[Federal Register Volume 69, Number 185 (Friday, September 24, 2004)]
[Notices]
[Pages 57342-57345]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 04-21478]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
[Docket No. TSA-2004-19160]
Reports, Forms, and Recordkeeping Requirements: Agency
Information Collection Activity Under OMB Review; Secure Flight Test
Phase
AGENCY: Transportation Security Administration (TSA), Department of
Homeland Security (DHS).
ACTION: Notice of emergency clearance request.
-----------------------------------------------------------------------
SUMMARY: TSA has submitted a request for emergency processing of a new
public information collection to the Office of Management and Budget
(OMB) for review and clearance under the Paperwork Reduction Act of
1995 (Pub. L. 104-13, 44 U.S.C. 3501, et seq.). This notice announces
that the Information Collection Request (ICR) abstracted below has been
forwarded to OMB for review and comment. The purpose of the ICR is to
facilitate testing of TSA's Secure Flight program, which will prescreen
airline passengers using information maintained by the Federal
Government about individuals known or suspected to be engaged in
terrorist activity and certain other information related to passengers'
itineraries--specifically, passenger name record (PNR) data. On a
limited basis, TSA will also test the use of commercial data to
identify instances in which passenger information is incorrect or
inaccurate. TSA does not assume that the result of comparison of
passenger information to commercial data is determinative of
information accuracy or the intent of the person who provided the
passenger information.
In order to test the Secure Flight program, TSA is proposing to
issue an order to all domestic aircraft operators directing them to
submit a limited set of historical passenger name records to TSA. The
ICR describes the nature of
[[Page 57343]]
the information collection and its expected burden.
DATES: Send your comments by October 25, 2004. A comment to OMB is most
effective if OMB receives it within 30 days of publication.
ADDRESSES: Comments may be faxed to the Office of Information and
Regulatory Affairs, Office of Management and Budget, Attention: DHS-TSA
Desk Officer, at (202) 395-5806.
FOR FURTHER INFORMATION CONTACT: Conrad Huygen, Office of
Transportation Security Policy, TSA-9, Transportation Security
Administration, 601 South 12th Street, Arlington, VA 22202-4220;
telephone (571) 227-3250; facsimile (571) 227-1954; e-mail
[email protected].
SUPPLEMENTARY INFORMATION:
Background
TSA currently performs passenger and baggage screening with
screening personnel and equipment at the nation's airports. This
screening is supplemented by a system of computer-based passenger
screening known as the Computer-Assisted Passenger Prescreening System
(CAPPS), which is operated by U.S. aircraft operators. CAPPS analyzes
information in passenger name records (PNRs) using certain evaluation
criteria in order to determine whether a passenger or his property
should receive a higher level of security screening prior to boarding
an aircraft. A PNR is a record that contains detailed information about
an individual's travel on a particular flight, including information
provided by the passenger when making the flight reservation. Though
the content of PNRs varies among airlines, PNRs may include, among
other information: (1) Passenger name; (2) reservation date; (3) travel
agency or agent; (4) travel itinerary information; (5) form of payment;
(6) flight number; and (7) seating location. Operationally, CAPPS is
not a single system. CAPPS is programmed into the separate computer
systems through which airline passenger reservations are made.
Passenger prescreening also involves the comparison of identifying
information of airline passengers against lists of individuals known to
pose or suspected of posing a threat to civil aviation or national
security. Aircraft operators currently carry out this function, using
lists provided by TSA. Because the lists are provided in an
unclassified form, the amount of information that they include is
limited.
After a lengthy review of the initial plans for a successor system
to CAPPS, and consistent with a recommendation of the National
Commission on Terrorist Attacks upon the United States (9/11
Commission), the Department of Homeland Security is moving forward with
a next-generation system of domestic passenger prescreening, called
``Secure Flight,'' that meets the following goals: (1) Identifying, in
advance of flight, passengers known or suspected to be engaged in
terrorist activity; (2) moving passengers through airport screening
more quickly and reducing the number of individuals unnecessarily
selected for secondary screening; and (3) fully protecting passengers'
privacy and civil liberties.
