The procedures and timeline for implementation of the TSA’s Secure Flight scheme for identity-based surveillance and control of airline passengers are spelled out not in laws or published regulations but in secret Security Directives to airlines. So we noted with considerable interest this report today by travel journalist Charlie Leocha of a relatively rare public appearance by the head of the Secure Flight program (emphasis added below):
Paul Leyh, TSA Director Secure Flight Program, claimed that all U.S. airlines will be enrolled in Secure Flight within a month and that all foreign carriers will be working in the program by the end of 2010.
Speaking at U.S. Travel Association’s Pow Wow conference to encourage foreign tourism, Leyh noted that TSA is about to complete their mission of … performing the [watchlist] matches prior to allowing passengers to board….
The system sounds simple, however, there were significant IT hurdles to be overcome. Expanded data field requirements for online travel agents such as Expedia, Travelocity, Orbitz and Priceline were more complex than originally thought. The new data collection by brick and mortar travel agents meant internal profile systems to accommodate the storage of this very valuable and confidential information had to be developed…
Foreign journalists attending the press conference asked whether there is a judicial process to use should the normal DHS TRIP process not result in having your name cleared. Leyh didn’t have an answer for that question….
Leyh didn’t have an answer about privacy issues regarding the GDS [Global Distribution Systems, also known as Computerized Reservation Systems], airline reservation systems or travel agents who are allowed to keep all passenger information indefinitely and who fall under no privacy legislation.
Leyh may not have had answers today, but the TSA can’t avoid those questions forever, especially when they are being raised from abroad. Last month, the European Parliament voted to include both judicial review of no-fly orders and a review of US government access to CRS/GDS data in its conditions for any agreement to give the DHS access to data about passengers on flights between the EU and the US.