The Transportation Security Administration this fall plans to test with select airlines the latest version of its Secure Flight passenger-prescreening program, through which the government, rather than the airlines, would check passenger data against government watchlists in efforts to bolster air travel security. TSA last week said it plans to complete the domestic portion of the program in the first year following approval, and the international component in the second year.
TSA Aug. 9 outlined in a proposed rulemaking a revamped Secure Flight aimed to address privacy, operational and data accuracy concerns, among others. Previous attempts to launch the program came undone after failing to meet congressional standards.
TSA last week said it plans to merge international prescreening components of the Customs and Border Protection's Advance Passenger Information System with the Secure Flight program. The Department of Homeland Security last week separately published a final ruling on the APIS program to enable the U.S. government to collect flight manifests before flights depart for the United States.
"We're prepared to begin testing this system and we'll continue to work with the travel industry, airlines and other stakeholders in developing the program," Homeland Security secretary Michael Chertoff said Thursday, noting that such "feedback is going to be an important element of what we take into account before we finalize the rule next year."
TSA said it would seek comments on the Secure Flight program for 60 days.
The proposed program would give TSA access to more passenger data to match against the government's No-Fly watchlist, which it said would create "more accurate, timely and comprehensive screening, and a reduction in false positives." However, by TSA's estimates, the program could add time to the reservations process and create more costs for travel agencies and airlines.
TSA said the new Secure Flight program has been redrawn to only match passenger information with the No-Fly list and other selected lists of the Terrorist Screening Database. However, TSA said it may use "the larger set of watchlists maintained by the federal government, when warranted by security considerations," but asserted it would not use commercial data—a sticking point with critics of earlier attempts at the program.
"The main role of Secure Flight is to prevent people on the No-Fly list from getting on an airplane," a spokesperson told BTN last month. "It is watchlist matching—that's what it will be, and it won't use commercial data. We've spent the last year rebuilding the program to assure both privacy and security."
The National Business Travel Association last week said the proposal "at first glance" appears to be a step in the right direction. "We're going to have to look at it in a lot more detail," a spokesperson said at press time, hours after the 137-page proposal was released. "There are some positive things here. To have the checking of the watchlist in the hands of the TSA instead of in the hands of the airlines is an appropriate step, both from a security perspective and a process perspective."
TSA proposes to request such passenger information as full name, gender and date of birth (see chart). Airlines also are required to transmit "non-personally identifiable information, such as itinerary information, record locator numbers, etc., to allow TSA to effectively prioritize watchlist matching efforts."
TSA is making some passenger information voluntary, but if individuals elect not to provide the information, "TSA may have insufficient information to distinguish him or her from a person on the watchlist" and that such individuals "may be more likely to experience delays, be subject to additional screening, be denied transport or be denied authorization" to move beyond security checkpoints.
While airlines currently match passenger name records to government watchlists, TSA plans to take over the name-matching process and "transmit boarding pass printing instructions back to aircraft operators."
Since carriers no longer would be required to perform name matches, they would be able to "reallocate to other tasks some of their operational resources."
However, if the program moves forward, airlines—and others in the travel industry—might see additional costs as they move to comply with new reservation requirements. "Over the 10-year period from 2008 to 2017, TSA estimated air carriers would incur average annual discounted costs of $15.6 to $52.5 million to reprogram their computer systems to accept the additional data fields required by the rule and achieve two-way connectivity with TSA," the proposal notes.
TSA said the proposed rule would not "directly regulate travel agents," but airlines would be "required to ensure that travel agencies request the additional passenger information," yielding, in TSA's highest-cost scenario, 30 more seconds per airline reservation.
TSA goes on to say, "Costs associated with the reservations process include airline and travel agency costs to make available privacy notices and request additional passenger information." In its "high scenario," TSA said costs for travel agencies could total up to $34.2 million for fiscal year 2008, or 5 cents per booking.
The Association of Corporate Travel Executives said among its primary concerns are additional costs to the travel industry.
At press time, ACTE said it was evaluating the proposal, noting that it would cast the "same critical eye" it placed upon the program's predecessors—CAPPS II and earlier installations of Secure Flight, which left "a lot of unanswered questions," a spokesperson said.
Since Sept. 11, 2001, the federal government has had several starts and stops in instituting its next-generation passenger prescreening system. The U.S. Government Accountability Office in a scathing report on Secure Flight released in 2005 concluded that the program's implementation progress was severely lacking and that the program had failed to meet 10 criteria set by Congress
(BTNonline, March 28, 2005). "The next point of this process is that TSA has met all 10 of these issues," TSA administrator Kip Hawley said at the time. In light of those criteria, TSA before launch must test the system to demonstrate efficiency, assess accuracy of databases, address all privacy concerns and create a redress process for passengers to correct erroneous information, among others.
TSA "rebaselined" Secure Flight to address those 10 concerns, an official said. In regards to watchlist accuracy, TSA said it has "scrubbed" the No-Fly list, ridding it of names of people determined not to be a threat. "The list itself has been cut in half by removing a number of people," a TSA spokesperson said. Chertoff last week said, "It will be a much more up-to-date watchlist than the airlines have, because we'll be getting real-time access to the watchlist."
In the proposed tests, "TSA will compare the results of its watchlist matching with air carrier results to ensure the validity of the Secure Flight system."
Secure Flight also would leverage the Traveler Redress Inquiry Program, launched online by the Department of Homeland Security in February, offering travelers faster means to correct watchlist misidentification issues.