Sep 22 2014

GAO audit confirms TSA shift to pre-crime profiling of all air travelers

A Congressional hearing last week on the so-called “Secure Flight” system for “screening” domestic air travelers confirmed that the TSA has completed a shift from blacklist and whitelist matching to a comprehensive real-time pre-crime profiling system that assigns each air traveler a  “risk assessment” score on the four-step scale we’ve previously described and which is illustrated above in the latest GAO report.

Redacted versions of three audit reports on Secure Flight by the Government Accountability Office (1, 2, 3) were made public in conjunction with GAO testimony at the hearing.  According to one of those reports, “Secure Flight” started out as a blacklist and whitelist matching system:

Since implementation began in January 2009, the Secure Flight system has identified high-risk passengers by matching SFPD [against the No Fly List and the Selectee List, subsets of the Terrorist Screening Database (TSDB), the U.S. government’s consolidated watchlist of known or suspected terrorists maintained by the Terrorist Screening Center, a multiagency organization administered by the Federal Bureau of Investigation (FBI)…. To carry out this matching, the Secure Flight system conducts automated matching of passenger and watchlist data to identify a pool of passengers who are potential matches to the No Fly and Selectee Lists. Next, the system compares all potential matches against the TSA Cleared List, a list of individuals who have applied to, and been cleared through, the DHS redress process.

But that’s not how it works any more. According to the same GAO report:

Since January 2009, the Secure Flight program has changed from one that identifies high-risk passengers by matching them against the No Fly and Selectee Lists to one that assigns passengers a risk category: high risk, low risk, or unknown risk. Specifically, Secure Flight now identifies passengers as high risk if they are matched to watchlists of known or suspected terrorists or other lists developed using certain high-risk criteria, as low risk if they are deemed eligible for expedited screening through TSA Pre-Check — a 2011 initiative to preapprove passengers for expedited screening — or through the application of low-risk rules, and as unknown risk if they do not fall within the other two risk categories. To separate passengers into these risk categories, TSA utilizes lists in addition to the No Fly and Selectee Lists, and TSA has adapted the Secure Flight system to perform risk assessments, a new system functionality that is distinct from both watchlist matching and matching against lists of known travelers.

We’ve said from the start that Secure Flight would not be limited to “list matching” and would assign risk scores to all travelers. Now that’s been confirmed by GAO auditors.  When the TSA talks about “risk-based screening”, what they mean is “pre-crime profiling” of all air travelers — part of a larger pattern of “predictive” pre-crime policing through surveillance and profiling.

The diagram at the top of this article shows what the GAO says the current “Secure Flight” profiling process, and its consequences, look like. Note the references to “risk assessments” and “rules-based lists”, although in fact these are real-time scoring systems and there are no publicly-disclosed “rules”.

The GAO also reported, unsurprisingly, that the TSA lacks measures of whether “Secure Flight” is effective (effective in achieving what purpose?), and lacks oversight of privacy protections (what protections and what oversight without judicial review?).

The GAO also reported on the denial of the right to travel by air to individuals who don’t provide “satisfactory” information or evidence of identity to TSA employees or contractors at checkpoints:

From May 2012 through July 2013, TSA denied 1,384 individuals access to the sterile area as a result of identity checking procedures. These denials include travelers who did not appear to match the photo on their identification, who presented identification that appeared fraudulent or showed signs of tampering, and who were unwilling or unable to provide identifying information.

In June 2013, when we learned that the TSA was tracking these numbers, we made a FOIA request for all TSA Operations Center “ID Verification Reports”.  We were initially told to expect a first interim response by November 1, 2013. But we have not yet begun to receive any of the records responsive to our request which the TSA admits to having located.   Most recently, they estimated they won’t respond until February 2014.

