Review of the Terrorist Screening Center's
Efforts to Support the Secure Flight Program
(Redacted for Public Release)

Audit Report 05-34
August 2005
Office of the Inspector General

Executive Summary

The National Commission on Terrorist Attacks Upon the United States (9/11 Commission) recommended in its July 2004 final report that the Department of Homeland Security's (DHS) Transportation Security Administration (TSA) assume responsibility for screening commercial airline passengers and that in doing so the TSA use the information contained within the federal government's terrorist watch lists. The 9/11 Commission further recommended that air carriers be required to provide the TSA with the passenger information necessary to conduct such screening.

Shortly thereafter, Congress passed the Intelligence Reform and Terrorism Prevention Act of 2004, which directed the DHS to "commence testing of an advanced passenger prescreening system that will allow the Department of Homeland Security to assume the performance of comparing passenger information . . . to the automatic selectee and no-fly lists, utilizing all appropriate records in the consolidated and integrated terrorist watchlist maintained by the Federal Government." In response to this directive, in August 2004 the TSA announced an initiative known as "Secure Flight."

The consolidated terrorist watch list (known as the Terrorist Screening Database, or the TSDB) that will be used in the Secure Flight screening process was developed by the Terrorist Screening Center (TSC). The TSC, established through Homeland Security Presidential Directive-6 on September 16, 2003, is a multi-agency effort administered by the Federal Bureau of Investigation (FBI) to consolidate the government's approach to terrorist screening.1 The TSC operates a round-the-clock call center to field inquiries from state and local law enforcement, border inspectors, and government agents abroad who have screened the identity of an individual and received a hit against the consolidated watch list of known or suspected terrorists.

We conducted this review of the TSC's actions with regard to Secure Flight in response to House Report 109-072, which directed the Office of the Inspector General to evaluate the TSC's plan to support the Secure Flight program and to report to the House and Senate Appropriations Committees on the results of our review.

Creation of Secure Flight

According to the TSA, the Secure Flight program improves previous airline passenger screening programs by consolidating functions now separately conducted by 65 air carriers transporting 1.8 million passengers on 30,000 flights each day that leave approximately 450 airports where security screening is required.2

Although the TSA originally planned to implement the Secure Flight program in April 2005, several delays have pushed its launch date for the initial phase (referred to as "pre-operational testing") to the second week of September 2005. During the initial phase, Secure Flight will involve a still undetermined number of air carriers, and the total number of passengers initially screened will be dependant upon the specific carriers involved. The Secure Flight program is expected to gradually increase the number of participating carriers, with full implementation currently scheduled for fiscal year (FY) 2007.

Coordinating Secure Flight Efforts

In October 2004, the TSA and the TSC jointly developed the general process for Secure Flight screening. In January 2005, the TSC asked for and received the assistance of a full-time TSA executive to work as the TSC Secure Flight Program Coordinator. However, it was not until February or March 2005 that the TSA and the TSC began to actively work together on the Secure Flight program. At that time, regularly scheduled, joint meetings with all key participants were initiated to define the roles of the supporting agencies and discuss the status of Secure Flight's development.3

TSA officials told us that they are satisfied with the TSC's support of the Secure Flight program and believe that the TSA and the TSC have a positive partnership. However, TSC officials believe that their ability to prepare for the implementation of Secure Flight has been hampered by the TSA's failure to make, communicate, and comply with key program and policy decisions in a timely manner, such as the launch date and volume of screening to be conducted during the initial implementation phases.

Planning for Operational Changes at the TSC

The TSC recognizes that the Secure Flight program will significantly increase TSC's call center activity. When Secure Flight becomes operational, the TSC will perform many of the same processes currently conducted for calls received from state and local law enforcement, border inspectors and agents, as well as government agents abroad. However, the TSC anticipates a significantly greater operational work load as a result of Secure Flight and an increased need for staff, space, and funding.


The TSC developed three sub-teams to ensure that it properly addressed all areas of support for the Secure Flight program - an operations team, an information technology (IT) team, and a policy/legal team. These teams meet on a weekly basis with the TSC Secure Flight Program Coordinator to discuss the status of their projects and to prioritize their work.


The TSC's total funding for FY 2005 is $64.23 million - $29 million in base funding and an additional $35.2 million obtained through the FY 2005 Emergency Supplemental Appropriations Act. These additional funds were provided by Congress for Secure Flight and other unspecified TSC infrastructure improvements. In its FY 2006 budget request, the FBI again requested $29 million in base funding for the TSC. However, in November 2004 the FBI requested an out-of-cycle budget enhancement of $75 million for TSC improvements, preparations for Secure Flight, and other TSC initiatives, bringing the TSC's total funding request for FY 2006 to $104 million.

