Schneier on Security
A blog covering security and security technology.
« Flaw in Pin-Tumbler Locks |
| Remote Physical Device Fingerprinting »
March 7, 2005
GAO on Secure Flight and Commercial Data
The Government Accountability Office (GAO) released a report titled "Aviation Security: Measures for Testing the Impact of Using Commercial Data for the Secure Flight Program."
Posted on March 7, 2005 at 1:15 PM
• 1 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Bruce, I assume you are restricted from commenting on this, but it is quite confusing without a timeline or legal rep.
It seems that this report was required under the Department of Homeland Security Appropriations Act, 2005 (Public Law 108-334) Section 522(d), which states that no funds "may be utilized to test an identity verification system that utilizes" data from a "non-Federal entity" until the "TSA has developed measures to determine the impact of such verification on aviation security and the Government Accountability Office has reported on its evaluation of the measures."
So the TSA had to wait until the GAO issued the report before they could commence testing the commercial identity verification portion of Secure Flight, right?
If I understand correctly, we should now see the TSA award the prime contract for Secure Flight testing and send an order to US-based airlines to turn over reservation or Passenger Name Record (PNR) data to be used in the tests.
Has the data been transfered? Some airlines seemed to indicate last year that they would need a specific mandate to do so, despite policies that now say they must give the government any information it asks for, even without a binding order. If they resist and/or sue will their legal team be "rendered" to (an undisclosed foreign location) for interrogation? (http://www.btnmag.com/businesstravelnews/headlines/frontpage_display.jsp?vnu_content_id=1000651781)
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.