TSA officials cite challenges in revised passenger screening program

Transportation Security Administration officials on Thursday outlined some of the toughest challenges they face in developing and implementing a revised screening system for airline passengers.

TSA will begin internal testing of the system known as Secure Flight in November, and hopes to begin implementing it at airports across the country within five months, said Justin Oberman, director of the agency's office of national risk assessment. The system will compare information on every passenger, such as name and date of birth, to FBI watchlists of known or suspected terrorists.

"We're finally off to the races," Oberman said. "It's going to be a wild ride but we feel good about where we're at today."

For testing purposes, TSA issued a draft order to the nation's airlines last month that would require them to turn over records on all passengers who took a domestic flight last June--about 50 million people. Public comments on the order are due by Monday. Oberman said a final order to the airlines for the records is expected next week.

The goal of Secure Flight is to determine if somebody is lying about who they say they are and, therefore, needs secondary screening before boarding a flight, Oberman said. He emphasized that TSA is not looking for criminals but rather for known or suspected terrorists.

Secure Flight is not intended to prosecute people who are caught by the system, Oberman said, but airports most likely will notify law enforcement agencies, including the FBI, when somebody is tagged.

According to Oberman, the biggest challenges for Secure Flight include stress testing, or making sure the system works during high-travel times without causing flight delays; developing software that accurately identifies people; and determining whether commercial data can be used to improve the system's efficiency.

TSA plans to competitively bid for testing Secure Flight and determining whether commercial data can be used, Oberman said.

Another challenge is determining whether airlines have to change their reservation systems in order to comply with Secure Flight. For example, the FBI terrorist watchlists include names and birthdates, but most airline reservation systems do not ask for birth information.

"We may have to compel the dates of birth to be required," Oberman said, adding that TSA plans to "work closely" with airlines to make any modifications.

In the long run, Oberman contends, Secure Flight will reduce costs to airlines because they no longer will have to spend their own money on labor and administrative costs to screen passengers. Today, airlines are responsible for comparing passenger information to government watchlists.

Additionally, Oberman said TSA might take over the cost and administration of the Computer Assisted Passenger Prescreening System, which has been used by airlines since the 1990s to determine if people need secondary screening.

Critics, however, remain concerned that people's privacy rights might be violated by the system, especially if watchlists are inaccurate.

Last month, the Electronic Privacy Information Center filed a Freedom of Information Act request for information about how the FBI intends to protect the privacy of travelers as it maintains records in its terrorist-screening database.

EPIC asked the transportation agency for more information on how it plans to help maintain the database, arguing that the public does not know how people are placed on the lists, how the FBI maintains the lists, or the procedures that the FBI follows in protecting privacy.

Oberman said TSA is working with the FBI on protocols for Secure Flight and how to do name matches. He added that additional staff will be needed. "We're going to need human beings to help analyze results and make determinations," he said.

TSA also is evaluating what other agencies, if any, the passenger information should be shared with, Oberman said.

In order to address privacy and civil rights concerns, TSA plans to create an office of identity protection exclusively to help passengers resolve discrepancies. The agency also plans to issue a new privacy impact assessment before rolling out Secure Flight next year.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.