[Federal Register: September 24, 2004 (Volume 69, Number 185)]
[Notices]
[Page 57345-57348]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr24se04-116]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
[Docket No. TSA-2004-19160]
Privacy Act of 1974: System of Records; Secure Flight Test
Records
AGENCY: Transportation Security Administration (TSA), Department of
Homeland Security (DHS).
ACTION: Notice to establish system of records; request for comments.
-----------------------------------------------------------------------
SUMMARY: TSA is establishing one new system of records under the
Privacy Act of 1974, known as ``Secure Flight Test Records.'' TSA will
use information in the system to test the new Secure Flight program,
which has been designed to assist TSA in preventing individuals known
or suspected to be engaged in terrorist activity from boarding domestic
passenger flights. Under this new program, TSA will compare the
identifying information of airline passengers contained in passenger
name records (PNRs) to the identifying information of individuals in
the Terrorist Screening Database of the Terrorist Screening Center
(TSC).
During the testing period for the new Secure Flight program, TSA
will also conduct a separate test of the use of commercial data to
determine its effectiveness in identifying passenger information that
is inaccurate or incorrect. TSA does not assume that the result of
comparison of passenger information to commercial data is determinative
of information accuracy or the intent of the person who provided the
passenger information.
For purposes of testing both the new Secure Flight program and the
use of commercial data to validate the accuracy of passenger-provided
information, TSA will collect a limited set of historical PNRs from
domestic airlines.
TSA invites comments on this notice. A further Privacy Act notice
will be published in advance of any active implementation of the Secure
Flight program.
DATES: This notice is effective September 24, 2004. The routine uses
described in this notice are effective October 25, 2004. Comments are
due by October 25, 2004.
ADDRESSES: You may submit comments, identified by TSA docket number to
this document, using any one of the following methods:
Comments Filed Electronically: You may submit comments through the
docket Web site at http://dms.dot.gov. Please be aware that anyone is
able to search the electronic form of all comments received into any of
our dockets by the name of the individual submitting the comment (or
signing the comment, if submitted on behalf of an association,
business, labor union, etc.). You may review the applicable Privacy Act
Statement published in the Federal Register on April 11, 2000 (65 FR
19477), or you may visit http://dms.dot.gov.
You also may submit comments through the Federal eRulemaking portal
at http://www.regulations.gov.
Comments Submitted by Mail, Fax, or In Person: Address or deliver
your written, signed comments to the Docket Management System, U.S.
Department of Transportation, Room Plaza 401, 400 Seventh Street, SW.,
Washington, DC 20590-0001; Fax: 202-493-2251.
Comments that include trade secrets, confidential commercial or
financial information, or sensitive security information (SSI) should
not be submitted to the public regulatory docket.\1\ Please submit such
comments separately from other comments on the document. Comments
containing trade secrets, confidential commercial or financial
information, or SSI should be appropriately marked as containing such
information and submitted by mail to Marisa Mullen, Senior Rulemaking
Analyst, Office of the Chief Counsel, TSA-2, Transportation Security
Administration, 601 South 12th Street, Arlington, VA 22202-4220.
---------------------------------------------------------------------------
\1\ See 49 CFR 1520.5 for a description of SSI material.
---------------------------------------------------------------------------
Reviewing Comments in the Docket: You may review the public docket
containing comments in person in the Dockets Office between 9 a.m. and
5 p.m., Monday through Friday, except Federal holidays. The Dockets
Office is located on the plaza level of the NASSIF Building at the
Department of Transportation address above. Also, you may review public
dockets on the Internet at http://dms.dot.gov.
FOR FURTHER INFORMATION CONTACT: Privacy Office, Department of Homeland
Security, Washington, DC 20528; Phone: 202-282-8000, Fax: 202-772-5036.
SUPPLEMENTARY INFORMATION:
Availability of Notice
You can get an electronic copy using the Internet by--
(1) Searching the Department of Transportation's electronic Docket
Management System (DMS) Web page (http://dms.dot.gov/search); (2) Accessing the Government Printing Office's Web page at http://
[[Page 57346]]
http://www.access.gpo.gov/su_docs/aces/aces140.html; or
(3) Visiting TSA's Law and Policy Web page at http://www.tsa.dot.gov/public/index.jsp
.
In addition, copies are available by writing or calling the
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to
identify the docket number of this notice.
Background
TSA currently performs passenger and baggage screening with
screening personnel and equipment at the nation's airports. This
screening is supplemented by a system of computer-based passenger
screening known as the Computer-Assisted Passenger Prescreening System
(CAPPS), which is operated by U.S. aircraft operators. CAPPS analyzes
information in passenger name records (PNRs) using certain evaluation
criteria in order to determine whether a passenger or his property
should receive a higher level of security screening prior to boarding
an aircraft. A PNR is a record that contains detailed information about
an individual's travel on a particular flight, including information
provided by the passenger when making the flight reservation. Though
the content of PNRs varies among airlines, PNRs may include, among
other information: (1) Passenger name; (2) reservation date; (3) travel
agency or agent; (4) travel itinerary information; (5) form of payment;
(6) flight number; and (7) seating location. Operationally, CAPPS is
not a single system. CAPPS is programmed into the separate computer
systems through which airline passenger reservations are made.
Passenger prescreening also involves the comparison of identifying
information of airline passengers against lists of individuals known or
suspected of posing a threat to civil aviation or national security.
Aircraft operators currently carry out this function, using lists
provided by TSA. Because the lists are provided in an unclassified
form, the amount of information they include is limited.
After a lengthy review of the initial plans for a successor system
to CAPPS, and consistent with a recommendation of the National
Commission on Terrorist Attacks upon the United States (9/11
Commission), the Department of Homeland Security is moving forward with
a next generation system of domestic passenger prescreening, called
``Secure Flight,'' that meets the following goals: (1) Identifying, in
advance of flight, passengers known or suspected to be engaged in
terrorist activity; (2) moving passengers through airport screening
more quickly and reducing the number of individuals unnecessarily
selected for secondary screening; and (3) protecting passengers'
privacy and civil liberties fully.
Secure Flight Description
Secure Flight will involve the comparison of information in PNRs
for domestic flights to names in the Terrorist Screening Database
(TSDB) maintained by the Terrorist Screening Center (TSC), to include
the expanded TSA No-Fly and Selectee Lists, in order to identify
individuals known or reasonably suspected to be engaged in terrorist
activity. TSA will apply, within the Secure Flight system, a
streamlined version of the existing CAPPS rule set related to
suspicious indicators associated with travel behavior, as identified in
passengers' itinerary-specific PNR. This should provide a security
benefit, while at the same time improving the efficiency of the pre-
screening process and reducing the number of persons selected for
secondary screening. TSA will also build a ``random'' element into the
new program to protect against those who might seek to reverse engineer
the system.
The Secure Flight program is fully consistent with the
recommendation in the final report of the 9/11 Commission, which states
at page 392:
``[I]mproved use of ``no-fly'' and ``automatic selectee'' lists
should not be delayed while the argument about a successor to CAPPS
continues. This screening function should be performed by TSA and it
should utilize the larger set of watch lists maintained by the
Federal Government. Air carriers should be required to supply the
information needed to test and implement this new system.''
Expansion of these lists to include information not previously
included for security reasons will be possible as integration and
consolidation of various data maintained by the TSC is completed and
the U.S. Government assumes the responsibility for administering the
watch list comparisons. Secure Flight will automate the vast majority
of watch list comparisons; will allow TSA to apply more consistent
procedures where automated resolution of potential matches is not
possible; and will allow for more consistent response procedures at
airports for those passengers identified as potential matches.
Secure Flight Testing Phase
Secure Flight represents a significant step in securing domestic
air travel and safeguarding critical terrorism-related national
security information. It will dramatically improve the administration
of comparisons of passenger information with data maintained by TSC and
will reduce the long-term costs to air carriers and passengers
associated with maintaining the present system, which is operated
individually by each air carrier that flies in the United States.
However, such comparisons will not permit TSA to identify passenger
information that is incorrect or inaccurate. For this reason and on a
very limited basis, in addition to testing its ability to compare
passenger information with data maintained by TSC, TSA will also test
the use of commercial data to determine if this approach is effective
in identifying passenger information that is incorrect or inaccurate.
This test will involve commercial data aggregators who provide services
to the banking, home mortgage and credit industries. Testing of these
procedures will be governed by strict privacy and data security
protections. TSA will not store the commercially available data that
would be accessed by commercial data aggregators. TSA will use this
test of commercial data to determine whether such use: (1) Could
accurately identify when passenger information is inaccurate or
incorrect; (2) would not result in inappropriate differences in
treatment of any protected category of persons; and (3) could be
governed by data security safeguards and privacy protections that are
sufficiently robust to ensure that commercial entities or other
unauthorized entities do not gain access to passenger personal
information, or to ensure that the Federal Government does not gain
access inappropriately to certain types of sensitive commercial data.
Furthermore, TSA will defer any decision on how commercial data
might be used in its prescreening programs, such as Secure Flight,
until the completion of the test period, assessment of the test
results, and publication of a subsequent System of Records Notice under
the Privacy Act announcing the intended use of such commercial data.
