Entries Tagged "watch lists"

Page 5 of 6

Secure Flight

Last Friday the GAO issued a new report on Secure Flight. It’s couched in friendly language, but it’s not good:

During the course of our ongoing review of the Secure Flight program, we found that TSA did not fully disclose to the public its use of personal information in its fall 2004 privacy notices as required by the Privacy Act. In particular, the public was not made fully aware of, nor had the opportunity to comment on, TSA’s use of personal information drawn from commercial sources to test aspects of the Secure Flight program. In September 2004 and November 2004, TSA issued privacy notices in the Federal Register that included descriptions of how such information would be used. However, these notices did not fully inform the public before testing began about the procedures that TSA and its contractors would follow for collecting, using, and storing commercial data. In addition, the scope of the data used during commercial data testing was not fully disclosed in the notices. Specifically, a TSA contractor, acting on behalf of the agency, collected more than 100 million commercial data records containing personal information such as name, date of birth, and telephone number without informing the public. As a result of TSA’s actions, the public did not receive the full protections of the Privacy Act.

Get that? The TSA violated federal law when it secretly expanded Secure Flight’s use of commercial data about passengers. It also lied to Congress and the public about it.

Much of this isn’t new. Last month we learned that:

The federal agency in charge of aviation security revealed that it bought and is storing commercial data about some passengers—even though officials said they wouldn’t do it and Congress told them not to.

Secure Flight is a disaster in every way. The TSA has been operating with complete disregard for the law or Congress. It has lied to pretty much everyone. And it is turning Secure Flight from a simple program to match airline passengers against terrorist watch lists into a complex program that compiles dossiers on passengers in order to give them some kind of score indicating the likelihood that they are a terrorist.

Which is exactly what it was not supposed to do in the first place.

Let’s review:

For those who have not been following along, Secure Flight is the follow-on to CAPPS-I. (CAPPS stands for Computer Assisted Passenger Pre-Screening.) CAPPS-I has been in place since 1997, and is a simple system to match airplane passengers to a terrorist watch list. A follow-on system, CAPPS-II, was proposed last year. That complicated system would have given every traveler a risk score based on information in government and commercial databases. There was a huge public outcry over the invasiveness of the system, and it was cancelled over the summer. Secure Flight is the new follow-on system to CAPPS-I.

EPIC has more background information.

Back in January, Secure Flight was intended to just be a more efficient system of matching airline passengers with terrorist watch lists.

I am on a working group that is looking at the security and privacy implications of Secure Flight. Before joining the group I signed an NDA agreeing not to disclose any information learned within the group, and to not talk about deliberations within the group. But there’s no reason to believe that the TSA is lying to us any less than they’re lying to Congress, and there’s nothing I learned within the working group that I wish I could talk about. Everything I say here comes from public documents.

In January I gave some general conclusions about Secure Flight. These have not changed.

One, assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement—in almost every way—over what is currently in place. (And by this I mean the matching program, not any potential uses of commercial or other third-party data.)

Two, the security system surrounding Secure Flight is riddled with security holes. There are security problems with false IDs, ID verification, the ability to fly on someone else’s ticket, airline procedures, etc.

Three, the urge to use this system for other things will be irresistible. It’s just too easy to say: “As long as you’ve got this system that watches out for terrorists, how about also looking for this list of drug dealers…and by the way, we’ve got the Super Bowl to worry about too.” Once Secure Flight gets built, all it’ll take is a new law and we’ll have a nationwide security checkpoint system.

And four, a program of matching airline passengers with names on terrorism watch lists is not making us appreciably safer, and is a lousy way to spend our security dollars.

What has changed is the scope of Secure Flight. First, it started using data from commercial sources, like Acxiom. (The details are even worse.) Technically, they’re testing the use of commercial data, but it’s still a violation. Even the DHS started investigating:

The Department of Homeland Security’s top privacy official said Wednesday that she is investigating whether the agency’s airline passenger screening program has violated federal privacy laws by failing to properly disclose its mission.

The privacy officer, Nuala O’Connor Kelly, said the review will focus on whether the program’s use of commercial databases and other details were properly disclosed to the public.

The TSA’s response to being caught violating their own Privacy Act statements? Revise them:

According to previous official notices, TSA had said it would not store commercial data about airline passengers.

The Privacy Act of 1974 prohibits the government from keeping a secret database. It also requires agencies to make official statements on the impact of their record keeping on privacy.

