Reports, Forms, and Recordkeeping Requirements: Agency Information Collection Activity Under OMB Review; Secure Flight Test Phase

AGENCY:

Transportation Security Administration (TSA), Department of Homeland Security (DHS).

ACTION:

Notice of emergency clearance request.

SUMMARY:

TSA has submitted a request for emergency processing of a new public information collection to the Office of Management and Budget (OMB) for review and clearance under the Paperwork Reduction Act of 1995 (Pub. L. 104-13, 44 U.S.C. 3501, et seq.). This notice announces that the Information Collection Request (ICR) abstracted below has been forwarded to OMB for review and comment. The purpose of the ICR is to facilitate testing of TSA's Secure Flight program, which will prescreen airline passengers using information maintained by the Federal Government about individuals known or suspected to be engaged in terrorist activity and certain other information related to passengers' itineraries—specifically, passenger name record (PNR) data. On a limited basis, TSA will also test the use of commercial data to identify instances in which passenger information is incorrect or inaccurate. TSA does not assume that the result of comparison of passenger information to commercial data is determinative of information accuracy or the intent of the person who provided the passenger information.

In order to test the Secure Flight program, TSA is proposing to issue an order to all domestic aircraft operators directing them to submit a limited set of historical passenger name records to TSA. The ICR describes the nature of the information collection and its expected burden.

DATES:

Send your comments by October 25, 2004. A comment to OMB is most effective if OMB receives it within 30 days of publication.

ADDRESSES:

Comments may be faxed to the Office of Information and Regulatory Affairs, Office of Management and Budget, Attention: DHS-TSA Desk Officer, at (202) 395-5806.

FOR FURTHER INFORMATION CONTACT:

Conrad Huygen, Office of Transportation Security Policy, TSA-9, Transportation Security Administration, 601 South 12th Street, Arlington, VA 22202-4220; telephone (571) 227-3250; facsimile (571) 227-1954; e-mail conrad.huygen@dhs.gov.

SUPPLEMENTARY INFORMATION:

Background

TSA currently performs passenger and baggage screening with screening personnel and equipment at the nation's airports. This screening is supplemented by a system of computer-based passenger screening known as the Computer-Assisted Passenger Prescreening System (CAPPS), which is operated by U.S. aircraft operators. CAPPS analyzes information in passenger name records (PNRs) using certain evaluation criteria in order to determine whether a passenger or his property should receive a higher level of security screening prior to boarding an aircraft. A PNR is a record that contains detailed information about an individual's travel on a particular flight, including information provided by the passenger when making the flight reservation. Though the content of PNRs varies among airlines, PNRs may include, among other information: (1) Passenger name; (2) reservation date; (3) travel agency or agent; (4) travel itinerary information; (5) form of payment; (6) flight number; and (7) seating location. Operationally, CAPPS is not a single system. CAPPS is programmed into the separate computer systems through which airline passenger reservations are made.

Passenger prescreening also involves the comparison of identifying information of airline passengers against lists of individuals known to pose or suspected of posing a threat to civil aviation or national security. Aircraft operators currently carry out this function, using lists provided by TSA. Because the lists are provided in an unclassified form, the amount of information that they include is limited.

After a lengthy review of the initial plans for a successor system to CAPPS, and consistent with a recommendation of the National Commission on Terrorist Attacks upon the United States (9/11 Commission), the Department of Homeland Security is moving forward with a next-generation system of domestic passenger prescreening, called “Secure Flight,” that meets the following goals: (1) Identifying, in advance of flight, passengers known or suspected to be engaged in terrorist activity; (2) moving passengers through airport screening more quickly and reducing the number of individuals unnecessarily selected for secondary screening; and (3) fully protecting passengers' privacy and civil liberties.

Secure Flight Description

Secure Flight will involve the comparison of information in PNRs for domestic flights to names in the Terrorist Screening Database (TSDB) maintained by the Terrorist Screening Center (TSC), including the expanded TSA No-Fly and Selectee Lists, in order to identify individuals known or suspected to be engaged in terrorist activity. TSA will apply, within the Secure Flight system, a streamlined version of the existing CAPPS rule set related to suspicious indicators associated with travel behavior, as identified in passengers' itinerary-specific PNR. This should provide a security benefit, while at the same time improving the efficiency of the pre-screening process and reducing the number of persons selected for secondary screening. TSA will also build a “random” element into the new program to protect against those who might seek to reverse-engineer the system.

The Secure Flight program is fully consistent with the recommendation in the final report of the 9/11 Commission, which states at page 392:

“[I]mproved use of “no-fly” and “automatic selectee” lists should not be delayed while the argument about a successor to CAPPS continues. This screening function should be performed by TSA and it should utilize the larger set of watch lists maintained by the Federal Government. Air carriers should be required to supply the information needed to test and implement this new system.”

