Secure Flight:

TSA Should Take Additional Steps to Determine Program Effectiveness

GAO-14-531: Published: Sep 9, 2014. Publicly Released: Sep 18, 2014.

Additional Materials:

Contact:

Jennifer A. Grover
(202) 512-7141
GroverJ@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

Since 2009, Secure Flight has changed from a program that identifies passengers as high risk solely by matching them against the No Fly and Selectee Lists to one that assigns passengers a risk category: high risk, low risk, or unknown risk. In 2010, following the December 2009 attempted attack of a U.S.-bound flight, which exposed gaps in how agencies used watchlists to screen individuals, the Transportation Security Administration (TSA) began using risk-based criteria to identify additional high-risk passengers who may not be in the Terrorist Screening Database (TSDB), but who should be designated as selectees for enhanced screening. Further, in 2011, TSA began screening against additional identities in the TSDB that are not already included on the No Fly or Selectee Lists. In addition, as part of TSA PreüTM, a 2011 program through which TSA designates passengers as low risk for expedited screening, TSA began screening against several new lists of preapproved low-risk travelers. TSA also began conducting TSA Pre✓™ risk assessments, an activity distinct from matching against lists that uses the Secure Flight system to assign passengers scores based upon travel-related data, for the purpose of identifying them as low risk for a specific flight.

TSA has processes in place to implement Secure Flight screening determinations at airport checkpoints, but could take steps to enhance these processes. TSA information from May 2012 through February 2014 indicates that screening personnel have made errors in implementing Secure Flight determinations at the checkpoint. However, TSA does not have a process for systematically evaluating the root causes of these screening errors. GAO's interviews with TSA officials at airports yielded examples of root causes TSA could identify and address. Evaluating the root causes of screening errors, and then implementing corrective measures, in accordance with federal internal control standards, to address those causes could allow TSA to strengthen security screening at airports.

Since 2009, Secure Flight has established program goals that reflect new program functions to identify additional types of high-risk and also low-risk passengers; however, current program performance measures do not allow Secure Flight to fully assess its progress toward achieving all of its goals. For example, Secure Flight does not have measures to assess the extent of system matching errors. Establishing additional performance measures that adequately indicate progress toward goals would allow Secure Flight to more fully assess the extent to which it is meeting program goals. Furthermore, TSA lacks timely and reliable information on all known cases of Secure Flight system matching errors. More systematic documentation of the number and causes of these cases, in accordance with federal internal control standards, would help TSA ensure Secure Flight is functioning as intended.

This is a public version of a sensitive report that GAO issued in July 2014. Information that the Department of Homeland Security (DHS) and the Department of Justice deemed sensitive has been removed.

Why GAO Did This Study

In 2009, DHS's TSA began using Secure Flight to screen passengers against high-risk lists. These lists, subsets of the TSDB—the U.S. government's consolidated list of known and suspected terrorists—included the No Fly List, to identify those who should be prohibited from boarding flights, and the Selectee List, to identify those who should receive enhanced screening at airport checkpoints.

GAO was asked to assess the current status of the program. This report examines (1) changes to the Secure Flight program since 2009, (2) TSA's efforts to ensure that Secure Flight's screening determinations for passengers are implemented at airport checkpoints, and (3) the extent to which program performance measures assess progress toward goals. GAO analyzed TSA data and documents—including checkpoint data from 2012 through 2014 and Secure Flight performance measures—and interviewed relevant DHS officials.

What GAO Recommends

GAO recommends that TSA develop a process to regularly evaluate the root causes of screening errors at security checkpoints and implement measures to address these causes. GAO also recommends that TSA develop measures to address all aspects of performance related to program goals and develop a mechanism to systematically document the number and causes of Secure Flight system matching errors. DHS concurred with GAO's recommendations.

