TSA screening digs deep into passenger data

The Transportation Security Administration (TSA) is expanding its screening of passengers before they arrive at the airport by searching a wide array of government and private databases that can include such records as car registrations and employment information.

The agency says that the goal is to streamline the security procedures for millions of passengers who pose no risk, but the new measures give the government greater authority to use travelers' data for domestic airport screenings. Previously that level of scrutiny applied only to individuals entering the United States.

The prescreening, some of which is already taking place, is described in documents the TSA released to comply with government regulations about the collection and use of individuals' data, but the details of the program have not been publicly announced.

It is unclear precisely what information the agency is relying upon to make these risk assessments, given the extensive range of records it can access, including tax identification number, past travel itineraries, property records, physical characteristics, and law enforcement or intelligence information.

The measures go beyond the background check the government has conducted for years, called Secure Flight, in which a passenger's name, gender and date of birth are compared with terrorist watch lists. Now, the search includes using a traveler's passport number, which is already used to screen people at the border, and other identifiers to access a system of databases maintained by the Department of Homeland Security.

Privacy groups expressed concern over the security agency's widening reach.

"I think the best way to look at it is as a pre-crime assessment every time you fly," said Edward Hasbrouck, a consultant to the Identity Project, one of the groups that oppose the prescreening initiatives.

'Additional risk assessments'

The TSA, which has been criticized for a one-size-fits-all approach to screening travelers, said the initiatives were needed to make the procedures more targeted.

"Secure Flight has successfully used information provided to airlines to identify and prevent known or suspected terrorists or other individuals on no-fly lists from gaining access to airplanes or secure areas of airports," the security agency said in a statement. "Additional risk assessments are used for those higher-risk passengers."

An agency official discussed some aspects of the initiative on the condition that she not be identified. She emphasized that the main goal of the program was to identify low-risk travelers for lighter screening at airport security checkpoints, adapting methods similar to those used to flag suspicious people entering the United States.

Anyone who has never traveled outside the United States would not have a passport number on file and would therefore not be subject to the rules that the agency uses to determine risk, she said, although documents indicate that the agency is prescreening all passengers in some fashion.

The official added that these rules consider such things as an individual's travel itinerary, length of stay abroad and type of travel document, like a passport. If an airline has a traveler's passport number on file, it is required to share that information with the TSA, even for a domestic flight.

The agency also receives a code indicating whether a passenger belongs to the airline's frequent-flier program and has access to details about past reservations. This official could not confirm whether that information was being used to assess a passenger's risk.

The effort comes as the agency is trying to increase participation in its trusted traveler program, called PreCheck, that allows frequent fliers to pass through security more quickly after submitting their fingerprints and undergoing a criminal-background check.

The TSA has emphasized its goal of giving 25 percent of all passengers receiving lighter screening by the end of next year. But travelers who find themselves in the higher-risk category can be subjected to repeated searches.

Critics argue that the problem with what the agency calls an "intelligence-driven, risk-based analysis" of passenger data is that secret computer rules, not humans, make these determinations. Civil liberties groups have questioned whether the agency has the legal authority to make these assessments, which the TSA has claimed in Federal Register notices and privacy disclosures. Privacy advocates have also disputed whether computer algorithms can accurately predict terrorist intent.

The airline industry has supported the expansion of PreCheck and using data about travelers to decide who should receive more or less scrutiny at checkpoints, to reduce security bottlenecks and focus resources on higher-risk passengers.

Automated Targeting System

At the heart of the expanded effort is a database called the Automated Targeting System, which is maintained by the Department of Homeland Security and screens travelers entering the United States.

Data in the Automated Targeting System is used to decide who is placed on the no-fly list — thousands of people the U.S. government has banned from flying — and the selectee list, an unknown number of travelers required to undergo more in-depth screening. The TSA also maintains a PreCheck disqualification list, tracking people accused of violating security regulations, including disputes with checkpoint or airline staff.

Much of this data is widely shared within the Department of Homeland Security and with other government agencies. Privacy notices for these databases note that the information may be shared with federal, state and local authorities; foreign governments; law enforcement and intelligence agencies — and in some cases, private companies for purposes unrelated to security or travel.