Expansion of these lists to include information not previously included for security reasons will be possible as integration and consolidation of the information related to individuals known or suspected to be engaged in terrorist activity maintained by TSC is completed and the U.S. Government assumes the responsibility for administering the watch list comparisons. Secure Flight will automate the vast majority of watch list comparisons; will allow TSA to apply more consistent procedures where automated resolution of potential matches is not possible; and will allow for more consistent response procedures at airports for those passengers identified as potential matches.

Secure Flight Testing Phase

Secure Flight represents a significant step in securing domestic air travel and safeguarding terrorism related national security information. It will dramatically improve the administration of comparisons of passenger information with data maintained by TSC and will reduce the long-term costs to air carriers and passengers associated with maintaining the present system, which is operated individually by each air carrier that flies in the United States.

However, such comparisons will not permit TSA to identify passenger information that is incorrect or inaccurate. For this reason and on a very limited basis, in addition to testing TSA's ability to compare passenger information with data maintained by TSC, TSA will separately test the use of commercial data to determine if use of such data is effective in identifying passenger information that is incorrect or inaccurate. This test will involve commercial data aggregators who provide services to the banking, home mortgage and credit industries. These procedures will be governed by strict privacy and data security protections. TSA will not store the commercially available data that would be used by commercial data aggregators. TSA will use this test of commercial data to determine whether such use: (1) Could accurately identify when passengers' information is inaccurate or incorrect; (2) would not result in inappropriate differences in treatment of any protected category of persons; and (3) could be governed by data security safeguards and privacy protections that are sufficiently robust to ensure that commercial entities or other unauthorized entities do not gain access to passenger personal information and to ensure that the government does not gain inappropriate access to sensitive personal information. TSA will defer any decision of whether commercial data will be used in its prescreening programs, such as Secure Flight, until a thorough assessment of test results is completed and until the agency publishes a new System of Records Notice announcing how commercial data might be used and individuals' privacy will be protected.

In order to obtain the passenger information necessary to test the Secure Flight program, TSA proposes to issue an order to all domestic aircraft operators directing them to submit a limited set of historical PNRs to TSA that cover commercial scheduled domestic flights. The order covers PNRs with domestic flight segments completed in the month of June 2004. However, the order will exclude those PNRs with flight segments that occurred after June 30, 2004. The purpose of this limitation is to ensure that during the test phase, TSA does not obtain any information about future travel plans of passengers on domestic flights. The order also proposes to exclude PNR flight segments to or from the United States. TSA requests comments from all interested parties on this proposed order. The text of the proposed order is set forth below:

TRANSPORTATION SECURITY ADMINISTRATION ORDER

Pursuant to the authority vested in me as Assistant Secretary of Homeland Security (Transportation Security Administration) (TSA) by delegation from the Secretary of Homeland Security, 49 U.S.C. 40113(a), and other authorities described below, I hereby direct [U.S. aircraft operator] to provide passenger name records (PNRs) to TSA in accordance with the terms of this order.

Background and Authority

1. The Secretary of Homeland Security has delegated to the Assistant Secretary of Homeland Security (TSA), subject to the Secretary's guidance and control, the authority vested in the Secretary by section 403(2) of the Homeland Security Act (HSA) respecting TSA, including that related to civil aviation security under the Aviation and Transportation Security Act (ATSA).

2. Under 49 U.S.C. 114(e)(1) and 44901(a), TSA is responsible for, among other things, providing for the screening of passengers traveling in air transportation and intrastate air transportation.

3. One component of passenger screening is the Computer-Assisted Passenger Prescreening System (CAPPS), an automated screening system developed by the Federal Aviation Administration (FAA) in cooperation with U.S. aircraft operators. U.S. aircraft operators implemented CAPPS in 1997.

4. CAPPS analyzes information in PNRs using certain evaluation criteria in order to determine whether a passenger will be selected for a higher level of security screening prior to boarding. A PNR is a record that contains detailed information about an individual's travel on a particular flight, including information provided by the individual when making the flight reservation. While the Federal Government established the CAPPS selection criteria, CAPPS is operated entirely by U.S. aircraft operators.

5. Passenger prescreening also involves the comparison of identifying information of airline passengers against lists of individuals known to pose or suspected of posing a threat to civil aviation or national security. Aircraft operators currently carry out this function, using lists provided by TSA. Because the lists are provided in an unclassified form, the amount of information they include is limited. For this reason, TSA will take over from aircraft operators the function of screening passengers against such lists and use a larger set of data maintained by the Federal Government for this purpose. This is consistent with the recommendation by the National Commission on Terrorist Attacks upon the United States (9/11 Commission) related to the use of expanded “No-Fly” and “Automatic Selectee” lists, and the 9/11 Commission recommendation that aircraft operators be required to supply the information needed to test and implement such a system.

6. Under 49 U.S.C. 114(f)(8), TSA has authority to identify and undertake research and development activities necessary to enhance transportation security.

7. In accordance with the authority in 49 U.S.C. 44903(j)(2), TSA is in the process of developing a successor system to CAPPS that will be operated entirely by TSA and will incorporate the screening of passengers against data maintained by the Terrorist Screening Center (TSC) about individuals known or reasonably suspected to be or have been engaged in conduct constituting, in preparation for, in aid of, or related to terrorism.