For more information, contact Jennifer A. Grover at (202) 512-7141 or GroverJ@gao.gov.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In July 2014, we reported on the Transportation Security Administration's (TSA) Secure Flight program, which was created to identify passengers who may pose a security risk before they board aircraft. During the course of our review, we found that TSA had processes in place to implement Secure Flight screening determinations at airport checkpoints, but could take steps to enhance these processes. Specifically, TSA data show that screening personnel made errors implementing Secure Flight screening determinations at airport checkpoints, but we found TSA does not have a process to systematically evaluate the root causes of these errors. Further our interviews with TSA officials at airports yielded examples of root causes that TSA could identify and address. Therefore, we recommended that TSA develop a process for regularly evaluating the root causes of screening errors involving Secure Flight determinations across airports to identify corrective measures. In August 2014, TSA provided us a description of a new process it had developed to analyze information collected on the root causes of screening errors across all national airports to identify corrective action effectiveness and communicate the results to TSA leadership. In September 2015, TSA provided us multiple examples, dating from June through early September 2015, of the results of this analysis that are being included in regular reporting to senior TSA leadership. TSA's actions should provide it with a process for regularly evaluating the root causes of errors related to Secure Flight screening determinations at the checkpoint. As a result, this recommendation is closed as implemented.

    Recommendation: To further improve the implementation of Secure Flight risk determinations at the screening checkpoint, the Transportation Security Administration's Administrator should develop a process for regularly evaluating the root causes of screening errors across airports so that corrective measures can be identified.

    Agency Affected: Department of Homeland Security: Transportation Security Administration

  2. Status: Open

    Comments: When we confirm what actions that DHS TSA has taken in response to this recommendation, we will provide updated information. Status last confirmed on 10/26/15.

    Recommendation: To address the root causes of screening errors at the checkpoint, thereby strengthening checkpoint operations, the Transportation Security Administration's Administrator should implement the corrective measures TSA identifies through a root cause evaluation process.

    Agency Affected: Department of Homeland Security: Transportation Security Administration

  3. Status: Open

    Comments: When we confirm what actions that DHS TSA has taken in response to this recommendation, we will provide updated information. Status last confirmed on 10/26/15.

    Recommendation: To assess the progress of the Secure Flight program toward achieving its goals, the Transportation Security Administration's Administrator should develop additional measures to address key performance aspects related to each program goal, and ensure these measures clearly identify the activities necessary to achieve progress toward the goal.

    Agency Affected: Department of Homeland Security: Transportation Security Administration

  4. Status: Closed - Implemented

    Comments: In July 2014, we reported on the Transportation Security Administration's (TSA) Secure Flight program, which was created to identify commercial airline passengers who may pose a security risk before they board aircraft by matching passenger data with data from the Terrorist Screening Database (TSDB)--the government's consolidated list of known and suspected terrorists. During the course of our review, we found that TSA did not have timely and reliable information on matching errors of the Secure Flight system (i.e., the computerized matching and manual reviews TSA conducts to identify matches of passenger and TSDB data). Specifically, it took TSA several months to identify a list of system matching errors, and, upon review, we found the list to be incomplete. Data on matching errors of the Secure Flight system are reviewed by Secure Flight's Match Review Board to determine if any actions should be taken to prevent similar errors from reoccurring. Without timely and reliable information on system matching errors, TSA is not in the best position to determine all potential causes of system matching errors and to identify and implement sufficient corrective actions. Consequently, we recommended that TSA develop a mechanism to systematically document the number and causes of Secure Flight system matching errors for the purposes of improving program performance. In November 2015, TSA provided us a copy of its new tracking tool to document all cases of system matching errors. To demonstrate use of the tool, TSA also provided details on incidents occurring from January through October 2015, including a description of the reason for each incident. TSA also provided documentation from October and November 2015 meetings of its Match Review Board that included analysis of specific incidents documented by the tracking tool and proposed measures to address their respective causes. Given these actions, TSA should have more timely and reliable information on Secure Flight system matching errors for its deliberations on improving overall system performance. As a result, this recommendation is closed as implemented.

    Recommendation: To provide Secure Flight program managers with timely and reliable information on cases in which TSA learns of Secure Flight system matching errors, the Transportation Security Administration's Administrator should develop a mechanism to systematically document the number and causes of such cases, for the purpose of improving program performance.

    Agency Affected: Department of Homeland Security: Transportation Security Administration

 

Explore the full database of GAO's Open Recommendations »

May 24, 2016

May 17, 2016

Apr 25, 2016

Apr 19, 2016

Apr 15, 2016

Apr 14, 2016

Apr 12, 2016

Mar 31, 2016

Mar 16, 2016

Looking for more? Browse all our products here