Secure Flight

Top News | Introduction | History | Description | Resources

Top News

• Spotlight: Secure Flight Should Remain Grounded. EPIC's Spotlight on Surveillance project focuses on the Secure Flight traveler prescreening program. Introduced in 2004, the Secure Flight has been roundly criticized (pdf) and the system was suspended in 2006, because it contained massive security and privacy vulnerabilities. Though Secure Flight has been revamped, it remains fundamentally flawed. The core of the program rests on watch lists so full of errors that the Department of Justice's Inspector General (pdf) has suggested that there is "a deficiency in the integrity of watchlist information." EPIC's Spotlight on Surveillance on Secure Flight. (September 28,2007)

• EPIC Recommends Continued Suspension of Secure Flight Traveler Prescreening Program. In comments (pdf) to the Department of Homeland Security, EPIC urged the agency to either continue to suspend or significantly revise its system of records notice for the Secure Flight program. EPIC explained that the watch lists that Secure Flight used to screen passengers were so error-filled that the Department of Justice Inspector General indicated (pdf) "a deficiency in the integrity of watchlist information." Also the proposed redress procedures are "poor substitutes" for the Privacy Act's judicially enforceable rights of access and correction. DHS suspended Secure Flight in 2006 for a "comprehensive review." Though substantial changes have been made, the program is still full of problems, and EPIC recommended the agency continue Secure Flight's suspension until the problems can be addressed. (Sept. 24, 2007)

• DHS Revamps Secure Flight Program. More than a year after Secure Flight was suspended for a comprehensive review, the Department of Homeland Security has announced major revisions to the program. Previously, DHS sought to use Secure Flight to assess possibilities for criminal behavior from travelers. The new program will "determine if passenger data matches the information on government watch lists, and transmit matching results to aircraft operators," according to DHS. Currently, the airlines run passenger names against the watchlists. Secure Flight was grounded in February 2006 after government investigations (pdf) found numerous security and privacy vulnerabilities. There are ongoing concerns about the secrecy and accuracy of watchlists and adequacy of redress procedures. See EPIC's Spotlight on Surveillance on the Traveler Redress Inquiry Program. (Aug. 9, 2007)

• Secure Flight Delayed Until 2010. Implementation of Secure Flight, a federal passenger prescreening program, will be delayed until 2010, at least five years behind schedule, according to the head of the Transportation Security Administration. Secure Flight was suspended for a comprehensive review of the program's information security measures a year ago after two government reports detailed security and privacy problems. One report (pdf) said the program had inconclusive risk assessments and 144 known security vulnerabilities. About $140 million has been spent on Secure Flight, and the program will require at least another $80 million for proposed improvements, the agency said. (Feb. 23, 2007)

Introduction

Secure Flight is an airline passenger prescreening program currently under development by the Transportation Security Administration (TSA). This program is intended to compare passenger information from Passenger Name Records, which contain information given by passengers when they book their flights, against watch lists maintained by the federal government. In November 2004, the TSA ordered (pdf) 72 commercial airlines to turn over their passenger records from the month of June 2004 in order to test the new system. Deployment of the system has been delayed numerous times.

History

TSA introduced Secure Flight in August 2004, shortly after the agency abandoned plans for its predecessor, the second generation Computer Assisted Passenger Prescreening System (CAPPS II). CAPPS II would have examined commercial and government databases to assess the risk posed by each passenger: green for minimal threat, yellow for those deserving of heightened security, and red for those judged to pose an acute danger, who would be referred to law enforcement for possible arrest. CAPPS II was scheduled for a test run in the spring of 2003 using passenger data provided by Delta Airlines. Following a public outcry, however, Delta refused to provide the data and the test run was delayed indefinitely.

In the summer of 2004, TSA abandoned CAPPS II, due in part to irresolvable privacy and security concerns. A significant number of these problems continue to plague the Secure Flight proposal.

Description

TSA explains that Secure Flight will compare Passenger Name Records (PNRs) against information compiled by the Terrorist Screening Center, which will include expanded "selectee" and "no fly" lists. TSA will also seek to identify "suspicious indicators associated with travel behavior" in passengers' itinerary PNR data. TSA will administer the program, removing all passenger screening responsibility from the airlines. TSA began testing Secure Flight in early 2005.

During Secure Flight's test phase, TSA examined the possibility of using of commercial data within the program. The agency explained that it wanted to determine the effectiveness of commercial data "in identifying passenger information that is inaccurate or incorrect." However, a TSA official said in July 2005 that Secure Flight might also use commercial data to detect dangerous passengers who are not on watch lists, such as members of terrorist "sleeper cells." In fall 2005, TSA abandoned its plans to use commercial data in Secure Flight, in part due to privacy concerns.