Secure Flight Description
Secure Flight will involve the comparison of information in PNRs
for domestic flights to names in the Terrorist Screening Database
(TSDB) maintained by the Terrorist Screening Center (TSC), including
the expanded TSA No-Fly and Selectee Lists, in order to identify
individuals known or suspected to be engaged in terrorist activity. TSA
will apply, within the Secure Flight system, a streamlined version of
the existing CAPPS rule set related to suspicious indicators associated
with travel behavior, as identified in passengers' itinerary-specific
PNR. This should provide a security benefit, while at the same time
improving the efficiency of the pre-screening process and reducing the
number of persons selected for secondary screening. TSA will also build
a ``random'' element into the new program to protect against those who
might seek to reverse-engineer the system.
The Secure Flight program is fully consistent with the
recommendation in the final report of the 9/11 Commission, which states
at page 392:
``[I]mproved use of ``no-fly'' and ``automatic selectee'' lists
should not be delayed while the argument about a successor to CAPPS
continues. This screening function should be performed by TSA and it
should utilize the larger set of watch lists maintained by the
Federal Government. Air carriers should be required to supply the
information needed to test and implement this new system.''
Expansion of these lists to include information not previously
included for security reasons will be possible as integration and
consolidation of the information related to individuals known or
suspected to be engaged in terrorist activity maintained by TSC is
completed and the U.S. Government assumes the responsibility for
administering the watch list comparisons. Secure Flight will automate
the vast majority of watch list comparisons; will allow TSA to apply
more consistent procedures where automated resolution of potential
matches is not possible; and will allow for more consistent response
procedures at airports for those passengers identified as potential
matches.
Secure Flight Testing Phase
Secure Flight represents a significant step in securing domestic
air travel and safeguarding terrorism related national security
information. It will dramatically improve the administration of
comparisons of passenger information with data maintained by TSC and
will reduce the long-term costs to air carriers and passengers
associated with maintaining the present system, which is operated
individually by each air carrier that flies in the United States.
However, such comparisons will not permit TSA to identify passenger
information that is incorrect or inaccurate. For this reason and on a
very limited basis, in addition to testing TSA's ability to compare
passenger information with data maintained by TSC, TSA will separately
test the use of commercial data to determine if use of such data is
effective in identifying passenger information that is incorrect or
inaccurate. This test will involve commercial data aggregators who
provide services to the banking, home mortgage and credit industries.
These procedures will be governed by strict privacy and data security
protections. TSA will not store the commercially available data that
would be used by commercial data aggregators. TSA will use this test of
commercial data to determine whether such use: (1) Could accurately
identify when passengers' information is inaccurate or incorrect; (2)
would not result in inappropriate differences in treatment of any
protected category of persons; and (3) could be governed by data
security safeguards and privacy protections that are sufficiently
robust to ensure that commercial entities or other unauthorized
entities do not gain access to passenger personal information and to
ensure that the government does not gain inappropriate access to
sensitive personal information. TSA will defer any decision of whether
commercial data will be used in its prescreening programs, such as
Secure Flight, until a thorough assessment of test results is completed
and until the agency publishes a new System of Records Notice
announcing how commercial data might be used and individuals' privacy
will be protected.
In order to obtain the passenger information necessary to test the
Secure Flight program, TSA proposes to issue
[[Page 57344]]
an order to all domestic aircraft operators directing them to submit a
limited set of historical PNRs to TSA that cover commercial scheduled
domestic flights. The order covers PNRs with domestic flight segments
completed in the month of June 2004. However, the order will exclude
those PNRs with flight segments that occurred after June 30, 2004. The
purpose of this limitation is to ensure that during the test phase, TSA
does not obtain any information about future travel plans of passengers
on domestic flights. The order also proposes to exclude PNR flight
segments to or from the United States. TSA requests comments from all
interested parties on this proposed order. The text of the proposed
order is set forth below:
TRANSPORTATION SECURITY ADMINISTRATION ORDER
Pursuant to the authority vested in me as Assistant Secretary of
Homeland Security (Transportation Security Administration) (TSA) by
delegation from the Secretary of Homeland Security, 49 U.S.C.
