GAO's Report on Secure Flight
Sunday I blogged about Transportation Security Administration’s Secure Flight program, and said that the Government Accountability Office will be issuing a report this week.
Here it is.
The AP says:
The government’s latest computerized airline passenger screening program doesn’t adequately protect travelers’ privacy, according to a congressional report that could further delay a project considered a priority after the Sept. 11 attacks.
Congress last year passed a law that said the Transportation Security Administration could spend no money to implement the program, called Secure Flight, until the Government Accountability Office reported that it met 10 conditions. Those include privacy protections, accuracy of data, oversight, cost and safeguards to ensure the system won’t be abused or accessed by unauthorized people.
The GAO found nine of the 10 conditions hadn’t yet been met and questioned whether Secure Flight would ultimately work.
Some tidbits:
- TSA plans to include the capability for criminal checks within Secure Flight (p. 12).
- The timetable has slipped by four months (p. 17).
- TSA might not be able to get personally identifiable passenger data in PNRs because of costs to the industry and lack of money (p.18).
- TSA plans to have intelligence analysts staffed within TSA to identify false positives (p.33).
- The DHS Investment Review Board has withheld approval from the “Transportation Vetting Platform” (p.39).
- TSA doesn’t know how much the program will cost (p.51).
- Final privacy rule to be issued in April (p. 56).
Any of you who read the report, please post other interesting tidbits as comments.
As you all probably know, I am a member of a working group to help evaluate the privacy of Secure Flight. While I believe that a program to match airline passengers against terrorist watch lists is a colossal waste of money that isn’t going to make us any safer, I said “…assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement—in almost every way—over what is currently in place.” I still believe that, but unfortunately I am prohibited by NDA from describing the improvements. I wish someone at TSA would get himself in front of reporters and do so.
Bruce Schneier • March 28, 2005 7:14 PM
Since I know people will misunderstand, let me try to make my final point clear. I think matching airline passengers against a terrorist watch list is a waste of money. But if someone passes a law requiring the TSA to do it — which Congress has done — then Secure Flight is a better way of doing it than what we’re doing now. It’s a better way of doing something not worth doing.