[Federal Register: August 23, 2007 (Volume 72, Number 163)]
[Proposed Rules]
[Page 48355-48391]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr23au07-27]
[[Page 48355]]
-----------------------------------------------------------------------
Part III
Department of Homeland Security
-----------------------------------------------------------------------
Transportation Security Administration
-----------------------------------------------------------------------
49 CFR Parts 1507, 1540, 1544, and 1560
Secure Flight Plan; Proposed Rule
Privacy Act of 1974: System of Records; Secure Flight Plans; Notice
Privacy Act of 1974: Implementation of Exemptions; Secure Flight
Records; Proposed Rule
[[Page 48356]]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
49 CFR Parts 1540, 1544, and 1560
[Docket No. TSA-2007-28572]
RIN 1652-AA45
Secure Flight Program
AGENCY: Transportation Security Administration, DHS.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: The Intelligence Reform and Terrorism Prevention Act (IRTPA)
requires the Department of Homeland Security (DHS) to assume from
aircraft operators the function of conducting pre-flight comparisons of
airline passenger information to Federal Government watch lists for
international and domestic flights. The Transportation Security
Administration (TSA) is currently developing the Secure Flight program
and issuing this rulemaking to implement this congressional mandate.
This rule proposes to allow TSA to begin implementation of the
Secure Flight program, under which TSA would receive passenger and
certain non-traveler information, conduct watch list matching against
the No Fly and Selectee portions of the Federal Government's
consolidated terrorist watch list, and transmit boarding pass printing
instructions back to aircraft operators. TSA would do so in a
consistent and accurate manner while minimizing false matches and
protecting privacy information.
Also in this volume of the Federal Register, U.S. Customs and
Border Protection (CBP) is publishing a final rule to implement pre-
departure advance passenger and crew manifest requirements for
international flights and voyages departing from or arriving into the
United States, using CBP's Advance Passenger Information System (APIS).
These rules are related. We propose that, when the Secure Flight rule
becomes final, aircraft operators would submit passenger information to
DHS through a single DHS portal for both the Secure Flight and APIS
programs. This would allow DHS to integrate the watch list matching
component of APIS into Secure Flight, resulting in one DHS system
responsible for watch list matching for all aviation passengers.
DATES: Submit comments by October 22, 2007.
ADDRESSES: You may submit comments, identified by the TSA docket number
to this rulemaking, using any one of the following methods:
Comments Filed Electronically: You may submit comments through the
docket Web site at http://dms.dot.gov You also may submit comments through the Federal eRulemaking portal at http://www.regulations.gov.
Comments Submitted by Mail, Fax, or In Person: Address or deliver
your written, signed comments to the Docket Management System at: U.S.
Department of Transportation, Docket Operations, M-30, West Building
Ground Floor, Room W12-140, 1200 New Jersey Ave., SE., Washington, DC
20590; Fax: 202-493-2251.
See SUPPLEMENTARY INFORMATION for format and other information
about comment submissions.
FOR FURTHER INFORMATION CONTACT: Kevin Knott, Policy Manager, Secure
Flight, Office of Transportation Threat Assessment and Credentialing,
TSA-19, Transportation Security Administration, 601 South 12th Street,
Arlington, VA 22202-4220, telephone (240) 568-5611.
SUPPLEMENTARY INFORMATION:
Comments Invited
TSA invites comments relating to the appropriateness,
effectiveness, and any economic, environmental, energy, or federalism
impacts resulting from the required provisions of this rulemaking.
Interested persons may do this by submitting written comments, data, or
views. See ADDRESSES above for information on where to submit comments.
With each comment, please include your name and address, identify
the docket number at the beginning of your comments, and give the
reason for each comment. The most helpful comments reference a specific
portion of the rulemaking, explain the reason for any recommended
change, and include supporting data. You may submit comments and
material electronically, in person, by mail, or fax as provided under
ADDRESSES, but please submit your comments and material by only one
means. If you submit comments by mail or delivery, submit them in two
copies, in an unbound format, no larger than 8.5 by 11 inches, suitable
for copying and electronic filing.
If you want TSA to acknowledge receipt of comments submitted by
mail, include with your comments a self-addressed, stamped postcard on
which the docket number appears. We will stamp the date your comments
were received on the postcard and mail it to you.
TSA will file in the public docket all comments received by TSA,
except for comments containing confidential information and sensitive
security information (SSI).\1\ TSA will consider all comments received
on or before the closing date for comments and will consider comments
filed late to the extent practicable. The docket is available for
public inspection before and after the comment closing date.
---------------------------------------------------------------------------
\1\ ``Sensitive Security Information'' or ``SSI'' is information
obtained or developed in the conduct of security activities, the
disclosure of which would constitute an unwarranted invasion of
privacy, reveal trade secrets or privileged or confidential
information, or be detrimental to the security of transportation.
The protection of SSI is governed by 49 CFR part 1520.
---------------------------------------------------------------------------
Handling of Confidential or Proprietary Information and Sensitive
Security Information (SSI) Submitted in Public Comments
Do not submit comments that include trade secrets, confidential
commercial or financial information, or SSI to the public regulatory
docket. Please submit such comments separately from other comments on
the rulemaking. Comments containing this type of information should be
appropriately marked as containing such information and submitted by
mail to the address listed in FOR FURTHER INFORMATION CONTACT section.
Upon receipt of such comments, TSA will not place the comments in
the public docket and will handle them in accordance with applicable
safeguards and restrictions on access. TSA will hold them in a separate
file to which the public does not have access, and place a note in the
public docket that TSA has received such materials from the commenter.
If TSA receives a request to examine or copy this information, TSA will
treat it as any other request under the Freedom of Information Act
(FOIA) (5 U.S.C. 552) and the Department of Homeland Security's (DHS)
FOIA regulation found in 6 CFR part 5.
Reviewing Comments in the Docket
Please be aware that anyone is able to search the electronic form
of all comments received into any of our dockets by the name of the
individual submitting the comment (or signing the comment, if submitted
on behalf of an association, business, labor union, etc.). You may
review the applicable Privacy Act Statement published in the Federal
Register on April 11, 2000 (65 FR 19477), or you may visit http://dms.dot.gov
.
You may review the comments in the public docket by visiting the
Dockets Office between 9 a.m. and 5 p.m., Monday through Friday, except
Federal holidays. The Dockets Office is located
[[Page 48357]]
in the West Building Ground Floor, Room W12-140, at the Department of
Transportation address, previously provided under ADDRESSES. Also, you
may review public dockets on the Internet at http://dms.dot.gov.
Availability of Rulemaking Document
You can get an electronic copy using the Internet by--
(1) Searching the Department of Transportation's electronic Docket
Management System (DMS) Web page (http://dms.dot.gov/search); (2) Accessing the Government Printing Office's Web page at http://
http://www.gpoaccess.gov/fr/index.html; or
(3) Visiting TSA's Security Regulations Web page at http://www.tsa.gov
and accessing the link for ``Research Center'' at the top
of the page.
In addition, copies are available by writing or calling the
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to
identify the docket number of this rulemaking.
Abbreviations and Terms Used in This Document
APIS--Advance Passenger Information System
ATSA--Aviation and Transportation Security Act
AOIP--Aircraft Operator Implementation Plan
CBP--U.S. Customs and Border Protection
DHS--Department of Homeland Security 2005 DHS Appropriations Act--
Department of Homeland Security Appropriations Act, 2005
2007 DHS Appropriations Act--Department of Homeland Security
Appropriations Act, 2007
DHS TRIP--Department of Homeland Security Traveler Redress Inquiry
Program
FBI--Federal Bureau of Investigation
FOIA--Freedom of Information Act
GAO--Government Accountability Office
HSPD--Homeland Security Presidential Directive
IATA--International Air Transport Association
IRTPA--Intelligence Reform and Terrorism Prevention Act of 2004
PNR--Passenger Name Record
PRI--Passenger Resolution Information
PIA--Privacy Impact Assessment
SFPD--Secure Flight Passenger Data
SSI--Sensitive Security Information
SORN--System of Records Notice
TSA--Transportation Security Administration
TSC--Terrorist Screening Center
TSDB--Terrorist Screening Database
Outline of Notice of Proposed Rulemaking
I. Background
A. Current Watch List Matching
1. Watch List Matching for Domestic Flights
2. Watch List Matching for International Flights
B. Secure Flight Program Summary
C. Implementation Stages of Secure Flight
1. Implementation of Secure Flight for Domestic Flights
2. Implementation of Secure Flight for International Flights
D. Privacy Documents
E. Secure Flight Testing and Information Collection Requirements
1. Secure Flight Testing
2. Information Collection Requirements
F. The Watch List Matching Process Under Secure Flight
G. Operational Testing of Secure Flight
H. Proposed Compliance Schedule
I. Additional Issues Under Consideration and Open to Public
Comment
1. Data Elements
2. Identification Requirements
J. Department of Homeland Security Appropriations Act
II. Section-by-Section Analysis
III. Regulatory Analyses
A. Paperwork Reduction Act
B. Regulatory Impact Analyses
1. Regulatory Evaluation Summary
2. Executive Order 12866 Assessment
3. Regulatory Flexibility Act Assessment
4. International Trade Impact Assessment
5. Unfunded Mandates Assessment
C. Executive Order 13132, Federalism
D. Environmental Analysis
E. Energy Impact Analysis
List of Subjects
The Proposed Amendments
I. Background
TSA performs passenger and baggage screening at the Nation's
commercial airports.\2\ Aircraft operators currently supplement this
security screening by performing passenger watch list matching using
the Federal No Fly and Selectee Lists, as required under security
directives that TSA issued following the terrorist attacks of September
11, 2001. Aircraft operators also conduct this watch list matching
process for non-traveling individuals authorized to enter the sterile
area \3\ of an airport in order to escort a passenger or for some other
purpose approved by TSA.
---------------------------------------------------------------------------
\2\ See the Aviation and Transportation Security Act (ATSA)
(Pub. L. 107-71, 115 Stat. 597, Nov. 19, 2001).
\3\ ``Non-traveling individual'' would be defined in this Notice
of Proposed Rulemaking as an individual to whom a covered aircraft
operator or covered airport operator seeks to issue an authorization
to enter the sterile area of an airport in order to escort a minor
or a passenger with disabilities or for some other purpose permitted
by TSA. It would not include employees or agents of airport or
aircraft operators or other individuals whose access to a sterile
area is governed by another TSA regulation or security directive.
Proposed 49 CFR 1560.3.
``Sterile area'' is defined as a portion of airport defined in
the airport security program that provides passengers access to
boarding aircraft and to which the access generally is controlled by
TSA, or by an aircraft operator under part 1544 of this chapter or a
foreign air carrier under part 1546 of this chapter, through the
screening of persons and property. 49 CFR 1540.5.
---------------------------------------------------------------------------
The Intelligence Reform and Terrorism Prevention Act of 2004
(IRTPA) requires TSA to assume from air carriers the comparison of
passenger information to the automatic Selectee and No Fly Lists and to
utilize all appropriate records in the consolidated and integrated
watch list that the federal government maintains.\4\ The final report
of the National Commission on Terrorist Attacks Upon the United States
(9/11 Commission Report) recommends that the watch list matching
function ``should be performed by TSA and it should utilize the larger
set of watch lists maintained by the Federal Government.'' See 9/11
Commission Report at 393.
---------------------------------------------------------------------------
\4\ Pub. L. 108-458, 118 Stat. 3638, Dec. 17, 2004.
---------------------------------------------------------------------------
Consequently, pursuant to Sec. 4012(a) of the IRTPA, TSA is
issuing this NPRM to propose implementation of the Secure Flight
program. Under the program, TSA would receive passenger and certain
non-traveler information from aircraft operators, conduct watch list
matching, and transmit watch list matching results back to aircraft
operators.