Like its predecessor CAPPS II, the test phase of Secure Flight was initially exempted from crucial provisions of the Privacy Act of 1974, which would have severely limited the rights individuals typically would have in the personal information the government maintains about them. For instance, Secure Flight would have collected and used personal information irrelevant and unnecessary for aviation security. Furthermore, passengers would have had no judicially enforceable rights to access and correct the personal information maintained about them for the program. In June 2005, however, TSA published a notice (pdf) revoking all the Privacy Act exemptions it had initially claimed. It is unclear whether TSA intends to claim Privacy Act exemptions when Secure Flight becomes operational.

TSA assured the public in September 2004 that "upon completion of the testing phase, and before Secure Flight is operational, TSA will establish comprehensive passenger redress procedures and personal data and civil liberties protections for the Secure Flight program." It remains unclear, however, how this process will work.

The government has long used "selectee" and "no fly" lists for aviation security purposes, but passengers have experienced great difficulty clearing their names when improperly flagged. In 2002, EPIC obtained through the Freedom of Information Act dozens of complaint letters sent to TSA by irate passengers who felt they had been incorrectly identified for additional security or were denied boarding because of the watch lists. The complaints describe the bureaucratic maze passengers encounter if they happen to be mistaken for individuals on the list, as well as the difficulty they encounter trying to exonerate themselves.

Even members of Congress have found themselves improperly flagged by the watch lists. In August 2004, Senator Edward Kennedy (D-MA) revealed in a Senate Judiciary Committee hearing on border security that on multiple occasions airline agents tried to prevent him from boarding flights because his name appeared on a watch list. He was halted three times before his staff called TSA, and afterwards continued to be stalled at the gate. Senator Kennedy was forced to call Homeland Security Secretary Tom Ridge in order to clear his name, an option available to very few travelers. The name on the watch list preventing Kennedy's travel was apparently "T. Kennedy." Reps. John Lewis (D-GA) and Don Young (R-AK) have also been flagged by the watch lists.

On June 15, 2005, the Department of Homeland Security Privacy Office announced that it is investigating whether the agency violated federal privacy law during the test phase of Secure Flight. Just days later, on June 22, TSA admitted in a Federal Register notice (pdf) that it had collected and maintained detailed commercial data about thousands of travelers in violation of an order issued in November 2004 stating it wouldn't do so. The notice said that the agency continued to store commercial data a contractor purchased, combined with information from airlines, and turned over to the agency on CD-ROMs during the testing of Secure Flight. It is unclear whether this data is still maintained by the agency or has been destroyed.

TSA chief Kip Hawley told the Senate Commerce Committee in February 2006 that plans for Secure Flight have been suspended until a "comprehensive audit" of the program's information technology security is completed. Testimony (pdf) from the General Accountability Office revealed that in September, TSA approved the program's operation despite inconclusive risk assessments and 144 known security vulnerabilities.

Resources

News Articles

• Press Release: DHS Announces Predeparture Screening of International Passengers and First Step Toward Secure Flight (Aug. 9, 2007)
• Passenger Security Check Program Scrapped, Associated Press (Feb. 9, 2006)
• Air Passenger Screening Program Hits New Snag, Reuters (Feb. 9, 2006)
• Privacy, Security Experts Urge Delay of Passenger Screening System, GovExec.com (Sept. 22, 2005)
• Passenger Screening Plan Won't Fly, Reuters (Sept. 22, 2005)
• DOJ Assails Secure Flight, Business Travel News (Sept. 19, 2005)
• Feds Push Flier Background Checks, Wired News (Aug. 15, 2005)
• US to Test if Passenger Lists Can ID "Sleeper Cells," Associated Press (July 24, 2005)
• More Privacy Questions For Air Safety Agency, New York Times (June 15, 2005)
• Secure Flight Hits Turbulence, Wired News (June 15, 2005)
• TSA, 2 Airlines To Test Secure Flight, Business Travel News (March 21, 2005)
• New Passenger Screening System Expected to Debut in August, GovExec.com (Feb. 24, 2005)
• Feds Order Airlines to Divulge Passenger Details, CNET News.com (Sept. 21, 2004)
• TSA Launches Secure Flight, Federal Computer Week (Aug. 27, 2004)
• Secure Flight Gets Wary Welcome, Wired News (Aug. 27, 2004)
• Ted Kennedy's Airport Adventure, CBSNews.com (Aug. 19, 2004)

