Amendments to the ATA/IATA Reservations Interline Message Procedures – Passenger (AIRIMP) take effect today, providing the first industry standard formats that airlines, travel agencies, and computerized reservation systems (CRSs) can use to transmit the additional information about travelers and prospective travelers newly required by the TSA for its Secure Flight airline passenger “screening” (surveillance and control) system.
What does this mean about the status of Secure Flight — especially in light of the TSA press release last month that claimed to “announce … the implementation of the Secure Flight program”? Has Secure Flight been implemented? And if it hasn’t been yet, when will it be?
Secure Flight is a complicated scheme, the implementation of which will require major new systems and major changes to existing ones, both for the TSA and for the air travel industry.
What was announced last month by the TSA, and the changes in the AIRIMP which take effect today, are two almost entirely separate, equally essential, but only partial steps toward Secure Flight implementation.
Despite last month’s misleading TSA press release, Secure Flight implementation is still in the very early stages. Much money already has been spent (and wasted) on compliance with unfunded Secure Flight mandates for IT infrastructure changes, but at least another billion dollars will need to be spent on at least another year of work by airlines, travel agencies, intermediaries, and their software developers and IT services providers before Secure Flight actually takes the final form contemplated by the TSA’s regulations.
That means that there is still time for the Obama Administration to order the TSA to withdraw the Secure Flight regulations, or for Congress to pass a law directing them to do so (and explicitly revoking any claimed statutory authority for Secure Flight), before more money is wasted and, more importantly, before most airlines start having to ask the government for permission before allowing us to board flights within the U.S.
Despite the broad statement in the TSA press release about Secure Flight “implementation”, all that was actually claimed was that, “To date TSA has assumed the watch list matching responsibility for passengers on domestic commercial flights with four volunteer aircraft operators.”
The TSA doesn’t say that these “aircraft operators” are scheduled airlines. More likely they are small charter operators. The TSA doesn’t say that these operators are collecting or providing any of the additional information about passengers that will eventually be required, or that they are providing information or receiving “cleared/inhibited/not cleared” responses by any automated means. Small aircraft operators have performed watchlist matching by manually checking each name on the manifest against pages of printouts of TSA watchlists, and have communicated with the TSA (if necessary) by phone.
So while the TSA press release makes it sounds as though all of the technological problems Secure Flight critics have been solved already, and the infrastructure put in place across the industry, all last month’s announcement really means is that a few very small charter operators, with a handful of passengers a day, have been told to call the TSA before each flight, read the TSA the names on the manifest, and wait for verbal “clarance” from the TSA before allowing them to board, rather than looking those names up in a printed list of names on the “selectee” and “no-fly” lists.
That says nothing about the technical or practical feasibility the new data collection mandates, the new fly/no-fly decision-making algorithms and business and operating procedures, or the automation that will be needed for implementation with larger airlines and those which receive reservations through CRSs from travel agencies and other airlines worldwide.
Today’s changes to the AIRIMP, while essential for the eventual implementation of Secure Flight as the TSA now envisions it, are only the first of many technical steps that will be needed if that is to happen.
Airlines and other companies that deal with airline reservations didn’t know what data the TSA would require for Secure Flight, when, or in what format, until the final regulations were published in October 2008. The industry governing board for the AIRIMP adopted new specifications for transmission of this newly-defined “Secure Flight Passenger Data” by an emergency mail vote in March, according to the airline association IATA which functions as the AIRIMP secretariat. That’s extraordinarily fast action by such a global standards setting body, especially given the reluctance of airlines outside the USA to be forced to modify global standards to comply with a unilateral U.S. government mandate. It was probably possible only because the AIRIMP is purely an industry standard, rather than a standard set by a slower-acting inter-governmental organization like ICAO. The new standards are “voluntary”, meaning that IATA and ATA don’t require them to be used, although the U.S. or other governments might require them. In the case of the U.S., that would probably happen through specifications in secret orders to airlines.
Twice before, in 2004 and 2006, the AIRIMP has been modified to add support for government-required APIS identification data. This year, however, was the first time that the TSA was directly involved in meeting with the AIRIMP board to draft new standards. Although everyone in the industry knew that the kinds of changes proposed by the TSA in Secure Flight would have to start with the AIRIMP, the TSA was slow to recognize this fact or its implications.
Sabre, the CRS which submitted the most detailed comments on the earlier proposed Secure Flight Rules, had pointed to the need for amendments to the AIRIMP as one of the reasons why it would be impossible to meet the TSA’s projected implementation deadlines. Sabre recommended that the TSA not issue a final Secure Flight rule until after the AIRIMP had been amended to incorporate the TSA’s specifications for what data it would require.