The TSA revealed its use of commercial data in a revised Privacy Act statement to be published in the Federal Register on Wednesday.

TSA spokesman Mark Hatfield said the program was being developed with a commitment to privacy, and that it was routine to change Privacy Act statements during testing.

Actually, it’s not. And it’s better to change the Privacy Act statement before violating the old one. Changing it after the fact just looks bad.

The point of Secure Flight match airline passengers against lists of suspected terrorists. But the vast majority of people flagged by this list simply have the same name, or a similar name, as the suspected terrorist: Ted Kennedy and Cat Stevens are two famous examples. The question is whether combining commercial data with the PNR (Passenger Name Record) supplied by the airline could reduce this false-positive problem. Maybe knowing the passenger’s address, or phone number, or date of birth, could reduce false positives. Or maybe not; it depends what data is on the terrorist lists. In any case, it’s certainly a smart thing to test.

But using commercial data has serious privacy implications, which is why Congress mandated all sorts of rules surrounding the TSA testing of commercial data—and more rules before it could deploy a final system—rules that the TSA has decided it can ignore completely.

Commercial data had another use under CAPPS-II In that now-dead program, every passenger would be subjected to a computerized background check to determine their “risk” to airline safety. The system would assign a risk score based on commercial data: their credit rating, how recently they moved, what kind of job they had, etc. This capability was removed from Secure Flight, but now it’s back:

The government will try to determine whether commercial data can be used to detect terrorist “sleeper cells” when it checks airline passengers against watch lists, the official running the project says….

Justin Oberman, in charge of Secure Flight at TSA, said the agency intends to do more testing of commercial data to see if it will help identify known or suspected terrorists not on the watch lists.

“We are trying to use commercial data to verify the identities of people who fly because we are not going to rely on the watch list,” he said. “If we just rise and fall on the watch list, it’s not adequate.”

Also this Congressional hearing (emphasis mine):

THOMPSON: There are a couple of questions I’d like to get answered in my mind about Secure Flight. Would Secure Flight pick up a person with strong community roots but who is in a terrorist sleeper cell or would a person have to be a known terrorist in order for Secure Flight to pick him up?

OBERMAN: Let me answer that this way: It will identify people who are known or suspected terrorists contained in the terrorist screening database, and it ought to be able to identify people who may not be on the watch list. It ought to be able to do that. We’re not in a position today to say that it does, but we think it’s absolutely critical that it be able to do that.

And so we are conducting this test of commercially available data to get at that exact issue.: Very difficult to do, generally. It’s particularly difficult to do when you have a system that transports 1.8 million people a day on 30,000 flights at 450 airports. That is a very high bar to get over.

It’s also very difficult to do with a threat described just like you described it, which is somebody who has sort of burrowed themselves into society and is not readily apparent to us when they’re walking through the airport. And so I cannot stress enough how important we think it is that it be able to have that functionality. And that’s precisely the reason we have been conducting this ommercial data test, why we’ve extended the testing period and why we’re very hopeful that the results will prove fruitful to us so that we can then come up here, brief them to you and explain to you why we need to include that in the system.

My fear is that TSA has already decided that they’re going to use commercial data, regardless of any test results. And once you have commercial data, why not build a dossier on every passenger and give them a risk score? So we’re back to CAPPS-II, the very system Congress killed last summer. Actually, we’re very close to TIA (Total/Terrorism Information Awareness), that vast spy-on-everyone data-mining program that Congress killed in 2003 because it was just too invasive.

Secure Flight is a mess in lots of other ways, too. A March GAO report said that Secure Flight had not met nine out of the ten conditions mandated by Congress before TSA could spend money on implementing the program. (If you haven’t read this report, it’s pretty scathing.) The redress problem—helping people who cannot fly because they share a name with a terrorist—is not getting any better. And Secure Flight is behind schedule and over budget.

It’s also a rogue program that is operating in flagrant disregard for the law. It can’t be killed completely; the Intelligence Reform and Terrorism Prevention Act of 2004 mandates that TSA implement a program of passenger prescreening. And until we have Secure Flight, airlines will still be matching passenger names with terrorist watch lists under the CAPPS-I program. But it needs some serious public scrutiny.

EDITED TO ADD: Anita Ramasastry’s commentary is worth reading.