The purpose of the Secure Flight program is to assume the watch
list matching function from aircraft operators and to more effectively
and consistently prevent certain known or suspected terrorists from
boarding aircraft where they may jeopardize the lives of passengers and
others. The program is designed to better focus enhanced passenger
screening efforts on individuals likely to pose a threat to civil
aviation, and to facilitate the secure and efficient travel of the vast
majority of the traveling public by distinguishing them from
individuals on the watch list.
In general, the Secure Flight program would compare passenger
information only to the No Fly and Selectee List components of the
Terrorist Screening Database (TSDB), which contains the Federal
Government's consolidated terrorist watch list, maintained by the
Terrorist Screening Center (TSC).\5\ However, as recommended by the 9/
11
[[Page 48358]]
Commission, TSA may use ``the larger set of watch lists maintained by
the Federal Government,'' when warranted by security considerations.
For example, TSA may learn that flights on a particular route may be
subject to increased security risk. If this happens, TSA may decide to
compare passenger information on some or all of the flights on that
route against the full TSDB or other government databases, such as
intelligence or law enforcement databases.
---------------------------------------------------------------------------
\5\ The TSC was established by the Attorney General in
coordination with the Secretary of State, the Secretary of Homeland
Security, the Director of the Central Intelligence Agency, the
Secretary of the Treasury, and the Secretary of Defense. The
Attorney General, acting through the Director of the Federal Bureau
of Investigation (FBI), established the TSC in support of Homeland
Security Presidential Directive 6 (HSPD-6), dated September 16,
2003, which required the Attorney General to establish an
organization to consolidate the Federal Government's approach to
terrorism screening and provide for the appropriate and lawful use
of terrorist information in screening processes.
---------------------------------------------------------------------------
This proposed rule would affect covered flights operated by U.S.
aircraft operators that are required to have a full program under 49
CFR 1544.101(a), and covered flights operated by foreign air carriers
that are required to have a security program under 49 CFR 1546.101(a)
or (b). These aircraft operators generally are the passenger airlines
that offer scheduled and public charter flights from commercial
airports. This proposed rule refers to them as ``covered U.S. aircraft
operators'' and ``covered foreign air carriers'' respectively, and
``covered aircraft operators'' collectively.
The proposed rule would cover all flights conducted by covered U.S.
aircraft operators, as well as all flights conducted by a covered
foreign air carrier arriving in or departing from the United States or
overflying the continental United States (referred to as ``covered
international flights''). TSA is proposing to conduct watch list
matching for overflights in order to protect the United States from
terrorist activity that could occur in its airspace. The proposed rule
collectively refers to the flights conducted by U.S. carriers and
covered international flights that would be regulated under this
proposed rule as ``covered flights.''
IRTPA also requires DHS to assume from air carriers the task of
comparing passenger information for international flights to or from
the United States against the Federal Government's consolidated and
integrated terrorist watch list before departure of such flights.
Initially, CBP will implement this requirement and conduct pre-
departure watch list matching for international flights, through its
Advance Passenger Information System (APIS). APIS is a widely-utilized
electronic data interchange system that international commercial air
and vessel carriers use to electronically transmit to CBP certain data
on passengers and crew members. The former U.S. Customs Service, in
cooperation with the former Immigration and Naturalization Service
(INS) and the airline industry, developed APIS in 1988. On July 14,
2006, CBP published a notice of proposed rulemaking to require air and
vessel carriers to submit to CBP passenger manifest information before
departure of an international flight to or from the United States and
for voyages from the United States to enable CBP to conduct watch list
matching on passengers before they board an international flight or
depart on certain voyages.\6\
---------------------------------------------------------------------------
\6\ 71 FR 40035.
---------------------------------------------------------------------------
In response to a substantial number of comments from the aviation
industry, DHS is proposing a unified approach to watch list matching
for international and domestic passenger flights, to avoid unnecessary
duplication of watch list matching efforts and resources and reduce the
burden on aircraft operators. CBP's APIS Pre-Departure Final Rule
published elsewhere in this issue of the Federal Register and this
notice of proposed rulemaking (NPRM) are being published jointly to
explain DHS's proposed unified approach. Beginning on the effective
date of the APIS Pre-Departure final rule, CBP will perform the watch
list matching function for international flights to or from the United
States as part of its overall screening of travelers. However, DHS
proposes to ultimately transfer the watch list matching function to the
Secure Flight program. If this approach is adopted, TSA would assume
the aviation passenger watch list matching function for domestic and
international passengers covered by this proposed rule, and CBP would
continue to conduct border enforcement functions under the APIS
program. DHS is establishing one portal through which aircraft
operators will send their passenger information for both programs, with
the goal of streamlining the transmission of passenger information, if
the unified approach is adopted.
A. Current Watch List Matching
1. Watch List Matching for Domestic Flights
Under security directives issued by TSA, covered U.S. aircraft
operators currently conduct pre-flight watch list matching for
passengers on domestic flights using the Federal No Fly and Selectee
Lists. Aircraft operators also apply this process to non-traveling
individuals authorized to enter the sterile area beyond the screening
checkpoint in order to escort a minor or a passenger with disabilities,
or for another purpose authorized by TSA.
Under the current watch list matching process, when an aircraft
operator has a reservation from a passenger with a name that is the
same as, or similar to, a name on the No Fly List, TSA requires the
aircraft operator to notify law enforcement personnel and TSA in order
to determine whether that passenger is in fact the individual whose
name is on the No Fly List. If the passenger is verified as an
individual on the No Fly List, the aircraft operator is prohibited from
transporting the passenger. When an aircraft operator has a reservation
from a passenger with a name that is the same as, or similar to, a name
on the Selectee List, TSA requires the aircraft operator to identify
the individual to TSA for enhanced screening at security screening
checkpoints.\7\
---------------------------------------------------------------------------
\7\ Individuals may undergo enhanced screening at security
screening checkpoints for a variety of other reasons, such as random
selection or as a result of triggering a metal detector alarm.
---------------------------------------------------------------------------
2. Watch List Matching for International Flights
Covered aircraft operators also currently conduct watch list
matching for passengers on international flights in the same manner
described above for domestic flights as required in TSA security
directives and emergency amendments to a security program.
Additionally, CBP conducts various activities, including watch list
matching, to screen passengers on commercial international flights
arriving in and departing from the United States through the Advance
Passenger Information System (APIS). CBP conducts such activities in
order to protect the United States from threats of terrorism and to
carry out CBP's border enforcement mission.
Under CBP's APIS regulations (19 CFR part 122), air carriers
departing foreign ports destined for the United States are required to
electronically submit passenger information to CBP no later than
fifteen minutes after the departure of aircraft destined for the United
States and 15 minutes prior to departure of aircraft from the United
States. ``Departure'' currently is defined to be the moment the
aircraft's wheels leave the tarmac. See 19 CFR 122.49. The current
system allows CBP to supplement the watch list matching currently
completed by air carriers prior to boarding. If CBP's screening
identifies that a person on a no-fly list is on an aircraft bound for,
or departing from, the United States, that aircraft will be diverted
from its intended destination.
In this volume of the Federal Register, CBP is publishing a final
rule entitled ``Advance Electronic Submission of Passenger and Crew
Member Manifests for Commercial
[[Page 48359]]
Aircraft and Vessels'' (APIS Pre-Departure Final Rule). This rule,
which becomes effective 180 days after publication, will require air
carriers to provide the passenger information it currently provides to
CBP, but requires air carriers to provide it no later than the time the
flight crew secure the aircraft doors for takeoff.
When commercial air carriers are certified to transmit APIS data
under the pre-departure APIS requirements of the new APIS Pre-Departure
Final Rule, CBP will assume from those carriers the responsibility of
conducting pre-departure watch list matching for international flights
to or from the United States. Once CBP receives the information, it
will complete the watch list matching process and return instructions
concerning each passenger to the covered aircraft operators. Covered
aircraft operators will be required to follow the instructions when
issuing boarding passes to passengers, identifying passengers for
enhanced screening, and allowing passengers to board the aircraft or
preventing them from doing so. If the Secure Flight program is
finalized as envisioned in this proposed rule, it will take over this
watch list matching function for aircraft operators covered under this
proposed rule from CBP.
B. Secure Flight Program Summary
1. Secure Flight Passenger Data
Under the Secure Flight program proposed under this rule, TSA would
require covered aircraft operators to collect information from
passengers, transmit passenger information to TSA for watch list
matching purposes, and process passengers in accordance with TSA
instructions regarding watch list matching results. Under this proposed
rule, TSA would collect Secure Flight Passenger Data (SFPD), consisting
of the information summarized below (and discussed in greater detail in
section I.E.2 ``information collection requirements'' infra).
For passengers on covered flights, TSA is proposing to require
covered aircraft operators to request a passenger's full name, gender,
date of birth, and Redress Number \8\ (if available) or known traveler
number \9\ (if available once the known traveler program is
implemented). Even though covered aircraft operators would be required
to request all of the above data elements from passengers, passengers
would only be required to provide their full name at the time of
reservation to allow TSA to perform watch list matching. They would not
be required by TSA to provide the other data elements to aircraft
operators at the time of reservation. Covered aircraft operators would
be required to transmit to TSA the information provided by the
passenger in response to the request described above.
---------------------------------------------------------------------------
\8\ A Redress Number is a unique number that DHS currently
assigns to individuals who use the DHS Traveler Redress Inquiry
Program (TRIP). Under the proposed rule, individuals would use the
Redress Number in future correspondence with DHS and when making
future travel reservations. The Redress Number is further discussed
in the Secure Flight Information Collection Requirements section
below.
\9\ A known traveler number would be a unique number assigned to
``known travelers'' for whom the Federal Government has already
conducted a threat assessment and has determined do not pose a
security threat. The known traveler number is further discussed in
the Secure Flight Information Collection Requirements section.
---------------------------------------------------------------------------
Covered aircraft operators also would be required to transmit to
TSA passport information, if available. Although not required to be
requested by TSA under this proposed rule, passport information may be
provided by passengers either voluntarily or under other travel
requirements such as CBP APIS requirements if a passenger is traveling
abroad. Additionally, covered aircraft operators would be required to
transmit to TSA certain non-personally identifiable information such as
itinerary information, record locator numbers etc. to allow TSA to
effectively prioritize watch list matching efforts, communicate with
the covered aircraft operator, and facilitate an operational response,
if necessary, to an individual who is on the watch list.
When a non-traveling individual seeks authorization from a covered
aircraft operator to enter an airport sterile area (such as to escort a
minor or assist a passenger with a disability), TSA also is proposing
to require covered aircraft operators to request from the non-traveler
and transmit to TSA, the same information requested from passengers (to
the extent available), as well as certain non-personally identifiable
information, including the airport code for the sterile area to which
the non-traveler seeks access.
The following chart details the information that TSA would require
covered aircraft operators to request from passengers and certain non-
traveling individuals, the information that those individuals would be
required to provide, and the information covered aircraft operators
would be required to transmit to TSA if available:
Proposed Information Collection Requirements for Secure Flight
----------------------------------------------------------------------------------------------------------------
Covered aircraft
operators must Passengers and Covered aircraft
request from certain non- operators must
Data elements passengers and travelers must transmit to TSA,
certain non- provide if available
travelers
----------------------------------------------------------------------------------------------------------------
Full Name.............................................. X X X
Date of Birth.......................................... X ................. X
Gender................................................. X ................. X
Redress Number or Known Traveler Number................ X ................. X
Passport Information \10\.............................. ................. ................. X
Itinerary Information \11\............................. ................. ................. X
Reservation Control Number............................. ................. ................. X
Record Sequence Number................................. ................. ................. X
Record Type............................................ ................. ................. X
Passenger Update Indicator............................. ................. ................. X
Traveler Reference Number.............................. ................. ................. X
----------------------------------------------------------------------------------------------------------------
This proposed rule would not compel the passenger or non-traveler
to provide the majority of the information that covered aircraft
operators request. However, if that individual elected not to provide
the requested information,
[[Page 48360]]
TSA may have insufficient information to distinguish him or her from a
person on the watch list. Accordingly, the individual may be more
likely to experience delays, be subject to additional screening, be
denied transport, or be denied authorization to enter a sterile area.