40113(a), and other authorities described below, I hereby direct
[U.S. aircraft operator] to provide passenger name records (PNRs) to
TSA in accordance with the terms of this order.
Background and Authority
1. The Secretary of Homeland Security has delegated to the
Assistant Secretary of Homeland Security (TSA), subject to the
Secretary's guidance and control, the authority vested in the
Secretary by section 403(2) of the Homeland Security Act (HSA)
respecting TSA, including that related to civil aviation security
under the Aviation and Transportation Security Act (ATSA).
2. Under 49 U.S.C. 114(e)(1) and 44901(a), TSA is responsible
for, among other things, providing for the screening of passengers
traveling in air transportation and intrastate air transportation.
3. One component of passenger screening is the Computer-Assisted
Passenger Prescreening System (CAPPS), an automated screening system
developed by the Federal Aviation Administration (FAA) in
cooperation with U.S. aircraft operators. U.S. aircraft operators
implemented CAPPS in 1997.
4. CAPPS analyzes information in PNRs using certain evaluation
criteria in order to determine whether a passenger will be selected
for a higher level of security screening prior to boarding. A PNR is
a record that contains detailed information about an individual's
travel on a particular flight, including information provided by the
individual when making the flight reservation. While the Federal
Government established the CAPPS selection criteria, CAPPS is
operated entirely by U.S. aircraft operators.
5. Passenger prescreening also involves the comparison of
identifying information of airline passengers against lists of
individuals known to pose or suspected of posing a threat to civil
aviation or national security. Aircraft operators currently carry
out this function, using lists provided by TSA. Because the lists
are provided in an unclassified form, the amount of information they
include is limited. For this reason, TSA will take over from
aircraft operators the function of screening passengers against such
lists and use a larger set of data maintained by the Federal
Government for this purpose. This is consistent with the
recommendation by the National Commission on Terrorist Attacks upon
the United States (9/11 Commission) related to the use of expanded
``No-Fly'' and ``Automatic Selectee'' lists, and the 9/11 Commission
recommendation that aircraft operators be required to supply the
information needed to test and implement such a system.
6. Under 49 U.S.C. 114(f)(8), TSA has authority to identify and
undertake research and development activities necessary to enhance
transportation security.
7. In accordance with the authority in 49 U.S.C. 44903(j)(2),
TSA is in the process of developing a successor system to CAPPS that
will be operated entirely by TSA and will incorporate the screening
of passengers against data maintained by the Terrorist Screening
Center (TSC) about individuals known or reasonably suspected to be
or have been engaged in conduct constituting, in preparation for, in
aid of, or related to terrorism.
8. In order to test such a system, TSA must have access to
information contained in the PNRs for domestic passenger flights.
9. TSA has broad authority under 49 U.S.C. 40113(a) to issue
orders necessary to carry out its functions, including its
responsibility to provide for the security screening of passengers
under 49 U.S.C. 114(e)(1) and 44901(a), as well as its power to
identify and undertake research and development activities necessary
to enhance transportation security under 49 U.S.C. 114(f)(8).
Findings
10. The security pre-screening of passengers, as mandated by
Congress, is vital to aviation security and the national security.
11. After a lengthy review of the initial plans for a successor
system to CAPPS, and consistent with the recommendation of the 9/11
Commission, the Department of Homeland Security is moving forward
with a next generation system of domestic passenger prescreening
that meets the following goals: (1) Identifying, in advance of
flight, passengers known or suspected to be engaged in terrorist
activity; (2) moving of passengers through airport screening more
quickly and reducing the number of individuals unnecessarily
selected for secondary screening; and (3) fully protecting
passengers' privacy and civil liberties.
12. In the revised program, known as Secure Flight, TSA will
compare information in airline PNRs for domestic flights to
information in the Terrorist Screening Database (TSDB) at TSC,
including expanded TSA No-Fly and Selectee lists, in order to
identify individuals known or suspected to be engaged in terrorist
activity. The Secure Flight program also will analyze information in
PNRs using a streamlined version of the existing CAPPS evaluation
criteria. TSA will use the PNRs obtained under this order to test
these aspects of the program.