Officials in the TSC Administration Branch stated that Secure Flight cannot operate without substantial modifications to the TSC's existing IT environment, including greater infrastructure as well as capability enhancements to the TSDB and the TSC's Encounter Management Application (EMA).4 But the TSC could not provide the exact costs of modifications required to support Secure Flight because, according to the TSC, the organization had planned to make many improvements to its operations and information technology environment prior to Secure Flight. When Secure Flight was announced, the TSC considered the program's needs in determining and refining the necessary modifications to its databases and processes. TSC officials told us that they were unable to disentangle Secure Flight-prompted funding needs from those necessary for other planned changes to existing TSC systems and operations because Secure Flight enhancements were fully integrated with other anticipated modifications. The current immature state of the TSC's IT environment makes specifically identifying Secure Flight enhancements more complex because the TSC's systems continue to evolve. Our June 2005 report noted this immaturity and included 16 recommendations related to the TSC's IT systems, planning, and operations.

The Director of the TSC informed us that she agrees that the TSC needs to identify its Secure Flight funding needs separately from other TSC endeavors. Additionally, she acknowledged that because certain requirements of the TSC's overall systems, staffing, and procurements are paid by other federal agencies or divisions within the FBI, the TSC is unaware of how much the organization truly costs to run. The Director stated that she recognizes the importance of having designated budget staff to perform budget formulation, analysis, and execution, but the TSC does not currently possess the expertise to perform these functions.

However, as a result of our discussions with the Director of the TSC and her staff in July 2005 about the TSC's inability to determine the cost of implementing Secure Flight, the TSC informed us that it would make another attempt to estimate its Secure Flight costs. Subsequently, the TSC formulated a methodology to attempt to identify the percentage of the total call volume, customers, and staff at the TSC that were expected to be related to Secure Flight. These percentages were applied to budget categories to allocate the costs of each category and added to those costs directly and solely related to Secure Flight to estimate the overall cost of supporting the program.

According to this methodology, $8,034,732, or 12.5 percent, of the TSC's $64.23 million in funding for FY 2005 is in direct support of the Secure Flight program. The TSC estimated that an additional $13,256,696, or 20.6 percent of the total, will be used for indirect costs for the Secure Flight program.5 This amounts to a total of $21,291,428, or 33.15 percent of the total funding for Secure Flight in FY 2005. For FY 2006, the TSC estimated that its expected expenditures directly related to Secure Flight will amount to $11,417,869, or 11.6 percent of the budgeted resources. Indirect costs for Secure Flight in FY 2006 are expected to amount to $26,099,699, or 26.4 percent of the total TSC planned spending for FY 2006. Therefore, according to the TSC, the total cost for Secure Flight (direct and indirect) in FY 2006 is projected to amount to 38 percent ($37,517,568) of the total requested TSC budget.

  FY 2005 FY 20066
    Base $29,000,000 $29,000,000
    Supplemental 35,230,000 NA
    Enhancement NA 75,000,000
Total $64,230,000 $104,000,000
    Direct Secure Flight $8,034,732 $11,417,869
    Indirect Secure Flight 13,256,696 26,099,699
    Non-Secure Flight 42,938,572 61,217,432
Total $64,230,000 $98,735,000
Source: Terrorist Screening Center, July 2005

We were unable to perform transaction testing or an in-depth analysis of the cost breakdowns provided by the TSC because the information was not provided until July 18, 2005. The TSC also has not been able to adequately estimate its projected workload increase due to TSA's failure to provide a reliable and definitive implementation schedule for the Secure Flight program as a whole. Moreover, the TSC's total and indirect costs are based upon assumptions of growth in areas outside of Secure Flight, and in this review we did not examine these non-Secure Flight enhancements.

Given these factors, we are unable to reach a conclusion as to the accuracy of the financial information the TSC provided our auditors to explain its direct and indirect costs of implementing Secure Flight. We recommend that the TSC develop the capacity to produce more accurate financial and budgetary projections that identify its Secure Flight funding needs separately from other TSC endeavors. However, as it stands currently from the information provided, the OIG cannot determine how much of the $75 million out-of-cycle budget enhancement requested by the TSC for FY 2006 appropriately reflects the TSC's actual anticipated expenses for Secure Flight versus other enhancements.