But the AIRIMP is only a messaging protocol, and establishing standards doesn’t mean that any real world technical or business systems have yet implemented those standards. Sabre’s comments anticipated some of what will have to be done next:
Implementation is more complex than contemplated by the NPRM
…Forcing travel reservation agents to be the initial collection point for Secure Flight data elements will require travel agents to alter their existing electronic and manual collection systems. The NPRM [Notice of Proposed Rulemaking] is completely silent on who will pay the costs associated with documentation, training and software implementations for graphical interfaces, customer profiles, mid-office reporting, quality control scripting, and negative call center impacts… The NPRM merely estimates the total “burden” of the new regulatory scheme – a number that appears to have no discernable basis in how the travel industry works today.
How long will it take for the air travel industry and their IT vendors to make these changes?
CRSs rushed, with almost unprecedented speed (and probably starting even before the AIRIMP amendments were formally approved), to add the newly required information to their core databases, messaging, and command-line interface formats for entering Secure Flight Passenger Data in Passenger Name Records (PNRs). Some of the major CRSs have already rolled out new command-line formats to travel agencies for some categories of Secure Flight Passenger Data, while others expect to do so this month or within the next few months.
But each major CRS has several types of command line and graphical user interfaces for travel agents and airline staff, as well as one or more APIs called by other subscriber software or middleware, such as the booking engines and other programs that sit between users of online travel agency websites and the CRSs. Secure Flight data entry formats are being implemeneds first in the airline and agency command-line interfaces, followed by APIs and GUIs.
Implementation across all CRS interfaces could take until March 31, 2010 (the date when the CRSs say the TSA wants them to be able to start transmitting Secure Flight data to the TSA), according to the latest information provided to subscribers by the CRSs.
Once the CRSs provide their subscribers with updated user interfaces and APIs, travel agencies and other intermediaries (and third party developers and suppliers of middleware, scripting, website, and other business process automation software) can begin to work on modifying each layer of each of their systems to incorporate the collection, validation, and onward transmission, in the format required by the next layer (and ultimately by the AIRIMP, the TSA’s regulations, the TSA’s secret directives to each airline, and the airlines’ secretly submitted and secretly approved implementation plans) of each of the newly required data elements. That’s what’s happening with now with hundreds of thousands of small and large pieces of software, from the layouts of webpages to data entry forms to booking engine packages to quality control scripts written in proprietary CRS codes by individual travel agents.
According to the CRS documents we’ve seen, the TSA wants all airlines to have in place the ability to accept the new Secure Flight data items (ID document type, gender, date of birth, “Redress Number”, and “Known Traveler Number”) by August 15, 2009 for domestic flights within the U.S., and by October 31, 2009 for international flights to, from, via, or overflying the U.S.
However, airlines won’t actually start requiring this data from travel agencies, or sending it to the TSA, until considerably later. Presumably, that’s to allow time for travel agencies and intermediaries to make the necessary changes to their systems and procedures, for the TSA to get itself and its contractors ready to accept and deal with the data, and for the new data to be entered. Because reservations can be made up to a year in advance, passengers will be showing up at airports without the new data in their PNRs as much as a year after Secure Flight data starts being entered in all newly-created PNRs.
The best guide to when the TSA actually intends to “implement” Secure Flight, in terms of when airlines will be orderd not to transport you without explicit prior TSA permission in the form of a “cleared” message, is the testimony to Congress of acting TSA administrator Gail Rossides on March 31, 2009:
TSA believes that the Secure Flight program will be able to assume responsibility for watch list matching of passengers for all domestic commercial flights by the end of the first quarter of calendar year 2010, and all international commercial flights by the end of calendar year 2010.
Even those dates hoped for by the TSA (March 31, 2010 for domestic flights, and December 31, 2010 for replacing or merging with the current APIS permision system for international flights) are contingent on one further legal condition: The TSA is forbidden by Federal law from spending any money for “deployment or implementation, on other than a test basis, of … Secure Flight” until the GAO certifies that it has satisfied a series of tests established by Congress. In the meantime, “During the testing phase … no information gathered from passengers, foreign or domestic air carriers, or reservation systems may be used to screen aviation passengers, or delay or deny boarding to such passengers, except in instances where passenger names are matched to a government watch list.”
The GAO has not yet given the required certification, and Secure Flight is unlikely ever to satisfy the statutory tests. In signing these laws, President Bush stated that his administration would not consider it bound by the requirement for GAO certification. The Obama administration has yet to comment on whether it will respect the law, or will take the position expressed by the previous administration, in this or other similar signing statements.