Feds consider lowering passenger data requirements

(continued from previous page)

All that information--which TSA says must also include data about a passenger's flight itinerary, if available--would have to be handed over to federal agents within about 72 hours of the flight's scheduled takeoff. The same procedure would also be required for anyone who wants to pass through security but is not getting on a plane--for instance, an adult accompanying a minor who is flying solo.

After doing its checks, TSA would send back to the airline instructions about whether to issue a boarding pass to an individual, to flag the individual for extra screening at airport security checkpoints, or to deny the traveler's transportation.

TSA has proposed storing individual information that doesn't produce a watch list match for a week for "auditing purposes." Records for "potential matches" would be stored for seven years, and confirmed matches would have their records stored for 99 years. TSA said it plans to give its employees privacy training and to use various "access controls" and "audit logging" to keep tabs on who views those records.

Also, in an effort to thwart use of , Homeland Security plans to require airlines to place unique coding, such as a bar code, on the document. It would be designed to vouch for its authenticity but would not, Homeland Security said, contain personal information.

Electronic Privacy Information Center executive director Marc Rotenberg said the proposed changes are "significant" in that they request "less intrusive" information than previous programs. But he said problems remain with the watch lists themselves, including the possibility that their uses could be expanded to "other settings, including access to railway stations, federal office buildings and amusement parks."

Chris Calabrese, counsel for the American Civil Liberties Union's Technology and Liberty Project, said the government still isn't doing enough to make its watch list practices transparent.

Although TSA has a "redress" process for passengers who feel they have been improperly detained, it says it still can't actually confirm or deny who's on its lists. (Name matches have infamously detained congressmen, infants and myriad other innocent travelers.)

"You still have the incredible unasked question of...what are those criteria, how do I get off that list?" Calabrese said in a telephone interview. "That question is not answered, and they don't seem to be inclined to answer it."

Chertoff, for his part, said centralizing the watch lists checks within TSA should help to head off some of those inconveniences. Airlines often don't have the most up-to-date watch list information, but TSA will have access to lists that reflect real-time updates, he said.

The department has emphasized that it will do "operational testing" with airlines before rolling out the Secure Flight program. It expects to implement the new rules in two phases, beginning first with flights between two domestic points and then moving on to flights to or from the United States, or flights that happen to fly over the nation.

[Marcus Westrup]

What a mess

This will be complicated and expensive to implement, and I don't see any improvements to security. Any time you violate the KISS principle you risk disaster.

What happens if the computer systems go down? Does everyone in the country have to sit and wait?
And how can TSA provide extra training for "access controls" and "audit logging" tasks? Those jobs require the actions of fully qualified IT security personal, or it means nothing.

All in all I think this is a long way from being settled.

[likes2comment]

Give up your liberty to be secure.

Everyone needs to give up their liberty to be secure according to what Homeland inSecurity always proposes. I think this means the terrorists have won without having to destroy any more buildings, etc.