The Transportation Security Administration on Dec. 29 officially began the implementation phase of Secure Flight, its controversial passenger prescreening program. The program's activation came after years of development and debate, and three weeks before the end of the administration that created it.
Though it "does not directly regulate travel agents," Secure Flight requires agencies to prepare their systems and processes for a role in collecting traveler information. That means spending money to adapt systems and train agents to collect the required information.
Secure Flight calls on TSA to assume from airlines the responsibility for matching passenger names to federal watch lists before flight departures, as recommended by the "9/11 Commission Report" to the U.S. Congress. The federal agency would inform airlines operating in, to, from or over the United States which passengers are permitted to board after reviewing every passenger's full name, date of birth and gender, which are collected at the time of booking.
According to U.S. Department of Homeland Security Secretary Michael Chertoff, the program will produce "a more consistent passenger prescreening process, ultimately reducing the number of misidentification issues."
Airlines now are required "to ensure that travel agencies request the additional passenger information" and post a Secure Flight privacy notice to their Web sites, TSA explained. In responding to public comments filed in 2007, TSA said it disagreed that airlines have no ability to impose such requirements on travel agencies and other third parties. "Because aircraft operators control the inventory of seats on their airplanes, TSA believes that it is reasonable to expect that aircraft operators will include in their agreements with third-party agents who sell tickets on the aircraft operator's behalf a requirement to collect the necessary data for the aircraft operator to comply with this rule," TSA wrote.
Bumpy Ride
Secure Flight has experienced a bumpy development. Its precursor, the second-generation Computer Assisted Passenger Prescreening System program (CAPPS II), was introduced in 2003 but shelved in 2004 amid scrutiny and criticism. Later that year, TSA announced its intention to replace CAPPS II with Secure Flight, but the agency in 2006 suspended development following critical congressional testimony by the U.S. Government Accountability Office.
In October 2007, TSA began collecting public feedback on a revamped version of the program and heard plenty of criticism from privacy advocates, airlines, associations and other travel industry constituents.
A year later, TSA issued a final rule largely similar to the proposed rule--with some tweaks. TSA kept unchanged its requirement that airlines transmit Secure Flight information "approximately 72 hours prior to the scheduled flight departure time." For reservations made within 72 hours, airlines must provide passenger information "as soon as it becomes available."
Secure Flight will be implemented in two phases, first for domestic flights and then, "in late 2009," for international flights. U.S. Customs and Border Protection, not the airlines, thus far has been responsible for the international watch list-matching function.
Airlines will be brought into the program gradually to allow for operational testing, addressing concerns that some airlines and third-party agents would not have sufficient time to enact "all the necessary technological and process changes," according to TSA.
The National Business Travel Association and the American Society of Travel Agents were satisfied that TSA expanded the Secure Flight adoption period to as long as 270 days (from 60 in TSA's earlier proposal), providing more time for airlines, travel agents and other third parties to reprogram booking systems. ASTA also applauded TSA for not requiring travel agencies to ask clients with electronic profiles for Secure Flight information "repetitively for each booking; they can just prepopulate the passenger name record with the stored information."
TSA also relented to ASTA demands in deciding that group reservations can be accepted by airlines without full Secure Flight information provided for each traveler in the group. "Once a covered aircraft operator receives the full name, date of birth and gender associated with the blocked or group space, the aircraft operator must transmit that [information] to TSA in accordance with this final rule," TSA wrote.
"Most of the questions that could be answered were, and mostly in a satisfactory way," according to an email from ASTA senior vice president for legal and industry affairs Paul Ruden to Management.travel. "What remains, unfortunately, is for the airlines and global distribution systems to sort out how they will instruct agents to enter the Secure Flight data into passenger name records. TSA says it doesn't regulate agents, so the job falls to the airlines who are themselves just now figuring out what they have to do to comply. We have advised members to begin immediately collecting the Secure Flight data, but not to put it in profiles yet, since there are no instructions from the carriers/GDSs to rely on."
TSA estimated that the average annual cost for the travel agency sector would range from $26 million to $39.4 million. Those costs would include system reprogramming (including updated data fields for electronic profiles), updating agent scripts for taking passenger reservations and agent training. Based on industry feedback, TSA determined that telephonic reservations via travel agents would on average be lengthened by 25 seconds in order to collect additional passenger information.
"Since airlines will enter the program sequentially, there will be a learning curve about which data to collect for whom," Ruden explained. "These are, I believe, an inescapable result of the decision by Congress to shift the watch list-matching function from the airlines to the government. Once that decision was made, all the costs and other problems flow almost automatically."
According to a statement from NBTA executive director Bill Connors, "Secure Flight is not a silver bullet to enhance security and facilitation at our airports, but it is a necessary and long-overdue component of an effective security strategy."
The Association of Corporate Travel Executives, which in 2007 noted "serious concerns" related to how the federal government would collect, use, store and correct passenger data, did not comment after the final rule was published.