Privacy, security experts urge delay of passenger screening system

Congress should stop plans to do a live test of a controversial airline passenger screening system until the Department of Homeland Security's top official provides more details about how it works and the program's privacy policies, a panel of privacy and security experts said in a report to be published Monday.

The department's Transportation Security Administration has said it plans to conduct live tests at the end of the year of the next-generation airline passenger screening system known as Secure Flight.

The proposed system has come under fire both from privacy advocates and the Justice Department's inspector general, who released a critical report earlier this month.

The panel of nine security and privacy experts, which included Princeton University computer science professor Edward Felten and Bruce Schneier, founder of the Internet security firm Counterpane, said in the report that DHS Secretary Michael Chertoff should provide Congress with a signed, written statement on the goals of the project - goals that could only be changed on Chertoff's orders.

The department also should provide information on the technologies used in the Secure Flight program, how it works to achieve the stated goals, and what policies are in place to make sure that the stated goals are achieved. The panelists said they also want DHS to provide specifics on what information it collects about people, where the information comes from, how "it flows through the system," who has access to the information, and what the procedures are for its destruction.

"We believe live testing of Secure Flight should not commence until there has been adequate time to review, comment, and conduct a public debate on the additional documentation outlined above," said the report, a portion of which was obtained in advance by Technology Daily.

The report also provides recommendations on Secure Flight's future development in the areas of policy, regulatory and oversight structure, test uses of commercial data, the system's architecture, and the way it matches identities.

The report was discussed Thursday morning at a meeting convened by TSA's Aviation Security Advisory Committee (ASAC.) The committee is composed of aviation industry associations, consumer rights organizations and labor unions, which provide feedback on administration policies through written reports. The work of the panelists -- called the Secure Flight Working Group -- was conducted on behalf of ASAC at the request of the TSA last year.

ASAC members received the report last Monday, and were asked by TSA officials at the meeting to vote on sending the report back immediately for review at the DHS' privacy office.

While some of the members said they did not have a chance to review the information, the committee agreed to send the report back to the privacy office immediately. Committee member Paul Hudson, founder of the independent public interest group the Aviation Consumer Action Project, obtained permission to send written comments for the record within 15 days.

"I certainly don't support the actions recommended at the end of [the report]. They would essentially be turning over the combination of the safe ... to the terrorists," he said.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

    Download
  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

    Download
  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

    Download
  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

    Download
  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

    Download

When you download a report, your information may be shared with the underwriters of that document.