Planning for Secure Flight Information Technology

We were told by TSC officials that it initially appeared that the TSA did not plan for the TSC to be directly involved in the Secure Flight screening process. The TSA assumed that it would be responsible for conducting all of the electronic searches as well as all human vetting for terrorist screening related to domestic air travel. Under this scenario, the TSC's role would be limited to providing a copy of its consolidated watch list database to the TSA. However, according to TSC officials, the TSA's plan did not account for having to communicate the results of the Secure Flight matches to the law enforcement agencies responsible for responding to hits against the watch list.

Besides omitting arrangements for any necessary law enforcement response, the TSA neglected to plan for the complex process of record additions, deletions, and modifications made to the TSDB on a continual basis. According to the TSC's IT officials, this oversight resulted from the TSA's initial assumption that it would receive a relatively static copy of the TSDB against which the TSA would compare the passenger data obtained from the airlines.

Once the TSA and the TSC agreed on the TSC's necessary role in the screening process, many of the processes that the TSA had already developed had to be re-designed and re-tooled. For example, although TSC officials reported that in May 2005 the TSA began to communicate more openly and proactively with the TSC, in the middle of June, just weeks prior to the original laboratory testing date, the TSA identified problems with the data file formats that are critical for transmission of passenger information from the airlines to the TSA Secure Flight Office and the subsequent transmission of TSA Secure Flight-determined watch list matches to the TSC. According to TSC officials, two separate teams at the TSA designed the two processes and apparently did not coordinate the basic file structures or consult the TSC. TSC IT officials said that the TSA's file format problem might not have occurred had the standards for data exchange been established prior to designing and developing the systems and applications.

Officials in the TSC IT Branch said they will be prepared for the launch of Secure Flight and have established electronic interfaces for the exchange of data, modified the TSDB to allow for the watch list to be shared with the TSA, and developed significant enhancements to the TSC's current systems to accommodate Secure Flight screening and to facilitate the necessary law enforcement response to domestic travelers who are a match against the watch list. The TSC stated that its plans for these actions are on track and will be finalized before the launch of the Secure Flight program.

Other Preparations in Support of Secure Flight

To assist individuals who believe they were inappropriately delayed or prohibited from boarding their flights by the Secure Flight program, the Intelligence Reform and Terrorism Prevention Act of 2004 directed the DHS to establish a timely and fair method to appeal or correct any erroneous data in the terrorist screening database. In response, the TSA established a new redress office, increased its staffing, and drafted new processes and procedures. TSA officials indicated that the TSC would play a supporting role in the redress process, but would not have direct contact with the public. However, the TSA and the TSC have not reached agreement on certain important redress concepts, such as the amount and specificity of information that is provided to redress requestors.

In addition, the TSA and the TSC have worked together to address a number of legal requirements for both agencies, including the issuance of System of Records Notices (SORN), which is required by the Privacy Act of 1974.7 On July 28, 2005, the TSC published a SORN that covers its current and anticipated screening operations, including those related to Secure Flight.8


The TSC's Secure Flight screening responsibilities are anticipated to begin in September 2005, when Secure Flight is launched. We found that the TSC has designed its necessary electronic connections to accommodate the transfer of terrorist watch list records, airline passenger information, and screening results; developed new processes to facilitate law enforcement responses to encounters with individuals who are a match against the consolidated terrorist watch list; and is on schedule for testing its newly established systems and procedures relating to Secure Flight.

However, the TSA has repeatedly adjusted the implementation date for Secure Flight, from April 2005 to August 2005, to the most recent target date of September 2005. In addition, the TSA has changed its Secure Flight implementation plan and as of July 31, 2005, is unsure how many airlines will participate in the initial phase. As a result, neither the TSA nor the TSC knows how many passenger records will be screened and cannot project the number of watch list hits that will be forwarded to the TSC for action. This shifting of critical milestones has affected the TSC's ability to adequately plan for its role in the Secure Flight program.

In addition, we found that the TSC lacks the ability to identify specific costs that are in support of the Secure Flight program. At the exit conference for this audit, TSC officials stated that they do not currently have the ability to project baseline budget information related to the cost of adding Secure Flight to the TSC's regular operations. TSC officials attributed this lack of fundamental data to their stage of development, noting that the organization has been in existence for less than 2 years. TSC management stated that the TSC's base budget of $29 million was derived from conservative estimates developed during the organization's earliest days and this amount cannot meet its normal operating requirements. They further stated that the composition of the TSC as an intergovernmental organization within the FBI makes the situation more complex. In addition, TSC officials stated that the structure of the FBI's financial systems limits its flexibility in categorizing and summarizing costs associated with its varied projects and programs. TSC officials said that they understand the importance of being able to discretely project and track costs by program, budget category, or organizational unit. However, the TSC stated that it currently is unable to accurately estimate the incremental cost of adding programs that increase the TSC's range of operations, such as Secure Flight.

