This is the accessible text file for GAO report number GAO-03-253 
entitled 'Aviation Security: Registered Traveler Program Policy and 
Implementation Issues' which was released on November 26, 2002.

This text file was formatted by the U.S. General Accounting Office 

(GAO) to be accessible to users with visual impairments, as part of a 

longer term project to improve GAO products’ accessibility. Every 

attempt has been made to maintain the structural and data integrity of 

the original printed product. Accessibility features, such as text 

descriptions of tables, consecutively numbered footnotes placed at the 

end of the file, and the text of agency comment letters, are provided 

but may not exactly duplicate the presentation or format of the printed 

version. The portable document format (PDF) file is an exact electronic 

replica of the printed version. We welcome your feedback. Please E-mail 

your comments regarding the contents or accessibility features of this 

document to

Report to the Honorable Kay Bailey Hutchison, U.S. Senate:

November 2002:


Registered Traveler Program Policy and Implementation Issues:


GAO Highlights:

Highlights of GAO-03-253, a report to the Honorable Kay Bailey 

U.S. Senate:

Why GAO Did This Study:

The aviation industry and business traveler groups have proposed the 

registered traveler concept as a way to reduce long waits in airport 

security lines caused by heightened security screening measures 

implemented after the September 11 terrorist attacks.  In addition, 

aviation security experts have advocated this concept as a way to 


target security resources to those travelers who might pose greater 


risks.  The Aviation and Transportation Security Act of November 2001 


the Transportation Security Administration (TSA) to consider 

developing a 

registered traveler program as a way to address these two issues.

GAO completed this review to inform Congress and TSA of policy and 

implementation issues related to the concept of a registered traveler 


What GAO Found:

Under a variety of approaches related to the concept of a registered 


program proposed by industry stakeholders, individuals who voluntarily 


personal background information and who clear background checks would 

be enrolled 

as registered travelers.  Because these individuals would have been 


through the program enrollment process, they would be entitled to 


security screening procedures at the airport.

Through a detailed literature review and interviews with 

stakeholders, GAO found 

that a registered traveler program is intended to reduce the 

inconvenience many 

travelers have experienced since September 11 and improve the 

quality and 

efficiency of airport security screening. Although GAO found 

support for this 

program among many stakeholders, GAO also found concerns that 

such a program could 

create new aviation security vulnerabilities.

GAO also identified a series of key policy and program 

implementation issues that 

affect the program, including:

* Criteria for program eligibility;

* Level of background check required for participation;

* Security-screening procedures for registered travelers;

* Technology options, including the use of biometrics to verify 


* Program scope, including the numbers of participants and 

airports; and:

* Program cost and financing options.

Stakeholders offered many different options on how best to 

resolve these issues.

Finally, GAO identified several best practices that Congress and 

TSA may wish to 

consider in designing and implementing a registered traveler 


GAO concluded that a registered traveler program is one possible 

approach for 

managing some of the security vulnerabilities in our nation’s 

aviation systems.  

However, decisions concerning key issues are needed before 

developing and 

implementing such a program.

TSA felt that GAO’s report offered a good overview of the 

potential and the 

challenges of a registered traveler program.  The agency 

affirmed that there 

are no easy answers to some of the issues that GAO raised 

and that these issues 

need more study.



Results in Brief:


A Registered Traveler Program Is Intended to Improve Airport Security 

While Reducing the Inconvenience of Security Screening:

Key Policy and Implementation Issues Associated with a Registered 

Traveler Program:

Key Principles to Guide Program Implementation:

Concluding Observations:

Agency Comments:


Appendix I: Scope and Methodology:

Appendix II: Interviews Conducted:

Appendix III: Testing Results on Leading Biometrics:

Types of Biometric Technologies:

Appendix IV: Information about Existing Programs for Registered


Appendix V: GAO Contacts and Staff Acknowledgments:

GAO Contacts:



Table 1: Important Features of Biometric Technologies:


ATA: Air Transport Association:

DOT: Department of Transportation:

FAA: Federal Aviation Administration:

FBI: Federal Bureau of Investigation:

INS: Immigration and Naturalization Service:

SENTRI: Secure Electronic Network for Travelers’ Rapid Inspection:

TSA: Transportation Security Administration:

TWIC: Transportation Worker Identity Credential:

Letter November 22, 2002:

The Honorable Kay Bailey Hutchison

United States Senate:

Dear Senator Hutchison:

The terrorist attacks of September 11, 2001, highlighted gaps in 

aviation security and have continued to affect the ease with which 

Americans have traditionally traveled by air. Since the attacks, 

Congress has taken measures to enhance the security of our nation’s air 

transportation system through passage of the Aviation and 

Transportation Security Act (the Act),[Footnote 1] which federalized 

passenger screeners, mandated the use of explosives detection equipment 

to screen all checked baggage, called for the reenforcement of cockpit 

doors, and expanded the federal air marshal program. More extensive 

screening of passengers and carry-on baggage at airport security 

checkpoints has been one of the most immediate and visible changes over 

the past year. The Act also allows for the consideration of other 

approaches to improve security, such as “establish[ing] requirements to 

implement trusted passenger programs and use available technologies to 

expedite security screening of passengers who participate in such 

programs, thereby allowing security screening personnel to focus on 

those passengers who should be subject to more extensive screening.” 

Under such a program--which is referred to as a “trusted,” “known,” or 

“registered” traveler program--those who voluntarily apply to 

participate in the program and successfully pass background checks 

would receive a unique identifier or card that enables them to be 

screened more quickly and promotes greater focus on those passengers 

who require more extensive screening at airport security 

checkpoints.[Footnote 2] Recently, discussion among Members of Congress 

and the aviation industry, at congressional committee hearings and 

elsewhere, has focused on a registered traveler program as one possible 

way to better manage security risks by targeting resources more 

effectively while at the same time reducing long waits at security 


You asked us to provide information on issues associated with 

developing and implementing a registered traveler program. As agreed 

with your office, this report includes information on (1) the potential 

purposes of a registered traveler program, (2) the key policy and 

implementation issues that have been raised by interested parties 

concerning how a registered traveler program might be designed and 

implemented, and (3) the basic principles that the Transportation 

Security Administration (TSA) might consider if it implements such a 

program. In obtaining this information, we conducted an extensive 

review of existing literature on registered traveler or similar 

programs, including key studies on issues associated with implementing 

a registered traveler program. In addition, we interviewed 22 key 

stakeholders, including officials from the federal government, airline 

industry, aviation security consulting groups, vendors developing and 

testing registered traveler applications, and organizations concerned 

with issues of data privacy and civil liberties. The intent of these 

interviews was to obtain the opinions and perspectives of officials 

from organizations that possess extensive awareness of the key issues 

related to such a program. We did not, however, attempt to empirically 

validate the information expressed by these officials. (See appendix I 

for information on our scope and methodology and appendix II for a 

complete list of interviewees.) We also visited and interviewed 

officials associated with registered traveler-type programs in two 

European countries. We will report later on ongoing work related to 

issues such as the nature and scope of similar programs already 

established in the United States and abroad and the potential costs, 

benefits, and alternatives to implementing a registered traveler 

program. We performed our work from July 2002 through October 2002 in 

accordance with generally accepted government auditing standards.

Results in Brief:

A registered traveler program offers potential for improving security 

and reducing inconvenience to participating travelers, but it raises 

several important policy and implementation issues. Our literature 

review, along with supporters of the program whom we interviewed, 

identified two primary purposes for such a program. First, it could 

improve security by better targeting security resources at passengers 

about whom little is known or who might present a greater security 

risk. In other words, the program could serve as a useful risk-

management tool by selecting the appropriate level of security 

screening for a passenger according to a prior assessment of personal 

background information and of that individual’s potential threat to 

security. In contrast, two stakeholders told us that they were worried 

about such a program’s creating new security threats. Second, such a 

program might reduce the inconvenience some travelers have experienced 

as they go through airport security checkpoints, by reducing 

uncertainties about the length of delay and the level of scrutiny they 

would likely encounter. Proponents of the program believe that this 

benefit would encourage travelers, particularly business travelers, to 

fly more often and thus would help improve the economic health of the 

aviation industry. It could also benefit related industries that are 

linked to air travel, including aviation-related manufacturers, and 

tourism-related businesses, such as hotels and travel agents. Our 

literature review and discussions with stakeholders identified 

additional potential objectives of a registered traveler program, such 

as expediting customer check-in at the ticket counter, tracking miles 

for frequent fliers, and using demographic data on these travelers for 

marketing by airlines and others in the tourist industry. However, two 

representatives of civil liberties groups told us that they opposed 

such expanded uses of this information as an invasion of a traveler’s 


Our review identified a number of key policy and implementation issues 

that might have to be addressed before a registered traveler program 

could be implemented. Stakeholders representing the aviation industry 

told us, for example, that many of the following policy questions 

should be left to the federal government to resolve: (1) What criteria 

should be established to determine eligibility to apply for the 

program? (2) What kinds of background checks should be used to certify 

that applicants are eligible to enroll in the program, and who should 

perform these? (3) Which security-screening procedures should 

registered travelers undergo, and how should these differ from those 

used for unregistered travelers? and (4) To what extent do equity, 

privacy, and liability issues have to be resolved prior to program 

implementation? Stakeholders offered a variety of options and opinions 

regarding these questions. For example, stakeholders indicated that the 

federal government should determine whether eligibility to apply for 

participation in a registered traveler program should be limited only 

to those who have held U.S. citizenship for a specified number of 

years, or whether citizens from other countries should be allowed to 

participate. Similarly, stakeholders differed in their views about 

whether background checks should be limited to credit checks and other 

publicly available information, or should also include checking an 

applicant’s name against national databases of criminal records. In 

addition to these policy questions, several stakeholders we contacted 

raised a number of practical questions to consider when designing and 

implementing a program, including (1) What technology decisions have to 

be addressed in designing a registered traveler program? (2) How many 

airports and how many passengers should participate in a registered 

traveler program? and (3) How much will the program cost, and who will 

be responsible for its financing? For example, although most 

stakeholders we contacted agree that proven biometric identification 

technology is available and is a necessary component of a registered 

traveler program, they differ as to which technology should be used.

