Review of the Terrorist Screening Center's
Efforts to Support the Secure Flight Program
(Redacted for Public Release)

Audit Report 05-34
August 2005
Office of the Inspector General


Chapter 1: Establishment of the Secure Flight Concept


The need to strengthen commercial aviation security escalated after the attacks of September 11, 2001. Among other security measures, the U.S. government has sought to enhance the prescreening of passengers before they board commercial airliners at airports across the country.

The National Commission on Terrorist Attacks Upon the United States (9/11 Commission) recommended that the Transportation Security Administration (TSA) within the U.S. Department of Homeland Security (DHS) assume the responsibility for screening commercial airline passengers, and that the DHS use information contained within federal government watch lists to do so.9 The 9/11 Commission further recommended that air carriers be required to provide the TSA with the necessary passenger information to conduct such screening. Shortly thereafter, the Intelligence Reform and Terrorism Prevention Act of 2004 directed the Assistant Secretary of Homeland Security to "commence testing of an advanced passenger prescreening system that will allow the Department of Homeland Security to assume the performance of comparing passenger information . . . to the automatic selectee and no-fly lists, utilizing all appropriate records in the consolidated and integrated terrorist watch list maintained by the Federal Government."10

The Terrorist Screening Center's (TSC) consolidated terrorist watch list - known as the Terrorist Screening Database, or the TSDB - is intended to be used in the Secure Flight screening process. The TSC was established through Homeland Security Presidential Directive-6 on September 16, 2003, and began initial operations on December 1, 2003. The TSC is a multi-agency effort, administered by the FBI, and was created to consolidate the government's approach to terrorist screening.11

We conducted this review in response to House Report 109-072 (Emergency Supplemental Appropriations Act for Defense, the Global War on Terror, and Tsunami Relief 2005), which directed the Office of the Inspector General to evaluate the TSC's plan to support the Secure Flight program and to report to the House and Senate Appropriations Committee on the results of our review by August 1, 2005.

Airline Passenger Prescreening

In the late-1990s, the Department of Transportation began using the Computer Assisted Passenger Prescreening System (CAPPS I) to screen air travelers and select individuals for additional airport security screening. Air carriers conducted this screening by comparing domestic airline passenger manifest information (passenger name records) against certain aviation risk criteria known as the CAPPS I rules. Additionally, after September 11, 2001, air carriers began comparing passenger information against: (1) the federal government's "no-fly" list, which includes names of individuals who are to be denied transport on commercial flights because they are deemed a threat to civil aviation; and (2) the federal government's "selectee" list, which includes names of individuals that air carriers are required to select for additional screening prior to permitting them to board an aircraft.

On November 19, 2001, Congress enacted the Aviation and Transportation Security Act, which established the Transportation Security Administration (TSA) in the Department of Transportation.12 On March 1, 2003, the TSA and its management of CAPPS I was transferred to the newly created Department of Homeland Security, as mandated in the Homeland Security Act of 2002.13

Also in March 2003, the TSA began developing the next phase of the CAPPS program, or CAPPS II, under the TSA's Office of National Risk Assessment. The CAPPS II program planned for transferring responsibility for prescreening passenger information from the airlines to the federal government. A Government Accountability Office (GAO) report compared the CAPPS II program to its predecessor and described the new initiative as a screening system "to perform different analyses and access more diverse data, including data from government and commercial databases, to classify passengers according to their level of risk (i.e., acceptable risk, unknown risk, or unacceptable risk), which would in turn be used to determine the level of security screening each passenger would receive."14 However, another review conducted by the GAO had identified a number of problems with the CAPPS II program that had not been addressed, including the lack of critical elements necessary for sound project planning and privacy protection.15 TSA officials cancelled CAPPS II in August 2004 in light of a DHS internal review of the program, the 9/11 Commission recommendation for including the terrorist watch list in the passenger screening process, and other factors.

Creation of Secure Flight

Soon after the TSA cancelled the CAPPS II program, it announced the Secure Flight initiative. This new program for prescreening domestic commercial aviation passengers was intended to replace aspects of CAPPS II by screening passenger records against the government's consolidated watch list of known or suspected terrorists maintained by the TSC.

The TSA originally had planned to implement its Secure Flight program in April 2005. However, TSA delayed the start of the initial passenger prescreening operations to August 19, 2005. According to the March 2005 GAO report, the delay in the program implementation date and other supporting TSA milestones resulted from a number of factors, including the receipt of hundreds of comments on privacy issues related to Secure Flight.

In early July 2005, the TSA announced another change in Secure Flight's implementation date. As a result of the air carriers' request to TSA not to implement the program before the Labor Day holiday, the TSA pushed the launch date for the initial phase of Secure Flight (referred to as "pre-operational testing") to the second week of September 2005.