Posted on July 24, 2005 at 9:10 PMView Comments

Processing Exit Visas

From Federal Computer Week:

The Homeland Security Department will choose in the next 60 days which of three procedures it will use to track international visitors leaving the United States, department officials said today.

A report evaluating the three methods under consideration is due in the next few weeks, said Anna Hinken, spokeswoman for US-VISIT, the program that screens foreign nationals entering and exiting the country to weed out potential terrorists.

The first process uses kiosks located throughout an airport or seaport. An “exit attendant”—who would be a contract worker, Hinken said—checks the traveler’s documents. The traveler then steps to the station, scans both index fingers and has a digital photo taken. The station prints out a receipt that verifies the passenger has checked out.

The second method requires the passenger to present the receipt when reaching the departure gate. An exit attendant will scan the receipt and one of the passenger’s index fingers using a wireless handheld device. If the passenger’s fingerprint matches the identity on the receipt, the attendant returns the receipt and the passenger can board.

The third procedure uses just the wireless device at the gate. The screening officer scans the traveler’s fingerprints and takes a picture with the device, which is similar in size to tools that car-rental companies use, Hinken said. The device wirelessly checks the US-VISIT database. Once the traveler’s identity is confirmed as safe, the officer prints out a receipt and the visitor can pass.

Properly evaluating this trade-off would look at the relative ease of attacking the three systems, the relative costs of the three systems, and the relative speed and convenience—to the traveller—of the three systems. My guess is that the system that requires the least amount of interaction with a person when boarding the plane is best.

Posted on April 20, 2005 at 8:16 AMView Comments

More Uses for Airline Passenger Data

I’ve been worried about the government getting comprehensive data on airline passengers in order to check their names against a terrorist “watch list.” Turns out that the government has another reason for wanting passenger data.

Although privacy experts worry about the government gathering personal information on airline travelers, Delta Airlines is handing over electronic lists of passengers from some flights to help stop the spread of deadly infectious diseases.

The lists will allow health officials to notify more quickly those travelers who might have been exposed to illnesses such as dengue fever, flu, plague, SARS and biological agents, the Centers for Disease Control and Prevention told a congressional panel on Wednesday.

It’s the same story: a massive privacy violation of everybody just in case something happens to a few.

As an example of the CDC’s notification efforts, Schuchat cited the case of a New Jersey resident who returned from a trip to Sierra Leone in September with Lassa fever. The patient flew to Newark via London and took a train home. Only after he died a few days later did the CDC confirm the disease.

CDC worked with the state, the airline, the railroad, the hospital and others to identify 188 people who had been near the patient. Nineteen were deemed at-risk and 16 were contacted; none of those contacted came down with the disease. It took more than five days to notify some passengers, Schuchat said.

It’s unclear how this program would reduce that “five days” problem. I think it’s a better trade-off for the airlines to be ready to send the CDC the data in the event of a problem, rather than them sending the CDC all the data—just in case—before there is any problem.

Posted on April 8, 2005 at 9:14 AMView Comments

GAO's Report on Secure Flight

Sunday I blogged about Transportation Security Administration’s Secure Flight program, and said that the Government Accountability Office will be issuing a report this week.

Here it is.

The AP says:

The government’s latest computerized airline passenger screening program doesn’t adequately protect travelers’ privacy, according to a congressional report that could further delay a project considered a priority after the Sept. 11 attacks.

Congress last year passed a law that said the Transportation Security Administration could spend no money to implement the program, called Secure Flight, until the Government Accountability Office reported that it met 10 conditions. Those include privacy protections, accuracy of data, oversight, cost and safeguards to ensure the system won’t be abused or accessed by unauthorized people.

The GAO found nine of the 10 conditions hadn’t yet been met and questioned whether Secure Flight would ultimately work.

Some tidbits:

  • TSA plans to include the capability for criminal checks within Secure Flight (p. 12).
  • The timetable has slipped by four months (p. 17).
  • TSA might not be able to get personally identifiable passenger data in PNRs because of costs to the industry and lack of money (p.18).
  • TSA plans to have intelligence analysts staffed within TSA to identify false positives (p.33).
  • The DHS Investment Review Board has withheld approval from the “Transportation Vetting Platform” (p.39).
  • TSA doesn’t know how much the program will cost (p.51).
  • Final privacy rule to be issued in April (p. 56).

Any of you who read the report, please post other interesting tidbits as comments.

