Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Change of Address
Privatized Registered Traveler On Track
Software Bug Shuts Down Nation's Busiest Airport
HostGator Rocks
But some butter is more butter than other butter
TSA Picks Privacy Player
AT&T Loses A Customer Over NSA Lawsuit
Jetsons Video Phone? Deaf Say Yes!
AT&T *69s EFF
Narus Not in the Know
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
« HazMat = Hazardous Matthew? | Main | Ridge Resigns? »
November 15, 2004 | We are all Chuck Yeager

On Friday, the TSA sort-of announced that it was going to order the nation's airlines to turn over a month's worth of data to the government so that it could test the newest version of a proposed airline passenger screening system.

The final rule (.pdf) ordering the airlines to provide data on all June 2004 domestic flights will be issued formally on Monday by the Transportation Security Administration. The airlines must comply by Nov. 23.

The TSA announced in late September its intention to order all 72 domestic airlines to turn over the passenger records -- which can include credit card numbers, phone numbers, addresses and health conditions -- in order to stress-test a centralized passenger screening system called "Secure Flight."

Currently, passengers are screened by the airlines, which check itineraries against a set of watch lists provided by the government.

The TSA hopes to reduce the number of people flagged incorrectly by performing the checks itself using data fed to it by the airlines and a centralized terrorist watch list.

Over 500 citizens and organizations commented on the order, most expressing opposition to the planned test and the system itself. Civil liberties advocates strongly opposed the order, citing privacy concerns and the proposed use of commercial credit databases to verify passengers' identification.

The airline industry's response, published after the comment period officially ended, was less visible, but was not much more supportive than most of the other comments. The airlines prefaced their criticism by saying they wanted to work with the TSA, but went on to contend that the order would be expensive and would force them to choose between complying with an American anti-terrorism program or rejecting European privacy laws -- which could potentially prevent them from flying there.

The whole Wired News article from Friday is here.

But on Friday, the airline industry's lobbying group, the Air Tranport Association, seemed to back off those criticisms in a public statement attributed to the group's CEO James C. May.

We are studying the final order. As a general matter, we look forward to working with the Transportation Security Administration on this test phase of Secure Flight. We continue to support the concept of Secure Flight, which promises to deliver a higher level of protection and fewer hassles for travelers. U.S. airlines have long-standing concerns that center on privacy and operational issues. We hope that many of the issues will be successfully addressed during the test phase of Secure Flight. It's important to strike a balance between the security of airline passengers and their privacy. This is one of the reasons that U.S. carriers are enthusiastic supporters of the Registered Traveler program, which is designed to get people through airports faster.

Edward Hasbrouck has an impassioned rebuttal to the portions of the order responding to comments submitted.

I disagree with Edward's belief that the order is "is clearly illegal, since the GAO report is required before the TSA can test any passenger identification system using commercial databases such as PNR's (Passenger Name Records)."

He is referring to limitations included in the 2005 Homeland Security Appropriations bill.

Those include:
Section 522 (a) prohibits the TSA from implementing Computer Assisted Passenger Prescreening System (CAPPS II) or Secure Flight or other follow on successor programs until the Government Accountability Office has reported to Congress that the system is effective, not overly invasive and has a redress system. (This is essentially the same requirement imposed on CAPPS in 2003, and the GAO reported last February that CAPPS II failed 7 of the 8 tests.)

and

522 (d) which reads "None of the funds provided in this or any previous appropriations Act may be utilized to test an identity verification system that utilizes at least one database that is obtained from or remains under the control of a non-Federal entity until TSA has developed measures to determine the impact of such verification on aviation security and the Government Accountability Office has reported on its evaluation of the measures."

Edward takes that language to mean that the TSA is using airline records to test an identity verfiication system. I do not believe that was the Congressional intent. Instead they were aiming at limiting the use of commercial data warehousers, such as Acxiom and Lexis-Nexis, to verify personal information in airline reservations.

Though the TSA has said it wants to whether commercial databases will help with "Secure Flight," the GAO is not likely to issue a report until March. "Secure Flight" testing is supposed to be finished and evaluated by then.

One other noticeable item in the appropriations bill: Congress flatly barred the use of link analysis programs to assign risk to people who are not on a watchlist.
Section 552 (c) reads "None of the funds provided in this or any previous appropriations Act may be utilized to develop or test algorithms assigning risk to passengers whose names are not on government watch lists."

This means no link analysis leading to educated guesses about peoples' terrorist score or color-coding.

That means no ONRA for airline passengers -- at least not the ONRA of Ben H. Bell.

Posted by Ryan Singel at November 15, 2004 03:10 PM

 Trackback Pings

TrackBack URL for this entry:
http://www.secondaryscreening.net/cgi-bin/mt-tb.cgi/45
Powered by
Movable Type 3.2