Without a full name, watch list matching is incredibly unreliable;
therefore the proposed rule would require an individual seeking to
travel on a covered flight or authorization to enter a sterile area to
provide his or her full name, as it appears on the individual's
verifying identity document. The proposed rule would also prohibit
covered aircraft operators from accepting a reservation, or accepting a
request for authorization to enter a sterile area, from an individual
who does not provide a full name.
---------------------------------------------------------------------------
\10\ Passport information is the following information from a
passenger's passport: (1) Passport number; (2) country of issuance;
(3) expiration date; (4) gender; (5) full name.
\11\ Itinerary information is the following information about a
covered flight: (1) Departure airport code; (2) aircraft operator;
(3) departure date; (4) departure time; (5) arrival date; (6)
scheduled arrival time; (7) arrival airport code; (8) flight number;
(9) operating carrier (if available). For non-traveling individuals,
the itinerary information is the airport code for the sterile area
to which the non-traveling individual seeks access.
---------------------------------------------------------------------------
2. 72-Hour Requirement
Under the Secure Flight proposed rule, covered aircraft operators
would be required to transmit Secure Flight Passenger Data to TSA
approximately 72 hours prior to the scheduled flight departure
time.\12\ Requiring SFPD approximately 72 hours prior to scheduled
flight departure time would support the security mission of the Secure
Flight program and facilitate a streamlined watch list matching process
for aircraft operators and passengers in at least the following ways.
---------------------------------------------------------------------------
\12\ In the APIS Pre-Departure Final Rule, CBP also encourages,
but does not mandate, all carriers to submit the information up to
72 hours in advance when available, to facilitate clearance.
---------------------------------------------------------------------------
TSA considered a number of factors in determining that aircraft
operators should submit SFPD to TSA approximately 72 hours before
scheduled flight departure time. TSA reviewed reservation trend
analyses which indicates that, on average, an estimated 90-93% of
travel reservations are finalized and become stable (e.g. not subject
to cancellation or timing changes) 72 hours before the scheduled flight
departure time. Accordingly, TSA determined that it would not be
practicable to require aircraft operators to submit information earlier
than 72 hours prior to flight departure time, as such information would
still be subject to change and would not provide sufficiently reliable
information for TSA to begin watch list matching or engage in any
necessary coordination with law enforcement.
During a standard travel day, TSA estimates that over 2.4 million
passengers use covered aircraft operators for domestic and
international travel (either destined for or departing from the United
States). Although approximately 99% of passenger travel reservations
would be finalized within 24 hours of the departure of any flight, 24
hours would not provide TSA with sufficient time to adequately screen
2.4 million passengers and, when necessary, coordinate operational
responses in the event of identification of a terrorist suspect or as
needed to identify and disrupt a suspected terrorist plot potentially
involving a variety of flights or aircraft operators, foreign or
domestic.
It is important to note that, in any one day, TSA would be
conducting watch list matching on not only the 2.4 million travelers
for one designated travel day, but TSA also would continue to conduct
watch list matching for the 2.4 million travelers for each of the two
days before the date of departure of the flight. In total, over a 72-
hour period, TSA could be conducting watch list matching for up to 7.2
million travelers traveling within a 72-hour period.
Accordingly, TSA is proposing that covered aircraft operators
submit SFPD approximately 72 hours in advance.
Security benefits. A 72-hour period would provide the significant
security benefit of allowing the U.S. government to coordinate an
operational response to a match on a watch list--not only before the
flight departs, but even in advance of the individual's arrival at the
airport. Also, TSA could provide a single watch list matching solution
for both domestic and international flights, because TSA would have the
time to prioritize the domestic and international watch list matching
workload and accommodate last-minute reservations and changes.
Benefits to covered aircraft operators and passengers. The 72-hour
period would also allow TSA to complete watch list matching in time to
allow covered aircraft operators to begin issuing boarding passes to
passengers 24 hours prior to departure. Watch list matching that takes
place immediately prior to the flight's departure, such as that allowed
by CBP's APIS rule, would not allow TSA to communicate with covered
aircraft operators regarding the issuance of boarding passes 24 hours
prior to departure. Additionally, passengers' travel experiences would
be enhanced because TSA would use that time to adjudicate potential
watch list matches and coordinate with other government agencies as
necessary, to resolve as many false positives as possible before such
individuals arrive at the airport or experience delay or inconvenience.
TSA welcomes public comment on this timeframe, as well as on
alternate timeframes, and will consider these comments in the
development of the final rule. As always, comments that include an
analytical justification are most useful.
3. Instructions to Covered Aircraft Operators
TSA would match the SFPD provided by covered aircraft operators
against the watch list. Based on the watch list matching results, TSA
would instruct an aircraft operator to process the individual in the
normal manner, to identify the individual for enhanced screening at a
security checkpoint, or to deny the individual transport or
authorization to enter the airport sterile area. To ensure the
integrity of the boarding pass instructions and to prevent use of
fraudulent boarding passes, TSA would also provide instructions on
placing codes on the boarding passes. Covered aircraft operators would
be required to comply with the TSA instructions.
4. Summary of Requirements
A brief summary of the requirements proposed in this NPRM is
presented below. A detailed explanation of these requirements is
provided in the Section-by-Section Analysis.
Requirements of Covered Aircraft Operators. This proposed
rule would require aircraft operators that conduct certain scheduled
and public charter flights to:
Submit an Aircraft Operator Implementation Plan (AOIP) to
TSA for approval.
Conduct operational testing with TSA.
Request full name, date of birth, gender, and Redress
Number (if available) or known traveler number (if implemented and
available) from passengers and non-traveling individuals.
Transmit Secure Flight Passenger Data for passengers and
non-traveling individuals, in accordance with the aircraft operator's
AOIP, approximately 72 hours prior to the scheduled flight departure
time.
Make a privacy notice available on public Web sites and
self-service kiosks before collecting any personally identifiable
information from passengers or non-traveling individuals.
[[Page 48361]]
Request a verifying identity document at the airport
ticket counter if TSA has not informed the covered aircraft operator of
the results of watch list matching for an individual by the time the
individual attempts to check-in, or informs the covered aircraft
operator that an individual must be placed on inhibited status and may
not be issued a boarding pass or authorization to enter a sterile area.
A verifying identity document is one that has been issued by a Federal,
State, local, or tribal government that contains the individual's full
name, photo, and date of birth, and is non-expired; though a non-
expired passport issued by a foreign government will also be considered
a verifying identity document. This requirement would be in addition to
the current requirement that aircraft operators request all passengers
and non-traveling individuals to provide identification at the time of
check-in or at a screening checkpoint.
When necessary, submit information from the verifying
identity document to TSA to resolve potential watch list matches. In
some cases, TSA may also request that the covered aircraft operator
communicate a physical description of the individual.
Not issue to an individual a boarding pass or
authorization to enter a sterile area or permit an individual to board
an aircraft or enter a sterile area if the individual does not provide
a verifying identity document when requested under circumstances
described above, unless otherwise authorized by TSA.
Prohibit issuance of boarding passes or authorizations to
enter a sterile area to individuals whom TSA has placed on inhibited
status. Prohibit these individuals from boarding an aircraft.
Comply with instructions from TSA to designate identified
individuals for enhanced screening before boarding a flight or
accessing a sterile area.
Place separate codes on boarding passes in accordance with
TSA instructions.
Requirements of Individuals. Individuals who wish to make
a reservation on a covered flight or to access a sterile area must
provide their full names to the covered aircraft operators. This
proposed rule would require those passengers and non-traveling
individuals for whom TSA has not provided watch list matching results
or has provided inhibited status to present a verifying identity
document, in order to board an aircraft or to enter a sterile area.
Individuals also would continue to be subject to the current
requirement that aircraft operators request all passengers and non-
traveling individuals to provide identification at the time of check-in
or at a screening checkpoint.
Government Redress Procedures Available to Individuals.
This proposed rule explains the redress procedures for individuals who
believe they have been improperly or unfairly delayed or prohibited
from boarding a flight as a result of the Secure Flight program. These
individuals may seek assistance through the redress process by
submitting certain personal information, as well as copies of certain
identification documents, to the existing DHS Traveler Redress Inquiry
Program (DHS TRIP). The proposed rule explains the process the Federal
Government will use to review the information submitted and to provide
a timely written response.
C. Implementation Stages of Secure Flight
TSA proposes to implement this rule in two stages. The first stage
would include covered flights between two domestic points in the United
States, and the second stage would include covered flights to or from
the United States, flights that overfly the continental United States,
and all other flights (such as international point-to-point flights)
operated by covered U.S. aircraft operators not covered in the first
stage.
1. Implementation of Secure Flight for Domestic Flights
During the first stage of implementation, TSA would assume the
watch list matching function for domestic flights conducted by covered
U.S. aircraft operators. TSA would conduct operational testing with
each covered U.S. aircraft operator to ensure that the aircraft
operator's system is compatible with TSA's system. After successful
operational testing with a covered U.S. aircraft operator, TSA would
assume the watch list matching function for domestic flights from that
aircraft operator.
2. Implementation of Secure Flight for International Flights
Until TSA implements the Secure Flight program for international
flights by covered aircraft operators, DHS plans for CBP to conduct
pre-departure watch list matching for international flights under the
APIS Pre-Departure Final Rule. This interim approach will allow DHS to
more quickly address the threat of terrorism on flights arriving in and
departing from the United States.
During the second stage of Secure Flight implementation, TSA will
assume the watch list matching function for covered international
flights from CBP. There are a few differences between the two
processes. First, covered aircraft operators would need to request
passenger information at the time of reservation, as required under
this proposed rule. Second, as described below, TSA would utilize
Secure Flight Passenger Data, which requires collection of different
data elements than under the APIS regulations. For its non-watch list
matching functions, which CBP will continue to perform under the APIS
rule, CBP would continue to collect APIS data. Given this, and to
provide a single point of contact, covered aircraft operators can
transmit both APIS data and Secure Flight Passenger Data in a single
transmission to the DHS portal, which will route information to TSA and
CBP as appropriate.
The following tables list the data elements that CBP will collect
under its APIS regulations, and that TSA will collect under the Secure
Flight program.
------------------------------------------------------------------------
APIS regulations
Data elements (international Secure flight
flights) \13\ NPRM \14\
------------------------------------------------------------------------
Full Name......................... X X
Date of Birth..................... X X
Gender............................ X X
Redress Number or Known Traveler ................. X
Number...........................
Passport Number*.................. X X
Passport Country of Issuance*..... X X
Passport Expiration Date*......... X X
Passenger Name Record Locator..... X .................
International Air Transport X X
Association (IATA) Foreign
Airport Code--place of
origination......................
[[Page 48362]]
IATA Code--Port of First Arrival.. X X
IATA Code of Final Foreign Port X .................
for In-transit Passengers........
Airline Carrier Code.............. X X
Flight Number..................... X X
Date of Aircraft Departure........ X X
Time of Aircraft Departure........ X X
Date of Aircraft Arrival.......... X X
Scheduled Time of Aircraft Arrival X X
Citizenship....................... X .................
Country of Residence.............. X .................
Status on Board Aircraft.......... X .................
Travel Document Type.............. X .................
Alien Registration Number**....... X
Address While in U.S.--(except for X .................
outbound flights, U.S. citizens,
lawful permanent residents, crew
and intransit passengers)........