The Director of the FBI’s Terrorist Screening Center (TSC), Christopher Piehota, also testified at last week’s hearing. Mr. Piehota provided this (vague) description of the TSC’s efforts to avoid further court-ordered sanctions for depriving travelers of due process:

Finally, as you may know, there are currently a number of pending court cases involving challenges to administration of the No Fly List by plaintiffs who allege they have been wrongly denied boarding on an aircraft. We are currently working with our interagency partners on potential changes to the [existing No Fly List] redress process to ensure that our procedures continue [sic] to safeguard civil liberties and privacy. These changes will be made in coordination with other agencies involved in aviation security screening, informed by legal and policy concerns that affect the U.S. Government’s administration of the No Fly List and the overarching redress process. In so doing, the U.S. Government will endeavor to increase transparency for certain individuals denied boarding who believe they are on the No Fly List and have submitted DHS TRIP inquiries, consistent with the protection of national security and national security information, as well as transportation security.

The suggestion in Mr. Piehota’s testimony and the GAO reports is that some unspecified subset of would-be travelers who are turned back at checkpoints would be given some sort of notice, rather than the current Glomar response to all DHS TRIP “redress” inquiries.  If anyone gets anything other than a “cannot confirm or deny” response to a TRIP inquiry, please send us a copy or let us know what it says.

25 thoughts on “GAO audit confirms TSA shift to pre-crime profiling of all air travelers

  1. Pingback: GAO audit confirms TSA shift to pre-crime profiling of all air travelers | gold is money

  2. Pingback: GAO audit confirms TSA shift to pre-crime profiling of all air travelers | Media Unveiled

  3. Pingback: Papers, Please! » Blog Archive » What happens if you fit the DHS profile even though you aren’t a threat?

  4. Pingback: Papers, Please! » Blog Archive » Dept. of Justice guidance against profiling exempts borders and “screening”

  5. Pingback: Papers, Please! » Blog Archive » “CAPPS IV “: TSA expands profiling of domestic US airline passengers

  6. Pingback: Papers, Please! » Blog Archive » 2nd person told they’ve been taken off the US “No Fly” list

  7. Pingback: Papers, Please! » Blog Archive » Why did the TSA prevent these people from flying?

  8. Pingback: TSA Needs to be Consistent on New Security Rules for Electronics : Travelpro Luggage Blog

  9. Pingback: Papers, Please! » Blog Archive » Expert critique of European travel surveillance and profiling plans

  10. Pingback: Papers, Please! » Blog Archive » Laura Poitras sues DHS et al. for records of her airport detentions and searches

  11. Pingback: Papers, Please! » Blog Archive » No Social Security number? No passport. Why?

  12. Pingback: Papers, Please! » Blog Archive » TSA may require virtual strip-searches for flyers

  13. Pingback: Papers, Please! » Blog Archive » How does your bank know your dog’s not a terrorist?

  14. Pingback: How does your bank know your dog’s not a terrorist? | From the Trenches World Report

  15. Pingback: Papers, Please! » Blog Archive » What’s at stake in the EU PNR debate?

  16. Pingback: Papers, Please! » Blog Archive » How hard was it for Amtrak to require names in reservations?

  17. Pingback: Papers, Please! » Blog Archive » How the DEA uses travel company spies to confiscate travelers’ cash

  18. Pingback: Papers, Please! » Blog Archive » What does Donald Trump’s election mean for our work?

  19. Pingback: Papers, Please! » Blog Archive » The rhetoric and reality of counterterrorism

  20. Pingback: Papers, Please! » Blog Archive » “AFI” is the latest DHS name for “extreme vetting”

  21. Pingback: Papers, Please! » Blog Archive » What should you to do if you are asked for your password at a US airport or border?

  22. Pingback: Papers, Please! » Blog Archive » Palantir, Peter Thiel, Big Data, and the DHS

  23. Pingback: Papers, Please! » Blog Archive » Federal court can review the Constitutionality of Federal blacklists

  24. Pingback: Papers, Please! » Blog Archive » FAQ: U.S. government monitoring of social media

  25. Pingback: Papers, Please! » Blog Archive » Silicon Valley Is Building the Infrastructure for a Police State

Leave a Reply

Your email address will not be published. Required fields are marked *