October 4, 2007 - Secure Flight, the governments name for a proposed computerized passenger prescreening system, has had more lives than most cats. Since 2003, it has gone through at least one name change and been killed off by Congress or the Department of Homeland Security (DHS) at least three times. Every organization advocating privacy rights has opposed it, and virtually everyone who is concerned with the government's incompetent handling of data security issues has questioned it. Now, several months after its last demise, Secure Flight is resurrected again. And as with any zombie, it's carrying much of the same baggage that it did in its prior life.

Secure Flight has been forced along for years in the wake of the 9/11 attacks. The government envisions it as a computerized method to speed up passenger screening at airports; a laudable cause. On its surface, it appears to be a good idea. Who wouldn't want to shorten the wait time for boarding flights?

But when one digs below the surface of Secure Flight, it doesn't take too long for most people to determine that it suffers from a number of problems. Most of these wounds have been self inflicted by the government's refusal to adopt some fairly simple policies. For instance, DHS has never agreed to a privacy policy that says the data used for passenger screening will not be used for any other purpose.

The history of Secure Flight includes a drive by DHS to match passenger data against commercial databases, and to check the credit reports of the flying public. Over time, both of these suggestions were dropped.

It also includes several instances of DHS personnel lying to Congress when testifying under oath. None of these cases have ever been prosecuted, but in combination with protests from privacy watchdogs, they did lead Congress to pass a law requiring Secure Flight to pass a ten point test before it could be implemented or even tested. In every instance that the test was given, Secure Flight failed.

One of the key elements of that test was that DHS had to provide a means for the traveling public to correct erroneous information stored in and used by Secure Flight. Without this, once someone is flagged as high-risk and made subject to additional screening, they have no reasonable way to reclaim their right to travel without undue interference by the government.

There are actually thousands of law abiding US citizens that can't board a plane today because they are on the current watch list. The problem with the current list is that there is no procedure for people to use to correct errors.  Given that this has been one of the primary complaints associated with the current system, one has to wonder why DHS is so set on repeating its past mistake.

But the fact is that on 8/23/2007, DHS posted a notice in the Federal Register that it wants to exclude most of the data it will use for Secure Flight from the Privacy Act; a law that specifies how the government is to store and use personal data on citizens. It should be noted that the Privacy Act specifically allows citizens to review the data the government stores on them, and to make corrections if there is an error. By excluding data from the Privacy Act, DHS will make it impossible for anyone to review their Secure Flight profile, or make corrections to it.

How DHS can do this is a question unto itself since current law, as previously mentioned, requires DHS to provide a method for consumers to correct errors prior to the time that Secure Flight can be implemented. DHS now says that they want to implement the new system in 2008.

ACCESS is urging Congress to continue the oversight of DHS and Secure Flight. We are also urging consumers to submit comments to DHS via the government's rulemaking website at http://www.regulations.gov/. Once there, search on Docket Number TSA-2007-28572.

by Jim Malmberg

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Only registered users can write comments.
Please login or register.