Expanding the scope of Secure Flight: comment now

DHS/TSA is proposing expanding the scope of their “Secure Flight” program to determine the level of scrutiny passengers will get at airport checkpoints. They’re accepting comments until October 10th. If – like me – you oppose this latest assault on our privacy, please follow in the instructions at the end of this post to let them know what you think.

Secure Flight came into being in 2007 for the purpose of matching passengers’ names against watch lists. DHS/TSA collects a passenger’s full name, sex, birthdate, redress number or Known Traveler number, passport information (if applicable), reservation control number, record sequence number, record type, passenger update indicator, traveler reference number, and itinerary information. They then match that against a watch list in an effort to prevent terrorists from boarding planes. There are often errors in the watch lists, and no easy way to get off the list if you’re mistakenly added it.

Edward Hasbrouck, working with the Identity Project, published a great frequently asked questions (FAQ) about Secure Flight.

Now, DHS/TSA proposes to expand the purpose of Secure Flight beyond watch lists and also use it to determine the level of scrutiny you will get at the airport checkpoints. The TSA says that it plans “to implement a risk-based analysis of passenger and flight data provided through the computer system that processes Secure Flight and other data.” It’s almost like the old “green, yellow, red” system that TSA proposed years ago. If you were rated green, you’d be good to go; yellow meant you’d get more scrutiny at the checkpoint; and red would likely end up with the police being summoned.

This new proposed “risk” field is a black box. We don’t know how DHS/TSA is going to calculate this new “risk” score.

Looking at the specifics of the proposal in the Federal Register, I see that two of the sections under “Categories of Records in the System” are especially problematic. Section (b) states that physical descriptions of passengers may be kept; and section (e) states that if the “screening status” of a passenger is discussed among a TSA agent and representatives from other governmental agencies, the airlines, and law enforcement, that information may also be collected. It says nothing about verifying that the information collected is accurate.

In addition, the information collected by TSA/DHS will be shared with agencies far and wide, and it won’t be used strictly for preventing terrorism. Under “Routine uses of records maintained in the system, including categories of users of users and the purposes of such uses,” Section (10) allows the information to be used for general civil and criminal law, and section (13) allows passenger information to sent to the World Health Organization “for purposes of assisting such agencies or organizations in preventing exposure to or transmission of communicable or quarantinable disease or for combating other significant public health threats.”

While catching criminals and preventing the spread of communicable diseases is important, a rule aimed at preventing terrorism is not the place to do it.

This expansion of Secure Flight further diminishes passenger privacy since passengers will now have risk scores attached to their records based on unknowable data, and all of this information will be shared widely. Given what we know about the NSA’s and other agencies’ rampant surveillance, why should we trust that Secure Flight is going to protect our data or even get it right?

Earlier this year, we asked you to submit your comments about the TSA’s strip-search scanners and physical gropes during the public comment period. Now we’re asking you to do likewise for Secure Flight.

Please submit your comments, identified by docket number DHS-2013-0020, by one of the following methods:

(Photo courtesy of your tax dollars)