As you all probably know, I am a member of a working group to help evaluate the privacy of Secure Flight. While I believe that a program to match airline passengers against terrorist watch lists is a colossal waste of money that isn’t going to make us any safer, I said “…assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement—in almost every way—over what is currently in place.” I still believe that, but unfortunately I am prohibited by NDA from describing the improvements. I wish someone at TSA would get himself in front of reporters and do so.

Posted on March 28, 2005 at 7:03 PMView Comments

TSA Lied About Protecting Passenger Data

According to the AP:

The Transportation Security Administration misled the public about its role in obtaining personal information about 12 million airline passengers to test a new computerized system that screens for terrorists, according to a government investigation.

The report, released Friday by Homeland Security Department Acting Inspector General Richard Skinner, said the agency misinformed individuals, the press and Congress in 2003 and 2004. It stopped short of saying TSA lied.

I’ll say it: the TSA lied.

Here’s the report. It’s worth reading. And when you read it, keep in mind that it’s written by the DHS’s own Inspector General. I presume a more independent investigator would be even more severe. Not that the report isn’t severe, mind you.

Another AP article has more details:

The report cites several occasions where TSA officials made inaccurate statements about passenger data:

  • In September 2003, the agency’s Freedom of Information Act staff received hundreds of requests from Jet Blue passengers asking if the TSA had their records. After a cursory search, the FOIA staff posted a notice on the TSA Web site that it had no JetBlue passenger data. Though the FOIA staff found JetBlue passenger records in TSA’s possession in May, the notice stayed on the Web site for more than a year.
  • In November 2003, TSA chief James Loy incorrectly told the Governmental Affairs Committee that certain kinds of passenger data were not being used to test passenger prescreening.
  • In September 2003, a technology magazine reporter asked a TSA spokesman whether real data were used to test the passenger prescreening system. The spokesman said only fake data were used; the responses “were not accurate,” the report said.

There’s much more. The report reveals that TSA ordered Delta Air Lines to turn over passenger data in February 2002 to help the Secret Service determine whether terrorists or their associates were traveling in the vicinity of the Salt Lake City Olympics.

It also reveals that TSA used passenger data from JetBlue in the spring of 2003 to figure out how to change the number of people who would be selected for more screening under the existing system.

The report says that one of the TSA’s contractors working on passenger prescreening, Lockheed Martin, used a data sample from ChoicePoint.

The report also details how outside contractors used the data for their own purposes. And that “the agency neglected to inquire whether airline passenger data used by the vendors had been returned or destroyed.” And that “TSA did not consistently apply privacy protections in the course of its involvement in airline passenger data transfers.”

This is major stuff. It shows that the TSA lied to the public about its use of personal data again and again and again.

Right now the TSA is in a bit of a bind. It is prohibited by Congress from fielding Secure Flight until it meets a series of criteria. The Government Accountability Office is expected to release a report this week that details how the TSA has not met these criteria.

I’m not sure the TSA cares. It’s already announced plans to roll out Secure Flight.

With little fanfare, the Transportation Security Administration late last month announced plans to roll out in August its highly contentious Secure Flight program. Considered by some travel industry experts a foray into operational testing, rather than a viable implementation, the program will begin, in limited release, with two airlines not yet named by TSA.

My own opinions of Secure Flight are well-known. I am participating in a Working Group to help evaluate the privacy of Secure Flight. (I’ve blogged about it here and here.) We’ve met three times, and it’s unclear if we’ll ever meet again or if we’ll ever produce the report we’re supposed to. Near as I can tell, it’s all a big mess right now.

Edited to add: The GAO report is online (PDF format).

Posted on March 27, 2005 at 12:34 PMView Comments

Sensitive Security Information (SSI)

For decades, the U.S. government has had systems in place for dealing with military secrets. Information is classified as either Confidential, Secret, Top Secret, or one of many “compartments” of information above Top Secret. Procedures for dealing with classified information were rigid: classified topics could not be discussed on unencrypted phone lines, classified information could not be processed on insecure computers, classified documents had to be stored in locked safes, and so on. The procedures were extreme because the assumed adversary was highly motivated, well-funded, and technically adept: the Soviet Union.

You might argue with the government’s decision to classify this and not that, or the length of time information remained classified, but if you assume the information needed to remain secret, than the procedures made sense.

In 1993, the U.S. government created a new classification of information—Sensitive Security Information—that was exempt from the Freedom of Information Act. The information under this category, as defined by a D.C. court, was limited to information related to the safety of air passengers. This was greatly expanded in 2002, when Congress deleted two words, “air” and “passengers,” and changed “safety” to “security.” Currently, there’s a lot of information covered under this umbrella.

