GovernmentExecutive.com

The Transportation Security Administration wants commercial airlines to hand over records for people who traveled within the United States during June in order to test a new passenger prescreening program.

The agency issued documents Tuesday for the Secure Flight program, which is intended to compare information on passengers against government watch lists of suspected terrorists. TSA published a privacy impact assessment and system of records notice for the program, along with a draft order that would require airlines to turn over records on people who flew within this country in June. Comments on the draft order are due within 30 days, after which a final order for the information will be made to the nation's 77 commercial airlines.

"This is a big effort on our part to get information from the airlines and from the public before we actually issue the final information request," said TSA spokesman Darrin Kayser. "It's a very unique thing. We are giving the airlines some time."

He said TSA recognizes that the airlines need time to review the draft order and get their information in order. June was chosen because it is a recent, high-travel month, Kayser said. He added that the month chosen does not have anything to do with the national threat level, which remains high for the Washington area and New York City.

Secure Flight was developed after a highly controversial previous effort--the Computer Assisted Passenger Pre-Screening System II--was shelved amid widespread concerns about privacy and technical issues.

The type of data contained in passenger name records varies between airlines. The information TSA seeks for testing, however, includes a passenger's full name, contact phone number, mailing address and travel itinerary for domestic flight segments that were completed prior to June 30, 2004.

Under the program, that information will be compared to databases maintained by the Terrorist Screening Center, which includes expanded no-fly and selectee lists.

"TSA envisions that carriers may be required to collect [the] full passenger name and possibly one other element of information under a fully implemented operational Secure Flight program," the privacy impact assessment states. "However, TSA will not make such determination until the initial test phase results can be assessed and an additional privacy impact assessment is published."

The draft order adds that TSA will take over responsibility for checking airline passengers' names against expanded no-fly and selectee lists, or comparing names to lists of individuals known to pose or suspected of posing a threat to civil aviation or national security. That is now done by the individual airlines.

Data from testing will not be transmitted to airport screeners or used for screening purposes. TSA said the information will not be used for any purpose other than analysis, but "if an indication of terrorist or possible terrorist activity is revealed during the test phase, appropriate action will be taken, to include possibly providing information in the system of records to relevant law enforcement agencies."

In addition to comparing passenger information to databases at the Terrorist Screening Center, TSA will also test the use of commercial data to determine if that data is effective in identifying passenger information that is incorrect or inaccurate. The testing will involve commercial data aggregators that provide services to the banking, home mortgage and credit industries.

TSA said it will defer any decision on whether commercial data will be used in the final Secure Flight program until a thorough assessment of test results is completed and a new system of records notice is published outlining how commercial data might be used and privacy protected.

"TSA appreciates the privacy risk inherent in any airline prescreening program in which passenger name record information is provided to the federal government for use in conducting the prescreening," the agency stated. "However, TSA also recognizes that the risk is necessary for ensuring the security of our air transportation system. TSA believes it has taken action to mitigate any privacy risk by designing its next generation passenger prescreening program to accommodate concerns expressed by privacy advocates, foreign counterparts and others."

COMMENTS

• This is another ridiculous move by TSA and homeland security to look good when they are not. Any airline that provides such information based on a TSA order should be boycotted by the flying public! Every airline should refuse to provide the information no matter what and force TSA to go to court so that we get a court ruling on whether the TSA has such authority. If TSA has such authority the terrorists have won the war. The land of the free is no longer free! tax payer Posted September 27, 2004 7:28 AM
• Oh yea, CAPPS II was scrapped, so let's force the airlines to give us the info and change the name. We lied about DATA MINING and spun the news until nobody was looking. We blamed it on the contractors and got away with it. Yahoo! High five me my fellow TSA flunky!(or DHS) It's the borders you morons, it always was! (Unless of course it's Cat Stevens) Wait... that's him! Who? Stop him! I want him strip searched this time with a full body cavity search! Yea but... But what? It's Ted Kennedy again! Always after the fact, all for show ... the TSA should go... Shame on you! WATCHDOGS 905 GovExec.com reader Posted September 26, 2004 9:02 PM
• I would like to know why they aren't doing testing of the system with dummy data instead of 'live' data. As a computer security professional, I deal with system testing and most of the time when a brand new system is being tested, phony or dummy data is used until the bugs are fixed, then level 2 testing woudl include live data. The government shouldn't be using real data because even the information from June can be used for illegal purposes if it gets into the wrong hands. And I don't think the gov't is the best hands looking at the current state of computer security. GovExec.com reader Posted September 23, 2004 3:35 PM