Reservation Control Number........ ................. X
Record Sequence Number............ ................. X
Record Type....................... ................. X
Passenger update indicator........ ................. X
Traveler Reference Number......... ................. X
------------------------------------------------------------------------
*If required.
**If applicable.
TSA would require covered aircraft operators to transmit to TSA the
available passenger information required under this proposed rule that
resides in covered aircraft operators' systems. Covered aircraft
operators must submit this information, through the same DHS portal
used for APIS submissions, approximately 72 hours before departure of a
covered flight. Those that elect to transmit all manifest information
required under the Pre-Departure APIS rule at the same time would be
able to send a single transmission to DHS for the Secure Flight and
Pre-Departure APIS programs and would receive a single boarding pass
printing instruction in return. Under the APIS regulations, such
aircraft operators would then be required to validate the information
submitted against the individual's passport or other travel document
and transmit passenger information to DHS only if it is different from
the information previously submitted, no later than 30 minutes prior to
or up to the securing of the doors of an aircraft under CBP's APIS Pre-
Departure rule.
---------------------------------------------------------------------------
\13\ All APIS data elements are required.
\14\ Covered aircraft operators must provide data elements
listed for Secure Flight, to the extent they are available.
---------------------------------------------------------------------------
Covered aircraft operators that do not elect to transmit all
manifest information required under the Pre-Departure APIS rule
approximately 72 hours in advance would submit validated APIS
information no later than 30 minutes prior to or up to the securing of
the doors of an aircraft under CBP's Pre-Departure APIS rule. The
aircraft operator would only receive a boarding pass printing
instruction from DHS after the APIS transmission if the transmitted
APIS data differs from the SFPD that was transmitted 72 hours prior to
departure.
Additionally, for reservations made within 72 hours of scheduled
flight departure time, covered aircraft operators would be required to
transmit Secure Flight Passenger Data as soon as possible. If the
covered aircraft operator is also ready to transmit APIS information at
that time, the covered aircraft operator would be able to send one
transmission for both Secure Flight and Pre-Departure APIS and would
receive one boarding pass printing instruction. If the covered aircraft
operator is not ready to transmit passenger under Pre-Departure APIS at
the same time, the covered aircraft operator would be required to
transmit the passenger information separately for Secure Flight and
APIS.
Covered aircraft operators would use the same portal to transmit
Secure Flight Passenger Data to TSA as they will to transmit APIS data
to CBP. Covered U.S. aircraft operators would not need to undergo
additional operational testing during the second phase, because they
would have already conducted operational testing with TSA during the
first phase. TSA, however, would need to conduct operational testing
with the covered foreign air carriers, which would not have previously
conducted operational testing with TSA, to confirm that the Secure
Flight process operates properly from end-to-end with these carriers.
Once TSA assumes responsibility under Secure Flight for the watch
list matching function for the majority of passengers covered by the
APIS regulation, CBP would no longer be responsible for pre-departure
watch list matching or the issuance of related boarding pass printing
instructions for covered flights. Consequently, covered aircraft
operators would receive, and would have to comply with, one set of
instructions from DHS, via TSA, regarding the issuance of boarding
passes to or the boarding of passengers on covered international
flights. CBP would, however, continue to require carriers to provide
APIS data to carry out its border enforcement mission. CBP would
continue to require covered aircraft operators and passengers to comply
with CBP's APIS regulations, including passengers presenting their
passports or other required travel documents at the airport to the
aircraft operators in order for the aircraft operator to verify the
APIS information and to transmit it to CBP if the APIS information was
not previously transmitted or if the verified APIS information is
different from the information previously transmitted.
In some international airports, passengers may transit from one
international flight to another, where the flights are operated by
different aircraft operators and only the second flight would be a
covered flight under this proposed rule. TSA understands that
currently, in these situations, the aircraft operator operating the
first flight
[[Page 48363]]
may issue a boarding pass for both legs of the passenger's itinerary,
including the flight to the United States. Under this proposed rule,
the aircraft operator operating the first flight would not be able to
issue a boarding pass for the second flight until that aircraft
operator received an appropriate boarding pass printing instruction
from TSA. This would allow TSA to minimize the security risk of
allowing passengers who have not yet been compared against the watch
list to have access to aircraft and the secure area of an airport. TSA
is seeking comment on this proposed requirement.
D. Privacy Documents
TSA is committed to safeguarding individuals' privacy in conducting
the Secure Flight Program to the greatest extent possible. In
conjunction with this NPRM, TSA is publishing a Privacy Impact
Assessment (PIA) for the Secure Flight Program, a Privacy Act System of
Records Notice (SORN), DHS/TSA 019, and an NPRM proposing Privacy Act
exemptions for the Secure Flight Program. All three documents outline
how TSA would collect, use, store, protect, and retain personally
identifiable information collected and used as part of the Secure
Flight Program and identify the privacy risks and mitigation measures
that would be employed to reduce or eliminate privacy risks, such as
false positive matches or insufficient safeguards for the information.
All three documents are available at http://www.tsa.gov and the SORN
and the NPRM proposing the Privacy Act exemptions will be published in
the Federal Register. TSA invites public comments on the SORN and NPRM
proposing Privacy Act exemptions. TSA will respond to public comments
received on the PIA, SORN, and NPRM through the rulemaking process and
revise the respective documents as appropriate.
TSA has developed a comprehensive approach to promoting compliance
with the Fair Information Practices codified in the Privacy Act of
1974, the E-Government Act of 2002, DHS and TSA privacy policies, and
Office of Management and Budget (OMB) privacy guidance. Comprehensive
privacy requirements are being included in the program requirements to
allow TSA to identify privacy issues and risks at each phase of the
program and implement privacy principles across Secure Flight systems
and operations. The Secure Flight program has designated an individual
to work closely with the TSA Director of Privacy Policy and Compliance
as well as the DHS Chief Privacy Officer to promote compliance with the
published documents for the program, including the SORN and the PIA.
This individual would also routinely monitor and review the operations
that authorized users perform on personal information according to a
schedule to be determined and will be responsible for the
implementation of the privacy program.
The Secure Flight program seeks to balance the competing interests
of data collection minimization and reduction of false positives
through individual choice. TSA has limited the proposed information
collection requirements for Secure Flight to the data elements TSA
believes are minimally necessary for effective watch list matching of
aviation passengers, as discussed in Section E.2. below. The proposed
rule leaves individuals with the choice to decline to provide certain
data elements. For the vast majority of individuals, a decision to
forgo providing these data elements should have no effect on their
watch list matching results and will result in less information being
held by TSA. For some individuals, however, TSA may be unable to
perform effective automated watch list matching without this
information and, as a result, those individuals may be more likely to
be subject to additional screening or be denied boarding or
authorization to enter a sterile area.
The Secure Flight Program also would mitigate the privacy risk of
false positive matches to the watch list by supplementing the initial
automated comparison with a manual assessment conducted by a Secure
Flight analyst, but only if necessary to complete the watch list
matching process. Individuals will be provided with the opportunity
under the DHS Traveler Redress Inquiry Program (TRIP) redress process
and under the Privacy Act of 1974 to access and correct personal
information, subject to the Privacy Act exemptions proposed for Secure
Flight records and other applicable legal constraints. Secure Flight
would not utilize commercial data to verify identities, nor would it
use algorithms to assign risk scores to individuals.
TSA is proposing to retain records for most individuals encountered
by Secure Flight for a short period of time.\15\ The vast majority of
records are expected to be destroyed within seven (7) days of
completion of directional travel.\16\ Records for individuals not
identified as potential matches by the automated matching tool would be
retained for seven days after the completion of the individual's
directional travel for audit purposes. Records for individuals who are
potential matches would be retained for seven years after the
completion of the individual's directional travel. These records would
be available if needed as part of the redress process and, as a result,
may help to expedite future travel. Records concerning confirmed
matches are expected to be retained for 99 years. This retention period
is consistent with TSC's NARA-approved records retention schedule for
TSDB records. In case of a terrorist event, records concerning the
event, which may possibly include passenger information, would be
retained in accordance with a separate TSA record retention schedule
covering major security incident records. This information would be
retained to support the investigation and documentation of a terrorist
event. Such records would be maintained in accordance with applicable
SORNs, DHS/TSA 001, Transportation Security Enforcement Records System,
69 FR 71818, 71829 (December 10, 2004) and DHS/TSA 011, Transportation
Security Intelligence Service Operations Files, 69 FR 71828, 71835
(December 10, 2004).
---------------------------------------------------------------------------
\15\ The retention schedule will be submitted for approval to
the National Archives and Records Administration (NARA). TSA will
retain the records in accordance with the retention schedule
approved by NARA.
\16\ Directional travel means the individual's one-way travel to
his or her destination.
---------------------------------------------------------------------------
The Secure Flight Program would further minimize potential privacy
risks by integrating administrative, technical, and physical security
safeguards to limit collection of personally identifiable information
and to protect information against unauthorized disclosure, use,
modification or destruction. Specifically, administrative safeguards
will restrict the permissible uses of personal information and
implement the controls for adherence to those uses. As part of
technical safeguards employed, Secure Flight will employ role-based
access controls and audit logging (that is, the chronicling of
information accesses and uses of information) to control and monitor
the use of personal information. Further, all personnel who will be
authorized to handle personal information for the Secure Flight program
will be required to complete TSA privacy training when they join the
program and on at least an annual basis thereafter. Personal
information will only be disclosed to, and used by, authorized
individuals who have a need to know the information in order to perform
their duties. These safeguards will further minimize the potential
privacy risk that personal information may be improperly used. The PIA
[[Page 48364]]
addresses all of these safeguards in more detail.
TSA will issue an amended PIA and a revised SORN in conjunction
with the Secure Flight Final Rule if necessary. Although not required,
covered aircraft operators may voluntarily choose to begin testing with
TSA prior to TSA publishing a final rule. The PIA and the SORN would
cover any testing between an aircraft operator and TSA including both
domestic and international flights.
E. Secure Flight Testing and Information Collection Requirements
After initial Secure Flight testing described below, TSA has
limited the proposed information collection requirements for Secure
Flight to the data elements TSA believes are minimally necessary for
aviation passenger watch list matching. In making this determination,
TSA balanced the privacy interest in minimizing the collection of
personal information with the security need to conduct effective watch
list matching, without unnecessarily delaying innocent individuals due
to false positive watch list matches.
1. Secure Flight Testing
Prior to initiating this rulemaking, TSA performed testing of the
agency's ability to conduct automated watch list matching for purposes
of the Secure Flight program and separately, testing to determine
whether the use of commercial data would be effective in identifying
passenger information that is incorrect or inaccurate. On September 24,
2004, TSA published in the Federal Register a number of documents
necessary to allow the agency to begin testing the Secure Flight
program. These documents included: (1) A proposed order to U.S.
aircraft operators directing them to provide a limited set of
historical passenger name records (PNRs) to TSA for use in testing the
program (69 FR 57342); (2) a Privacy Act System of Records Notice for
records involved in testing the program (69 FR 57345); and (3) a
Privacy Impact Assessment (PIA) of program testing (69 FR 57352[0]).
On November 15, 2004, after reviewing the comments received in
response to these documents, TSA published in the Federal Register the
final order directing U.S. aircraft operators to provide to TSA, by
November 23, 2004, a limited set of historical PNRs for testing of the
Secure Flight program.\17\ TSA also published revisions to the system
of records notice and the Privacy Impact Assessment (PIA) on June 22,
2005,\18\ to make clear that the purpose of commercial data testing was
``to test the Government's ability to verify the identities of
passengers using commercial data and to improve the efficacy of watch
list comparisons by making passenger information more complete and
accurate using commercial data.''
