In 2005 the Transportation Security Administration (TSA) began a pilot program in conjunction with the Registered Traveler Interoperability Consortium, where travelers could undergo a background check, and provide a biometric sample to the TSA’s Office of Transportation Threat Assessment and Credentialing and become a “Registered Traveler.”
On paper the Registered Traveler program made sense. The program allowed frequent flyers to speed up the security screening process … however in reality all it did was allow frequent flyers to skip the security line and undergo a standard TSA screening.
As the TSA searches for new ways to innovate its security procedures, the agency is returning to a concept that had previously been discussed that places travelers into a three-tiered system to assess the security risk of each passenger.
Under the TSA’s three-tier concept, passengers will be categorized one of three ways, Trusted Traveler, Regular and Risk. On the surface this scheme seems logical and can speed up the process, however it may not be viable or deployable, especially in the near future.
The TSA’s initial concept for categorizing passengers under a three-tiered security scheme is that ‘all the information,’ including travel information and government collected data ,on passengers would move through the security checkpoint with a passenger to create a real-time threat assessment.
At the top of this three-tiered security scheme, would be “Trusted Travelers.” The Trusted Travelers, would be those who submit to a complete background check, much like those under the previous Registered Traveler program, and similar to the current Global Entry program that U.S. Customs and Border Protection (US CBP)has in place at international airports. US CBP’s Global Entry program allows those who have undergone a background check to bypass the lines at passport control and use a kiosk to enter the country. With the TSA’s projected Trusted Traveler program, a traveler who has been verified would receive a ‘lighter’ search, use a walk-through-metal-detector instead of an Advanced Imaging Technology (AIT) scanner and in theory be able to keep their shoes on and their laptop in the bag.”
A “Regular” traveler would undergo the standard security procedures in place today.
A “Risk” traveler would receive a more thorough search of their clothing, baggage and potentially be asked a series of questions.
The TSA says the three-tiered system should speed of security while increasing their ability to prevent terrorist actions on commercial aircraft … however in reality, in the current state the TSA is in, this new system would likely slow down security, increase the TSA’s budget, create a new series of security, technology and data-protection problems.
Many potential threat risks come back “clean” with background checks. Time and time again it has been proven, not just in the U.S., but all over the world, that significant threat risks make their way through security. A number of significant threat risks have had completely clean background checks, and this has happened more times than the intelligence community likes to admit.
To implement a new three-tiered individual threat based screening system, the TSA needs to overcome some hurdles first.
At the top of these hurdles is positive identification of each traveler, matching them to their boarding pass. The TSA’s inability to have 100% passenger identification with online check-in boarding passes has been a problem since the inception of online check-in.
With a boarding pass printed on any printer outside of the control of an airline, it is quite easy to alter a passenger name. This is done by saving the boarding pass as a PDF, rather than printing it, then opening the PDF file in a graphics program capable of removing and adding text.
The TSA has begun to accept mobile boarding passes with 2D Aztec bar codes, that cannot be altered, however they have not required airlines to utilize Aztec bar codes on paper boarding passes due to the significant security superiority they offer.
Along with the shift of airlines to a secure boarding pass, the TSA needs to address the IT issues associated with having a live stream of data of all passenger information coming into each and every TSA checkpoint, so TSA Travel Document Checkers (TCDs) have access to every airlines passenger list in real-time.
Once the TSA addresses IT issues related to using secure boarding passes, whether printed at the airport, at home, or on a mobile phone, the agency needs to deploy the technology and hardware to every airport screening check point to verify each boarding pass. This hardware can be fixed to a TCD podium, or be wireless, but the implementation of this hardware needs a budget of hundreds of millions of dollars … something the TSA does not presently have in its budget.
Following the TSA implementing the use of secure boarding passes, and the deployment of a uniform IT and hardware structure to support the verified boarding pass system, the agency must turn its attention to the physical altering of security checkpoints at airports to allow for the three-tier screening to be carried out. The altering of airport security checkpoints is problematic for two reasons, the first is space constraints, the second is that the TSA currently owes multiple airports tens-of-millions of dollars in reimbursement money for previous TSA mandated alterations to accommodate other TSA hardware initiatives.
The TSA checkpoint system would likely be similar to the current “Self Select Lanes.” Once a passenger has their boarding pass verified a TSA TCD would direct passengers to various lanes rather than passengers choosing for themselves … however very few airports actually have the Self Select Lanes. The vast majority of airports in the United States do not have the physical space to implement the TSA Self Select Lanes system … which poses the question of how would the TSA physically implement an effective three-tier system in most airports?
Regional airports that have very few lanes, or one lane, will need to filter all passengers through the same line and check point. Small airports would likely be short for handling those deemed “Risk,” while processing all other passengers.
But let’s not get ahead of our selves here … there is a bigger question to ask … that question is this … who would perform the passenger background checks for the Trusted Traveler system and who would determine a “Regular” vs “Risk” passenger? The Department of Homeland Security’s track record in determining true threat risks versus labeling non-threat risk as threat risks has not been stellar.
Additionally, the TSA’s Office of Transportation Threat Assessment and Credentialing stopped performing background checks on passengers in the Registered Traveler program on July 30th 2008 … while Registered Traveler providers were allowed by the TSA to continue to collect detailed background information and biometrics.
Where is the oversight in this?
Who will ensure the data security collected on passengers? Following a 2008 incident with CLEAR, when a laptop with the full security background information of 33,000 passengers was stolen at San Francisco International Airport (SFO), from a supposedly locked office, then reappeared ten days later on the exact desk it was stolen from, the TSA placed the laptop and all of the passenger data back into service when it was after not properly overseeing the verification of all the files … leaving potentially 23,000 tainted files in place for CLEAR to use as “verified data.”
Will the whole program be turned over to a private contractor to handle the security verification, IT hardware, IT software and maintain the storage and security of the data? Lockheed Martin has extensive experience in this area, however should this information be in the hands of a private corporation?
Airport and aviation security should integrate risk and threat assessments, which is why passengers are already run through the Secure Flight program to search for risks and those on the No Fly List … but are we ready for a full three-tier system that will cost the TSA billions of dollars when the agency hasn’t already proven it knows how to deploy and maintain the current technology it has previously selected to safe guard the traveling public?
The TSA is capable of speaking big and broad, but before the agency can spread its wings further, it must first tackle the important issues already in play.