Secure Flight Program Moves To Test Phase

Transportation Security Administration set to collect passenger data from airlines
The Transportation Security Administration last week moved forward with plans to test its new Secure Flight passenger-screening system. By the end of October, all domestic airlines must submit to TSA passenger-name record data for flights that took place during the month of June. TSA will compare this data, including passenger name, reservation date, travel itinerary, and form of payment, against watch lists held in the Terrorist Screening Database.

TSA, which operates within the Homeland Security Department, will use the data to test the load capacity and accuracy of Secure Flight's underlying technology. The administration has issued a legal order to compel airlines to provide passenger data because it wants realistic data to compare against the Terrorist Screening Database, which contains information contributed by the Homeland Security, Justice, and State departments and by the intelligence community. The Terrorist Screening Center, established in December, administers the database to help law enforcement identify known or suspected terrorists.

Secure Flight has addressed privacy from the start, says Nuala O'Connor Kelly, Homeland Security's chief privacy officer. Photo by David Deal

Secure Flight has addressed privacy from the start, O'Connor Kelly says.

Photo by David Deal
Secure Flight is intended to keep suspicious passengers from boarding domestic flights. The differences between Secure Flight and its failed predecessor, the Computer Assisted Passenger Prescreening System (CAPPS II), are sufficient to ensure that TSA is giving strong consideration to privacy issues, says Nuala O'Connor Kelly, Homeland Security's chief privacy officer.

Unlike CAPPS II, Secure Flight proposes to use passenger-name data solely to combat terrorism and not for other law-enforcement purposes, TSA privacy officer Lisa Dean wrote in a memo describing Secure Flight. The proposed program also lets TSA take sole responsibility for running passenger-name comparisons against the Terrorist Screening Database, rather than relying on airlines to do this themselves. Secure Flight is limited to domestic flights. International terrorist screening will continue to be conducted by Customs and Border Protection.

"The difference between Secure Flight and some of the other [proposed] programs is that privacy concerns were infused from the beginning," says O'Connor Kelly, who will review TSA's efforts before a final program is designed.

The airline industry has generally tried to accommodate TSA's security initiatives. "We like the idea of a faster, smarter way of screening people before they set foot in an airport," says Doug Wills, VP of communications for the Air Transport Association, an airline lobbyist organization. "But the airlines have voiced concern that the privacy part is done right."

The association will submit to TSA a paper outlining the airlines' concerns about the lack of detail included in the Secure Flight proposal to date. Airlines would prefer that the administration accept their passenger-name record data as is, Wills says, rather than making them adhere to a data format that would cost time and money to implement.

TSA contends that Secure Flight is consistent with the 9/11 Commission recommendations that the federal government take over responsibility for checking airline passengers' names against expanded "no-fly" and "automatic selectee" lists from the individual airlines, and that airlines be required to supply data to test and implement the new system.

To comply with the program, each airline by next week must submit a plan for meeting TSA's requirements and submit actual data by Oct. 29. The administration expects the Secure Flight test to cost $810,000, which will be shared by the 77 domestic airlines.