The rules for SSI information are much more relaxed than the rules for traditional classified information. Before someone can have access to classified information, he must get a government clearance. Before someone can have access to SSI, he simply must sign an NDA. If someone discloses classified information, he faces criminal penalties. If someone discloses SSI, he faces civil penalties.

SSI can be sent unencrypted in e-mail; a simple password-protected file is enough. A person can take SSI home with him, read it on an airplane, and talk about it in public places. People entrusted with SSI information shouldn’t disclose it to those unauthorized to know it, but it’s really up to the individual to make sure that doesn’t happen. It’s really more like confidential corporate information than government military secrets.

The U.S. government really had no choice but to establish this classification level, given the kind of information they needed to work with. for example, the terrorist “watch” list is SSI. If the list falls into the wrong hands, it would be bad for national security. But think about the number of people who need access to the list. Every airline needs a copy, so they can determine if any of their passengers are on the list. That’s not just domestic airlines, but foreign airlines as well—including foreign airlines that may not agree with American foreign policy. Police departments, both within this country and abroad, need access to the list. My guess is that more than 10,000 people have access to this list, and there’s no possible way to give all them a security clearance. Either the U.S. government relaxes the rules about who can have access to the list, or the list doesn’t get used in the way the government wants.

On the other hand, the threat is completely different. Military classification levels and procedures were developed during the Cold War, and reflected the Soviet threat. The terrorist adversary is much more diffuse, much less well-funded, much less technologically advanced. SSI rules really make more sense in dealing with this kind of adversary than the military rules.

I’m impressed with the U.S. government SSI rules. You can always argue about whether a particular piece of information needs to be kept secret, and how classifications like SSI can be used to conduct government in secret. But if you take secrecy as an assumption, SSI defines a reasonable set of secrecy rules against a new threat.

Background on SSI

TSA’s regulation on the protection of SSI

Controversies surrounding SSI

My essay explaining why secrecy is often bad for security

Posted on March 8, 2005 at 10:37 AMView Comments

TSA's Secure Flight

As I wrote previously, I am participating in a working group to study the security and privacy of Secure Flight, the U.S. government’s program to match airline passengers with a terrorist watch list. In the end, I signed the NDA allowing me access to SSI (Sensitive Security Information) documents, but managed to avoid filling out the paperwork for a SECRET security clearance.

Last week the group had its second meeting.

So far, I have four general conclusions. One, assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement—in almost every way—over what is currently in place. (And by this I mean the matching program, not any potential uses of commercial or other third-party data.)

Two, the security system surrounding Secure Flight is riddled with security holes. There are security problems with false IDs, ID verification, the ability to fly on someone else’s ticket, airline procedures, etc.

Three, the urge to use this system for other things will be irresistible. It’s just too easy to say: “As long as you’ve got this system that watches out for terrorists, how about also looking for this list of drug dealers…and by the way, we’ve got the Super Bowl to worry about too.” Once Secure Flight gets built, all it’ll take is a new law and we’ll have a nationwide security checkpoint system.

And four, a program of matching airline passengers with names on terrorism watch lists is not making us appreciably safer, and is a lousy way to spend our security dollars.

Unfortunately, Congress has mandated that Secure Flight be implemented, so it is unlikely that the program will be killed. And analyzing the effectiveness of the program in general, potential mission creep, and whether the general idea is a worthwhile one, is beyond the scope of our little group. In other words, my first conclusion is basically all that they’re interested in hearing.

But that means I can write about everything else.

To speak to my fourth conclusion: Imagine for a minute that Secure Flight is perfect. That is, we can ensure that no one can fly under a false identity, that the watch lists have perfect identity information, and that Secure Flight can perfectly determine if a passenger is on the watch list: no false positives and no false negatives. Even if we could do all that, Secure Flight wouldn’t be worth it.

Secure Flight is a passive system. It waits for the bad guys to buy an airplane ticket and try to board. If the bad guys don’t fly, it’s a waste of money. If the bad guys try to blow up shopping malls instead of airplanes, it’s a waste of money.

