Secret Secure Flight “vetting” algorithm now in use by 4 US airlines
A TSA press release announces the “implementation” of the Secure Flight system for pre-departure “vetting” of airline passengers (i.e. deciding, according to a secret algorithm, whether to allow them to fly):
To date TSA has assumed the watch list matching responsibility for passengers on domestic commercial flights with four volunteer aircraft operators and will add more carriers in the coming months.
As quoted above, the TSA describes the process for making permission-to-travel decisions and assigning risk scores (“cleared”, “inhibited”, or “not cleared”, corresponding to the scores of “green”, “yellow”, and “red” in the previous CAPPS-II version of the proposal which eventually morphed into Secure Flight) as “watch list matching”. But the process diagram (included as slide 8 of this presentation to potential Secure Flight contractors) makes clear that the scheme is considerably more complex than simple list matching, with many more inputs and feedback loops.
Procedures and directives for implementation of Secure Flight are contained in secret “Security Directives” issued by the TSA to airlines, secret internal TSA documents including software code, and secret “Aircraft Operator Implementation Plans” submitted by airlines and approved by the TSA. None of these have been made public. As a result, it is impossible for travelers or the public to know what we are required to do, under what conditions the TSA will or will not give us permission to fly, and whether any claims about “requirements” made by airlines are true or false.
Because of this secrecy, and because Secure Flight is a complex system with many components, it’s also impossible to know which components have actually been “implemented”, such as:
- Requirements for additional information (including gender, datae of birth, and a “full, legal” name that matches a government-issued ID credential) to be submitted to the airline and the TSA for each person for whom a reservation is made, a ticket is issued, or who attempts to travel by air.
- Real-time communications systems and procedures (data standards, etc.) for airlines to communicate this and other data to the TSA.
- “Vetting” algorithms and real-time systems used by the TSA and other participants in the process to assign scores and generate “cleared”, “inhibited”, or “not cleared” messages.
- Real-time communications systems and procedures for the TSA to send these mesages back to airlines. (This may be more difficult than it might appear, because many of the previous generation of airline-to-TSA communication links were unidirectional, to satisfy reporting rather than permission requirements, and/or not real-time.)
- Business processes and IT systems used by airlines to inhibit boarding pass issuance, boarding, and loading of baggage unless and until a “cleared” message is received for a particular passenger and flight. (These might already have been developed, in part, by airlines that fly international routes, in order to comply with the prior-permission components of the changes to the international APIS rules that took effect in February 2008. But as with the Secure Flight rules, it’s not clear what, or when, the DHS has actually required airlines to do to “implement” the APIS rule changes. The revised APIS regulations require real-time TSA-to-airline messaging and default denial of travel until a permission message has been received. But there have been some suggestions that these may actually have been delayed for international flights because airlines coudn’t actually implement them more quickly, and until they could be “harmonized” with the Secure Flight requirements for domestic flights.)
Secure Flight and the international APIS rules require major changes in air travel industry information technology (at every level from database structures to messaging protocols to APIs and user interfaces to middelware to Web user interfaces to customer relations scripts) and business processes. Recent reports in the travel trade press suggest that the TSA is still working out what it wants the industry to do, how it can be done, and how quickly.
TSA secrecy leaves travelers in the US little alternative to reliance on reverse engineering and anecdotal reports of travelers’ experiences. Please let know in the comments to this blog entry which airlines are demanding that you provide a date of birth before they will allow you to fly, or if you are told that you cannot fly because you have not yet been “cleared” by the Secure Flight black box. If you are denied boarding by an airline, ask for (1) a printout of the passenger receipt copy of your ticket — not just an itinerary but the actual complete ticket — and (2) a letter on airline letterhead, legibly signed by the “station manager” for the airline, stating that you were denied transportation, and specifying the clause of airlin’s conditions of carriage pursuant to which they refused to transport you. You’ll need these for a refund claim, or for a lawsuit for denial of transportation. You should also ask for a printout of your PNR — tell them you need it as evidence that you had a confirmed reservation — although the ailine may refuse to provide it.
Travelers who buy tickets from an airline office or travel agency in the European Union, even for domestic flights in the USA, are entitled by the EU Data Protection Directive to receive a complete copy and an intelligible explanation of the “logic” to be used in processing any data about you. That means you can, and should, demand that the airline or agency provide you with the logic (i.e. the algorithm and procedures) to be used in Secure Flight scoring and decision-making. Your “consent” to have a travel compnay send your data to the DHS for this purpose does not exempt them form the EU legal requirment to inform you of the logic to be used in any processing of your data, where that processing forms the basis for any decision affecting you (as it clearly does in the case of Secure Flight or APIS clearance decisioins). Sample request letters, which you can adapt for your country, are available here. While you are at it, ask the DHS for its files about you, including your travel history and copies of your reservations.
Pingback: Papers, Please! » Blog Archive » “Secure Flight” data formats added to the AIRIMP
Pingback: Papers, Please! » Blog Archive » Airlines to cancel reservations and deny passage to travelers who won’t provide “Secure Flight” info
Pingback: Small Government Blog » Health Care Reform’s Reign of Blood