocates have. What is the system really going to mean for passengers? Is it going to improve wait times? Is it going to improve their airport experience? Is it going to be more accurate. As I was saying before, the primary purpose, obviously, is to prevent persons who are a threat to the airplane from getting on the airplane. The secondary purpose is to hopefully make a better experience for everybody else who is flying- the 99.99% of good people who are just trying to get to their daughter’s wedding or their business meeting or whatever. Do I know the answers to all the protocols? No, they have not been built yet. The GAO Report is right- there are lots of questions that are unanswered- that does not mean they are unanswerable. It is absolutely an incomplete status right now but that does not mean it is necessarily a good or bad program- it simply means it is a program that is evolving like any technology development like any program development- this program is at a stage that certainly is not ready for deployment in active live airports but that does not necessarily mean that it shouldn’t be tested or studied or considered further to answer these questions. If this program does work as those who believe it can work, it is going to be a good thing for all traveling Americans. If it does not work as promised, then we need to sit back and consider other alternatives but we have to find an answer. We can not keep having airplanes not fly. We can’t keep having people considered about their security of themselves and their children. We will continue to work on the issues of privacy and the issue of civil liberties impacts and my office will continue to study them and continue to have the same questions that you have and that’s the role that my office plays in the development.
Q: Related question- If my identity is stolen and then, I myself, the real me goes to the airport- is that one of the disadvantaged groups that you have to look out for?
A: Nuala O’Connor Kelly - The unexpected, the inadvertent is absolutely the kind of thing that needs to be tested.
Q: Because there are in fact hundreds of thousands of new cases of identity theft each year?
A: Nuala O’Connor Kelly - Absolutely.
Q: You went through one and two- is three, the red, yellow, green?
A: Nuala O’Connor Kelly - The third stage of the program that I think would set CAPPS II head and shoulders above a CAPPS I and that is the ability because this is technologically superior development, we hope, to infuse real-time intelligence data into the system immediately. So that you can alert screeners, essentially electronically or through changing the algorithms in the system on a certain day for a certain airport that there is a particular threat against a particular airport or a threat against a particular airline or a threat against a particular itinerary or agenda based on intelligence chatter.
Q: So you’re saying this system will give you better means to notify about intelligence concerns?
A: Nuala O’Connor Kelly - Can actually infuse them into the algorithms that score passengers that send them to first or secondary screening or prevent them from getting on the airline.
Q: When will the screening be turned over, transferred to the TSA officials? At what time will the TSA official see it after it has been collected?
A: Nuala O’Connor Kelly - I think at the time the initial algorithm is run, when the data is collected. So there will be some time obviously before the initial screening of the passenger to see that and analyze that- that’s why we come in a certain number of hours before the flight instead of just at the flight.
Q: One privacy advocate says and I’ll let you knock it down- he says that what CAPPS II does is that for the very first time the U.S. government is telling travelers whether or not they can travel- that’s never happened in the history of this country. Do you see it as that?
A: Nuala O’Connor Kelly - I do not see it as the government can’t travel. I think it’s the government trying to secure a form of transportation that has been the focus of an on-going terrorist attention. I think the government would be not diligent in its efforts and would be failing the American people to not be thinking about the most superior technological and human innovation to make airlines safety and security better. But it is absolutely not true that we are telling people that they can’t fly- in fact what we are doing by strengthening the air system is telling people that they should fly and that they should be confident when they are flying. When you suggest that I am going to knock down what the privacy advocates say that’s actually a faulty assumption- I talk to privacy advocates probably than I work with at Homeland Security. I think there is a great deal of misinformation about the program. I think we do need to continue a responsible debate about the scope of the program, about the impact of the program on innocent travelers but I also think we need to have a conversation about how we are addressing security in this mode of transportation. As you all know, didn’t British Airways cancel another flight today? It is an on-going focus of risk and of threat in this country and elsewhere and I think we owe it to the citizens to get this right.
Q: I don’t think Congress was real happy with the report because a lot of them want CAPPS II- do you think this will undermine Congressional support?
A: Nuala O’Connor Kelly - I will say it’s a fair report.