---------------------------------------------------------------------------
\17\ 69 FR 65619.
\18\ 70 FR 36320.
---------------------------------------------------------------------------
After reviewing the results of the testing and the comments
received concerning the testing, TSA determined that it will not use
commercial data in the program. This decision is consistent with
Section 514(f) of the Department of Homeland Security Appropriations
Act, 2007 (2007 DHS Appropriations Act), Public Law 109-295 (Oct. 4,
2006), which currently prohibits TSA from using appropriated funds on
data or a database that is obtained from, or remains under the control
of, a non-Federal entity (other than passenger information from
aircraft operators) for the Secure Flight program.
2. Information Collection Requirements
Based on the automated watch list matching test results and TSA's
experience in conducting security threat assessments that include watch
list matching, TSA has carefully selected the personal information that
TSA believes is necessary to conduct effective watch list matching for
aviation passengers. Consequently, under the proposed rule, TSA would
collect Secure Flight Passenger Data consisting of the information
described below.
Full Name, Gender, and Date of Birth:
Based on the automated watch list matching test results and TSA's
experience in conducting security threat assessments that include watch
list matching, TSA believes that an individual's full name, gender, and
date of birth are critically important for effective automated matching
against the watch list. This proposed rule, therefore, would require
covered aircraft operators to request full name, gender, and date of
birth from all passengers and non-traveling individuals accessing
sterile areas. As discussed in the Section-by-Section Analysis below,
TSA defines ``full name'' in proposed Sec. 1560.3 (Terms Used in This
Part) and uses it as the primary attribute to conduct watch list
matching. Partial names, which some aircraft operators currently
collect, would increase the likelihood of false positive matches,
because partial names are more likely to match a number of different
entries on the watch list. As a result, this proposed rule would
require individuals seeking a reservation on a covered flight or
authorization to enter a sterile area to provide their full names and
would prohibit covered aircraft operators from authorizing entry to a
sterile area or accepting a reservation for a passenger on a covered
flight who does not provide a full name.
Many names, including English and non-English names, do not
indicate gender, because they can be used by either gender.
Additionally, names not derived from the Latin alphabet, when
transliterated into English, do not generally denote gender. Providing
information on gender will reduce the number of false positive watch
list matches, because the information will distinguish persons who have
the same or similar names but who are of different gender. Date of
birth is also helpful in distinguishing a passenger from an individual
on a watch list with the same or similar name, thereby reducing the
number of false positive watch list matches.
Under the proposed rule, TSA would not compel individuals to
provide their gender and date of birth when aircraft operators request
it. Without this information, however, TSA may be unable to rule out
such individuals as a watch list match, and consequently they may be
subject to additional screening or be denied boarding or authorization
to enter a sterile area. Covered aircraft operators would then be
required to transmit to TSA the names, gender, and dates of birth for
passengers on covered flights, to the extent they are available as part
of the reservation process. For example, if a passenger provides a full
name but does not provide gender or a date of birth, the covered
aircraft operator would be required to transmit to TSA the full name.
If a covered aircraft operator were to input data required to be
requested from individuals into the system where it stores SFPD--such
as data from a passenger profile stored by the aircraft operator in the
ordinary course of business--the aircraft operator would be required to
include that data as part of the SFPD transmitted to TSA, even though
the individual did not provide that information at the time of
reservation.
Redress Number:
This proposed rule would also require covered aircraft operators to
request an individual's Redress Number, if available. DHS will assign
this unique number to individuals who use the DHS Traveler Redress
Inquiry Program (DHS TRIP), because they believe they have been
incorrectly delayed, identified for enhanced screening, denied
boarding, or denied access to a sterile area.
[[Page 48365]]
Individuals who have already undergone TSA's redress process would not
need to use DHS TRIP to reapply for redress once the Secure Flight
process is operational. Individuals may be less likely to be delayed by
false positive matches to the watch list if they provide their Redress
Number at the time of making a flight reservation or requesting access
to a sterile area. TSA is proposing to require that each covered
aircraft operator request this information to provide the opportunity
for an individual to use his or her assigned Redress Number to
facilitate travel or access to a sterile area.
Known Traveler Number:
In addition, the proposed rule provides that covered aircraft
operators may be required to request a known traveler number from
passengers and non-traveling individuals, if available. The known
traveler number would be a unique number assigned to ``known
travelers'' for whom the Federal Government has already conducted a
terrorist security threat assessment and has determined do not pose a
terrorist security threat. The known traveler number would enable TSA
to identify these ``known travelers,'' further reducing the number of
false positive matches to the watch list, and reduce unnecessary
duplication of Federal Government watch list matching efforts. Although
TSA would continue to conduct watch list matching for ``known
travelers,'' by having the known traveler numbers of these individuals,
TSA would be able to identify them as individuals who have already
completed a Federal terrorist security threat assessment. The proposed
rule would not compel individuals to provide a known traveler number
upon request from the aircraft operator. Without a known traveler
number, however, the individual may be more likely to experience
delays, be subjected to enhanced screening, be denied boarding, or be
denied access to a sterile area.
Because TSA has not yet determined which categories of individuals
should be considered ``known travelers,'' we specifically seek comment
on this provision. The proposed rule would not require covered aircraft
operators to initially request the known traveler number along with the
other passenger identification information. Instead, once TSA has
determined the categories of individuals that should be considered as
``known travelers,'' TSA would provide covered aircraft operators
written notification 30 days in advance that they must begin to collect
and transmit the known traveler number. TSA is adding this known
traveler number requirement in the proposed rule now to allow covered
aircraft operators advance planning in making all necessary system
changes. Once TSA informs covered aircraft operators that they must
begin to collect and transmit the known traveler number, covered
aircraft operators may transmit the known traveler number in the
Redress Number field, as it would not be necessary for the covered
operators to send both the Redress Number and the known traveler number
to TSA.
Passport Information:
TSA proposes to require covered aircraft operators to transmit
certain information from an individual's passport (passport number,
country of issuance, expiration date, gender, and full name), if
available. The proposed rule, however, does not propose to require
covered aircraft operators to collect the passport information if they
do not otherwise collect it in the normal course of business or unless
otherwise required by other rules, such as APIS. Based on TSA's
experience in conducting security threat assessments that include watch
list matching, TSA believes that passport information would enable TSA
analysts to resolve possible false positive matches and make the watch
list matching process more accurate.
For passengers who have previously flown on an international flight
as part of their travel itinerary, the covered aircraft operator may
already have the passport information if the covered aircraft operator
was required to collect passport information for the previous flight
pursuant to requirements under regulations issued by CBP. For such
passengers, TSA would require covered aircraft operators to transmit
passport information to TSA as part of the initial SFPD transmission.
For passengers whose itinerary includes a domestic flight that connects
to an international flight, covered aircraft operators often collect
passport information when the passenger checks in for the domestic
flight. For these passengers, covered aircraft operators would be
required under this proposed rule to transmit the passport information
to TSA as soon as it is available. In cases where passport information
is available, the proposed rule would require covered aircraft
operators to transmit the passport information to TSA, in order to
verify the information provided at the time of reservation, facilitate
identification of individuals who are on the watch list, and further
minimize false positive matches.
Information Used To Manage Messaging:
This rule also proposes to require covered aircraft operators to
provide certain non-personally identifiable data fields, including
passenger itinerary information (or airport code for non-travelers
requesting sterile area access) for TSA to effectively prioritize watch
list matching efforts, communicate with the covered aircraft operator,
and facilitate an operational response, if necessary, to an individual
who is on the watch list. For example, if TSA identifies an individual
on the watch list, TSA or the TSC may need to engage law enforcement
officials to question or detain the individual, as appropriate.
F. The Watch List Matching Process Under Secure Flight
The proposed rule would require all covered aircraft operators to
request the information discussed above from passengers on a covered
flight and non-traveling individuals. The proposed rule, however, would
not require all covered aircraft operators to begin transmitting that
information to TSA at the same time. TSA proposes to bring covered
aircraft operators into Secure Flight in phases and require aircraft
operators to begin providing passenger and non-traveler information to
TSA in accordance with the deadlines set forth in their approved AOIP,
discussed further below.
For passengers, TSA proposes to require covered aircraft operators
to transmit the SFPD including itinerary information. For non-traveling
individuals, TSA proposes that covered aircraft operators transmit the
SFPD including the airport code for the airport sterile area that the
non-traveling individual seeks to enter.
TSA proposes that information be transmitted to TSA approximately
72 hours in advance of departure, unless the individual makes a
reservation within 72 hours of the scheduled flight departure time,
changes a flight within 72 hours of the scheduled flight departure
time, or requests to enter a sterile area upon arrival at the airport.
In such cases, TSA would require covered aircraft operators to send the
required information to TSA immediately. TSA, in coordination with the
TSC where necessary, would compare the passenger and non-traveler
information obtained from each covered aircraft operator to information
contained in the watch list. TSA would also compare passenger and non-
traveler information to a list of individuals who have previously been
distinguished from persons on the watch list.
If an automated comparison using the information transmitted to TSA
[[Page 48366]]
indicates that the passenger is not a match to the watch list, TSA will
notify the aircraft operator that check-in and boarding pass issuance
for the individual can proceed normally. Such individuals will undergo
standard passenger and baggage screening. If the automated comparison
using the passenger or non-traveler information identifies a potential
match to the Selectee List, TSA will notify the covered aircraft
operator that the passenger or non-traveling individual and his or her
baggage must be identified for enhanced screening. TSA is also
considering adding a random element to Secure Flight, whereby
individuals may be selected for enhanced screening even though they are
not a match to the watch list. The addition of this random element
would provide Secure Flight with another layer of security, because it
would introduce unpredictability into the process.
TSA expects to complete the watch list matching process for, and
permit covered aircraft operators to issue boarding passes to, the vast
majority of passengers through this fully-automated initial comparison.
If the automated comparison indicates a reasonably similar or exact
match to a person on the No Fly component of the watch list, TSA will
inform the covered aircraft operator that the individual must be placed
on inhibited status and consequently, the aircraft operator may not
issue a boarding pass or other authorization to enter the sterile area
for that individual unless further resolution procedures indicate that
the individual may be issued a boarding pass or authorization to enter
a sterile area. If the SFPD for that individual contains sufficient
data, a TSA analyst will then conduct a preliminary analysis of the
individual identified as a potential match. The TSA analyst will review
all available information to determine if the passenger appears to be
the individual on the No Fly component of the watch list. If necessary,
the TSA analyst will check other classified and unclassified
governmental terrorist, law enforcement, and intelligence databases,
including databases maintained by the Department of Homeland Security,
Department of Defense, National Counter Terrorism Center, and Federal
Bureau of Investigation (FBI), in order to resolve the possible match
between the individual and a person on the No Fly component of the
watch list.
This careful review process is intended to significantly reduce the
number of false positive matches identified by the automated watch list
check. If the TSA analyst determines that the individual is not a match
to the No Fly component of the watch list, TSA will inform the covered
aircraft operator that the individual no longer has inhibited status,
and the aircraft operator may issue a boarding pass or authorization to
enter a sterile area to that individual. If the TSA analyst identifies
a possible match between a passenger and an individual identified on
the No Fly component of the watch list, TSA will send the passenger
information to TSC and request confirmation of the match.
TSA may be unable to complete the watch list matching process for
an individual, if, for instance, the individual fails to provide his or
her full name, gender, and date of birth when making the flight
reservation, or if the individual's full name, gender, and date of
birth and other information in the SFPD are insufficient to distinguish
him or her from an individual who appears on the No Fly component of
the watch list. The proposed rule provides that if TSA or TSC cannot
determine from the information provided by the covered aircraft
operator whether an individual is a match to the No Fly component of
the watch list prior to the individual's arrival at the airport or
online check-in, it will be necessary for the individual to provide
additional information at the airport. These individuals may be asked
to present to the covered aircraft operator a verifying identity
document, which must be an unexpired form of identification that is
issued by a Government (Federal, State, local, or tribal), and contains
the individual's full name, photo, and date of birth or an unexpired
passport issued by a foreign government. This requirement would not
replace current requirements that covered aircraft operators request
all passengers and non-traveling individuals to provide identification,
such as at check-in or at the screening checkpoint.