Secure Flight Resources

• EPIC's Comments to DHS on Revised Secure Flight Proposal (pdf) (Sept. 24, 2007)
  
  
• Notice of Proposed Rulemaking for Secure Flight (pdf) (Aug. 9, 2007)
  
  
• Press Release: DHS Announces Predeparture Screening of International Passengers and First Step Toward Secure Flight (Aug. 9, 2007)

• Government Accountability Office, Testimony Before the Senate Comittee on Commerce, Science, and Transportation, Aviation Security: Significant Management Challenges May Adversely Affect Implementation of the Transportation Security Administration's Secure Flight Program (pdf) (Feb. 9, 2006)

• Report of the Secure Flight Working Group to the Transportation Security Administration (pdf) (Sept. 19, 2005)

• EPIC's Comments the the FBI on the Creation of the Terrorist Screening Records System and Exemptions from the Privacy Act (html, pdf) (Sept. 6, 2005)

• Department of Justice Inspector General, Review of the Terrorist Screening Center's Efforts to Support the Secure Flight Program (pdf) (Aug. 2005)

• Government Accountability Office, Letter to Congress, Aviation Security: Transportation Security Administration Did Not Fully Disclose Uses of Personal Information During Secure FLight Program Testing in Initial Privacy Notices, but Has Recently Taken Steps to More Fully Inform the Public (pdf) (July 22, 2005)

• Testimony of Justin Oberman, Assistant Administrator, Secure Flight and Registered Traveler, Department of Homeland Security, before the House Select Committee on Homeland Security (pdf) (June 29, 2005)

• Transportation Security Administration, Notice to Supplement and Amend System of Records and Privacy Impact Assessment for Secure Flight Test Phase (pdf) (June 22, 2005)

• Government Accountability Office, Aviation Security: Secure Flight Development and Testing Under Way, but Risks Should Be Managed as System is Further Developed (pdf) (March 2005)

• Department of Homeland Security Inspector General, Review of the Transportation Security Administration's Role in the Use and Dissemination of Airline Passenger Data (pdf) (March 2005)

• Government Accountability Office, Aviation Security: Measures for Testing the Impact of Using Commercial Data for Secure Flight Testing (pdf) (Feb. 2005)

• EPIC's Letter to TSA Concerning the Secrecy of the Secure Flight Privacy/IT Working Group (pdf) (Jan. 31, 2005)

• Transportation Security Administration, Order to Airlines to Provide Passenger Name Records (pdf) (Nov. 25, 2004)

• EPIC's Comments to TSA on the Secure Flight Test Phase (pdf) (Oct. 25, 2004)

• EPIC's Comments to the Office of Management and Budget on TSA's Request for Emergency Processing of June 2004 Passenger Data (pdf) (Oct. 25, 2004)

• Transportation Security Administration, Notice to Establish System of Records for the Secure Flight Test Phase (Sept. 24, 2004)

• Transportation Security Administration, Privacy Impact Assessment for Secure Flight Test Phase (Sept. 24, 2004)

• Transportation Security Administration, Notice of Emergency Clearance Request to the Office of Management and Budget for Processing of June 2004 Passenger Data (Sept. 24, 2004)

• Transportation Security Administration, Notice of Final Order for Secure Flight Test Phase (Nov. 15, 2004)

Previous Top News

• EPIC Recommends Privacy Safeguards for Traveler Screening Program. In comments (pdf) to the Department of Homeland Security, EPIC urged the agency to fully apply Privacy Act requirements of notice, access, and correction to the new traveler redress program and the underlying watch list system. Instead of following the Privacy Act, the agency is asking the public to rely on its "internal quality assurance procedures." EPIC explained that these procedures aren't working and cited a government report (pdf) that found significant problems with the handling of personal information and violations of privacy laws by DHS. Tens of thousands of people have applied for redress after being mistakenly matched as federal officials have struggled to trim the bloated watch lists. (Feb. 20, 2007)
  
• Spotlight Fiscal Year 2008 Budget and Surveillance. More than 30,000 travelers have been mistakenly linked to names on terror watch lists when they crossed the border, boarded commercial airliners or were stopped for traffic violations, according to a report (pdf) by the Government Accountability Office. EPIC has repeatedly (pdf) warned that the false positive problem -- when a person who is not a suspect is mistakenly matched to a watch list -- is difficult to fix. The watch lists include 325,000 names of terrorism suspects or people suspected to aid them, more than quadruple the 75,000 names on the lists when they were created in 2003. (Feb. 13, 2007)
  
