TSA issues draft order to airlines for passenger records

The Transportation Security Administration wants commercial airlines to hand over records for people who traveled within the United States during June in order to test a new passenger prescreening program.

The agency issued documents Tuesday for the Secure Flight program, which is intended to compare information on passengers against government watch lists of suspected terrorists. TSA published a privacy impact assessment and system of records notice for the program, along with a draft order that would require airlines to turn over records on people who flew within this country in June. Comments on the draft order are due within 30 days, after which a final order for the information will be made to the nation's 77 commercial airlines.

"This is a big effort on our part to get information from the airlines and from the public before we actually issue the final information request," said TSA spokesman Darrin Kayser. "It's a very unique thing. We are giving the airlines some time."

He said TSA recognizes that the airlines need time to review the draft order and get their information in order. June was chosen because it is a recent, high-travel month, Kayser said. He added that the month chosen does not have anything to do with the national threat level, which remains high for the Washington area and New York City.

Secure Flight was developed after a highly controversial previous effort--the Computer Assisted Passenger Pre-Screening System II--was shelved amid widespread concerns about privacy and technical issues.

The type of data contained in passenger name records varies between airlines. The information TSA seeks for testing, however, includes a passenger's full name, contact phone number, mailing address and travel itinerary for domestic flight segments that were completed prior to June 30, 2004.

Under the program, that information will be compared to databases maintained by the Terrorist Screening Center, which includes expanded no-fly and selectee lists.

"TSA envisions that carriers may be required to collect [the] full passenger name and possibly one other element of information under a fully implemented operational Secure Flight program," the privacy impact assessment states. "However, TSA will not make such determination until the initial test phase results can be assessed and an additional privacy impact assessment is published."

The draft order adds that TSA will take over responsibility for checking airline passengers' names against expanded no-fly and selectee lists, or comparing names to lists of individuals known to pose or suspected of posing a threat to civil aviation or national security. That is now done by the individual airlines.

Data from testing will not be transmitted to airport screeners or used for screening purposes. TSA said the information will not be used for any purpose other than analysis, but "if an indication of terrorist or possible terrorist activity is revealed during the test phase, appropriate action will be taken, to include possibly providing information in the system of records to relevant law enforcement agencies."

In addition to comparing passenger information to databases at the Terrorist Screening Center, TSA will also test the use of commercial data to determine if that data is effective in identifying passenger information that is incorrect or inaccurate. The testing will involve commercial data aggregators that provide services to the banking, home mortgage and credit industries.

TSA said it will defer any decision on whether commercial data will be used in the final Secure Flight program until a thorough assessment of test results is completed and a new system of records notice is published outlining how commercial data might be used and privacy protected.

"TSA appreciates the privacy risk inherent in any airline prescreening program in which passenger name record information is provided to the federal government for use in conducting the prescreening," the agency stated. "However, TSA also recognizes that the risk is necessary for ensuring the security of our air transportation system. TSA believes it has taken action to mitigate any privacy risk by designing its next generation passenger prescreening program to accommodate concerns expressed by privacy advocates, foreign counterparts and others."