Once the individual provides a verifying identity document to the
covered aircraft operator, the proposed rule would require the aircraft
operator to update the passenger's SFPD with the additional information
from the individual's verifying identity document and transmit it to
TSA. There may be occasions where the aircraft operator will need to
call TSA. In such cases, the aircraft operator may be asked to provide
additional identifying information, such as a physical description,
referred to as ``Passenger Resolution Information,'' that TSA may need
to complete the watch list matching process. TSA will complete the
watch list matching process, in coordination with the TSC, and provide
the aircraft operator with watch list matching results for that
individual.
Where warranted, any Federal agency or other public, private, or
appropriate foreign government entity may be notified to initiate an
operational response.\19\ The agency or entity will be provided with
sufficient information about the passenger and his or her itinerary to
facilitate coordination of the operational response. The Federal
Security Director, Federal Air Marshals, or other law enforcement
personnel responsible for airport security may also be notified to
facilitate a timely law enforcement response to the individual
identified in the watch list. Further inquiry by law enforcement may,
for example, help resolve a situation of mistaken identity or confirm
the determination made in the screening process that an individual
should be denied boarding or entry to a sterile area.
---------------------------------------------------------------------------
\19\ For the types of public and private entities that TSA may
notify, see ``Routine Uses of Records Maintained in the System,
Including Categories of Users and Purposes of Such Uses'' in the
Federal Register notice entitled ``Privacy Act of 1974: System of
Records; Secure Flight Records.'' [Add FR citation]
---------------------------------------------------------------------------
G. Operational Testing of Secure Flight
As part of the implementation of the Secure Flight program, TSA
would conduct operational testing of TSA's capabilities to interact
with and perform watch list matching for each covered aircraft operator
before assuming the watch list matching function from each aircraft
operator. During the operational testing for each covered aircraft
operator, the covered aircraft operator would establish data
transmission connections to TSA through an established DHS portal, and
TSA would test its ability to receive passenger and non-traveler
information, conduct watch list matching and transmit watch list
matching results back to the aircraft operator in real-time.
Operational testing will allow TSA to refine program operations and
ensure that TSA will be able to effectively conduct watch list matching
for passengers and non-traveling individuals of each covered aircraft
operator before TSA assumes the watch list matching function.
Covered U.S. aircraft operators would continue to match passengers
against the watch lists for domestic flights under current procedures
during their operational test phase and would maintain responsibility
for denying issuance of boarding passes or identifying individuals for
enhanced screening as a result of their own watch list matching
determinations. If, during operational testing, TSA identifies a
[[Page 48367]]
match to the No Fly and Selectee Lists that a covered aircraft operator
has not identified, TSA may identify such passengers to the TSC and the
covered aircraft operator for appropriate action, as permitted under
section 514(d) of the 2007 DHS Appropriations Act. Once TSA assumes the
watch list matching function from a covered aircraft operator, the
aircraft operator would discontinue conducting watch list comparisons
for passengers and non-traveling individuals.
For international flights, covered U.S. aircraft operators would be
required to follow CBP boarding pass printing instructions in
accordance with the APIS Pre-Departure Final Rule until TSA informs the
covered U.S. aircraft operator that it will assume the watch list
matching function. Foreign air carriers would also be required to
follow CBP boarding pass printing instructions in accordance with the
APIS Pre-Departure Final Rule during operational testing and until TSA
informs the covered foreign air carrier that TSA will assume the watch
list matching function.
The proposed rule also states that TSA would provide prior written
notification to each covered aircraft operator of the date on which it
would assume the watch list matching function from that covered
aircraft operator. Because operational testing would begin with covered
aircraft operators in phases, TSA would likely transition to
implementation in phases as well and may continue operational testing
with some covered aircraft operators while beginning implementation
with others.
H. Proposed Compliance Schedule
TSA believes that most of the new provisions concerning covered
aircraft operators' collection and transmission of SFPD in this
proposed rule are achievable within 60 days after the effective date of
the final rule. However, TSA intends to implement some provisions on a
rolling basis. TSA requests comment on the proposed compliance schedule
below:
(1) The final rule would become effective 60 days after the date of
publication in the Federal Register.
(2) In accordance with proposed Sec. 1560.109, TSA would require
covered aircraft operators to submit their AOIP no later than 30 days
after the effective date.
(3) In accordance with proposed Sec. Sec. 1560.101(a) and
1560.103, TSA would require covered aircraft operators to begin
requesting the information from passengers and non-traveling
individuals and begin providing the privacy notice no later than 60
days after the effective date. TSA would not require covered aircraft
operators to request information from passengers who made reservations
on covered flights prior to that date.
(4) In accordance with proposed Sec. 1560.101(a), TSA would
require covered aircraft operators to begin requesting known traveler
numbers from passengers and non-traveling individuals 30 days after
receiving written notice from TSA.
(5) TSA anticipates that it would require covered aircraft
operators to have the capability to transmit SFPD for covered flights
to TSA no later than 60 days after the effective date.
(6) TSA proposes that covered aircraft operators be required to
begin transmitting SFPD to TSA in accordance with a schedule approved
by TSA, as provided in each covered aircraft operator's AOIP. TSA
expects the first phase of implementation to cover domestic flights
operated by covered U.S. aircraft operators. A second phase of
implementation would extend to international flights operated by
covered U.S. aircraft operators as well as flights arriving in or
departing from the United States and flights overflying the continental
United States operated by covered foreign air carriers.
(7) Once TSA assumes the function of watch list matching from a
covered aircraft operator, in accordance with proposed Sec. 1560.105,
TSA would require that aircraft operator request identification,
identify individuals for enhanced screening, or deny individuals
boarding or access to a sterile area, in accordance with TSA
instructions. TSA proposes to inform each covered aircraft operator in
writing at least 60 days before the date on which TSA will assume the
watch list matching function.
(8) Aircraft operators that begin covered operations after the
effective date of this rule will be covered by this rule.
I. Additional Issues Under Consideration and Open to Public Comment
1. Data Elements
TSA requests comments on the proposed data elements TSA would
require covered aircraft operators to request from passengers and
transmit to TSA under this NPRM, as discussed in section I.D. of this
preamble. During operational testing and implementation, TSA will
continue to evaluate the value of the data elements required.
As part of the evaluation of data elements, TSA will consider, and
seeks comment on, whether to mandate collection of not just the full
name, but also date of birth and gender. As currently proposed, it is
optional for individuals to provide their date of birth and gender in
order to provide individuals with the greatest ability to exercise
control over the data elements provided. For the vast majority of
individuals, a decision to forgo providing these data elements should
have no effect and will result in aircraft operators, reservations
agents, and TSA holding less information. For what is expected to be a
relatively small number of individuals, however, a decision not to
provide date of birth and gender will result in an inability to
automatically distinguish them from someone on the watch list. These
individuals may be inconvenienced by secondary screening that they
otherwise might not have undergone or, if they are possible matches to
the No-Fly List, they may be required to provide more information than
they would have provided had they simply initially provided date of
birth and gender. Mandating collection of all three data elements will
reduce possible matches down to the smallest number of individuals.
2. Identification Requirements
In order to increase the security benefit of the Secure Flight
program, TSA is also considering strengthening the identification
requirements at the security screening checkpoint. For example, TSA may
consider requiring individuals to present a form of identification to
be able to proceed through the checkpoint and enter a sterile area.
Strengthening the requirement that an individual provide evidence at
the security screening checkpoint that he or she is the person to whom
the boarding pass or other authorization was issued would provide
additional assurance that the individual has not used an assumed
identity when making a reservation in order to defeat the watch list
matching process.
J. Department of Homeland Security Appropriations Act
On October 18, 2004, the President signed into law the Department
of Homeland Security Appropriations Act, 2005 (2005 DHS Appropriations
Act) (Pub. L. 108-334, 118 Stat. 1298, Oct. 18, 2004). Section 522(a)
of the 2005 DHS Appropriations Act purports to prohibit TSA from
implementing the Secure Flight program, by prohibiting the use of
appropriated funds for Secure Flight on other than a test basis, until
the Government Accountability Office (GAO) submits a report to the
Senate and House Appropriations Committees
[[Page 48368]]
addressing ten operational and policy items.
Further, on October 4, 2006, the President signed into law the 2007
DHS Appropriations Act, which purports to prohibit TSA from
implementing the Secure Flight program, by prohibiting the use of
appropriated funds for Secure Flight on other than a test basis, until
the Secretary of Homeland Security certifies, and the GAO reports, that
the ten items listed in the 2005 DHS Appropriations Act are
successfully met. Department of Homeland Security Appropriations Act of
2007, Pub. L. 109-295, Sec. 514 (Oct. 4, 2006).
TSA is taking appropriate action to address the ten items listed in
the 2005 DHS Appropriations Act provisions. On February 23, 2007, TSA
submitted a report to Congress outlining TSA's plan for certification
under the 2007 DHS Appropriations Act.
Certification of some of the 2005 DHS Appropriations Act provisions
cannot be completed until operational testing is conducted with at
least one covered aircraft operator. As discussed above, TSA would
conduct operational testing with aircraft operators before fully
implementing the Secure Flight program for covered aircraft operators
under this proposed rule. Additionally, although not required, covered
aircraft operators may voluntarily choose to begin testing with TSA
prior to publication of a final rule.
After operational testing with at least one aircraft operator and
the correction of any problems uncovered during the testing, DHS will
be able to certify that the ten items listed in the 2005 DHS
Appropriations Act have been successfully met. Once DHS makes the
required certification, the Department plans to provide an opportunity
for GAO to submit its report. TSA would publish a notice in the Federal
Register announcing that it is ready to assume the watch list matching
function from the first covered aircraft operator.
II. Section-by-Section Analysis
Part 1540--Civil Aviation Security: General Rules
Section 1540.107--Submission to Screening and Inspection
Under current Sec. 1540.107, individuals must submit to screening
and inspection of their persons and their accessible property in order
to enter a sterile area or board an aircraft. The proposed rule would
add an additional requirement concerning the verifying identity
document. The current regulatory text in Sec. 1540.107 would become
proposed Sec. 1540.107(a).
The proposed rule would add Sec. 1540.107(b), which provides that
an individual must provide his or her full name when making a
reservation for a covered flight or a request for authorization to
enter a sterile area.
When TSA has not provided watch list matching results or has placed
an individual on inhibited status, covered aircraft operators would not
be permitted to issue a boarding pass to the individual and would be
required to request a verifying identity document, as described in
Sec. 1560.3, from the individual, as explained further in the
discussion of Sec. 1560.9 below. Therefore, the proposed rule would
add Sec. 1540.107(c) to prohibit any individual from boarding an
aircraft or accessing a sterile area who fails to present a verifying
identity document when a covered aircraft operator requests it under
proposed Sec. 1560.9. TSA may permit certain individuals who do not
present a verifying identity document, as described in Sec.
1560.9(c)(1), to board a flight or enter a sterile area, on a case-by-
case basis after determining that the individuals have valid reasons
for not presenting a verifying identity document.
Part 1544--Aircraft Operator Security: Air Carriers and Commercial
Operators
Section 1544.103--Form, Content, and Availability
Section 1544.103(c) lists the contents of aircraft operators'
security programs. The proposed rule adds Sec. 1544.103(c)(22) to make
the AOIP a part of the security programs. Further discussion of the
inclusion of the AOIP in the security program is included in the
Section-by-Section Analysis portion for Sec. 1560.13--Aircraft
Operator Implementation Plan.
