Aviation Security: Status of TSA's Acquisition of Technology for Screening Passenger Identification and Boarding Passes

What GAO Found

In summary, TSA has completed its initial testing of the CAT/BPSS technology and has begun operational testing at three airports. We found the project’s associated life cycle cost estimate to be reasonably comprehensive and well documented, although we are less confident in its accuracy due to questions about the assumed inflation rate. In addition, we could not evaluate its credibility because the current version does not include an independent cost estimate or an assessment of how changing key assumptions and other factors would affect the estimate. Our past work has identified three key challenges related to TSA’s efforts to acquire and deploy technologies to address homeland security needs: (1) developing and meeting technology program requirements, (2) overseeing and conducting testing of new screening technologies, and (3) developing acquisition program baselines to establish initial cost, schedule, and performance parameters.

Why GAO Did This Study

This testimony discusses our past work examining the Transportation Security Administration’s (TSA) progress and challenges in developing and acquiring technologies to address aviation security needs. TSA’s acquisition programs represent billions of dollars in life cycle costs and support a wide range of aviation security missions and investments. Within the Department of Homeland Security (DHS), the Science and Technology Directorate (S&T) and TSA have responsibilities for researching, developing, and testing and evaluating new technologies, including airport checkpoint screening technologies. Specifically, S&T is responsible for the basic and applied research and advanced development of new technologies, while TSA, through its Passenger Screening Program, identifies the need for new checkpoint screening technologies and provides input to S&T during the research and development of new technologies, which TSA then procures and deploys.

TSA screens more than 600 million air passengers per year through approximately 2,300 security checkpoint lanes at about 450 airports nationwide, and must attempt to balance its aviation security mission with concerns about efficiency and the privacy of the traveling public. The agency relies upon multiple layers of security to deter, detect, and disrupt persons posing a potential risk to aviation security. Part of its checkpoint security controls include a manual review and comparison by a travel document checker of each person’s boarding pass and identification, such as passports or state-issued driver’s licenses. However, concerns have been raised about security vulnerabilities in this process. For example, in 2006, a university student created a website that enabled individuals to create fake boarding passes. In addition, in 2011, a man was convicted of stowing away aboard an aircraft after using an expired boarding pass with someone else’s name on it to fly from New York to Los Angeles. Recent news reports have also highlighted the apparent ease of ordering high-quality counterfeit driver’s licenses from China. We have previously reported on significant fraud vulnerabilities in thepassport issuance process and on difficulties in detecting fraudulent identity documentation, such as driver’s licenses.

In response to these vulnerabilities, and as part of its broader effort to improve security and increase efficiency, TSA began developing technology designed to automatically verify boarding passes and to better identify altered or fraudulent passenger identification documents. TSA plans for this technology, known as Credential Authentication Technology/Boarding Pass Scanning Systems (CAT/BPSS), to eventually replace the current procedure used by travel document checkers to detect fraudulent or altered documents. However, we have previously reported that DHS and TSA have experienced challenges in managing their acquisition efforts, including implementing technologies that did not meet intended requirements and were not appropriately tested and evaluated, and have not consistently included completed analyses of costs and benefits before technologies were implemented.

This testimony focuses on (1) the status of TSA’s CAT/BPSS acquisition and the extent to which the related life cycle cost estimate is consistent with best practices and (2) challenges we have previously identified in TSA’s acquisition process to manage, test, acquire, and deploy screening technologies. This statement also provides information on issues for possible congressional oversight related to CAT/BPSS.

For more information, please contact Steve Lord at (202) 512-4379 or lords@gao.gov.