Sources of Information Contained in the Secure Flight System
In order to obtain the passenger information necessary to test the
Secure Flight program, TSA proposes to issue an order to all domestic
aircraft operators directing them to submit a limited set of historical
PNRs to TSA that cover commercial scheduled domestic flights. The order
covers PNRs with domestic flight segments completed in the month of
June 2004. However, the order will exclude those
[[Page 57347]]
PNRs with flight segments occurring after June 30, 2004. The purpose of
this limitation is to ensure that during the test phase, TSA does not
obtain any information about future travel plans of passengers on
domestic flights. The order also excludes flight segments of PNRs for
travel to or from the United States.
Privacy Practices; Secure Flight Testing Phase
Testing and the eventual implementation of the Secure Flight
program will be governed by stringent privacy protections, including
data security mechanisms and limitations on use, strict firewalls, and
data access limitations between the government and commercial entities.
These can be reviewed in TSA's Privacy Impact Statement on Secure
Flight (found at the DHS Privacy Office Web site at http://www.dhs.gov)
and also published in today's Federal Register. It is anticipated that
the test duration may be as long as 30 days. Data from the test will
not be transmitted to airport screeners or used for screening purposes.
Upon completion of the testing phase, and before Secure Flight is
operational, TSA will establish comprehensive passenger redress
procedures and personal data and civil liberties protections for the
Secure Flight program. TSA is firmly committed to protecting
individuals' privacy, both on a policy level and in keeping with
applicable legal requirements. TSA is committed to providing access to
the information that is contained in the Secure Flight Test Records
system to the greatest extent feasible consistent with national
security concerns. As detailed below, passengers can request a copy of
most information contained about them in the system from TSA. TSA is
working with the National Archives and Records Administration to obtain
approval of a records retention and disposal schedule to cover records
in the Secure Flight system. TSA will propose to establish a short
retention schedule for records in the Secure Flight Test Records
system.
Impact on Traveling Public
At this point, the Secure Flight program is in a developmental and
testing stage. TSA will not use the results of its testing for any
purpose other than analysis of the efficacy of the program. Therefore,
during this test phase, Secure Flight is expected to have no impact on
the traveling public. However, if an indication of terrorist or
possible terrorist activity is revealed during the test phase,
appropriate action will be taken, to include possibly providing
information in the system of records to relevant law enforcement
agencies.
System of Records
DHS/TSA 017
System name:
Secure Flight Test Records.
Security Classification:
Classified, sensitive.
System Location:
Records are maintained at the Office of National Risk Assessment,
Transportation Security Administration (TSA), Department of Homeland
Security, P.O. Box 597, Annapolis Junction, MD 20701-0597, and at the
Office of National Risk Assessment facility in Colorado Springs,
Colorado.
Categories of Individuals Covered by the System:
Individuals traveling within the United States by passenger air
transportation; and individuals known or reasonably suspected to be or
have been engaged in conduct constituting, in preparation for, in aid
of, or related to terrorism.
Categories of Records in the System:
(a) Passenger Name Records (PNRs) obtained from aircraft operators,
the specific contents of which often vary by aircraft operator;
(b) Information obtained from the Terrorist Screening Center about
individuals known or reasonably suspected to be or have been engaged in
conduct constituting, in preparation for, in aid of, or related to
terrorism;
(c) Authentication scores and codes obtained from commercial data
providers; and
(d) Results of comparisons of individuals to data obtained from the
Terrorist Screening Center.
Authority for Maintenance of the System:
49 U.S.C. 114, 44901, and 44903.
Purpose(s):
The system will be used to test the Secure Flight program. The
purpose of the program is to enhance the security of domestic air
travel by identifying passengers who warrant further scrutiny prior to
boarding an aircraft. To identify those passengers, TSA will compare
PNR data with information obtained from the Terrorist Screening Center
about individuals known or reasonably suspected to be or have been
engaged in conduct constituting, in preparation for, in aid of, or
related to terrorism.
The Secure Flight test also will involve the use of a streamlined
version of the rule set related to suspicious indicators associated
with travel behavior, as identified in passengers' itinerary-specific
PNR under the existing computer-assisted passenger prescreening system
(CAPPS) currently used by aircraft operators.
The System of Records will also be used to perform limited and
separate testing of the efficacy of using commercial data to identify
passenger information that is incorrect or inaccurate.
Routine Uses of Records Maintained in the System, Including Categories
of Users and the Purposes of Such Uses:
(1) To the Federal Bureau of Investigation where TSA becomes aware
of information that may be related to an individual identified in the
Terrorist Screening Database as known or reasonably suspected to be or
having been engaged in conduct constituting, in preparation for, in aid
of, or related to terrorism.
