Secure Flight increases privacy protections

TSA admits passenger screening program violated privacy regulations

The Transportation Security Administration's passenger screening system, Secure Flight, violated the privacy of potentially millions of people, a Government Accountability Office audit found last month. In response, TSA has bolstered Secure Flight's privacy protections.

"Specifically, a TSA contractor, acting on behalf of the agency, collected more than 100 million commercial data records containing personal information, such as name, date of birth and telephone number, without informing the public," wrote Cathleen Berrick, GAO's director of homeland security and justice issues, in a July 22 letter to TSA.

TSA supplemented its passenger data with the commercial data to help reduce mistakes when comparing travelers' data to national terrorist watch lists, Berrick wrote.

In September and November 2004, TSA officials published privacy notices about the agency's use of Secure Flight data. They lack legally required details about how TSA and its contractors would collect, use and store commercial data, Berrick wrote. TSA also did not say what the full scope of the data collection would be, she added.

"It paints a very different picture from what they actually did," Berrick said in a phone interview. "Clearly, they violated the Privacy Act," because the public did not know about and could not comment on the use of personal information.

TSA did not intend to violate privacy rules, said Justin Oberman, assistant administrator for the Secure Flight and Registered Traveler programs. Between the time when TSA published the initial notices and finished Secure Flight's tests, program developers had a better idea of how to improve the system, Oberman said. It is common to update privacy notices and other documents to reflect such changes, he said.

After hearing GAO's concerns about the program in June, TSA officials agreed that they were valid and acted to correct the problems, wrote Steven Pecinovsky, director of DHS' GAO/Office of Inspector General Liaison, in a letter responding to GAO's letter.

TSA officials published updated privacy notices to better describe how Secure Flight used commercial data, Pecinovsky wrote. They also vowed to ensure that TSA's chief privacy officer and general counsel would decide whether more changes in data use would warrant another update, he wrote. DHS' chief privacy officer, Nuala O'Connor Kelly, is reviewing Secure Flight's use of passenger data and may recommend additional privacy protections, he added.

TSA officials promised not to use commercial data in the start-up period for Secure Flight, scheduled to begin by early 2006, Pecinovsky wrote.

Too ambitious for its own good?

The Transportation Security Administration has ambitious programs for screening passengers to find terrorists. But flaws constantly derail those programs, said James Dempsey, executive director of the nonprofit Center for Democracy and Technology.

Both Secure Flight and its predecessor, the Computer Assisted Passenger Prescreening System (CAPPS) II, analyze passenger data from airlines to identify suspicious individuals, Dempsey said.

"How that would work has never been described," Dempsey said. "I just think that there is no evidence to support passenger screening systems like that."

TSA violated many privacy regulations while collecting data, seriously weakening public trust in the programs, Dempsey said. Public and congressional outrage forced TSA to scrap CAPPS II in 2004 and replace it with Secure Flight.

Ironically, CAPPS I, CAPPS II's predecessor, was a much more effective system, Dempsey said. Airlines keep the data they collect and follow confidential rules that analyze passenger behavior, such as buying one-way tickets, he said.

Still in use, CAPPS I flagged nine of the 19 Sept. 11, 2001, hijackers without any privacy breaches, Dempsey said.

Despite the problems of Secure Flight and CAPPS II, checking passengers against watch lists of known criminals and terrorists is a legitimate security measure, Dempsey said. To be effective, however, the lists must contain passengers' names and a few other specific categories of information to prevent false positives, he said.

— Michael Arnone

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above