- Related Stories
NORAD orders Web deletion of transcriptMarch 9, 2006
Tens of thousands mistakenly matched to terrorist watch listsDecember 6, 2005
GAO: Security agency broke privacy lawsJuly 25, 2005
Sidelining Homeland Security's privacy chiefApril 11, 2005
Oracle inks homeland security dealApril 7, 2003
Senate scrutinizes air travel databaseMarch 13, 2003
Federal agency pulls Web documentsJanuary 2, 2003
Perspective: Will this land me in jail?December 23, 2002
(continued from previous page)
Can you tell us if there have been any improvements in terms of who's on the "no fly list" and the "selectee" list that targets people for additional screening?
That's a database maintained by the Terrorist Screening Center. TSC was created by (presidential directive) HSPD 6, which mandated that the Department of Justice, the State Department, DHS and other agencies create it. What exactly is in there I don't think I'm allowed to say.
The lists started out in TSA but once the TSC was created, it took over the management of them.
What privacy oversight is there at the TSC?
Pietra: They have their own privacy officer who's very active. They've got very strict limitations on access to the data (through a memorandum of understanding). They also have a separate process where they examine every program that gets access to any of their databases--it has to be cleared by their director.
Does the TSA impose any measures on the third parties it does business with? How about airlines or other suppliers of information to the TSA--do they need to submit the information in an encrypted format, for example?
Pietra: Yes. Transmission coming into the agency often depends on the capability of the person. In some cases, under a court order, we require facility officers to transmit information through the Coast Guard Web portal. We also accept it in a password-protected CD. Once it's in TSA it's in a secure system that's FISMA (Federal Information Security Management Act.)-compliant.
Are these memorandums of understanding public?
Pietra: I don't know. We've had FOIA (Freedom of Information Act) requests. We had one from EPIC (the Electronic Privacy Information Center), but it was a draft MOU so we didn't release it.
Is it getting easier to get off the no-fly list? Who gets access to that list?
Pietra: It's not a matter of getting off the no-fly list. It's a matter, I think, of clearing up who you are and showing you're not the same person who's on the list.
If your name is also Osama bin Laden but you're not the one they're looking for, it's difficult to give you a completely smooth entry, although there are processes in place to get on the clear list. There is a process that's been implemented for at least two years that allows people to distinguish themselves from those who are on the no-fly list.
The question about how you end up on the no-fly list itself--it's not up to TSA. It's a TSC list. People are nominated for the no-fly list by intelligence agencies. There is a way to get off that list. There are challenges that have resulted in people being pulled off that list.
We get a lot of bad press about the list. A lot of times I feel it's undeserved because it's not us.
Some airports have been experimenting with face-recognition software hooked up to surveillance cameras. Does this help security?
Pietra: I'm not in a position to say one way or another. TSA has very few cameras. They're almost all owned by the airports.
General aviation pilots are worried about airspace restrictions, such as those surrounding Washington, D.C., appearing elsewhere in the country. Will that happen?
Pietra: There's no contemplation of those being made more widespread.
Back to the Privacy Act, which regulates what types of personal information federal agencies may collect. Do you view it as a floor--that is, a minimum set of requirements--or a ceiling?
Pietra: I don't know that I'd call the Privacy Act a floor. It's a pretty robust system if it's implemented as it's been contemplated. The department has committed to implementing fair information practices.
That means keeping data safe so people can't get into it. That's what we're doing. A lot of it is a matter of awareness, getting out to employees that they've been entrusted with personal information.
What, if any, privacy concerns do you have about the Secure Flight program?
Pietra: I think that given the stronger focus on privacy, TSA's going to put into place a program that's as protective of privacy as it can possibly be. I expect we'll have a good redress process where the rubber meets the road, so to speak. I hope that'll give people a better experience and better feelings about the program.
TSA's been directed to implement the program, so I don't think we're in a position of questioning whether the program should go forward or not.
The issue is how can we make this as privacy friendly as we can, collect as little information as is needed to provide a useful product, which is why we're focused on things like collecting names, dates of birth and so on, for vetting. Occasionally we do have people with the same name and date of birth and that's when we need additional information.
3 commentsJoin the conversation! Add your comment