Secure Flight Dies Again

Yesterday, the Transportation Security Administration suspended work on Secure Flight; the agencies long awaited and very expensive airline passenger screening system. Development work on the system has been plagued with trouble for the past four years. And the system has faced stiff opposition from consumers concerned about privacy. But if Secure Flight has proven anything, it’s been that it has more lives than most cats. So is this the end of the program? Unfortunately the answer is, “Probably not.”

Secure Flight is supposed to replace the current airline passenger screening system known as CAPPS. The CAPPS system is simply a watch list provided to the airlines by the government to screen for terrorists. Airlines check passenger names against the watch-list. If your name matches one on the list, then you are pulled aside and searched. You may even be barred from flying.

But CAPPS is not known for being accurate. In fact, Senator Ted Kennedy has been stopped and searched on numerous occasions because his name is similar to someone else who is on the list. The same has been true for several other members of Congress. Airlines have even prevented some babies from flying with their parents because their names are similar or identical to the names of known terrorists.

In the days after 9/11, Congress authorized the development of a new and supposedly better system that was to be known as CAPPS II. The new system was supposed to be more accurate and faster. The CAPPS II quickly ran into grass roots opposition when it was discovered that the TSA was populating the system with data from credit reports and commercial databases, and then testing it against actual passenger records provided by jetBlue.

A firestorm of controversy ensued. Congress put in place a ten point privacy test that CAPPS II had to be able to pass for any further testing to be done. But even though CAPPS II failed the test on two separate occasions, the TSA continued to test and then lied to Congress about it. This eventually led to the demise of the program.

But within a couple of months of CAPPS II’s death, Secure Flight was born. Secure Flight actually got its name because a lot of people in Washington thought that CAPPS II’s name had a lot to do with opposition to the program. So the marketing geniuses at the TSA came up with “Secure Flight” in the hopes that the public would support it.

Secure Flight was built on exactly the same technology that CAPPS II had tried to use. The only real difference between the programs was that the TSA announced that Secure Flight would not use credit report or commercial database data in the initial roll out of the program. But they reserved the right to use that data at a later time.

Grass roots opposition was almost immediate. Once again, Congress implemented its ten point privacy test. And again the program failed multiple times. And again, the TSA tested it in violation of the law and then lied to Congress about it.

Just last week, the TSA announced that it would begin commercial testing of Secure Flight with two airlines this coming summer. The only thing holding that plan up was certification by the Government Accountability Office (GAO) that the program now met the congressional litmus test standards for privacy. But there were apparently some problems there.

Apparently it was discovered that hackers had gained access to the Secure Flight database, even prior to the programs roll out. We say apparently because the TSA will not confirm that this actually occurred, but in their announcement that placed the program on hold, they said it was a possibility. When pressed further, a spokesperson for the TSA, Amy von Valter, told reporters, “We don’t believe any passenger information has been compromised.” One can only speculate that this means the system has already been hacked.

Cathleen Berrick, the investigator for the Government Accountability Office, said in written testimony that “TSA may not have proper controls in place to protect sensitive information.”

And the lack of privacy controls surrounding Secure Flight has been the programs biggest problem. The TSA has refused come up with a privacy policy for the program. They have refused to say that the program will not be expanded and used for other purposes. And they have refused the idea of excluding commercial database data and credit reports as data to scan. This type of data is notoriously inaccurate.

Beyond these things, the TSA hasn’t even been able to come up with policies to define how Secure Flight would be used in a commercial airline environment.

So far, the TSA has wasted $150 million tax payer dollars on Secure Flight. They also wasted more than $100 million on CAPPS II. It’s time for Congress to kill Secure Flight for good. Whether or not they will remains to be seen.

Technorati Tags : privacy, private, privacy+law, secure+flight, CAPPS+II, CAPPS, Congress, TSA, Transportation+Security+Administration, hack, hackers, hacking