The government's latest passenger prescreening program, Secure Flight, is moving toward a final rule, but industry representatives and privacy watchdogs said the Transportation Security Administration first must address concerns about cost, travel supplier compliance and the accuracy of program watchlists.
TSA in late August submitted its Notice of Proposed Rulemaking for the "rebaselined" program, narrowing its focus on watchlist-matching with the sole aim of preventing terrorists from boarding airplanes (BTN, Aug. 13).
TSA in the latest proposal also is taking responsibility away from airlines for matching passenger names, bringing new requirements for carriers and travel agencies to submit passenger data to the government. TSA proposed carriers would need to comply with the new requirements 60 days after a final rule is issued.
Several people offering written and oral commentary last month said Secure Flight takes steps in the right direction and improves on its failed predecessors, but concerns remain.
The Association of Corporate Travel Executives last month filed comments claiming the latest Secure Flight passenger prescreening system proposal raises data-handling concerns and begs further government watchlist transparency. "On the surface, the new Secure Flight program no longer relies on commercial databases and appears to have reduced the number of names on the no-fly list," said ACTE executive director Susan Gurley.
ACTE said its position "now extends beyond the cost issue to include an individual's right to see what information is in a database that could prevent them from boarding a commercial flight, and to change that data if it is incorrect." In the current environment of suspicion, ACTE said being denied access to travel can impact an executive's corporate standing.
American Civil Liberties Union representative Barry Steinhardt during a public meeting applauded TSA for narrowing the focus of Secure Flight, but told officials that more work needs to be done on the program. Steinhardt blasted the watchlist as "inaccurate" and "bloated." Even after TSA "scrubbed" the no-fly list and claims to have reduced it by half, Steinhardt said, "half of grossly bloated is still bloated."
Steinhardt also said the redress system used by Secure Flight is "Soviet" in its approach—"it is opaque, no one knows how it works, it's done in secret, there is no real opportunity for appeal."
Other comments addressed operations and the logistics of TSA's plan to take over the name-matching process and "transmit boarding pass printing instructions back to aircraft operators." TSA plans to ask airlines to transmit data beginning 72 hours before takeoff.
The 72-hour window needed for airlines to transmit data "is not sufficient," according to Dave Lotterer, vice president of technical services for the Regional Airline Association. He and other airline representatives questioned whether the procedure would impede the ability of airlines to issue boarding passes through their Web sites or offer other remote checkin options.
Lotterer said that while "reservations made within 72 hours of scheduled flight departure time operators are required to transmit data as soon as possible, the preamble states that the TSA will notify the operator that checkin and boarding pass issuance can proceed normally. And then nothing further describes how TSA will provide the results other than to describe the matching process as fully automated."
TSA director of Secure Flight program operations Donald Hubicki said TSA does not want to obstruct carriers from offering remote checkin options and plans to transmit passenger clearance back to airlines "well within or before the 24-hour period at which point in time people might want to print their boarding passes out at home."
Meanwhile, RAA's Lotterer said the proposed 60-day compliance period was too short for many smaller airlines to amend systems to adhere to new data transmission policies. He suggested extending the time for complying to at least a year. He said RAA members "don't do international travel, so the computerized system needed to support this activity certainly isn't in place."
American Society of Travel Agents vice president of legal and industry affairs Paul Ruden also took issue with the 60-day compliance period, noting corporate travel agencies would have to reformat traveler profiles to comply with data transmission standards.
Ruden during commentary said, "It is, however, still unclear to us how the data the travel agents collect will be passed from the global distribution systems, and how it will be recorded in there."
Edward Hasbrouck, a representative of privacy watchdog The Identity Project, said the program's basis of matching watchlists for travel clearances amounts to requiring "permission from the government" for travel—which he argued denies freedoms of "assembly and movement."
TSA head Kip Hawley said last month that the goal is to begin implementation of the program by the end of next year (BTN, Sept. 10).
Hawley said Secure Flight is an improvement because it takes the responsibility away from airlines, "does not use commercial data and does not assign a score based on risk. In addition, TSA does not maintain the watchlist. We receive the watchlist from the terror screening center at the FBI."
The comment period for the program is scheduled to close Oct. 22, and Hawley is scheduled to testify before the Senate Transportation Committee on Oct. 16.