(2) To contractors, grantees, experts, consultants, or other like
persons when necessary to perform a function or service related to the
Secure Flight program or the system of records for which they have been
engaged. Such recipients are required to comply with the Privacy Act, 5
U.S.C. 552a, as amended.
(3) To the Department of Justice (DOJ) or other Federal agency in
the review, settlement, defense, and prosecution of claims, complaints,
and lawsuits involving matters over which TSA exercises jurisdiction or
when conducting litigation or in proceedings before any court,
adjudicative or administrative body, when: (a) TSA; or (b) any employee
of TSA in his/her official capacity; or (c) any employee of TSA in his/
her individual capacity, where DOJ or TSA has agreed to represent the
employee; or (d) the United States or any agency thereof, is a party to
the litigation or has an interest in such litigation, and TSA
determines that the records are both relevant and necessary to the
litigation and the use of such records is compatible with the purpose
for which TSA collected the records.
(4) To the National Archives and Records Administration (NARA) or
other federal agencies pursuant to records management inspections being
conducted under the authority of 44 U.S.C. 2904 and 2906.
(5) To a Congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual.
(6) To an agency, organization, or individual for the purposes of
[[Page 57348]]
performing authorized audit or oversight operations.
Disclosure to Consumer Reporting Agencies:
None.
Policies and Practices for Storing, Retrieving, Accessing, Retaining
and Disposing of Records in the System:
Storage:
Records are stored electronically at the TSA Office of National
Risk Assessment (ONRA) in a secure facility. The records are stored on
magnetic disc, tape, digital media, and CD-ROM, and may also be
retained in hard copy format in secure file folders.
Retrievability:
Data are retrievable by the individual's name or other identifier,
as well as non-identifying information.
Safeguards:
Information in this system is safeguarded in accordance with
applicable rules and policies, including any applicable ONRA, TSA, and
DHS automated systems security and access policies. Access to the
computer system containing the records in this system of records is
limited and can be accessed only by those individuals who require it to
perform their official duties. The system also maintains a real-time
auditing function of individuals who access the system. Classified
information is appropriately stored in a secured facility, in secured
databases and containers, and in accordance with other applicable
requirements, including those pertaining to classified information.
Retention and Disposal:
TSA is working with the National Archives and Records
Administration to obtain approval of a records retention and disposal
schedule to cover records in the Secure Flight system. TSA will propose
to establish a short retention schedule for records in the Secure
Flight Test Records system.
System Manager(s) and Address:
Director, Office of National Risk Assessment, Transportation
Security Administration, P.O. Box 597, Annapolis Junction, MD 20701-
0597.
Notification Procedures:
Pursuant to 5 U.S.C. 552a(k), this system of records may not be
accessed for purposes of determining if the system contains a record
pertaining to a particular individual.
Record Access Procedures:
Although the system is exempt from record access procedures
pursuant to 5 U.S.C. 552a(k), DHS has determined that all persons may
request access to information about them contained in a PNR by sending
a written request to the TSA Privacy Officer, Transportation Security
Administration (TSA-9), 601 South 12th Street, Arlington, VA 22202.
To the greatest extent possible and consistent with national
security requirements, such access will be granted. Individuals
requesting access must comply with the Department of Homeland Security
Privacy Act regulations on verification of identity (6 CFR 5.21(d)).
Individuals must submit their full name, current address, and date and
place of birth. You must sign your request and your signature must
either be notarized or submitted by you under 28 U.S.C. 1746, a law
that permits statements to be made under penalty of perjury as a
substitute for notarization.
Contesting Record Procedures:
A passenger who, having accessed his or her records in this system,
wishes to contest or seek amendment of those records should direct a
written request to the TSA Privacy Officer, Transportation Security
Administration (TSA-9), 601 South 12th Street, Arlington, VA 22202. The
request should include the requestor's full name, current address, and
date and place of birth, as well as a copy of the record in question,
and a detailed explanation of the change sought. If the TSA Privacy
Officer cannot resolve the matter, further appeal for resolution may be
made to the DHS Privacy Officer. While the Privacy Act does not cover
non-U.S. persons, such persons will still be afforded the same access
and redress remedies.
Record Source Categories:
Information contained in the system is obtained from U.S. aircraft
operators, other Federal agencies, including Federal law enforcement
and intelligence agencies, and commercial data providers.
Exemptions Claimed for the System:
Portions of this system are exempt from 5 U.S.C. 552a(c)(3), (d),
(e)(1), (e)(4)(G) and (H), and (f) pursuant to 5 U.S.C. 552a(k)(1) and
(k)(2).
Issued in Arlington, VA, on September 21, 2004.
Lisa S. Dean,
Privacy Officer.
[FR Doc. 04-21479 Filed 9-21-04; 12:59 pm]
BILLING CODE 4910-62-P