DHS screening to require air travelers to fork out more information

Birth date, gender to be included in Secure Flight validation program

Starting early next year, air travelers will have to provide their birth date and gender, as well as their full names to the airline when making flight reservations.

Domestic airlines are required to collect the additional information under a Transportation Security Administration (TSA) program called Secure Flight, which after five years of delay and controversy finally became a formal security rule this week.

The goal behind gathering the data, according to the TSA is to reduce errors and to speed up the preflight process of comparing passenger information against a government-maintained terror and no-fly watch lists. The requirement will also apply to nontravelers escorting disabled persons or minors to departure gates.

Secure Flight directs the TSA, which is part of the U.S. Department of Homeland Security (DHS), to take over the responsibility for preflight validations from the airline companies, which have been conducting the process for the past few years. Under the final rule issued this week, Secure Flight will go into effect 60 days after the rule is published in the Federal Register.

At that point, the airlines will be required to start sending passenger data to the TSA via a single DHS Web portal. The TSA will compare the information with selected data in a broader government repository known as the Terrorist Screening Database and issue a "boarding pass result" back to the airline. The result will inform the airline to issue an unrestricted boarding pass, deny it or issue one with enhanced screening requirements. In "most cases," passenger data will not be stored for more than seven days, according to the TSA.

Initially, the TSA will prescreen for domestic travel only. Sometime in the second half of 2009, the agency will also take over responsibility for prescreening of international travelers, which is currently carried out by U.S. Customs and Border Protection (CBP).

The Secure Flight program, previously called CAPPS II for Computer Assisted Passenger Prescreening System, was established in the aftermath of the terrorist attacks of Sept. 11, 2001. It is designed to improve domestic air-travel safety and is a critical component of the 9/11 Commission Recommendations Act and the Intelligence Reform and Terrorism Prevention Act.

However almost since the beginning, CAPPS II, and later Secure Flight, have faced vigorous opposition from privacy and civil rights groups, which have called the idea unworkable and an invasion of privacy.

The concerns have centered on the secrecy surrounding the process and on the information the government uses for determining traveler risk, the potential for misidentification on a large scale and the almost nonexistent provisions for redress in the event of misidentification.

Such issues led to cancellation of the CAPPS II effort in August 2004 and the subsequent launch of Secure Flight almost immediately thereafter.

Less than two years later, however, Secure Flight was also temporarily suspended amid similar concerns, especially after they were echoed in a February 2006 audit report from the Government Accountability Office.

The GAO report raised concerns about the accuracy and completeness of the data contained in the government terror database, the name-matching technologies used for Secure Flight and the lack of preparedness for dealing with false positives. The report also noted planning deficiencies in areas such as system requirements, including those for the airlines and the CBP, as well as system security and connectivity issues.

Secure Flight was revived in August 2007, amid promises of better privacy protections. The privacy enhancements included the elimination of an especially controversial proposal to assign terrorist risk scores and risk profiles to air travelers and a promise not to use data from commercial sources.

Some of the same groups that attacked the effort in the past welcomed the changes that were made in the final rule, but some advocates expressed continuing reservations over the program.

Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington, said the decision to abandon the idea of risk scores and the use of commercial databases is especially heartening. However, one key problem that remains unaddressed is the secrecy surrounding the method used by the government to arrive at a risk determination. An individual identified as a potential threat has "no meaningful opportunity to know the basis of that determination and to challenge that," he said. "That violates the spirit of the Privacy Act," he added.

The American Civil Liberties Union, which has been an ardent critic of the effort, welcomed the changes that were made to Secure Flight in response to the criticism. But potential problems remain, including concerns about the quality of data in the terror database and the lack of adequate redress for those mistakenly fingered as terrorists by the program, the ACLU said in a statement.

Copyright © 2008 IDG Communications, Inc.

Shop Tech Products at Amazon