IT snags slow Secure Flight

TSA's passenger screening system criticized as duplicative of CBP's border program<@VM>Table | Common data elements APIS and Secure Flight

ALTHOUGH THE Transportation Security Administration has made significant progress in deploying technology to detect bombs, weapons and flammable materials that terrorists might smuggle onto a plane, its Secure Flight program for screening passengers remains mired in technology delays.

The long-awaited plan for a new information technology system to match airline passengers against government watch lists faces problems stemming from its high cost and overlap with existing systems, government and industry sources say.

TSA issued a Secure Flight rulemaking proposal in August, prompting many comments from the travel industry. The two main issues are that:
  • The program appears to duplicate many of the capabilities of the Customs and Border Protection agency's Advance Passenger Information System (APIS).
  • TSA may have drastically underestimated the difficulty, cost and time needed for the air travel industry to implement Secure Flight's required IT changes.

The federal government launched APIS in 1988 to meet the needs of the former Customs Service and Immigration and Naturalization Service, the predecessors to CBP.

Since then, flights entering or departing the United States routinely have transmitted traveler information via APIS to federal border control agencies. Customs and INS designed APIS to ensure that travelers entering the country held valid visas or other entry permits.

After Sept. 11, 2001, APIS came into play as a tool to vet passengers against terrorist watch lists.

Today, watch-list matching for domestic flights uses only passenger name record (PNR) data, also known as airline passenger manifest data ' the data that airlines collect when a traveler makes a reservation and buys a ticket.

For international flights, both APIS and PNR data are used to vet travelers against watch lists.

'APIS information comes from passports,' said Cathleen Berrick, director of homeland security and justice at the Government Accountability Office.

Berrick said that although Secure Flight would use PNR data reported by passengers, APIS data is verified and is more accurate.

APIS uses 22 data elements, including full name, date of birth, gender, passport number and flight number. PNR data contains 19 discrete elements, with little APIS overlap. Secure Flight, however, requires 20 data elements, 14 of which duplicate those in APIS. (For a chart of the common data elements, go to GCN.com/917.)

Five of the nonmatching items, such as record type and passenger update indicator, have not been defined by TSA. Passenger redress number, the sixth nonmatching item, is the number a traveler gets when he or she has been wrongly matched with a terrorist. If that happens, a passenger can be detained, questioned and prevented from flying. The number is used to get redress from TSA. None of the six items have been considered or approved by the travel industry's standards bodies.

Now, TSA wants to build a new IT system with links to domestic and international airlines to collect information for Secure Flight.

However, most of that data already flows to CBP via APIS.

'International airlines are already doing this [watch-list matching], so why invent the wheel?' asked Lynn Ross, senior manager of government affairs at Express Jet. 'Why not use the existing APIS system and just add on the domestic part?' According to comments on TSA's rulemaking proposal filed by airlines and other travel industry organizations, the agency has greatly underestimated the cost of complying with Secure Flight. Some evidence exists to support the claims in the form of data from IT changes airlines are making now to meet new APIS requirements CBP issued in August.

The changes might not sound significant, but they are costing Air France millions of dollars, said Guy Tardieu, the airline's vice president and chief of staff in the chairman's office.

TSA has not announced a date for publishing the final rule for Secure Flight.

Since terrorist watch-list matching was imposed, airlines have been responsible for vetting passengers against the lists. Starting in February, CBP will take over that responsibility.

'CBP will do this on behalf of TSA until Secure Flight is operational,' said Kimberly Nivera, director of traveler entry programs at CBP's Field Operations Office.

Nivera's agency will have a few months to perfect the vetting process before the heavy summer travel season begins. If the takeover goes smoothly, many more questions may be asked about the need for Secure Flight.


Common data elements APIS and
Secure Flight






















































































































































Passenger Name Record (PNR), data,
also known as passenger manifest data





APIS (Customs & Border Protection)



Secure Flight (Transportation
Security Administration)





PNR record locater code



Full name



Full name



Date of reservation/issue of ticket



Date of birth



Date of birth



Date(s) of intended travel



Gender



Gender



Name(s)





Redress number' or known traveler
number*



Available frequent flier and benefit
information



Passport number



Passport number



Other names on PNR, including number of
travelers



Passport country of issuance



Passport country of issuance



All available contact information,
including originator information



Passport expiration date



Passport expiration date



All available payment/billing
information (excluding other transaction details not connected to the
travel transaction)



Passenger name record locater





Travel itinerary for specific PNR



International Air Transport Association
(IATA) foreign airport code'place of origin



IATA foreign airport code'place of
origin



Travel agency/travel agent



IATA code'port of first arrival



IATA code'port of first arrival



Code share information



IATA code of final foreign port for
in-transit passengers





Split/divided information



Airline carrier code



Airline carrier code



Travel status of passenger (including
confirmations and check-in status)



Flight number



Flight number



Ticketing information, including ticket
number, one way tickets and Automated Ticket Fare Quote



Date of aircraft departure



Date of aircraft departure



All baggage information



Time of aircraft departure



Time of aircraft departure



Seat information, including seat number



Date of aircraft arrival



Date of aircraft arrival



General remarks including OSI, SSI and
SSR information



Scheduled time of aircraft arrival



Scheduled time of aircraft arrival



Any collected APIS information



Citizenship





All historical changes to the PNR listed
in numbers 1 to 18



Country of residence







Status on board aircraft







Travel document type







Alien registration number (if
applicable)







Address while in U.S. (except for
outbound flights, U.S. citizens, lawful permanent residents, crew and
in-transit passengers)









Reservation control number*







Record sequence number*







Record type*







Passenger update indicator*







Travel reference number*


'
Defined by TSA, but not accepted by travel industry international standards
bodies.



  • Not
    defined by TSA, nor accepted by travel industry international standards
    bodies.




TSA's Technology and IT
Contracts, 2007



After piloting a number of
physical screening technologies in airports across the country through 2007, TSA
will roll them out for operations in 2008. The technologies include an array of
advanced X-ray and magnetic resonance imaging methods for both humans and their
baggage. Chemical tests that detect liquid explosives or traces of explosives
represent another category of physical screening methods. The agency's goal is
to eventually equip all airports with enough technology so that no one can sneak
something nasty onto a plane.




































Technology



Number of airport pilot tests in 2007




Contract dates and awards



New X-ray technologies



At least six


10/3/07; Rapiscan Systems; $9.3 million; 125
620DV devices.



10/3/07; Smiths Detection; $21 million; 125
Hi-Scan devices.




Explosives detection (computed tomography)



At least 39 since 2005


10/3/07; Analogic Corporation; $7.6 million;
12 Cobra devices.



10/3/07; Reveal Imaging Technologies; $5.6
million; Fusion devices.





Cast and prosthetics screening (backscatter
X-rays)




At least four


10/3/07; CastScope; $1.7 million; 37
CastScope units.



Liquids explosives detection (chemical
methods)



At least seven


10/3/07; Nomadics Inc.; $3.4 million; 200
Fido PaxPoint units.



10/3/07; Smiths Detection; $650,000; 23
SABRE units.





IT and software application development for
Operational Applications Support and Information Services (OASIS) under
DHS's Enterprise Acquisition Gateway for Leading Edge Solutions (EAGLE)
program




N/A


9/19/07 (five-year contract); IBM Global
Business Services; $98.5 million.




Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above