Schneier on Security

Davi Ottenheimer • March 7, 2005 3:00 PM

Bruce, I assume you are restricted from commenting on this, but it is quite confusing without a timeline or legal rep.

It seems that this report was required under the Department of Homeland Security Appropriations Act, 2005 (Public Law 108-334) Section 522(d), which states that no funds “may be utilized to test an identity verification system that utilizes” data from a “non-Federal entity” until the “TSA has developed measures to determine the impact of such verification on aviation security and the Government Accountability Office has reported on its evaluation of the measures.”

So the TSA had to wait until the GAO issued the report before they could commence testing the commercial identity verification portion of Secure Flight, right?

If I understand correctly, we should now see the TSA award the prime contract for Secure Flight testing and send an order to US-based airlines to turn over reservation or Passenger Name Record (PNR) data to be used in the tests.

Has the data been transfered? Some airlines seemed to indicate last year that they would need a specific mandate to do so, despite policies that now say they must give the government any information it asks for, even without a binding order. If they resist and/or sue will their legal team be “rendered” to (an undisclosed foreign location) for interrogation? (http://www.btnmag.com/businesstravelnews/headlines/frontpage_display.jsp?vnu_content_id=1000651781)