IT snags slow Secure Flight
TSA's passenger screening system criticized as duplicative of CBP's border program<@VM>Table | Common data elements APIS and Secure Flight
ALTHOUGH THE Transportation Security Administration has made significant progress in deploying technology to detect bombs, weapons and flammable materials that terrorists might smuggle onto a plane, its Secure Flight program for screening passengers remains mired in technology delays.
The long-awaited plan for a new information technology system to match airline passengers against government watch lists faces problems stemming from its high cost and overlap with existing systems, government and industry sources say.
TSA issued a Secure Flight rulemaking proposal in August, prompting many comments from the travel industry. The two main issues are that:
- The program appears to duplicate many of the capabilities of the Customs and Border Protection agency's Advance Passenger Information System (APIS).
- TSA may have drastically underestimated the difficulty, cost and time needed for the air travel industry to implement Secure Flight's required IT changes.
The federal government launched APIS in 1988 to meet the needs of the former Customs Service and Immigration and Naturalization Service, the predecessors to CBP.
Since then, flights entering or departing the United States routinely have transmitted traveler information via APIS to federal border control agencies. Customs and INS designed APIS to ensure that travelers entering the country held valid visas or other entry permits.
After Sept. 11, 2001, APIS came into play as a tool to vet passengers against terrorist watch lists.
Today, watch-list matching for domestic flights uses only passenger name record (PNR) data, also known as airline passenger manifest data ' the data that airlines collect when a traveler makes a reservation and buys a ticket.
For international flights, both APIS and PNR data are used to vet travelers against watch lists.
'APIS information comes from passports,' said Cathleen Berrick, director of homeland security and justice at the Government Accountability Office.
Berrick said that although Secure Flight would use PNR data reported by passengers, APIS data is verified and is more accurate.
APIS uses 22 data elements, including full name, date of birth, gender, passport number and flight number. PNR data contains 19 discrete elements, with little APIS overlap. Secure Flight, however, requires 20 data elements, 14 of which duplicate those in APIS. (
For a chart of the common data elements, go to GCN.com/917.)
Five of the nonmatching items, such as record type and passenger update indicator, have not been defined by TSA. Passenger redress number, the sixth nonmatching item, is the number a traveler gets when he or she has been wrongly matched with a terrorist. If that happens, a passenger can be detained, questioned and prevented from flying. The number is used to get redress from TSA. None of the six items have been considered or approved by the travel industry's standards bodies.
Now, TSA wants to build a new IT system with links to domestic and international airlines to collect information for Secure Flight.
However, most of that data already flows to CBP via APIS.
'International airlines are already doing this [watch-list matching], so why invent the wheel?' asked Lynn Ross, senior manager of government affairs at Express Jet. 'Why not use the existing APIS system and just add on the domestic part?' According to comments on TSA's rulemaking proposal filed by airlines and other travel industry organizations, the agency has greatly underestimated the cost of complying with Secure Flight. Some evidence exists to support the claims in the form of data from IT changes airlines are making now to meet new APIS requirements CBP issued in August.
The changes might not sound significant, but they are costing Air France millions of dollars, said Guy Tardieu, the airline's vice president and chief of staff in the chairman's office.
TSA has not announced a date for publishing the final rule for Secure Flight.
Since terrorist watch-list matching was imposed, airlines have been responsible for vetting passengers against the lists. Starting in February, CBP will take over that responsibility.
'CBP will do this on behalf of TSA until Secure Flight is operational,' said Kimberly Nivera, director of traveler entry programs at CBP's Field Operations Office.
Nivera's agency will have a few months to perfect the vetting process before the heavy summer travel season begins. If the takeover goes smoothly, many more questions may be asked about the need for Secure Flight.