• Government Report: Thousands Misidentified on Watch Lists. The head of the Transportation Security Administration told a congressional committee today that Secure Flight has been suspended for a comprehensive review of the program's information security measures. Testimony (pdf) from the General Accountability Office revealed that TSA approved Secure Flight to become operational in September, despite inconclusive risk assessments and 144 known security vulnerabilities. "TSA may not have proper controls in place to protect sensitive information," the GAO said. (Oct. 14, 2006)

• Security Concerns Ground Secure Flight. The head of the Transportation Security Administration told a congressional committee today that Secure Flight has been suspended for a comprehensive review of the program's information security measures. Testimony (pdf) from the General Accountability Office revealed that TSA approved Secure Flight to become operational in September, despite inconclusive risk assessments and 144 known security vulnerabilities. "TSA may not have proper controls in place to protect sensitive information," the GAO said. (Feb. 9, 2006)

• Transportation Agency Scraps Commercial Data Plans. The Transportation Security Administration has abandoned plans to use information from data aggregators to check airline passengers' backgrounds. TSA made the decision shortly before a working group issued a scathing report (pdf) on the program. Last year, an EPIC FOIA request revealed (pdf) that Axciom proposed to water down federal privacy laws so that it could sell data to the government for traveler screening. (Sept. 22, 2005)

• Justice Inspector General: Secure Flight Hampered by Poor Planning. The Justice Department Inspector General recently concluded that Transportation Security Administration missteps have made it difficult for the government office responsible for the terrorist watch list to prepare for the launch of Secure Flight. The Terrorist Screening Center maintains the government's consolidated watch list, which is planned to be a vital part of the prescreening program. According to the Inspector General's report, Terrorist Screening Center officials "believe that their ability to prepare for the implementation of Secure Flight has been hampered by the TSA's failure to make, communicate, and comply with key program and policy decisions in a timely manner." The Inspector General cited several issues as potentially problematic, including costs, redress, and data accuracy. (Sept. 16, 2005)

• EPIC Calls for Government Watch List Accuracy. In comments to the FBI (also available in pdf), EPIC urged the agency to hold off on expanding the Terrorist Screening Center's watch list record system until the Bureau resolves significant privacy issues. EPIC objected to the FBI's proposal to exempt the watch list from legal requirements that require record accuracy. EPIC also said that there are inadequate redress procedures for people who are improperly flagged as watch list matches. (Sept. 7, 2005)

• Accountability Office: Security Agency Did Not Follow Privacy Law. In a letter to Congress (pdf), the Government Accountability Office has concluded that the Transportation Security Administration violated the Privacy Act when it obtained personal information about airline passengers from commercial data brokers. The agency's public statements about the screening program failed to describe this activity. According to the GAO letter, "the agency did not provide appropriate disclosure about its collection, use and storage of personal information as required by the Privacy Act," and "the public did not receive the full protections" of the law. (July 25, 2005)

• Agency Violated Privacy Act Order. The Transportation Security Administration has admitted (pdf) that it collected and maintained detailed commercial data about thousands of travelers in violation of an order issued last year stating it wouldn't do so. The agency continues to store commercial data a contractor purchased, combined with information from airlines, and turned over to the agency on CD-ROMs during the testing of Secure Flight, a passenger prescreening proposal. The Department of Homeland Security Privacy Office announced last week that it is investigating whether the agency violated federal privacy law during the test phase of Secure Flight. (June 21, 2005)

• Accountability Office: Secure Flight Has Long Way to Go. The Government Accountability Office has reported (pdf) that the Transportation Security Administration still has many issues to address before the viability of the Secure Flight passenger prescreening program can be determined. The office was unable to assess, among other things, the effectiveness of the system, the accuracy of intelligence data which will determine whether passengers may fly, safeguards to protect passenger privacy, and the adequacy of redress for passengers who are improperly flagged by Secure Flight. (March 28, 2005)

• Inspector General Criticizes Agency's Passenger Data Practices. The Department of Homeland Security Inspector General has issued a report (pdf) on the Transportation Security Administration's use and dissemination of airline passenger data. The report states that the agency has been involved in 14 transfers of data involving more the 12 million passenger records. The report finds, among other things, that "TSA did not consistently apply privacy protections in the course of its involvement in airline passenger data transfers," and that TSA has not accurately represented the scope of its passenger data collection and use. (March 25, 2005)

