ACLU decries Secure Flight test

The ACLU opposes a Transportation Security Administration directive published today that says air carriers must provide personal data, which may include credit card numbers and meal requests, to TSA for testing.

The 30-day block of data, or Passenger Name Records, will test the TSA's controversial new passenger prescreening program, Secure Flight, which would prevent terrorists and others who pose a threat from boarding aircraft. The deadline for airlines to submit the data to TSA is Nov. 23. The directive was published today in the Federal Register.

Jay Stanley, communication director of the American Civil Liberties Union's Technology and Liberty Project, said he is afraid that the Secure Flight program is being built on a foundation of watchlists that have deep problems.

"They appear to be bloated and to have many innocent people on them. We are very concerned about due process questions," he said. He added that what is needed is an independent, outside magistrate that can review the information. The internal ombudsman does not meet the criteria for true neutrality, he said.

"We're certainly concerned about the richness of the data in the PNR. [It's] both highly inconsistent and very detailed. One question is why the government needs the entire PNRs for masses of innocent travelers," Stanley said.

The ACLU will continue to press politically for a more rational program, he said.

Another problem is impersonation, Stanley said. If someone impersonates another person, he or she will be able to literally fly right through the system. "This is a gaping hole that the government's never addressed," he said. It may "be cited to justify calls for biometrics and other steps towards a cradle to grave tracking and identification system which Americans have shown they don't want."

Stanley said Secure Flight is a waste of limited security dollars.

"There has not been — but there needs to be — a rational assessment of what all the security vulnerabilities are in air transportation. Any kind of a rational assessment would probably exclude secure flight," Stanley said.

TSA authorities are confident in their program.

"TSA has created Secure Flight as another tool to further our mission to combat terrorism and protect the nation's air travelers," said Rear Adm. David M. Stone, United States Navy (Ret.), Assistant Secretary of Homeland Security for TSA.

"The data from the airlines will enable us to test the program's operating capacity and fine-tune it. This process will also provide an opportunity to ensure that privacy safeguards are appropriately addressed before moving to implementation."

TSA is requesting PNR data for the month of June. Air carriers may exclude PNRs that contain information about flight segments between the European Union and the United States.

Under Secure Flight, TSA will take over from the air carriers, comparison of domestic airline Passenger Name Record (PNR) information against records contained in the consolidated Terrorist Screening Center Database (TSDB), to include the expanded No-Fly and Selectee lists.

Testing will be governed by strict privacy and data security protections.

Historical passenger information provided for testing will be used in a limited test with commercial data to determine if passenger information is incorrect or inaccurate, and to help resolve false positive matches against TSDB records. TSA is firmly committed to maintaining robust privacy protections during the testing of these procedures.

TSA spokeswoman Deirdre O'Sullivan said that while a privacy impact notice, a systems of record notice and an information collection request went out in September, this is "a notice that the airlines need to turn over the data" She added they can turn over the data on disks, databases and other formats, as desired, and then TSA will convert the files.

"We are working with the airlines in order to not increase their burden," O'Sullivan said.

The testing will be completed by the end of January. After analysis, Secure Flight will start sometime next year.