Implementation Plan for Initial Operating Capability

According to the TSA, Secure Flight will result in greater effectiveness, efficiency, and consistency by consolidating functions now separately conducted by 65 air carriers that transport 1.8 million passengers on 30,000 flights each day from approximately 450 airports where security screening is required.16 TSA officials said that when Secure Flight initially begins operations in September 2005, it will involve anywhere from one to seven carriers. The total number of passengers initially screened will be determined based upon the specific carriers involved. For example, in an initial estimate using two air carriers (one major and one minor carrier), the TSA estimated that approximately 350,000 domestic passengers would be screened per day. This number represents approximately 20 percent of the 1.8 million total domestic airline passengers per day. In fiscal year (FY) 2006, the Secure Flight program is expected to gradually increase the number of carriers involved. According to the TSA, full implementation of Secure Flight is currently scheduled for FY 2007.17

Secure Flight Overview

To bring air passenger prescreening under government control and include the consolidated terrorist watch list in the screening process, the TSA, working in conjunction with the TSC, developed an initial flow chart that illustrated the process of exchanging critical data and the performance of essential tasks.

According to the flow chart, when an individual makes or changes a flight reservation with a commercial airline, a record is created in the airline's reservation system.18 [SENSITIVE INFORMATION REDACTED] prior to the passenger's departure, the airlines will electronically transmit a portion of the record to the TSA Secure Flight office.19 The Secure Flight system will electronically compare this record against a copy of the TSDB residing at the TSA. Possible matches against the database (called "hits") will be sent to a TSA Secure Flight analyst for additional review, while records that did not result in a hit against the TSDB will be cleared with the airline for passenger travel. For all passenger records that result in a hit against the database, the TSA will electronically notify the airline that the passenger cannot be issued a boarding pass. When handling hits, the TSA Secure Flight analyst will search the National Counterterrorism Center's (NCTC) Terrorist Identities Datamart Environment (TIDE) in an effort to eliminate any false positives from these initial matches.20

Watch list hits that have not been cleared by TSA analysts will be electronically transmitted to the TSC for final adjudication. The record transmitted to the TSC will contain passenger information as well as the results of the TSA Secure Flight analyst's efforts to adjudicate the match. The TSC analyst will review the record, conduct additional database searches, and make a final determination as to whether the individual attempting to travel is a valid match against the consolidated terrorist watch list.21 For encounters with individuals who are determined to be valid hits against the watch list, the TSC will notify the appropriate responding agency. The following chart provides an overview of the flow of information in the Secure Flight process.

Overview of Secure Flight Information Flow

 

[Not Available Electronically]

 

Source: TSC Management



Footnotes

  1. The 9/11 Commission Report, National Commission on Terrorist Attacks Upon the United States (July 2004)
  2. Pub. L. No. 108-458 (2004)
  3. In June 2005, the OIG issued a review of the TSC's administration, operations, information systems, data reliability, and accomplishment of mission-critical functions. This report, Review of the Terrorist Screening Center, Report Number 05-27, contains detailed descriptions of the TSC's processes and functions.
  4. Pub. L. No. 107-71, § Stat. 597, 637 (2001)
  5. Pub. L. No. 107-296 (2002)
  6. Aviation Security: Secure Flight Development and Testing Under Way, but Risks Should Be Managed as System Is Further Developed, Government Accountability Office (GAO-05-356, March 2005)
  7. Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges, Government Accountability Office (GAO-04-385, February 12, 2004)
  8. Statement of Justin P. Oberman, Assistant Administrator, Transportation Security Administration, Secure Flight/Registered Traveler, to the Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity, Committee on Homeland Security, United States House of Representatives (June 29, 2005).
  9. TSA officials stated that of the 65 total domestic air carriers, only 19 airlines will need to have technical connections to the TSA for Secure Flight; another 24 airlines will have indirect connections through these 19 airlines. The remaining 22 airlines do not have electronic reservation systems, and therefore will transmit passenger data manually to the TSA. TSA officials stated that they expect to connect [SENSITIVE INFORMATION REDACTED] airlines to Secure Flight by spring 2006.
  10. The passenger name record contains information including the passenger's name, flight itinerary, and seat assignment.
  11. According to the TSC, when passengers book or modify their travel reservations within [SENSITIVE INFORMATION REDACTED] of the flight departure time, the TSA automated system will prioritize the screening of these records ahead of those for flights with later departure dates. A TSA official stated that, in order to enable all passenger prescreening to occur without having to delay flights, airlines will most likely be required to adhere to the general standard that passengers must be checked in at the airport within 30 minutes of their scheduled departure time.
  12. The NCTC was established by Presidential Executive Order 13354 on August 27, 2004. The NCTC is intended to serve as the primary organization within the U.S. government for analyzing and integrating all intelligence possessed by the U.S. government pertaining to terrorism and counterterrorism. The NCTC operates TIDE, the successor system to TIPOFF, which was the Department of State's database of records on known or suspected international terrorists.
  13. Additional database searches at the TSC constitute a check of the FBI's Automated Case Support (ACS) system and the FBI's Violent Gang and Terrorist Organizations File (VGTOF). The ACS database is the FBI's case management program, and the VGTOF database is the FBI's system for tracking terrorist and violent gang information, which resides on the National Crime Information Center (NCIC) system. Only terrorist information in the VGTOF database, not violent gang related records, is used for screening purposes by the TSC.



Previous Page Back to Table of Contents Next Page