IT snags slow Secure Flight

TSA's passenger screening system criticized as duplicative of CBP's border program<@VM>Table | Common data elements APIS and Secure Flight

ALTHOUGH THE Transportation Security Administration has made significant progress in deploying technology to detect bombs, weapons and flammable materials that terrorists might smuggle onto a plane, its Secure Flight program for screening passengers remains mired in technology delays.

The long-awaited plan for a new information technology system to match airline passengers against government watch lists faces problems stemming from its high cost and overlap with existing systems, government and industry sources say.

TSA issued a Secure Flight rulemaking proposal in August, prompting many comments from the travel industry. The two main issues are that:
  • The program appears to duplicate many of the capabilities of the Customs and Border Protection agency's Advance Passenger Information System (APIS).
  • TSA may have drastically underestimated the difficulty, cost and time needed for the air travel industry to implement Secure Flight's required IT changes.

The federal government launched APIS in 1988 to meet the needs of the former Customs Service and Immigration and Naturalization Service, the predecessors to CBP.

Since then, flights entering or departing the United States routinely have transmitted traveler information via APIS to federal border control agencies. Customs and INS designed APIS to ensure that travelers entering the country held valid visas or other entry permits.

After Sept. 11, 2001, APIS came into play as a tool to vet passengers against terrorist watch lists.

Today, watch-list matching for domestic flights uses only passenger name record (PNR) data, also known as airline passenger manifest data ' the data that airlines collect when a traveler makes a reservation and buys a ticket.

For international flights, both APIS and PNR data are used to vet travelers against watch lists.

'APIS information comes from passports,' said Cathleen Berrick, director of homeland security and justice at the Government Accountability Office.

Berrick said that although Secure Flight would use PNR data reported by passengers, APIS data is verified and is more accurate.

APIS uses 22 data elements, including full name, date of birth, gender, passport number and flight number. PNR data contains 19 discrete elements, with little APIS overlap. Secure Flight, however, requires 20 data elements, 14 of which duplicate those in APIS. (For a chart of the common data elements, go to

Five of the nonmatching items, such as record type and passenger update indicator, have not been defined by TSA. Passenger redress number, the sixth nonmatching item, is the number a traveler gets when he or she has been wrongly matched with a terrorist. If that happens, a passenger can be detained, questioned and prevented from flying. The number is used to get redress from TSA. None of the six items have been considered or approved by the travel industry's standards bodies.

Now, TSA wants to build a new IT system with links to domestic and international airlines to collect information for Secure Flight.

However, most of that data already flows to CBP via APIS.

'International airlines are already doing this [watch-list matching], so why invent the wheel?' asked Lynn Ross, senior manager of government affairs at Express Jet. 'Why not use the existing APIS system and just add on the domestic part?' According to comments on TSA's rulemaking proposal filed by airlines and other travel industry organizations, the agency has greatly underestimated the cost of complying with Secure Flight. Some evidence exists to support the claims in the form of data from IT changes airlines are making now to meet new APIS requirements CBP issued in August.

The changes might not sound significant, but they are costing Air France millions of dollars, said Guy Tardieu, the airline's vice president and chief of staff in the chairman's office.

TSA has not announced a date for publishing the final rule for Secure Flight.

Since terrorist watch-list matching was imposed, airlines have been responsible for vetting passengers against the lists. Starting in February, CBP will take over that responsibility.

'CBP will do this on behalf of TSA until Secure Flight is operational,' said Kimberly Nivera, director of traveler entry programs at CBP's Field Operations Office.

Nivera's agency will have a few months to perfect the vetting process before the heavy summer travel season begins. If the takeover goes smoothly, many more questions may be asked about the need for Secure Flight.

Common data elements APIS and
Secure Flight

Passenger Name Record (PNR), data,
also known as passenger manifest data

APIS (Customs & Border Protection)

Secure Flight (Transportation
Security Administration)

PNR record locater code

Full name

Full name

Date of reservation/issue of ticket

Date of birth

Date of birth

Date(s) of intended travel




Redress number' or known traveler

Available frequent flier and benefit

Passport number

Passport number

Other names on PNR, including number of

Passport country of issuance

Passport country of issuance

All available contact information,
including originator information

Passport expiration date

Passport expiration date

All available payment/billing
information (excluding other transaction details not connected to the
travel transaction)

Passenger name record locater

Travel itinerary for specific PNR

International Air Transport Association
(IATA) foreign airport code'place of origin

IATA foreign airport code'place of

Travel agency/travel agent

IATA code'port of first arrival

IATA code'port of first arrival

Code share information

IATA code of final foreign port for
in-transit passengers

Split/divided information

Airline carrier code

Airline carrier code

Travel status of passenger (including
confirmations and check-in status)

Flight number

Flight number

Ticketing information, including ticket
number, one way tickets and Automated Ticket Fare Quote

Date of aircraft departure

Date of aircraft departure

All baggage information

Time of aircraft departure

Time of aircraft departure

Seat information, including seat number

Date of aircraft arrival

Date of aircraft arrival

General remarks including OSI, SSI and
SSR information

Scheduled time of aircraft arrival

Scheduled time of aircraft arrival

Any collected APIS information


All historical changes to the PNR listed
in numbers 1 to 18

Country of residence

Status on board aircraft

Travel document type

Alien registration number (if

Address while in U.S. (except for
outbound flights, U.S. citizens, lawful permanent residents, crew and
in-transit passengers)

Reservation control number*

Record sequence number*

Record type*

Passenger update indicator*

Travel reference number*

Defined by TSA, but not accepted by travel industry international standards

  • Not
    defined by TSA, nor accepted by travel industry international standards

TSA's Technology and IT
Contracts, 2007

After piloting a number of
physical screening technologies in airports across the country through 2007, TSA
will roll them out for operations in 2008. The technologies include an array of
advanced X-ray and magnetic resonance imaging methods for both humans and their
baggage. Chemical tests that detect liquid explosives or traces of explosives
represent another category of physical screening methods. The agency's goal is
to eventually equip all airports with enough technology so that no one can sneak
something nasty onto a plane.


Number of airport pilot tests in 2007

Contract dates and awards

New X-ray technologies

At least six

10/3/07; Rapiscan Systems; $9.3 million; 125
620DV devices.

10/3/07; Smiths Detection; $21 million; 125
Hi-Scan devices.

Explosives detection (computed tomography)

At least 39 since 2005

10/3/07; Analogic Corporation; $7.6 million;
12 Cobra devices.

10/3/07; Reveal Imaging Technologies; $5.6
million; Fusion devices.

Cast and prosthetics screening (backscatter

At least four

10/3/07; CastScope; $1.7 million; 37
CastScope units.

Liquids explosives detection (chemical

At least seven

10/3/07; Nomadics Inc.; $3.4 million; 200
Fido PaxPoint units.

10/3/07; Smiths Detection; $650,000; 23
SABRE units.

IT and software application development for
Operational Applications Support and Information Services (OASIS) under
DHS's Enterprise Acquisition Gateway for Leading Edge Solutions (EAGLE)


9/19/07 (five-year contract); IBM Global
Business Services; $98.5 million.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected