If the loss of one's personal privacy is not enough, then the biggest concern regarding CAPPS II is the threat of Identity Theft. ID theft is the fastest growing crime on the Internet and is not under control.
As reported here recently, the CAPPS (Computer Assisted Passenger Pre-screening System) presents a serious privacy risk.
Anybody who has been affected by ID theft knows what this means. If criminals can apply for credit cards in your name, it can undermine your financial credibility. Cleaning up the theft issue will certainly cost a lot of your precious time and furthermore, it could even affect your health if you are of a nervous disposition.
Hacking of databases and breaches of security are commonplace, even intentional privacy violations.
Naturally, the collection and exchange of your critical credit card data is excluded if you pay for goods and airline tickets in cash. However, who carries cash these days? Those who do pay in cash for some reason are often suspected of being involved in criminal dealings. Beside the security risk, there are even restrictions as to how much cash you can legally carry over country borders.
Your credit card data is however only part of the story. The remainder of your personal data must be given to your airline or travel agent or you will not be able to fly to or via the USA.
Prof. Arturo Quirantes Sierra (Cryptography Dept., University of Granada, Spain) lodged a complaint to his airline. So far, he has identified 42 different data elements including your home address, date of birth, telephone and email that are collected.
To clarify where CAPPS could lead, I mentioned that by knowing the right people, I would be able to get hold of the phone number of the lady sitting next to me on my last flight.
I have not yet seen figures for the cost of building this huge database, but it is likely to be substantial. As the Airlines have been made responsible for collecting this data, airfares will rise. Let me re-phrase the implication. You will be paying your selected airline more money than presently to put your personal data in possibly insecure databases for unspecified use.
People and organisations that do not have your personal data cannot compromise you. Period!
