TSA Secure Flight: The Next TSA Privacy Threat?

To insure you aren't a terrorist, you must now provide more personal info for TSA Secure Flight. Your privacy may now be less secure.

If you ever intend to fly again, you will encounter yet another Department of Homeland Security (DHS) program that will be administered by the Transportation Security Administration (TSA) to ascertain you are not a terrorist. The Secure Flight program requires airlines to collect and transmit each passenger's full name, date of birth and gender at least 72 hours before a flight. Secure Flight may be aimed at making flying safer, but there is already a report that the TSA Secure Flight initiative may be making your privacy less secure.

According to The Washington Post, a Southwest Airlines passenger was required to update frequent-flyer account details to match Secure Flight information, but he then received a birthday card in the mail. He asked "the TSA about the personal information used for the program, and a representative pointed me to a statement on the agency's Web site assuring air travelers that the data are collected, used, distributed, stored and disposed of according to stringent guidelines and all applicable privacy laws and regulations." A Southwest Airlines representative later told him, "We protect [Secure Flight] information the same as we would protect credit card information and only use it for the information that is required by the TSA." Just the same, his Secure Flight date of birth information resulted in promotional marketing sent to his home.

American Airlines may be the first to require all passengers to have Secure Flight Passenger Data (SFPD) in their reservation at least 72 hours prior to departure, but they won't be the only airline with these requirements. According to KDS, an international provider of Travel & Expense management systems, after November 1, 2010, "any airline failing to comply with the Secure Flight program risks a financial penalty." 

What if there is an emergency or even a last minute flight deal which would give you less than 72 hours to book a flight? Flight data is still required for last minute travelers, but the TSA Secure Flight program is able to perform real-time watch list matching. World Travel Incorporated reported if a traveler changes their itinerary while traveling, or books a flight for same day or next day travel, "the airline is required to transmit SFPD to TSA as soon as the reservation is made."

If the name on your identification or on frequent-flyer programs varies at all, such as a nickname, then you need to take steps to make them all match so you don't encounter difficulties. All data elements should match exactly the ID you plan to present at the airport. TSA might deny air travel for a person named John Q. Public on a driver's license, Jonathon Q. Public on a passport, but listed as John Quinn Public for frequent-flyer miles. If your full middle name is on a government-issued photo ID, you need to include your full middle name in your flight reservation and frequent-flyer profile. Woe to any unfortunate person whose name is similar to or the same as a name on the current terrorist watch list. Secondary security screenings at airports may be the least of your worries.

According to TSA, under the Secure Flight program, TSA will match your information against government watch lists to:

  • Identify known and suspected terrorists.
  • Prevent individuals on the No Fly List from boarding an aircraft.
  • Identify individuals on the Selectee List for enhanced screening.
  • Facilitate passenger air travel.
  • Protect individuals' privacy.

If you are misidentified for any reason, then you must apply for and always include a redress number when booking any future flights. For individuals who are misidentified, TSA reports:

Redress is an opportunity for passengers who believe they have been improperly or unfairly delayed or prohibited from boarding an aircraft to seek resolution and avoid future delays. The affected passengers often have the same or a similar name to someone on the watch list. The DHS Traveler Redress Inquiry Program (TRIP) provides a one-stop shop for passengers seeking redress. Secure Flight uses the results of the redress process in its watch list matching process to help prevent future delays for misidentified passengers.

Please note that DHS can neither confirm nor deny whether an individual is on a Federal watch list because this information is derived from classified and sensitive law enforcement and intelligence information. In addition, DHS cannot ensure that your travel will always be delay-free.

TSA states that your privacy is very important to them. According to Secure Flight Privacy Impact Assessment (PIA), "Ensuring the privacy of individuals is a cornerstone of Secure Flight. TSA has developed a comprehensive privacy plan to incorporate privacy laws and practices into all areas of Secure Flight. The program has worked extensively to maximize individual privacy."

The TSA, however, has lied to the public in the past and doesn't have the best reputation, or track record, for ensuring individual privacy. As Cnet pointed out, although TSA adamantly claimed that body scanned images could not be stored or recorded, some of the controversial images were stored after all. According to ThreatLevel, a recent TSA campaign targeted photographers in hoodies. The Consumerist reported that TSA screeners bullied a pregnant traveler into a full body scan, instead of allowing her to exercise the right to a pat-down.

The Philadelphia Inquirer reported that the TSA dug through woman's purse, flipped through over $8,000 worth of checks and then called in police due to a TSA behavior detection officer's suspicion that she acted nervous. Vic Walczak, Pennsylvania ACLU legal director, called what happened to her "preposterous and a violation of the Fourth Amendment, which protects people from unreasonable searches...None of this makes any sense except as a fishing expedition, which under the U.S. Constitution is not allowed."

TSA might have been working on its reputation since Gizmodo reported that some airport naked body scanners will be getting a privacy upgrade to anonymize gender-specific private parts. Whatever public relation good that might have done, might be considered canceled out due to a report of privacy problems within TSA. The Smoking Gun reported on an airport screener who had a full-body scan during a training session and then assaulted a fellow TSA coworker after being subjected to "psychological torture." According to the Miami-Dade Police Department report detailing the incident, TSA employees taunted him about the size of his genitalia by repeatedly asking him, "What size are you?" His coworkers also called him “little angry man,” while laughing off his pleas for compassion and "abusing him in front of passengers."

NextGov reported that TSA screens all cargo on domestic flights now, but we are yet to discover if TSA Secure Flight will cause any additional passenger delays. For some unfortunate misidentified people, Secure Flight will certainly cause headaches. In fact, by providing third parties such as airlines with the required Secure Flight data, we may see a new wave of assaults on our privacy.

Like this? Check out these other posts:

  • All of today's Microsoft news and blogs
  • Privacy Wars: How to Hide While Google is Watching You
  • EFF Warns of Untrustworthy SSL, Undetectable Surveillance
  • Microsoft's Davis on Privacy: Your Digital Life Data is Bankable Currency
  • ACLU Report: Spying on Free Speech Nearly At Cold War Level
  • Full-Body X-Ray Scanners Driving Down A Street Near You?
  • Facial recognition: Identifying faces in a crowd in real-time
  • Google CEO Schmidt: No Anonymity Is The Future Of Web
  • Cyber-Warfare: U.S. Military Hackers and Spies Prepare to Knock the World Offline

Follow me on Twitter @PrivacyFanatic

Copyright © 2010 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)