Bomb attempt leads to tighter No Fly List rules

Airlines must check list within two hours of receiving an update alert

The close call Monday in which a suspected terrorist nearly took off on a plane to Dubai after a botched bombing attempt in New York City has led the Transportation Security Administration to tighten procedures for checking passengers against the U.S. government's No Fly List.

Effective immediately, airlines will be required to review No Fly Lists within two hours of being notified of a list update, according to an official at the U.S. Department of Homeland Security, which oversees the TSA. Up to now, airlines had 24 hours to review the lists after receiving word of an update.

The new requirement is designed to ensure that airlines vet "expedited additions" to the No Fly List in a timely fashion, the official said.

Faisal Shahzad, who is alleged to have attempted to detonate a car bomb in New York City's Times Square, was able to purchase a ticket and obtain a boarding pass on a flight bound for Dubai though his name had been added on an expedited basis to the No Fly List.

Shahzad was arrested onboard the airline minutes before it was scheduled to push back from the gate at John F. Kennedy International Airport. Early news media reports said the flight had pushed back from the gate but was then recalled and boarded by law enforcement authorities who arrested Shahzad.

"The airline seemingly didn't check the name," thereby permitting Shahzad to board the flight, the official said.

"Under the new measure, [airlines] will be required to check within two hours of being electronically notified of a special circumstance expedited No Fly name," the official said.

The No Fly List is compiled and maintained by law enforcement and intelligence agencies and the TSA under its Secure Flight program. It is a list of people who are not permitted to board a commercial aircraft for domestic or international travel because of security concerns.

Initially, airlines were primarily responsible for vetting their passenger manifests against the No Fly List to ensure that persons prohibited from commercial air travel did not board their flights. Under the DHS' Secure Flight program, which went into effect in 2008, the TSA assumed responsibility for matching passenger data against data in a government repository known as the Terrorist Screening Database. The names in the database are compiled from commercial, government, law enforcement and intelligence sources as well as from federal anti-terror data mining programs.

Under the program, airlines submit passenger names to the TSA via a secure Web portal. The TSA vets the information and issues a so-called "boarding pass result" to the airline, which then may issue an unrestricted boarding pass, deny a boarding pass or issue one with enhanced screening requirements.

At first, the TSA prescreened travelers for domestic travel only, but starting in the second half of last year, the agency began phasing in responsibility for prescreening of international travelers -- a task which used to be carried out by U.S. Customs and Border Protection (CBP).

As part of Secure Flight, airline passengers are required to reveal more personal information, such as date of birth and gender. The TSA maintains that it requires the additional information to minimize the potential for false positives.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is

Copyright © 2010 IDG Communications, Inc.

Shop Tech Products at Amazon