13. TSA also will test whether comparing passenger information
to other commercially available data can help identify passenger
information that is inaccurate or incorrect.
14. In order to develop and test such a system, TSA must obtain
PNRs from aircraft operators.
15. Therefore, TSA is issuing this order to aircraft operators
directing them to provide PNRs for testing of a new passenger
prescreening system.
Action Ordered
16. On October 29, 2004, the aircraft operator must submit to
its Principal Security Inspector (PSI) all PNRs with flight segments
flown during the month of June 2004 that reflect itineraries of
passengers for transport by the aircraft operator on a scheduled
flight within the United States, in operations subject to a full
security program under 49 CFR 1544.101(a).
17. Within seven days of the date of this order, the aircraft
operator must submit to the PSI a plan for meeting the requirement
in paragraph 16.
18. The aircraft operator must exclude the following from the
set of PNRs submitted to its PSI:
a. Any PNR reflecting an itinerary that includes one or more
flight segments that have not been completed on or before June 30,
2004;
b. Any flight segment from a PNR that represents one or more
flight segments to or from the United States; and
c. Information related to changes in the PNR prior to completion
of the flight itinerary (PNR history).
19. The aircraft operator must include in the set of PNRs
submitted to its PSI:
a. Any PNRs reflecting itineraries that were cancelled in whole
or in part; and
b. All active fields from each PNR.
20. For purposes of this order, the term United States includes
U.S. territories and possessions.
21. For purposes of this order, the term ``PNR'' means the
electronic record maintained by the aircraft operator detailing
information about an individual's travel on a particular flight and
any other information contained in that record.
22. The aircraft operator must provide the PNRs to the PSI on
optical media in an unpacked or uncompressed form, in a structured
data format or XML, if available.
23. The aircraft operator must provide to the PSI information
about the aircraft operator's PNR data schema and layout, such as a
PNR format book and a data dictionary that includes all acronyms and
codes used in the PNRs, including any acronyms or codes not standard
to the International Air Transport Association.
Information Collection
Transportation Security Administration (TSA)
Title: Secure Flight Testing Phase.
Type of Request: Emergency processing request of new collection.
OMB Control Number: Not yet assigned.
[[Page 57345]]
Form(s): None.
Affected Public: Business or other for-profit; each aircraft
operator conducting scheduled flights within the United States in
operations subject to a full security program under 49 CFR 1544.101(a).
Abstract: In order to test the Secure Flight concept, TSA will
collect from the aircraft operators historical PNR data for all flights
completed during the month of June 2004 that reflect itineraries of
passengers for transport by the aircraft operator on a scheduled flight
within the United States in operations subject to a full security
program under 49 CFR 1544.101(a).
TSA will compare passengers' identifying information in the PNRs
for domestic flights to data maintained in the Terrorist Screening
Database (TSDB), including expanded TSA No-Fly and Selectee lists, in
order to test the ability to identify individuals known or reasonably
suspected to be or have been engaged in conduct constituting, in
preparation for, in aid of, or related to terrorism. On a limited
basis, TSA also will use the information in PNRs to test the use of
commercial data to determine if it is effective in identifying
passengers' information that is incorrect or inaccurate.
Number of Respondents: 77.
Estimated Annual Burden Hours: 10,850.
Estimated Annual Cost: $810,000.
TSA is soliciting comments to--
(1) Evaluate whether the proposed information requirement is
necessary for the proper performance of the functions of the agency,
including whether the information will have practical utility;
(2) Evaluate the accuracy of the agency's estimate of the burden;
(3) Enhance the quality, utility, and clarity of the information to
be collected; and
(4) Minimize the burden of the collection of information on those
who are to respond, including through the use of appropriate automated,
electronic, mechanical, or other technological collection techniques or
other forms of information technology.
Issued in Arlington, Virginia, on September 21, 2004.
Lisa S. Dean,
Privacy Officer.
[FR Doc. 04-21478 Filed 9-21-04; 12:58 pm]
BILLING CODE 4910-62-P