• Report Issued on Secure Flight Commercial Data Test. The Government Accountability Office has released a report (pdf) on measures for testing the use of commercial data within Secure Flight, the passenger prescreening program currently being developed by the Transportation Security Administration. The report concluded that the agency has developed preliminary measures for concept testing, but further review is needed to determine whether the measures will be effective for actual use in Secure Flight. (Feb. 25, 2005)

• EPIC Questions Secrecy of TSA Privacy Advisory Group. In a letter (pdf) to the Transportation Security Administration's privacy officer, EPIC has asked why the Secure Flight Privacy/IT Working Group is not being operated in accordance with federal law intended to ensure transparency of government advisory committees. "EPIC has urged TSA, since the earliest days of its existence, to develop aviation security policies and initiatives in an open and public manner," EPIC stated. "Given the clear privacy implications of the Secure Flight program . . . and the obvious public concern surrounding a system that will conduct background checks on tens of millions of citizens, we be live it is critical that any assessments of Secure Flight be made in an open manner." (Jan. 31, 2005)

• EPIC Sues FBI Again For Terrorist Database Information. For the second time in three months, EPIC has asked a federal court for an emergency court order (pdf) forcing the FBI to turn over information about the Terrorist Screening Database and how it will be used in Secure Flight. In October, EPIC sued the agency when it refused to recognize that EPIC was entitled to a quick release of the documents. The FBI backed down and the case was dismissed, but the agency has not given EPIC the information. (Dec. 21, 2004)

• Airlines Ordered to Hand Over Passenger Info. The Transportation Security Administration has ordered 72 airlines to turn over a month's worth of passenger data to test the Secure Flight passenger prescreening program. The airlines have been told they must give the agency all passenger records from June 2004 domestic flights by November 23. (Nov. 11, 2004)

• EPIC Urges Postponement of Secure Flight. EPIC has called upon (pdf) the Transportation Security Administration to suspend the test phase of Secure Flight until the program's significant privacy issues are resolved and the government is willing to be more forthcoming about the program's details. EPIC also urged (pdf) the Office of Management and Budget not to permit TSA to collect a month's worth of passenger information for Secure Flight testing purposes until the program's privacy and transparency issues are addressed. (Oct. 28, 2004)

• FBI Folds in EPIC Lawsuit for Secure Flight Info. Just a day after EPIC applied for an emergency court order (pdf) asking federal court to order the FBI to immediately release documents about the Terrorist Screening Database and its role in Secure Flight, the agency has backed down. Conceding that EPIC met its burden of demonstrating "compelling need" for the documents, the FBI must release the information as soon as practicable. (Oct. 14, 2004)

• EPIC Sues For Release of Secure Flight Info. EPIC has applied for an emergency court order (pdf) requiring the FBI to release information about the Terrorist Screening Database and its role in Secure Flight, the government's proposed passenger prescreening system. Secure Flight will compare passenger records against information in the database, which will include expanded "selectee" and "no fly" lists. EPIC argued that information about the database must be made available prior to the October 25 deadline for public comments on the Transportation Security Administration's plans for testing Secure Flight. (Oct. 13, 2004)

• Details Emerge on New Passenger Prescreening Program. The Transportation Security Administration has released a Privacy Act notice (pdf) and privacy impact assessment (pdf) for the test phase of Secure Flight, the passenger prescreening initiative under development to replace CAPPS II. The notice shows that Secure Flight, like CAPPS II, will be a secretive program that may collect personal information irrelevant and unnecessary for aviation security. Furthermore, passengers will be deprived of judicially enforceable rights to access and correct personal information. The Transportation Security Administration has also issued a proposed order (pdf) that will require airlines to turn over passenger records from June 2004 to test Secure Flight. (Sept. 22, 2004)

• TSA to Test New Passenger Prescreening Program. The Transportation Security Administration has announced it will begin testing Secure Flight, a new passenger prescreening system, in November. The program, which is intended to replace the now-defunct CAPPS II, will compare passenger records to expanded "selectee" and "no fly" lists already in use. Passengers whose records match names on the lists will be subject to commercial background checks to verify their identities. The agency stated that it plans to have a redress process for individuals improperly flagged by Secure Flight, but it is unclear how this process will work. (Aug. 26, 2004)

Related EPIC Policy Pages

• EPIC Air Travel Privacy Page
• EPIC Counter-terrorism Page
• EPIC EU-US Airline Passenger Data Disclosure Page
• EPIC Passenger Profiling Page
• EPIC Profiling Page

Last Updated: February 9, 2006
Page URL: http://www.epic.org/privacy/airtravel/secureflight.html