September 14, 2007
On August 9, 2007, the U.S. Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) published a Notice of Proposed Rulemaking (NPRM) on Secure Flight, a program to prescreen air passengers. By moving the responsibility for vetting passengers against government watch lists from the airlines to DHS, Secure Flight promises to create a one-stop shop for prescreening. The final rule for the Advance Passenger Information System (APIS) was also published at the same time. APIS is an existing international passenger and crew manifest system. The new rule implements some adjustments to the program, designed to sync APIS with the plan for Secure Flight, which is expected to take over vetting of international manifests.
Current Status
In July 2004, the National Commission on Terrorist Attacks on the United States (9/11 Commission) recommended that the federal government improve the use of “no fly” and “automatic selectee” lists and transfer that responsibility to TSA. The Intelligence Reform and Terrorism Prevention Act of 2004, signed by President Bush in December 2004, mandated the Commission’s recommendations. Since that time, TSA and Customs and Border Protection (CBP) have taken several steps toward improving the accuracy and precision of the watch lists used to vet domestic and international air passengers.
Currently, when an individual travels domestically, the airline has the responsibility of matching the information collected in the individual’s reservation to the Federal No Fly and Selectee Lists, which are submitted to the airlines periodically by TSA. If the airline finds that an individual’s reservation information matches or is similar to a name on the No Fly or Selectee List, the airline is required to notify TSA for further instructions. Depending on instructions, that individual may be directed to secondary screening or prohibited from boarding that flight.
International passengers are subject to the same requirements; however, watch list matching conducted by the airlines is supplemented by APIS. Under APIS, foreign airlines are required to transmit passenger information to CBP no later than fifteen minutes after the departure of the aircraft. If CBP concludes that a person on that flight is a risk, that flight may be diverted from landing in the United States.
Challenges
The current system has been frustrating to many travelers. The watch lists submitted to airlines by TSA often contain little information about any specific individual on the list, and that shortage of data can lead mistakes. TSA Administrator Kip Hawley has testified before Congress on several occasions to provide updates on the progress of implementing Secure Flight, and to convey to Members of Congress and the public that TSA has been working to reduce the number of false positives. Much of the media coverage of TSA has focused on horror stories, in which prominent diplomats or children, who were obviously not security risks, were remanded for secondary screening or even prohibited from flying.
In an effort to improve the situation, TSA launched the Travel Redress Inquiry Program (TRIP) in February of this year. TRIP is a one-stop redress process that provides a way for travelers who think that they have been unfairly targeted through watch list matching to attempt to correct the situation. The program coordinates and tracks claims across the appropriate DHS component agencies and boasts 10-day adjudication. TSA has also stated that DHS is reviewing the watch lists and reevaluating the people on the list to increase the efficiency and minimize errors. Travelers can file TRIP complaints at http://www.dhs.gov/trip.
DHS’s Long-Term Vision
While TRIP gives passengers who have been misidentified a way to rectify the situation after the fact, TSA is positioning its Secure Flight proposal as a way to improve prescreening on the front end. Secure Flight proposes to take away from the airlines the responsibility to match passenger information against the watch lists. Secure Flight would instead require the airlines to submit passenger data to DHS to conduct the matching. The rule would require airlines to ask for full name, date of birth and gender; however, passengers would only be required to submit full name. Airlines would be required to submit all identifying data elements provided by passengers, including information beyond the data requested. For example, if a passenger provides social security number or other personal identifying information other than name, date of birth and gender, the airline is required to send that information to DHS. [See chart for details on data requirements.] DHS would then evaluate and send back instructions to (a) allow the individual to board, (b) engage in secondary screening or (c) deny boarding. Airlines would be required to transmit passenger information to TSA at least 72 hours before the flight departs. TSA estimates that over 90 percent of all reservations are made at least 72 hours in advance. If a reservation is made within the 72-hour limit, the airline would have to transmit that information immediately and await instructions from TSA before allowing any individual onto an airplane. Throughout the NPRM, TSA states that while passengers will only be required to submit their full name, providing additional data, such as passport information, gender and birth date, significantly decreases the chance that a passenger will be flagged.
At the same time DHS announced the Secure Flight NPRM, CBP announced the final rule for APIS, the international passenger and crew manifest system. Under the final rule, airlines can transmit information via an “interactive” or a “non-interactive” method. The interactive method allows the airlines to receive real time responses, thereby processing international passengers in a timelier manner. Under the final rule, foreign carriers must transmit information at least 30 minutes prior to “the securing of the aircraft doors.” Because it is expected that Secure Flight will take over the APIS vetting procedures for international passengers and crew, TSA has been working with CBP to ensure that the final APIS rule is aligned with Secure Flight. When Secure Flight is able to process international passengers, this coordination will ensure a smooth transition.
What’s Next?
Currently, NPRM is under the comment review period for 60 days. TSA has asked for comments on the Proposed Rule and NBTA will be examining the NPRM closely and will file comments with TSA. The due date for comments is October 22, 2007.