DHS screening to require air travellers to fork out more info

Long delayed data-matching program to finally go live

Starting early next year, US domestic air travellers will have to provide their birth date and gender, as well as their full names to the airline when making flight reservations.

Domestic airlines are required to collect the additional information under a Transportation Security Administration (TSA) programme called Secure Flight, which after five years of delay and controversy finally became a formal security rule last month.

The goal behind gathering the data, according to the TSA is to reduce errors and to speed up the pre-flight process of comparing passenger information against a government-maintained terror and no-fly watch lists. The requirement will also apply to nontravelers escorting disabled persons or minors to departure gates.

Secure Flight directs the TSA, which is part of the US Department of Homeland Security (DHS), to take over the responsibility for pre-flight validations from the airline companies, which have been conducting the process for the past few years. Secure Flight will go into effect 60 days after the rule is published in the Federal Register.

At that point, the airlines will be required to start sending passenger data to the TSA via a single DHS web portal. The TSA will compare the information with selected data in a broader government repository known as the Terrorist Screening Database and issue a "boarding pass result" back to the airline. The result will inform the airline to issue an unrestricted boarding pass, deny it or issue one with enhanced screening requirements. In most cases passenger data will not be stored for more than seven days, according to the TSA.

Initially, the TSA will prescreen for domestic travel only. Sometime in the second half of 2009, the agency will also take over responsibility for prescreening of international travellers, which is currently carried out by US Customs and Border Protection (CBP).

The Secure Flight programme, previously called CAPPS II for Computer Assisted Passenger Prescreening System, was established in the aftermath of the terrorist attacks of September 11, 2001.

However, almost since the beginning, CAPPS II, and later Secure Flight, have faced vigourous opposition from privacy and civil rights groups, which have called the idea unworkable and an invasion of privacy.

The concerns have centred on the secrecy surrounding the process and on the information the government uses for determining traveller risk, the potential for misidentification on a large scale and the almost nonexistent provisions for redress in the event of misidentification.

Such issues led to cancellation of the CAPPS II effort in August 2004 and the subsequent launch of Secure Flight almost immediately thereafter.

Less than two years later, however, Secure Flight was also temporarily suspended amid similar concerns, especially after they were echoed in a February 2006 audit report from the Government Accountability Office (GAO).

The GAO report raised concerns about the accuracy and completeness of the data contained in the government terror database, the name-matching technologies used for Secure Flight and the lack of preparedness for dealing with false positives.

Secure Flight was revived in August 2007, amid promises of better privacy protections. The privacy enhancements included the elimination of an especially controversial proposal to assign terrorist risk scores and risk profiles to air travellers and a promise not to use data from commercial sources.

Some of the same groups that attacked the effort in the past welcomed the changes that were made in the final rule, but expressed continuing reservations over the programme.

Marc Rotenberg, executive director of the Electronic Privacy Information Centre (EPIC), in Washington, says one key problem that remains unaddressed is the secrecy surrounding the method used by the government to arrive at a risk determination. An individual identified as a potential threat has "no meaningful opportunity to know the basis of that determination and to challenge that," he says. "That violates the spirit of the Privacy Act," he adds.

The American Civil Liberties Union, which has been an ardent critic of the effort, welcomed the changes that were made to Secure Flight in response to the criticism. But potential problems remain, including the quality of data in the terror database and the lack of adequate redress for those mistakenly fingered as terrorists by the programme, the ACLU said in a statement.

Join the newsletter!

Error: Please check your email address.

Tags TSADHSsecure flightSecurity IDdata-matching

Show Comments
[]