Aviation security leaders are moving forward with plans to shift toward a risk-based system of passenger screening — an idea supported by the travel industry and government officials who want screeners to focus on travelers who may present a security threat.
But as details emerge on how governments and airlines plan to distinguish between “trusted travelers” eligible for lighter screening and those who will receive more scrutiny, civil liberties groups and some European regulators are questioning the use of vast quantities of personal data to decide which travelers to examine more closely — or to prevent from flying at all.
Collecting and sharing information on passengers is at the heart of the new effort. The information governments use to vet passengers includes data individuals have volunteered by applying for trusted traveler programs, as well as information gathered through terrorist watch lists, criminal background checks and border checkpoint encounters.
As the focus turns more to identifying suspect travelers, not just suspect items, the government is also looking at data that airlines and travel agents have collected on their customers, ranging from birth dates and passport numbers to potentially confidential details apparent in travel itineraries (like a flight to Pakistan) and group discount codes (for a trip to a conference, for instance).
For passengers on international flights, much of the data in these “passenger name records” is already shared with the Department of Homeland Security, although the agency has agreed to filter out certain records, like a traveler’s kosher or halal meal preference — a potential indicator of religion — barring “exceptional circumstances.”
But the prospect of using passenger data not just for border control, but also to make airport screening decisions, exposed a fissure between more privacy-oriented European officials and their American counterparts.
Peter Schaar, the federal commissioner for data protection and freedom of information in Germany, speaking on a panel at an aviation security conference in Brooklyn last week, said that any system that uses passenger data to assess the security risk posed by an individual should have to meet three criteria: it must be proved to be effective at rooting out terrorists; it must be proportional to that goal, without violating privacy rights; and it must avoid negative side effects, like discrimination.
“I question whether these proposals meet at least one of those,” he said.
That perspective was in the minority at the event, organized by the International Air Transport Association and largely attended by screening equipment manufacturers, airline and airport security directors and government officials mostly eager to move ahead — despite budget constraints — with what they called the passenger differentiation concept.
Janet Napolitano, the secretary of homeland security, who spoke at the conference, described the agency’s shift as a “risk-based approach that attempts to segregate out passengers for whom we have a lot of information and can evaluate their risk as low-risk versus those that we know little about or that are higher risk.”
The TSA also plans to focus more on devices that could do catastrophic damage to an aircraft. John Pistole, the agency’s administrator, announced that small pocketknives and some sports equipment would be allowed in carry-on bags beginning April 25 — an effort to more closely align American rules with European standards.
The U.S. government would also like to expand its use of behavior-detection officers who question passengers in security lines, a technique used in Israel, but the Government Accountability Office has faulted the way the program was carried out in the United States, saying it did not meet scientific standards of validation.
While airlines and equipment manufacturers are seeking similar security procedures worldwide, sharing travelers’ data across borders — which already happens to some degree — presents more complex challenges. Governments are debating when and how to recognize another country’s trusted travelers, and how to respond if nations like China start asking for the same level of passenger data that the United States demands.
The debate is likely to become more heated as civil rights groups and passengers — two groups unrepresented at the conference — get a clearer sense of where trusted traveler programs are headed.
“The notion that the government is in any position to judge who is trusted and who is risky is very problematic,” said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. “Terrorist attacks on airlines are basically freak events — fortunately, they’re exceedingly rare — so any attempt to predict who is likely to engage in that type of thing is inevitably going to sweep up a vast number of innocent people.”
That has been the case with the government’s Global Entry program, a trusted-traveler initiative that allows members who have undergone background checks to use a kiosk to clear customs instead of waiting to speak with an agent. Members also gain access to PreCheck lanes for expedited security screening at some airports.
The TSA has been encouraging passengers to apply for Global Entry as a way to expand PreCheck eligibility, but some travelers are discovering that applying for the program can result in an “untrusted” label.
For instance, a woman, who for privacy reasons did not want her name used, said she had been detained for questioning by the police as a teenager but was never charged with a crime. Because of this incident, she said, she was rejected by Global Entry. Since there was no court case, she cannot get the record of disposition required by the Global Entry enrollment center, which did not accept the official letter from the court she submitted. Although she said she had sent an appeal to the trusted-traveler ombudsman last fall, she is still waiting for a response.
“What is this category that I’m in now that I can’t fix?” she asked.
Other travelers have reported similar frustrations with the program’s lack of transparency. Some people say they have no idea why they were rejected, while others have been denied based on minor incidents with law enforcement years ago.
One in four American adults has some type of criminal record (meaning an arrest or a conviction), according to the Justice Department and National Employment Law Project. That could exclude millions of people from the trusted traveler pool and complicate the government’s goal to include half of all airline passengers in the trusted category.
Travelers who have been placed on the TSA’s PreCheck Disqualification List may also be excluded. In a notice published in the Federal Register in November, the agency described this roster as “a watch list of individuals who are disqualified from eligibility from TSA PreCheck, for some period of time or permanently, because they have been involved in violations of security regulations of sufficient severity or frequency.”
The notice indicated that this list would be generated by the TSA’s Performance and Results Information System, which “maintains records related to the investigation or prosecution of violations of federal, state, local or international criminal law.”
Those violations range from getting caught with a loaded firearm at a checkpoint to disobeying aviation security regulations at the airport or on board aircraft. David Castelveter, a TSA spokesman, said the list might include altercations between passengers and flight crew that end up involving federal air marshals or other agency representatives.
“We don’t talk about how you do or do not get on certain lists, for security reasons,” he said.