Secure Flight Hits More SnagsSecure Flight Hits More Snags

The Transportation Security Administration's Secure Flight program is under question again, and it's unclear when, or even if, the controversial passenger-screening system will be given clearance for takeoff. Privacy issues are a sticking point, but the problems may run deeper. Project managers are vague about Secure Flight's technology architecture, and critics are asking whether the management team is up to the task.

The program aims to create a government-run system for checking airline passenger lists against an FBI terrorist watch list, which puts the TSA in the sensitive business of collecting data on air travelers from a variety of sources. That's brought the scrutiny of privacy watchdog groups that want to know what types of data are being collected and how it will be used. The answers have been less than satisfactory.

"There are privacy concerns about the program, so it's unclear when testing can begin," acknowledges Nuala O'Connor Kelly, Homeland Security's outgoing chief privacy officer. "I think we need to go back to the basics. What is the purpose of the program, and what are we trying to achieve? What kind of data is really necessary?" O'Connor Kelly, however, won't be around to help answer those questions. She resigned from the government job last week to oversee privacy policy for General Electric Co.

Secure Flight, which is budgeted for $81 million in fiscal 2006, has been hit hard in recent weeks with sharply critical reports from the Department of Justice's inspector general and an independent working group charged by the TSA with monitoring the project's privacy and security provisions. The reports came as the TSA, a division of Homeland Security, is set to begin a test phase already delayed several times over the past six months.

The Justice Department report asserts that the FBI Terrorist Screening Center's ability to plan for its role in the program has been hampered by the repeated delays and uncertainty over the number of airlines to participate in the test and the volume of passenger records to be matched. The Secure Flight Working Group's criticism is more wide-ranging, citing the project's unclear goals, the lack of information TSA officials have provided about its IT architecture, ambiguity around system oversight, and the potential for privacy violations if the system is linked to other TSA programs.

It all raises the specter of yet another federal IT program gone awry. The FBI, the TSA's partner in the program, last year shelved its Virtual Case File system, a custom case-management application that fell victim to outdated IT practices and a revolving door of four CIOs over two years, after spending some $170 million on its development. Secure Flight itself is the offspring of a botched effort, the Computer-Assisted Passenger Pre-Screening System, or CAPPS II, which was scrapped last year after consumer backlash over the planned use of data from credit agencies and other consumer databases. Secure Flight differs in one key way: Whereas CAPPS II called for layering third-party data over screening processes managed by the airlines, Secure Flight would take over the screening process.

TSA officials downplay the uproar. "Things are on the right track," says Justin Oberman, the TSA assistant administrator who heads up the Secure Flight effort. Oberman says his team will take concerns raised by the working group and the Justice Department into account as it prepares to begin testing the system on live flights before the end of the year. The system will involve transmitting data from airlines to the TSA, checking it against the FBI watch list, then zapping it back to the airlines and the FBI when quick action is needed. Oberman says. Undeterred by the fretters, the TSA plans to have the system fully operational early next year.

IBM is serving as the project's technology lead. One key component will be Infoglide Software Corp.'s data-comparison engine, which integrates real-time transactional data (passengers with boarding passes, for example) with historical information (terrorist watch lists). Before Secure Flight can go live, though, Oberman says the airlines will have to modify their systems to share data with the TSA. "Those systems are very old, and there's a lot of technical development required," he says.

That assessment, however, doesn't jibe with what airline officials are saying. Continental Airlines CIO Ron Anderson-Lehman says airlines already have demonstrated they're capable of checking passenger names against terrorist watch lists, something they've been doing since shortly after the terrorist attacks of Sept. 11, 2001. His big concern is something TSA officials aren't even talking about-whether the Secure Flight system will be scalable enough to crunch data from hundreds of airlines without stalling time-sensitive operations. "We're trying to move a lot of passengers through our airports, so we need a very quick response time," he says. "You can't negatively impact the processing time of our passengers or you'll kill us at the airport."

Another worry centers around airlines' potential role in ensuring the accuracy of the data used by Secure Flight. Passenger name records that airlines will provide come from reservations systems, which, unlike their more closely guarded customer-management systems that handle frequent-flier data, don't always contain the most carefully scrubbed data. They function more like inventory systems designed to track seat availability rather than serve as a master customer record. Anderson-Lehman says he hopes the TSA doesn't ask him to address that. "If you're asking me to validate passengers' identity before I sell them a ticket, that has huge implications," he says.

The privacy monster raised its ugly head in the past-JetBlue and American Airlines got slapped after sharing data with TSA contractors. Concerns surfaced again after the TSA pushed for third-party data to improve the accuracy of screening, a plan it later abandoned even while arguing that "commercial data" could be useful. "They're still not getting it," fumes Jim Dempsey, a working group member and executive director of the Center for Democracy and Technology. "The utility of commercial data isn't clear, because TSA never said what they wanted to use the commercial data for." Privacy advocates fear that if the TSA can establish dossiers on travelers by combining airline data with other consumer data, it might do more than clear passengers for flights, becoming a sort of de facto law-enforcement agency.

Members of the Secure Flight Working Group also question whether the project's leadership has the experience to get the job done. Marty Abrams, a working-group member who heads the Center for Information Policy Leadership, a privacy consultancy, suggests the TSA's staff lacks the project-management experience to understand how critical requirements definition is to a project that involves analyzing consumer data. Says Abrams, "We're really at a time when people in the government who use analytics to keep us safer need to be on a learning curve."

Without the right leadership, Secure Flight could find itself grounded.