Passenger Screening Gets 'Incomplete'

March 28, 2005
The government's latest computerized airline passenger screening program doesn't adequately protect travelers' privacy, according to a congressional report that could further delay a project considered a priority after the Sept. 11 attacks.

WASHINGTON (AP) -- The government's latest computerized airline passenger screening program doesn't adequately protect travelers' privacy, according to a congressional report that could further delay a project considered a priority after the Sept. 11 attacks.

Congress last year passed a law that said the Transportation Security Administration could spend no money to implement the program, called Secure Flight, until the Government Accountability Office reported that it met 10 conditions. Those include privacy protections, accuracy of data, oversight, cost and safeguards to ensure the system won't be abused or accessed by unauthorized people.

The GAO found nine of the 10 conditions hadn't yet been met and questioned whether Secure Flight would ultimately work.

''The effectiveness of Secure Flight in identifying passengers who should undergo additional security scrutiny has not yet been determined,'' the report said.

TSA spokesman Mark Hatfield called the report ''interim'' and said it contained no surprises.

''The primary cause for the delays we've experienced were the result of additional steps implemented for privacy protection, public notification and solicitation of public comment,'' Hatfield said, adding the agency plans to go ahead with Secure Flight.

Key lawmakers said TSA has a lot more work to do, but indicated they expect the program to go forward.

''A significant amount of work needs to be done before all aviation passengers are checked against terrorist watch lists,'' said Rep. Harold Rogers, R-Ky., chairman of the subcommittee that oversees the program's funding.

Vermont Sen. Patrick Leahy, a Democrat on the Senate Appropriations Committee, said Congress made it clear that Secure Flight can't go beyond the testing phase until all the bugs are worked out.

''We need screening for safety, but we must take the time and effort needed to do it right,'' Leahy said.

Secure Flight would allow the TSA to take over from the airlines the responsibility of checking passengers' names against those on terrorist watch lists. The TSA wants to begin Secure Flight with two airlines in August.

The program is supposed to work by transferring airline passengers' name records - which can include address, phone number and credit card information - to a government database. The government computer would flag names on the watch list and identify passengers who would go through additional screening.

The TSA recently finished testing Secure Flight using records of passengers who flew on domestic airlines in June, information the agency had ordered the airlines to turn over.

Privacy advocates complain that the government doesn't provide an avenue for people who incorrectly are included on watch lists or confused with terrorists who have the same names. Secure Flight doesn't address those concerns, the GAO concluded.

''The agency that's responsible for keeping dangerous people off planes is obviously going to err on the side of safety, and that's going to do very little for an innocent individual who can't fly,'' said Marcia Hofmann, staff attorney for the Electronic Privacy Information Center, an independent privacy group.

The GAO said Secure Flight might not keep terrorists off planes because of the quality of the information on watch lists as well as the quality of passenger information. The report said the Terrorist Screening Center, which maintains the terrorist screening database, doesn't know if its information is accurate.

Barry Steinhardt, an American Civil Liberties Union attorney, said the government needs to fix its watch lists.

''As they continue to build these jury-rigged, Rube Goldberg operations, they ignore the basics of security,'' Steinhardt said.

The report acknowledges that the Terrorist Screening Center has improved its information. As of Dec. 16, 4,800 names had been removed from the database. But it pointed out that Secure Flight might still not identify terrorists even if passengers were required to disclose their full names and dates of birth.

The TSA wants to test passenger information against commercial data to see if that would improve its ability to match names against watch lists. The GAO pointed out that commercial databases also contain mistakes.

The report also said the TSA has not figured out how to obtain data from commercial reservation systems, which handle much of the airline reservation functions.

Secure Flight is the successor to another computerized passenger prescreening project, called CAPPS II, that the government began developing after the terrorist attacks. CAPPS II was scuttled in August, partly because of concerns that personal information about passengers wouldn't be protected.