Common data elements APIS and
Secure Flight
Passenger Name Record (PNR), data,
also known as passenger manifest data
|
APIS (Customs & Border Protection)
|
Secure Flight (Transportation
Security Administration)
|
PNR record locater code
|
Full name
|
Full name
|
Date of reservation/issue of ticket
|
Date of birth
|
Date of birth
|
Date(s) of intended travel
|
Gender
|
Gender
|
Name(s)
|
|
Redress number' or known traveler
number*
|
Available frequent flier and benefit
information
|
Passport number
|
Passport number
|
Other names on PNR, including number of
travelers
|
Passport country of issuance
|
Passport country of issuance
|
All available contact information,
including originator information
|
Passport expiration date
|
Passport expiration date
|
All available payment/billing
information (excluding other transaction details not connected to the
travel transaction)
|
Passenger name record locater
|
|
Travel itinerary for specific PNR
|
International Air Transport Association
(IATA) foreign airport code'place of origin
|
IATA foreign airport code'place of
origin
|
Travel agency/travel agent
|
IATA code'port of first arrival
|
IATA code'port of first arrival
|
Code share information
|
IATA code of final foreign port for
in-transit passengers
|
|
Split/divided information
|
Airline carrier code
|
Airline carrier code
|
Travel status of passenger (including
confirmations and check-in status)
|
Flight number
|
Flight number
|
Ticketing information, including ticket
number, one way tickets and Automated Ticket Fare Quote
|
Date of aircraft departure
|
Date of aircraft departure
|
All baggage information
|
Time of aircraft departure
|
Time of aircraft departure
|
Seat information, including seat number
|
Date of aircraft arrival
|
Date of aircraft arrival
|
General remarks including OSI, SSI and
SSR information
|
Scheduled time of aircraft arrival
|
Scheduled time of aircraft arrival
|
Any collected APIS information
|
Citizenship
|
|
All historical changes to the PNR listed
in numbers 1 to 18
|
Country of residence
|
|
|
Status on board aircraft
|
|
|
Travel document type
|
|
|
Alien registration number (if
applicable)
|
|
|
Address while in U.S. (except for
outbound flights, U.S. citizens, lawful permanent residents, crew and
in-transit passengers)
|
|
|
|
Reservation control number*
|
|
|
Record sequence number*
|
|
|
Record type*
|
|
|
Passenger update indicator*
|
|
|
Travel reference number*
|
'
Defined by TSA, but not accepted by travel industry international standards
bodies.
- Not
defined by TSA, nor accepted by travel industry international standards
bodies.
TSA's Technology and IT
Contracts, 2007
After piloting a number of
physical screening technologies in airports across the country through 2007, TSA
will roll them out for operations in 2008. The technologies include an array of
advanced X-ray and magnetic resonance imaging methods for both humans and their
baggage. Chemical tests that detect liquid explosives or traces of explosives
represent another category of physical screening methods. The agency's goal is
to eventually equip all airports with enough technology so that no one can sneak
something nasty onto a plane.
Technology
|
Number of airport pilot tests in 2007
|
Contract dates and awards
|
New X-ray technologies
|
At least six
|
10/3/07; Rapiscan Systems; $9.3 million; 125
620DV devices.
10/3/07; Smiths Detection; $21 million; 125
Hi-Scan devices.
|
Explosives detection (computed tomography)
|
At least 39 since 2005
|
10/3/07; Analogic Corporation; $7.6 million;
12 Cobra devices.
10/3/07; Reveal Imaging Technologies; $5.6
million; Fusion devices.
|
Cast and prosthetics screening (backscatter
X-rays)
|
At least four
|
10/3/07; CastScope; $1.7 million; 37
CastScope units. |
Liquids explosives detection (chemical
methods)
|
At least seven
|
10/3/07; Nomadics Inc.; $3.4 million; 200
Fido PaxPoint units.
10/3/07; Smiths Detection; $650,000; 23
SABRE units.
|
IT and software application development for
Operational Applications Support and Information Services (OASIS) under
DHS's Enterprise Acquisition Gateway for Leading Edge Solutions (EAGLE)
program
|
N/A
|
9/19/07 (five-year contract); IBM Global
Business Services; $98.5 million. |