National Security Watch: The "secure" in Secure Flight
The beleaguered Transportation Security Administration faced a bleak week, as privacy advocates continued to circle around the agency's Secure Flight program, the next incarnation of the terrorist watch list used to vet airline passengers. Last week, Nuala O'Connor Kelly, the Department of Homeland Security's resident privacy chief, informed reporters that she was beginning an investigation into possible privacy concerns surrounding testing of Secure Flight. At issue: 15 million records detailing all domestic flight reservations made in June 2004.
Details emerging on the investigation this week indicated that the review was sparked by revelations that TSA officials might have relied more on commercial databaseslike the ones credit card companies and telemarketers usethan they had previously stated they would to Congress. As part of the Secure Flight testing, a private contractor, EagleForce Associates, cross-referenced the data in the reservation records with information in the commercial data troves, ostensibly in an effort to chip away at the number of people who are falsely identified as potential terrorists during the screening for domestic U.S. flights, about 18,000 daily. Sources close to the investigation say the TSA appears to have expanded the data it was seeking from EagleForce when tests of Secure Flight weren't as successful as the agency had hoped. The data then allegedly were stored in U.S. government computers.
And that's serious business. The 1974 Privacy Act calls on government agencies to disclose the full details of programs involving personal data in advance. The TSA plans to release a revised privacy statement on Secure Flight in the coming days and another more detailed explanation of the gaffe in the next two weeks.
"The Privacy Act notices are really the only thing we have to go on," says Jim Harper, a privacy advocate with the conservative CATO Institute. "When agencies like the TSA don't follow them, we basically have absolutely no idea what they're doing with our private information."
A predecessor program to Secure Flight, called CAPPS II, was shelved after criticism about contract oversight and the use of personal data.
TSA officials insist that Secure Flight is still on track. "As far as I know, we will still be deploying Secure Flight on schedule," TSA spokeswoman Yolanda Clark told U.S. News. That schedule involves testing the program with two airliners this August; the TSA plans to expand the program to all 66 domestic air carriers by Dec. 31, 2006. Secure Flight had been envisioned as an attractive way to solve some problems with the current watch-list system, which calls on the airlines to screen passengers against government-issued watch lists. Because of intelligence concerns, airlines consistently aren't given the full list of names of potential terrorists. Still, privacy advocates say the TSA's program will remain tricky.
Says Tim Sparapani, a legislative counsel with the American Civil Liberties Union: "If [TSA officials] can't demonstrate conclusively after being slapped on the wrist with CAPPS II that they know how to treat each passenger's information like gold, then they don't deserve to have it."