If I had some millions of dollars to spend on terrorism security, and I had a watch list of potential terrorists, I would spend that money investigating those people. I would try to determine whether or not they were a terrorism threat before they got to the airport, or even if they had no intention of visiting an airport. I would try to prevent their plot regardless of whether it involved airplanes. I would clear the innocent people, and I would go after the guilty. I wouldn’t build a complex computerized infrastructure and wait until one of them happened to wander into an airport. It just doesn’t make security sense.

That’s my usual metric when I think about a terrorism security measure: Would it be more effective than taking that money and funding intelligence, investigation, or emergency response—things that protect us regardless of what the terrorists are planning next. Money spent on security measures that only work against a particular terrorist tactic, forgetting that terrorists are adaptable, is largely wasted.

Posted on January 31, 2005 at 9:26 AMView Comments

Secure Flight Privacy/IT Working Group

I am participating in a working group to help evaluate the effectiveness and privacy implications of the TSA’s Secure Flight program. We’ve had one meeting so far, and it looks like it will be an interesting exercise.

For those who have not been following along, Secure Flight is the follow-on to CAPPS-I. (CAPPS stands for Computer Assisted Passenger Pre-Screening.) CAPPS-I has been in place since 1997, and is a simple system to match airplane passengers to a terrorist watch list. A follow-on system, CAPPS-II, was proposed last year. That complicated system would have given every traveler a risk score based on information in government and commercial databases. There was a huge public outcry over the invasiveness of the system, and it was cancelled over the summer. Secure Flight is the new follow-on system to CAPPS-I.

Many of us believe that Secure Flight is just CAPPS-II with a new name. I hope to learn whether or not that is true.

I hope to learn a lot of things about Secure Flight and airline passenger profiling in general, but I probably won’t be able to write about it. In order to be a member of this working group, I was required to apply for a U.S. government SECRET security clearance and sign an NDA, promising that I would not disclose something called “Sensitive Security Information.”

SSI is one of three new categories of secret information, all of I think have no reason to exist. There is already a classification scheme—CONFIDENTIAL, SECRET, TOP SECRET, etc.—and information should either fit into that scheme or be public. A new scheme is just confusing. The NDA we were supposed to sign was very general, and included such provisions as allowing the government to conduct warrantless searches of our residences. (Two federal unions have threatened to sue the government over several provisions in that NDA, which applies to many DHS employees. And just recently, the DHS backed down.)

After push-back by myself and several others, we were given a much less onerous NDA to sign.

I am not happy about the secrecy surrounding the working group. NDAs and classified briefings raise serious ethical issues for government oversight committees. My suspicion is that I will be wowed with secret, unverifiable assertions that I will either have to accept or (more likely) question, but not be able to discuss with others. In general, secret deliberations favor the interests of those who impose the rules. They really run against the spirit of the Federal Advisory Committee Act (FACA).

Moreover, I’m not sure why this working group is not in violation of FACA. FACA is a 1972 law intended to govern how the Executive branch uses groups of advisors outside the federal government. Among other rules, it requires that advisory committees announce their meetings, hold them in public, and take minutes that are available to the public. The DHS was given a specific exemption from FACA when it was established: the Secretary of Homeland Security has the authority to exempt any advisory committee from FACA; the only requirement is that the Secretary publish notice of the committee in the Federal Register. I looked, and have not seen any such announcement.

Because of the NDA and the failure to follow FACA, I will not be able to fully exercise my First Amendment rights. That means that the government can stop me from saying things that may be important for the public to know. For example, if I learn that the old CAPPS program failed to identify actual terrorists, or that a lot of people who were not terrorists were wrongfully pulled off planes and the government has tried to keep this quiet—I’m just making these up—I can’t tell you. The government could prosecute me under the NDA because they might claim these facts are SSI and the public would never know this information, because there would be no open meeting obligations as there are for FACA committees.

In other words, the secrecy of this committee could have a real impact on the public understanding of whether or not air passenger screening really works.

In any case, I hope I can help make Secure Flight an effective security tool. I hope I can help minimize the privacy invasions on the program if it continues, and help kill it if it is ineffective. I’m not optimistic, but I’m hopeful.

I’m not hopeful that you will ever learn the results of this working group. We’re preparing our report for the Aviation Security Advisory Committee, and I very much doubt that they will release the report to the public.

Original NDA

Story about unions objecting to the NDA

And a recent development that may or may not affect this group

Posted on January 13, 2005 at 9:08 AMView Comments

1 3 4 5 6

Sidebar photo of Bruce Schneier by Joe MacInnis.