One of the priorities in aviation security after 9/11 was the creation of an upgraded computerized system to identify potential terrorists when reservations are made. Clearly, the system in place—cross-checks against terrorist watch lists, plus CAPPS I (Computer-Assisted Passenger Prescreening System), which flags passengers using now widely known criteria, such as the purchase of a one-way ticket—wasn't adequate.
Nearly four years later, we still don't have a new system, and Secure Flight, the latest version being tested by the Transportation Security Administration (TSA), could be in trouble. In June, Nuala O'Connor Kelly, the Department of Homeland Security's top privacy officer, announced she was investigating whether the TSA had violated federal privacy laws by failing to publicly disclose the program's scope, particularly its use of commercial databases (which may contain credit information) for identity verification. Critics have long worried that Secure Flight could become another CAPPS II, the TSA's first attempt at an improved system. CAPPS II was scotched last summer, mainly due to outcry over its use of—that's right—commercial databases. Privacy advocates see the potential for a government surveillance program, even though the TSA has vowed to purge all passenger data within 72 hours of a flight; at the very least, Kelly has noted, the databases themselves may not be secure enough to protect consumers.
The TSA was explicit about CAPPS II's reach, but it has revealed little about Secure Flight. Although the agency plans to implement the program with two unidentified airlines later this year, it still has not divulged the degree to which it will be using commercial databases or whether it will run criminal background checks, another controversial possibility. Not surprisingly, there has been almost no public debate about Secure Flight.
Whatever the outcome of Kelly's investigation, Secure Flight is far from a done deal. Congress has required that the TSA address issues raised by the Government Accountability Office (GAO); in March, the GAO issued a report that concluded the TSA had met only one of 10 criteria. The TSA says it's addressing the GAO's concerns.