Subpart A--General
Part 1560--Secure Flight Program
The proposed rule adds a new part 1560 to title 49, setting forth
the obligations of covered aircraft operators and covered airport
operators under the Secure Flight program.
Section 1560.1--Scope, Purpose, and Implementation
Section 1560.1 of the proposed rule states the scope, purpose, and
implementation of new part 1560. Under Sec. 1560.1(a), new part 1560
would apply to aircraft operators required to adopt a full program
under 49 CFR 1544.101(a) and foreign air carriers required to adopt a
security program under 49 CFR 1546.101(a) or (b). This proposed rule
would also cover airport operators rule in the event that TSA approves
a program through which an airport operator may similarly authorize
non-traveling individuals to enter a sterile area.
Proposed Sec. 1560.1(b) also sets forth the purpose of new part
1560, which is intended for the dual mission of facilitating legitimate
air travel by the general public, as well as the effective detection of
individuals identified on Federal Government watch lists. As part of
TSA's layered approach to aviation security, the Secure Flight program
seeks to enhance the security of domestic and international air travel
by moving the passenger watch list matching function from individual
aircraft operators to the Government. To support this mission, TSA
requires enhanced watch list matching capabilities and processes to
accurately and consistently identify individuals on Government watch
lists who may pose a threat to aviation or national security.
Finally, proposed Sec. 1560.1(c) describes an implementation
approach where Secure Flight program capabilities are phased in over a
period of time. Each covered aircraft operator would be required to
begin requesting passenger and non-traveler information and have the
capability to transmit the required information to TSA by a TSA-
specified date. As discussed in section I(G) of this preamble, TSA
anticipates that the date would be 60 days after the effective date of
the final rule. The date and manner in which individual covered
aircraft operators would begin transmitting passenger information to
TSA for watch list matching would be set forth in the covered aircraft
operator's AOIP, as described in further detail in the analysis of
Sec. 1560.109. TSA would not publicly release the specific
implementation dates for each covered aircraft operator, because such
information is sensitive security information (SSI) under 49 CFR part
1520.
TSA anticipates that the first phase of Secure Flight under this
proposed rule would result in the transfer of responsibility for
domestic passenger watch list matching from covered U.S. aircraft
operators to TSA. The second phase of Secure Flight under this proposed
rule would result in the transfer of responsibility for all other
passenger watch list matching conducted by covered U.S. aircraft
operators as well as passenger watch list matching for flights arriving
in or departing from the United States and flights overflying the
continental United States operated by covered foreign air carriers to
TSA.
[[Page 48369]]
Below is a table that sets forth the proposed implementation
requirements of this NPRM:
----------------------------------------------------------------------------------------------------------------
Optional implementation Notification sent to
available\20\ covered operator Implementation required
----------------------------------------------------------------------------------------------------------------
Submission of an AOIP................ The date of publication This notice of proposed 30 days after the
of the final rule. rulemaking. effective date of this
rule.
Covered aircraft operators begin None................... This notice of proposed 60 days after the
requesting required information from rulemaking. effective date of this
passengers for domestic flights. rule.
Covered aircraft operators begin None................... Provided in the covered The date specified in
transmitting SFPD to TSA for aircraft operator's the covered aircraft
domestic flights. AOIP. operator's AOIP.
TSA will assume watch list matching None................... Written notification 60 60 days after
function from covered aircraft days prior to the date notification from TSA.
operators. of required
implementation.
Covered aircraft operators must begin None................... Written notification 30 30 days after
requesting known traveler number days prior to the date notification from TSA.
from passengers. of required
implementation.
Covered aircraft operators begin None................... This notice of proposed 60 days after the
requesting required information from rulemaking. effective date of this
passengers for international flights. rule.
Covered aircraft operators begin None................... Provided in the covered The date specified in
transmitting SFPD to TSA for aircraft operator's the covered aircraft
international flights. AOIP. operator's AOIP.
----------------------------------------------------------------------------------------------------------------
Section 1560.3--Terms Used in This Part
Aircraft Operator Implementation Plan (AOIP). Under proposed Sec.
1560.3, ``Aircraft Operator Implementation Plan'' or ``AOIP'' means a
written procedure describing how and when a covered aircraft operator
or airport operator transmits passenger and flight information and non-
traveler information to TSA, as well as other related matters discussed
in Sec. 1560.109 or the Consolidated User Guide.
---------------------------------------------------------------------------
\20\ Aircraft operators that voluntarily choose to participate
in testing with TSA before required to do so under the final rule
may begin to implement some or all of the requirements of this
proposed rule.
---------------------------------------------------------------------------
Airport Code. This proposed rule defines ``airport code'' as the
official code for an airport designated by the International Air
Transport Association (IATA).
Consolidated User Guide. The proposed rule defines ``Consolidated
User Guide'' as the document developed by DHS to provide guidance to
aircraft operators that must transmit passenger information to one or
more components of DHS on operational processing and transmission of
passenger information to all required components in a unified manner.
Covered Aircraft Operator. Section 1560.3 of this proposed rule
defines ``covered aircraft operator'' as each aircraft operator
required to carry out a full program under 49 CFR 1544.101(a) or a
security program under 49 CFR 1546.101(a) or (b).
Covered Airport Operator. For purposes of proposed part 1560,
``covered airport operator'' means each airport operator that seeks to
authorize non-traveling individuals to enter a sterile area for a
purpose permitted by TSA. ``Airport operator'' is defined in Sec.
1540.5 as a person that operates an airport serving an aircraft
operator or a foreign air carrier required to have a security program
under 49 CFR parts 1544 or 1546. Because non-traveling individuals who
enter a sterile area must be subject to watch list matching, airport
operators that seek to authorize their entry to a sterile area are
covered by this proposed rule.
Covered Flight. This proposed rule defines the term ``covered
flight'' to describe those flights for which TSA would conduct
passenger watch list matching. This proposed rule would cover any
operation of a U.S. aircraft operator that is subject to or operated
under a full program under 49 CFR 1544.101(a). This includes flights
operated by such aircraft operators anywhere in the world. ``Covered
flight'' also means any operation of a foreign air carrier subject to
or operated under a security program under 49 CFR 1546.101(a) or (b)
arriving in or departing from the United States, or overflying the
continental United States. Covered flight does not include any flight
for which TSA has determined that the Federal Government (e.g., CBP) is
conducting passenger matching comparable to the matching conducted
pursuant to this part.
In the event TSA determines that a different Federal Government
agency is conducting comparable watch list matching to matching under
Secure Flight for a particular flight, TSA would inform the covered
aircraft operator that that flight does not constitute covered flights
under the proposed rule.
Date of Birth. For purposes of proposed part 1560, ``date of
birth'' means the day, month, and year of an individual's birth.
Department of Homeland Security Traveler Redress Inquiry Program or
DHS TRIP. For purposes of this proposed rule, DHS TRIP means the
voluntary program through which individuals may request redress if they
believe they have been unfairly or incorrectly (1) denied or delayed
boarding transportation due to DHS screening programs, (2) denied or
delayed entry into or departure from the United States at a port of
entry, or (3) identified for additional (secondary) screening at U.S.
transportation facilities, including airports and seaports.
Full Name. TSA needs an individual's complete name to perform
effective watch list matching. However, TSA recognizes that in many
non-English speaking cultures, family names may be given first, as
opposed to being used as a last name. In order to address the
differences in naming conventions, TSA is proposing to define ``full
name'' as an individual's full name as it appears on a verifying
identity document held by that individual.
Inhibited Status. Proposed Sec. 1560.3 defines ``inhibited
status'' as the status of a passenger or non-traveling individual to
whom TSA has instructed a covered aircraft operator or a covered
airport operator not to issue a boarding pass or provide access to the
sterile area.
Itinerary Information. This proposed rule defines ``itinerary
information'' as
[[Page 48370]]
information reflecting a passenger's or non-traveling individual's
itinerary specified in the covered aircraft operator's AOIP. For
passengers, itinerary information includes:
(1) Departure airport code.
(2) Aircraft operator.
(3) Departure date.
(4) Departure time.
(5) Arrival date.
(6) Scheduled arrival time.
(7) Arrival airport code.
(8) Flight number.
(9) Operating carrier (if available).
For non-traveling individuals, itinerary information is the airport
code for the sterile area to which the non-traveler seeks access.
Known Traveler Number. For purposes of proposed part 1560, ``known
traveler number'' means a unique number assigned to individuals for
whom the Federal Government has conducted a security threat assessment
and determined do not pose a security threat. TSA would require covered
aircraft operators to request a known traveler number from passengers
and non-traveling individuals after TSA implements this provision and
notifies covered aircraft operators in writing that they must begin to
request it.
Non-traveling Individual (non-traveler). For purposes of proposed
part 1560, ``non-traveling individual'' or ``non-traveler'' means an
individual to whom a covered aircraft operator or covered airport
operator seeks to issue an authorization to enter the sterile area of
an airport in order to escort a minor or a passenger with disabilities
or for some other purpose permitted by TSA. ``Non-traveling
individual'' does not include employees or agents of airport or
aircraft operators or other individuals whose access to a sterile area
is governed by another TSA regulation or security directive.
Overflying the Continental United States. This proposed rule
defines ``overflying the continental United States'' as departing from
an airport or location outside the United States, and transiting the
airspace of the continental United States en route to another airport
or location outside the United States. Airspace of the continental
United States includes the airspace over the continental United States
and the airspace overlying the territorial waters between the
continental United States coast and 12 nautical miles from the
continental United States coast. However, the proposed rule provides
that ``overflying the continental United States'' does not apply to
flights that transit the airspace of the continental United States
between two airports or locations in the same country, where that
country is Canada or Mexico. For example, a flight operated by Air
Canada between Toronto and Vancouver that transits the airspace over
Michigan and Illinois would not be ``overflying the continental United
States'' for purposes of this proposed rule. The Assistant Secretary of
Homeland Security (Transportation Security Administration) may exclude
other categories of flights from the definition of ``overflying the
continental United States'' in writing to the affected aircraft
operators. TSA is also considering, and requests comments on, whether
``overflying the continental United States'' should not apply to
flights overflying selected geographic areas of the continental United
States, based on a risk assessment.
In this proposed rule, flights ``overflying the continental United
States'' are a category of ``covered flights'' for which TSA would
conduct passenger watch list matching in order to protect the airspace
over the continental United States and prevent individuals on a watch
list from taking control of an aircraft with the hostile intent to harm
the United States. As discussed above, TSA has limited the proposed
information collection requirements for Secure Flight, including for
passengers ``overflying the continental United States,'' to the data
elements TSA believes are minimally necessary for effective watch list
matching of aviation passengers. The limited Secure Flight Passenger
Data collected for passengers on flights ``overflying the continental
United States'' will be used for the limited purpose of watch list
matching and will be retained for a short period of time. We welcome
comments on the timeframe for retention of information collected for
passengers on such flights.
Under the proposed rule, individuals on the No Fly component of the
watch list would be prohibited from boarding flights that would be
entering the airspace of the continental United States and individuals
on the Selectee component of the watch list would undergo enhanced
screening prior to boarding such a flight. An aircraft carrying an
individual or individuals on the watch list may be kept out of the
airspace of the continental United States or rerouted away from
populated areas and critical infrastructure within the continental
United States. In addition, if an aircraft carrying an individual on
the watch list were permitted to continue through the airspace of the
United States, the aircraft may be escorted by military aircraft to
protect against an effort to harm the United States.
