The Security Swamp
Secure Flight, the government's new airline passenger-screening program, wants to identify troublemakers. But making it work might be a nightmare for travelers.
The name on my passport, my preferred form of travel identification, is Joseph Angelo Brancatelli. I was born on May 22, 1953. And I am a male.
I tell you these admittedly prosaic bits of personal trivia because I want you to know that I am not against giving this information to the Transportation Security Administration (TSA). And if you want to fly, you, too, will soon be required to disclose this data to the TSA, the lumbering, leaderless, secretive bureaucracy that has spent the years since 9/11 alternately keeping us safe and infuriating us.
Secure Flight, the official name of this latest bit of data mining by the federal bureaucracy with the power over your freedom of movement, kicked in last week in typical TSA style: suddenly, with virtually no public discussion and even fewer details about its implementation. According to the agency's press release, which is buried half-a-dozen clicks deep on the TSA website, Secure Flight is now operative on four airlines. Which airlines? The TSA won't say. When will Secure Flight be extended to other carriers? Sometime in the next year, but the agency won't publicly disclose a timeline or discuss the whys, wherefores, and practical details.
Before we can even discuss why a federal agency needs to know when you were born before it permits you to fly, let's back up and explain the security swamp that the TSA has created.
Born in haste after 9/11, the TSA was specifically tasked by Congress to assume overall authority for airport security and pre-flight passenger screening. Before that, airlines were required to oversee security checkpoints, and carriers farmed out the job to rent-a-cop agencies. Their work was shoddy, and the minimum-wage screeners were often untrained.
Despite some birthing pains and well-publicized missteps, the TSA eventually got a more professional crew of 40,000 or so screeners working the checkpoints. Generally speaking, the checkpoint experience is more professional and courteous now, if not actually more secure. In fact, despite rigorous employee training and billions of dollars spent on new technology, random tests show that TSA screeners miss as much contraband as their minimum-wage, rent-a-cop predecessors.
But the TSA's mission wasn't just passenger checkpoints. Congress asked the new agency to screen all cargo traveling on passenger jets. (The TSA has resisted the mandate and still doesn't screen all cargo.) Congress also empowered the TSA to oversee a private "trusted traveler" program that would speed the journey of frequent fliers who voluntarily submitted to invasive background checks. (The TSA has all but killed trusted traveler, which morphed into inconsequential "registered traveler" programs like Clear.)
Most important of all perhaps, both Congress and the 9/11 Commission wanted the TSA to get a handle on "watch lists" and other government data programs aimed at identifying potential terrorists before they flew. And nowhere has the agency been more ham-fisted than in the information arena.
The TSA's first attempt to corral data, CAPPS II, was an operational and Constitutional nightmare. The Orwellian scheme envisioned travelers being profiled with huge amounts of sensitive private data-credit records, for example-that the government would store indefinitely. Everyone-privacy advocates, airlines, airports, civil libertarians and certainly travelers-hated CAPPS II. The TSA grudgingly killed the plan in 2004 after some high-profile data-handling gaffes made its implementation a political impossibility.
While this security kabuki was playing out, the number and size of government watch lists of potential terrorists ballooned. Current estimates say there are as many as a million entries on the various lists, although the TSA argues that only a few thousand actual people are suspect.
But how do you reconcile the blizzard of watch-list names-some as common as Nelson, which has been a hassle for singer/actor David Nelson of Ozzie & Harriet TV fame-with the actual bad guys who are threats to aviation?
Enter Secure Flight, a stripped-down version of CAPPS II. The TSA's theory: If passengers submit their exact names, dates of birth, and their gender when they make reservations, the agency could proactively separate the terrorist Nelsons from the television Nelsons, and guarantee that the average Joe-or, in my case, the average Joseph Angelo-won't be fingered as a potential troublemaker.
Theoretically, giving the TSA that basic information seems logical enough. But the logistics are something else again: Airline websites and reservations systems, third-party travel agencies, and the GDS (global distribution system) computers that power those ticketing engines haven't been programmed to gather birthday and gender data. And Secure Flight's insistence that the name on a ticket exactly match the name on a traveler's identification is also problematic: Fliers often use several kinds of ID that do not always have exactly the same name. (Does your driver's license and passport have exactly the same name on it?) Many travelers have existing airline profiles and frequent-flier program membership under names that do not exactly match the one on their IDs.
Another fly in the Secure Flight ointment: While the TSA is assuming the watch list functions from the airlines, the carriers will still be required to gather the name, birth date, and gender information and transmit it to the agency. Meshing the airline computers with the TSA systems has been troublesome in the past and, from the outside, it looks like very little planning has been done to ensure that Secure Flight runs smoothly.
The TSA "announced this thing in 2005 and, as usual, they announced it without considering practical realities," one airline executive told me last week. "And any time you deal with the government on stuff like this, it's a nightmare."
What can you do about all of this? For now, very little. Settle on a single form of identification for all travel purposes and make sure that you use that name exactly when making reservations. Check that the name that airlines have for you-on preference profiles, frequent-flier programs, airport club memberships, etc.-matches the name on your chosen form of identification.
Then wait for that glorious day when the TSA solemnly and suddenly, and almost assuredly without advance warning, decides that Secure Flight is in effect across the nation's airline system.
The Fine Print.
You may wonder why I haven't asked anyone from the Transportation Security Administration to comment on Secure Flight. The reason is simple: No one is really in charge of the agency. The Bush-era administrator, Kip Hawley, left with the previous president and the Obama Administration has yet to name his successor. Everyone, from acting administrator Gale Rossides on down, is a Bush holdover. And no one seems to know what President Obama or Homeland Security Secretary Janet Napolitano thinks about the TSA, Secure Flight, or any airline-security issue.