Newsmaker: Peter Pietra's mission impossible

(continued from previous page)

Can you tell us if there have been any improvements in terms of who's on the "no fly list" and the "selectee" list that targets people for additional screening?
That's a database maintained by the Terrorist Screening Center. TSC was created by (presidential directive) HSPD 6, which mandated that the Department of Justice, the State Department, DHS and other agencies create it. What exactly is in there I don't think I'm allowed to say.

The lists started out in TSA but once the TSC was created, it took over the management of them.

What privacy oversight is there at the TSC?
Pietra: They have their own privacy officer who's very active. They've got very strict limitations on access to the data (through a memorandum of understanding). They also have a separate process where they examine every program that gets access to any of their databases--it has to be cleared by their director.

Does the TSA impose any measures on the third parties it does business with? How about airlines or other suppliers of information to the TSA--do they need to submit the information in an encrypted format, for example?
Pietra: Yes. Transmission coming into the agency often depends on the capability of the person. In some cases, under a court order, we require facility officers to transmit information through the Coast Guard Web portal. We also accept it in a password-protected CD. Once it's in TSA it's in a secure system that's FISMA (Federal Information Security Management Act.)-compliant.

Are these memorandums of understanding public?
Pietra: I don't know. We've had FOIA (Freedom of Information Act) requests. We had one from EPIC (the Electronic Privacy Information Center), but it was a draft MOU so we didn't release it.

"A lot of it is a matter of awareness, getting out to employees that they've been entrusted with personal information."

Is it getting easier to get off the no-fly list? Who gets access to that list?
Pietra: It's not a matter of getting off the no-fly list. It's a matter, I think, of clearing up who you are and showing you're not the same person who's on the list.

If your name is also Osama bin Laden but you're not the one they're looking for, it's difficult to give you a completely smooth entry, although there are processes in place to get on the clear list. There is a process that's been implemented for at least two years that allows people to distinguish themselves from those who are on the no-fly list.

The question about how you end up on the no-fly list itself--it's not up to TSA. It's a TSC list. People are nominated for the no-fly list by intelligence agencies. There is a way to get off that list. There are challenges that have resulted in people being pulled off that list.

We get a lot of bad press about the list. A lot of times I feel it's undeserved because it's not us.

Some airports have been experimenting with face-recognition software hooked up to surveillance cameras. Does this help security?
Pietra: I'm not in a position to say one way or another. TSA has very few cameras. They're almost all owned by the airports.

General aviation pilots are worried about airspace restrictions, such as those surrounding Washington, D.C., appearing elsewhere in the country. Will that happen?
Pietra: There's no contemplation of those being made more widespread.

Back to the Privacy Act, which regulates what types of personal information federal agencies may collect. Do you view it as a floor--that is, a minimum set of requirements--or a ceiling?
Pietra: I don't know that I'd call the Privacy Act a floor. It's a pretty robust system if it's implemented as it's been contemplated. The department has committed to implementing fair information practices.

That means keeping data safe so people can't get into it. That's what we're doing. A lot of it is a matter of awareness, getting out to employees that they've been entrusted with personal information.

What, if any, privacy concerns do you have about the Secure Flight program?
Pietra: I think that given the stronger focus on privacy, TSA's going to put into place a program that's as protective of privacy as it can possibly be. I expect we'll have a good redress process where the rubber meets the road, so to speak. I hope that'll give people a better experience and better feelings about the program.

TSA's been directed to implement the program, so I don't think we're in a position of questioning whether the program should go forward or not.

The issue is how can we make this as privacy friendly as we can, collect as little information as is needed to provide a useful product, which is why we're focused on things like collecting names, dates of birth and so on, for vetting. Occasionally we do have people with the same name and date of birth and that's when we need additional information.  

More Newsmakers

[Stalin Hornsby]

Postit!

Yea this boy in the band knows me well. I can only dream he would clean his erasers in high school and keep my perish clear from the distribution of fire arms one person at a time. Plus, i would rather shake hands with this great man than a 'Dole' pineapple. Politically exempt need not reply; vito. CRT without a knee.

[Stalin Hornsby]

Osh Kosh wits!

Yea this boy in the band knows me well. I can only dream he would clean his erasers in high school and keep my perish clear from the distribution of fire arms one person at a time. Plus, i would rather shake hands with this great man than a 'Dole' pineapple. Politically exempt need not reply; vito. CRT without a knee.

[209979377489953107664053243186]

Who are these data brokers

The more we communicate or do business online, the more data there is to easily collect. Keep a Google calendar? That means all you contacts and appointments are stored on Google's servers, and right now, there is no law that would prevent the NSA or TSA from obtaining it. There are solutions available to protect your communications privacy, even from the owners of the servers it is stored on. <a class="jive-link-external" href="http://www.essentialsecurity.com/products.htm" target="_newWindow">http://www.essentialsecurity.com/products.htm</a>