Passenger. This proposed rule defines ``passenger'' as an
individual who has, or seeks to obtain, a reservation for transport on
a covered flight. Proposed Sec. 1560.3 expressly excludes from the
definition of ``passenger'' any crew member traveling on duty. The
definition also excludes any individual with flight deck privileges
under 49 CFR 1544.237 traveling on the flight deck. The definition does
not exclude an employee who is not on duty, such as an employee on
deadhead status, and who is traveling in the cabin.
Passenger Resolution Information (PRI). For purposes of proposed
part 1560, ``Passenger Resolution Information'' or ``PRI'' is the
information that TSA may request that a covered aircraft operator or
covered airport operator provide to TSA for an individual whom TSA
places in an inhibited status and from whom the covered aircraft
operator or covered airport operator is required to request additional
information. TSA may request that a covered aircraft operator or
covered airport operator provide to TSA any subset of PRI that is
necessary to resolve a potential match to a watch list. PRI includes,
but is not limited to, the following:
(1) Covered aircraft operator's agent identification number or
agent sine, which is a term used in the aviation industry to mean an
agent's personal identification code;
(2) Type of verifying identity document presented by the passenger;
(3) Identification number on the verifying identity document;
(4) Verifying identity document issue date;
(5) Name of the Governmental authority that issued the verifying
identity document; and
(6) Physical attributes of the passenger such as height, eye color,
or scars, if requested by TSA.
Passport Information. Proposed Sec. 1560.3 defines ``Passport
information'' to include the following information from an individual's
passport:
(1) Passport number.
(2) Country of issuance.
(3) Expiration date.
(4) Gender.
(5) Full name.
Redress Number. For purposes of proposed part 1560, ``Redress
Number'' means the number assigned by DHS TRIP to an individual through
the redress process described in proposed 49 CFR part 1560, subpart C.
Secure Flight Passenger Data (SFPD). For purposes of this proposed
rule, ``Secure Flight Passenger Data'' or ``SFPD'' is the information
regarding a passenger or non-traveling individual
[[Page 48371]]
that a covered aircraft operator or covered airport operator transmits
to TSA, to the extent available, pursuant to Sec. 1560.101. SFPD is
the following information regarding a passenger or non-traveling
individual:
(1) Full name.
(2) Date of birth.
(3) Gender.
(4) Redress number or known traveler number (once implemented).
(5) Passport information.
(6) Reservation control number.
(7) Record sequence number.
(8) Record type.
(9) Passenger update indicator.
(10) Traveler reference number.
(11) Itinerary information.
Self-service Kiosk. A ``self-service kiosk'' is a kiosk operated by
a covered aircraft operator that is capable of accepting a passenger
reservation or a request for authorization to enter a sterile area from
a non-traveling individual.
Sterile Area. A ``sterile area'' is the portion of an airport
defined in 49 CFR 1540.5 and generally means an area with access
limited to persons who have undergone security screening by TSA.
Terrorist Screening Center (TSC). This proposed rule defines TSC as
the entity established by the Attorney General to carry out Homeland
Security Presidential Directive 6 (HSPD-6), dated September 16, 2003,
to consolidate the Federal Government's approach to terrorism screening
and provide for the appropriate and lawful use of terrorist information
in screening processes.
Verifying Identity Document. Proposed Sec. 1560.3 defines
``verifying identity document'' as a valid non-expired passport issued
by a foreign government or a valid non-expired document issued by a
Government (Federal, State, or tribal) and that includes the following
information for the individual:
1. Full name.
2. Date of birth.
3. Photograph of the individual.
Watch list. For purposes of proposed part 1560, ``watch list''
refers to the No Fly and Selectee List components of the TSDB
maintained by the TSC. For certain flights, the ``watch list'' may
include the larger set of watch lists maintained by the Federal
Government as warranted by security considerations.
Subpart B--Collection and Transmission of Secure Flight Passenger Data
for Watch List Matching
Section 1560.101--Request for and Transmission of Information to TSA
Proposed Sec. 1560.101 sets forth the requirement that covered
aircraft operators request passenger information and non-traveler
information and transmit such information to TSA.
Under proposed Sec. 1560.101(a), covered aircraft operators must
begin requesting all required information and have the capability to
transmit required information on a date to be specified by TSA. TSA
anticipates requiring covered U.S. aircraft operators to begin
requesting all required information no later than 60 days after the
effective date of the final rule. TSA would require aircraft operators
that become covered aircraft operators after the effective date to
begin requesting passenger and non-traveler information the date it
becomes a covered operator. Covered aircraft operators would then begin
transmitting required information to TSA in accordance with their AOIP.
TSA plans to phase covered aircraft operators into Secure Flight over
an extended period of time, with the first covered aircraft operators
projected to transmit their SFPD to TSA no later than 60 days after the
effective date.
The proposed definition of SFPD lists the information that covered
aircraft operators would be required to transmit, to the extent
available, under proposed Sec. 1560.101(b). From that list, covered
aircraft operators would be required to ask individuals for their full
name, date of birth, gender, and Redress Number or known traveler
number when they make a reservation with the covered aircraft operator
or seek access to an airport sterile area. Proposed Sec.
1560.101(a)(3) states that covered aircraft operators may not accept a
reservation, or accept a request for access to a sterile area, for any
individual who does not provide a full name. Although aircraft
operators would be required to request this information for watch list
matching purposes, passengers and non-traveling individuals would not
be required to provide their date of birth, gender, or Redress Number
(if applicable) to make a reservation or a request for authorization to
enter a sterile area. Although individuals would not be required to
provide their date of birth, gender, or Redress Number, were they to
provide it they would be subject to Sec. 1540.103(b) regarding making
a fraudulent or intentionally false record entry.
Secure Flight Passenger Data with missing information may result in
TSA being unable to distinguish the individual from a person on the
watch list. Consequently, TSA may instruct the covered aircraft
operator to place the individual on inhibited status or to designate
the individual for enhanced screening. A covered aircraft operator
would not be able to issue a boarding pass or authorization to enter a
sterile area to an individual on inhibited status unless the resolution
process resulted in TSA giving an instruction permitting the covered
aircraft operator to issue a boarding pass or authorization.
Although TSA would not require covered aircraft operators to ask
for passport information from individuals, TSA would require covered
aircraft operators to transmit that information if they collect
passport information in the normal course of business or in accordance
with another regulatory requirement, such as APIS. TSA would use
passport information, as well as full name, date of birth, gender, and
Redress Number for watch list matching purposes.
TSA would use the other information in the Secure Flight Passenger
Data--the reservation control number, the record sequence number, the
record type, the passenger update indicator, the traveler reference
number, and the itinerary information--to manage the SFPD. TSA would
use the reservation control number and the record sequence number to
identify SFPD for a particular individual and to establish the version
level of watch list matching requests or changes to the SFPD. The
record type would indicate the type of record the covered aircraft
operator is transmitting and the passenger update indicator would flag
an individual's SFPD if that individual's information has changed. The
traveler reference number would be assigned to each passenger in a SFPD
transmission to TSA. This would allow the system to correctly associate
watch list matching results to each passenger in a SFPD transmission,
which is particularly important in cases where a SFPD transmission
contains more than one passenger.
Proposed Sec. 1560.101(a)(2) also provides TSA may require covered
aircraft operators to begin accepting other known traveler numbers from
Federal programs approved for use by TSA from passengers and non-
travelers. TSA would inform covered aircraft operators in writing of
the date on which they must begin to request an approved category of
known traveler numbers. TSA expects that the covered aircraft operator
would request this information from the individual making a reservation
on a covered flight or requesting access to a sterile area. The covered
aircraft operator must include the information provided by the
passenger in response to this request in the SFPD. When TSA begins
accepting known traveler numbers, TSA will only require the covered
aircraft operator to include one reference number in the SFPD. That
reference number could be
[[Page 48372]]
a redress number or a known traveler number.
To ensure that covered aircraft operators request and collect the
required information at the time an individual makes a reservation,
proposed Sec. 1560.101(a)(4) makes covered aircraft operators
responsible for ensuring that third parties (i.e., travel agencies)
that generate a reservation on the covered aircraft operator's behalf
take the steps necessary to comply with the requirements of proposed
Sec. 1560.101.
Proposed Sec. 1560.101(b) requires covered aircraft operators to
transmit SFPD to TSA prior to flight departure time, in accordance with
each aircraft operator's AOIP. TSA anticipates requiring that covered
aircraft operators transmit SFPD to TSA approximately 72 hours prior to
scheduled flight departure time for reservations made 72 hours or more
before the scheduled departure time of the flight, because the vast
majority of reservations are completed by 72 hours prior to flight
departure time and remain unchanged after that time. For reservations
made within 72 hours of scheduled flight departure time, TSA
anticipates requiring covered aircraft operators to transmit the SFPD
immediately after the reservation is made.
TSA would require covered aircraft operators to transmit SFPD for
each flight even if the flight is a connecting flight or the return
flight of a roundtrip reservation for the passenger. TSA would not
require covered aircraft operators to transmit separate SFPD for
continuing segments of a through flight. After TSA receives the SFPD
transmission under proposed Sec. 1560.101, it will compare the SFPD
provided by the covered aircraft operators to the watch list.
Covered aircraft operators would have the option to transmit SFPD
to TSA individually or in batch transmissions. Covered aircraft
operators would also have to establish connectivity to TSA, most likely
through one of the following methods: (1) By establishing a direct
connection to TSA; (2) through a secure virtual private network using
the Internet or a service provider's private network; or (3) through a
third-party value added network. Regardless of which connectivity
method covered aircraft operators would use to communicate with TSA,
the covered aircraft operators would be responsible for all costs
associated with transmitting data from the covered aircraft operator to
TSA and vice versa. TSA anticipates that covered aircraft operators
would select the most efficient method for the anticipated volume of
messaging between their system and Secure Flight.
TSA is aware that other Federal agencies, such as CBP, are
conducting, or will conduct, watch list matching for airline
passengers. TSA is working with these other agencies to develop ways to
eliminate unnecessary duplication of comparable screening efforts and
thereby reduce governmental and private sector costs.
Covered aircraft operators would be required to accurately transmit
passenger and non-traveler SFPD. However, covered aircraft operators
would not be required to validate the underlying accuracy of the
collected passenger information on covered domestic flights \21\ or
non-traveler information. Furthermore proposed Sec. 1560.101(d) would
require covered aircraft operators to transmit information updates to
reflect changes to any information required in the SFPD.
---------------------------------------------------------------------------
\21\ Covered aircraft operators would validate passenger
information on covered international flights because CBP regulations
at 19 CFR Part 122 require covered aircraft operators to validate
passengers' APIS information (which includes the passport or other
appropriate travel document).
---------------------------------------------------------------------------
Section 1560.103--Notice
TSA is committed to providing transparency about the Secure Flight
program. In order to inform passengers and non-traveling individuals
about the use of their personally identifying information, TSA will
publish on its Web site a privacy notice that explains why TSA is
collecting this information, how it will use the information, and the
effect of not providing this information. Additionally, this proposed
rule would require covered aircraft operators that collect information
for TSA to use in connection with Secure Flight watch list matching to
provide the privacy notice to individuals from whom information is
collected through a Web site or a self-service kiosk.
Proposed Sec. 1560.103(a) would require a covered aircraft
operator to make the privacy notice available before the covered
aircraft operator collects the information. Covered aircraft operators
must make available, on their Web sites, through the aircraft
operator's self-service kiosk, or through a link to TSA's Web site, the
following complete privacy notice, as set forth in proposed Sec.
1560.103(b):
The Transportation Security Administration requires us to collect
information from you for purposes of watch list matching, under the
authority of 49 U.S.C. sec. 114, and the Intelligence Reform and
Terrorism Prevention Act of 2004. Providing this information is
voluntary; however, if it is not provided, you may be subject to
additional screening or denied transport or authorization to enter a
sterile area. TSA may share information you provide with law
enforcement or intelligence agencies or others under its publ