8. In order to test such a system, TSA must have access to information contained in the PNRs for domestic passenger flights.

9. TSA has broad authority under 49 U.S.C. 40113(a) to issue orders necessary to carry out its functions, including its responsibility to provide for the security screening of passengers under 49 U.S.C. 114(e)(1) and 44901(a), as well as its power to identify and undertake research and development activities necessary to enhance transportation security under 49 U.S.C. 114(f)(8).

Findings

10. The security pre-screening of passengers, as mandated by Congress, is vital to aviation security and the national security.

11. After a lengthy review of the initial plans for a successor system to CAPPS, and consistent with the recommendation of the 9/11 Commission, the Department of Homeland Security is moving forward with a next generation system of domestic passenger prescreening that meets the following goals: (1) Identifying, in advance of flight, passengers known or suspected to be engaged in terrorist activity; (2) moving of passengers through airport screening more quickly and reducing the number of individuals unnecessarily selected for secondary screening; and (3) fully protecting passengers' privacy and civil liberties.

12. In the revised program, known as Secure Flight, TSA will compare information in airline PNRs for domestic flights to information in the Terrorist Screening Database (TSDB) at TSC, including expanded TSA No-Fly and Selectee lists, in order to identify individuals known or suspected to be engaged in terrorist activity. The Secure Flight program also will analyze information in PNRs using a streamlined version of the existing CAPPS evaluation criteria. TSA will use the PNRs obtained under this order to test these aspects of the program.

13. TSA also will test whether comparing passenger information to other commercially available data can help identify passenger information that is inaccurate or incorrect.

14. In order to develop and test such a system, TSA must obtain PNRs from aircraft operators.

15. Therefore, TSA is issuing this order to aircraft operators directing them to provide PNRs for testing of a new passenger prescreening system.

Action Ordered

16. On October 29, 2004, the aircraft operator must submit to its Principal Security Inspector (PSI) all PNRs with flight segments flown during the month of June 2004 that reflect itineraries of passengers for transport by the aircraft operator on a scheduled flight within the United States, in operations subject to a full security program under 49 CFR 1544.101(a).

17. Within seven days of the date of this order, the aircraft operator must submit to the PSI a plan for meeting the requirement in paragraph 16.

18. The aircraft operator must exclude the following from the set of PNRs submitted to its PSI:

a. Any PNR reflecting an itinerary that includes one or more flight segments that have not been completed on or before June 30, 2004;

b. Any flight segment from a PNR that represents one or more flight segments to or from the United States; and

c. Information related to changes in the PNR prior to completion of the flight itinerary (PNR history).

19. The aircraft operator must include in the set of PNRs submitted to its PSI:

a. Any PNRs reflecting itineraries that were cancelled in whole or in part; and

b. All active fields from each PNR.

20. For purposes of this order, the term United States includes U.S. territories and possessions.

21. For purposes of this order, the term “PNR” means the electronic record maintained by the aircraft operator detailing information about an individual's travel on a particular flight and any other information contained in that record.

22. The aircraft operator must provide the PNRs to the PSI on optical media in an unpacked or uncompressed form, in a structured data format or XML, if available.

23. The aircraft operator must provide to the PSI information about the aircraft operator's PNR data schema and layout, such as a PNR format book and a data dictionary that includes all acronyms and codes used in the PNRs, including any acronyms or codes not standard to the International Air Transport Association.

Information Collection

Transportation Security Administration (TSA)

Title: Secure Flight Testing Phase.

Type of Request: Emergency processing request of new collection.

OMB Control Number: Not yet assigned.

Form(s): None.

Affected Public: Business or other for-profit; each aircraft operator conducting scheduled flights within the United States in operations subject to a full security program under 49 CFR 1544.101(a).

Abstract: In order to test the Secure Flight concept, TSA will collect from the aircraft operators historical PNR data for all flights completed during the month of June 2004 that reflect itineraries of passengers for transport by the aircraft operator on a scheduled flight within the United States in operations subject to a full security program under 49 CFR 1544.101(a).

TSA will compare passengers' identifying information in the PNRs for domestic flights to data maintained in the Terrorist Screening Database (TSDB), including expanded TSA No-Fly and Selectee lists, in order to test the ability to identify individuals known or reasonably suspected to be or have been engaged in conduct constituting, in preparation for, in aid of, or related to terrorism. On a limited basis, TSA also will use the information in PNRs to test the use of commercial data to determine if it is effective in identifying passengers' information that is incorrect or inaccurate.

Number of Respondents: 77.

Estimated Annual Burden Hours: 10,850.

Estimated Annual Cost: $810,000.

TSA is soliciting comments to—

(1) Evaluate whether the proposed information requirement is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;

(2) Evaluate the accuracy of the agency's estimate of the burden;

(3) Enhance the quality, utility, and clarity of the information to be collected; and

(4) Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.