Feb. 10, 2006 – The federal governmentâ€™s plan to implement an express-lane-like list for frequent flyers has been grounded until at least this summer due to technological and security concerns, officials said yesterday. The decision to defer the programs came about as privacy-rights advocates stepped up questioning about the three programsâ€™ information-security features, and a just-released government report revealed flaws in the Transportation Security Administrationâ€™s (TSA) plans to enact the program remain.
In testimony to the US Senate Committee on Commerce, Science, and Transportation yesterday, TSA head Kip Hawley vowed to push forward with an array of controversial plans: Secure Flight, Registered Traveler and the Computer Assisted Pre-Screening Program (CAPPS). Pilot versions of all three programs have already been implemented in some airports.
According to a recent report by the Government Accountability Office (GAO), of the three, Secure Flight is both the key to getting the frequent-flyer privilege in place and the main vulnerability. Secure Flight would require the TSA to create and monitor an up-to-date list of suspected terrorists who would not be allowed to board an airplane in the US or enter the US on a plane from another country.
"This process has been ad hoc, resulting in project activities being conducted out of sequence, requirements not being fully defined, and documents containing contradictory information or omissions," the GAO found. "Secure Flight's system development documentation does not fully explain how passenger privacy protections are to be met, and TSA has not issued the privacy notices that describe how it will protect passenger data once Secure Flight becomes operational."
The report also noted that Hawleyâ€™s agency was prepared to implement Secure Flight in September, despite knowing of at least 144 security flaws. It also said the agency has yet to address many of the security, technological and logistical problems found in a March 2005 report undertaken by the GAO.
Citing an incomplete internal review, not made available at the hearings, Hawley told the Senate committee that he had ordered an information-technology assessment of Secure Flight in light of the ongoing problems, though he did not offer a timetable for the review process.
"The effort to improve terrorist watch-list screeningâ€¦ was and is a complicated task," Hawley said, according to statements prepared before the hearing. "Despite sincere and dedicated efforts by TSA, there has been an undercurrent of concern from outside stake-holders, really from the beginning. Over the past four years, many concerns have been raised and addressed, but Secure Flight continues to be a source of frustration."
In addition, the GAO found that TSA has not put into place a meaningful process whereby improperly flagged passengers could secure their removal from the list.
Civil liberties organizations have been engaged in a low-level battle with TSA and the Bush administration over the program since its inception, citing passenger privacy concerns and the overall cost of implementation.
In testimony before the Committee yesterday, the American Civil Liberties Union questioned the usefulness of the program and warned of possible information crises arising from it.
"Commercial data can tell you if a person might be a credit risk, but it cannot predict whether he or she will commit an act of terror at a future date," ACLU lawyer Timothy D. Sparapani said, according to a statement released prior to the hearings. "Basing our aviation security on this faulty premise is as unwise as relying on alchemy or astrology."
Both Secure Flight and Registered Traveler use information from private data brokers in assembling lists and screening participants. According to government numbers compiled by the ACLU and presented to the Senate Committee, TSA has spent over $200 million on Secure Flight and Registered Traveler.
Registered Traveler gives airline passengers the luxury of bypassing long security lines by submitting to advance screening and by paying a to-be-determined fee. In his testimony, TSA head Hawley said little has been done with the program over the past year.
The National Business Travel Association (NBTA), which has the largest pool of members likely to both take advantage of the Registered Travelers program, also raised questions about TSAâ€™s commitment and ability to protect passenger privacy.
In testimony, NBTA head Bill Connors told the Committee that his organization supports both Registered Traveler and Secure Flight but that they must protect passenger information and comport with the baselines outlined in the March 2005 GAO report.
"Our nationâ€™s most frequent travelers have a unique view of the effectiveness and the deficiencies of our current security regime, and it is vitally important that this perspective be considered in the debate over new security programs," Connors said.