The TSC's difficulties in estimating the costs for Secure Flight are exacerbated by the TSA's failure to specifically define the scope of each implementation phase. As a result, the TSC has been unable to adequately project its resource requirements for responding to the expected increase in workload.

In sum, the TSC is trying to plan for a program that has several major undefined parameters. Specifically, the TSC does not know when Secure Flight will start, the volume of inquiries expected and the resulting number of resources required to respond, the quality of data it will have to analyze, and the specific details of the phased-in approach for taking the program from "pre-operational testing" in September 2005 to full operational capability in FY 2007.

At the end of our report, we made five recommendations to the TSC to help it support the Secure Flight program. TSC management has agreed with our recommendations and their response to each is located in Appendix III. Our analysis of the response is included in Appendix IV.


  1. In June 2005, the OIG reported on its review of the TSC's administration, operations, information systems, data reliability, and accomplishment of mission-critical functions. That report (Review of the Terrorist Screening Center, Report Number 05-27) contains detailed descriptions of the TSC's processes and functions.
  2. Beginning in the late 1990s, the Department of Transportation began using the Computer Assisted Passenger Prescreening System (CAPPS I) to screen air travelers and select individuals for enhanced security screening. Air carriers performed this screening in two ways: (1) by comparing domestic airline passenger manifest information, referred to as passenger name records, against certain aviation risk criteria known as the CAPPS I rules; and (2) by comparing passenger information against two of the federal government's watch lists: the no-fly list, which included names of individuals that were to be denied transport on commercial flights because they were deemed a threat to civil aviation; and the selectee list, which included names of individuals whom air carriers were required to "select" for additional screening prior to permitting them to board an aircraft. In March 2003, the TSA began developing the next phase of the CAPPS program (CAPPS II). However, after significant criticism of the program, the TSA cancelled CAPPS II in August 2004 and announced its new initiative - Secure Flight.
  3. Aside from the TSA and the TSC, other key stakeholders include the Terrorist Screening Operations Unit (TSOU) in the FBI Counterterrorism Division, the DHS's Federal Air Marshal Service (FAMS), and the Department of Defense's North American Aerospace Defense Command (NORAD). The TSOU will coordinate any necessary law enforcement response to anticipated or realized encounters with individuals who are a match against a watch list record. The FAMS will monitor and resolve any on-board activity of flights in progress, while NORAD will monitor affected flights and take any necessary airspace actions.
  4. EMA is the TSC's tool for recording the details of all incoming calls to its call center resulting from government encounters with individuals that appear to be a hit against a watch list record. Call center staff record the information they receive from the caller, the TSC determination of whether the individual is a match with a TSDB record, whether the caller was forwarded to law enforcement for further action, and the final disposition of the encounter.
  5. The costs identified as direct include expenditures that are fully attributable to Secure Flight. The indirect costs represent areas in which the TSC has planned for changes to its general organization and infrastructure and a portion of those modifications has been charged to Secure Flight based on the percentage of the total call volume, customers, and staff at the TSC expected to be related to Secure Flight activities.
  6. The spending information includes all non-personnel funding included in the FY 2006 budget submission for the TSC. An additional $5,265,000 was requested for an increase in the number of full-time equivalent FBI positions assigned to the TSC. The TSC did not include any personnel figures in the spending information that it gave to us because all its positions are provided by the participating agencies, such as the FBI or the DHS.

  7. The TSDB is considered a "system of records" because it contains data regarding individuals that is retrieved by name or by some identifying number, symbol, or other piece of information. Both the TSA and the TSC are required by the Privacy Act to publish in the Federal Register a description of their own records as well as any new use of the information contained therein and to provide the public an opportunity to comment. This informs the public of the purpose for the system and includes information such as a description of the types of individuals reflected in the records, the data collected, the reason for data collection, the data safeguard and security processes, and rules and purposes for sharing the data.
  8. Prior to the issue of its SORN, the TSC was covered by an existing FBI SORN related to its central records system.

Previous Page Back to Table of Contents Next Page