Regardless of how these key policy and implementation issues are 

decided, we identified--based on our discussions with stakeholders and 

our review of pertinent literature and best practices for implementing 

new programs--the following basic principles to help TSA if it 

implements a registered traveler program:

* Incorporate “lessons learned” from similar programs, especially those 

related to security procedures, technology, user acceptance, and costs. 

For example, the United States and Canada have implemented a program 

that accelerates the inspection of low-risk, pre-enrolled border 

crossers at ports of entry, while several airports in Europe have 

experimented with programs similar to that of a registered traveler 


* Initially test the program on a small scale to determine whether it 

would be feasible and effective, and whether enough travelers would be 

willing to participate.

* Develop performance measures and a system to assess how effectively 

the program meets stated goals.

* Use technologies that are interoperable among different airports and 

enrollment sites, and select technologies that can readily be updated 

to keep pace with new developments in security technology, biometrics, 

and data sharing. At a minimum, interoperability refers to using 

compatible technologies at different airport checkpoints across the 

country and, more broadly, could be seen as including other access 

control points, such as border crossings and ports of entry.


A safe and secure aviation system is a critical component to securing 

the nation’s overall physical infrastructure and maintaining its 

economic vitality. Billions of dollars and a myriad of programs and 

policies have been devoted to achieving such a system. Critical to 

ensuring aviation security are screening checkpoints, at which 

screening personnel check over 2 million individuals and their baggage 

each day for weapons, explosives, and other dangerous articles that 

could pose a threat to the safety of an aircraft and those aboard it. 

All passengers who seek to enter secure areas at the nation’s airports 

must pass through screening checkpoints and be cleared by screeners. In 

addition, many airline and airport employees, including flight crews, 

ground personnel, and concession vendors, have to be cleared by 

screeners. At the nation’s 429 commercial airports that are subject to 

security requirements, screeners use a variety of technologies and 

procedures to screen individuals. These include x-ray machines to 

examine carry-on baggage, metal detectors to identify any hidden 

metallic objects, and physical searches of items, including those that 

cannot be scanned by x-rays, such as baby carriers or baggage that has 

been x-rayed and contains unidentified objects.

In response to the terrorist attacks of September 11, 2001, the Federal 

Aviation Administration (FAA) and the air carriers implemented new 

security controls to improve security. These actions included increased 

screening of baggage and passengers at airport checkpoints with the use 

of explosives trace detection devices and hand-held metal detectors, 

the mandatory removal of laptop computers from carrying cases, and the 

removal of shoes. They included additional screening of randomly 

selected passengers at an airline’s boarding gate. Although these 

initiatives have been a visible sign of heightened security procedures, 

they have also, in some instances, caused longer security delays, 

inconvenienced the traveling public, and raised questions about the 

merits of using these techniques on assumed lower-risk travelers, such 

as young children.

Congress has also taken actions to improve aviation security. In 

November 2001, it passed the Aviation and Transportation Security Act, 

which transferred aviation security from FAA to the newly created TSA 

and directed TSA to take over responsibility for airport screening. The 

Act also left to TSA’s discretion whether to “establish requirements to 

implement trusted passenger programs and use available technologies to 

expedite security screening of passengers who participate in such 

programs, thereby allowing security screening personnel to focus on 

those passengers who should be subject to more extensive screening.”:

In response to this Act, officials representing aviation and business 

travel groups have proposed developing a registered traveler program. 

Under their proposals, travelers who voluntarily provide personal 

information and clear a background check would be enrolled as 

registered travelers. These participants would receive some form of 

identification, such as a card that includes a unique personal 

characteristic like a fingerprint, which they would use at an airport 

to verify their identity and enrollment in the program. Because they 

would have been prescreened, they would be entitled to different 

security screening procedures at the airport. These could be as simple 

as designating a separate line for registered travelers, or could 

include less intrusive screening. Although TSA had initially resisted 

such a program because of concerns that it could weaken the airport 

security system, it has recently changed its position and has begun 

assessing the feasibility and need for such a program and considering 

the implementation of a test program.

The concept underlying a registered traveler program is similar to one 

that TSA has been studying for transportation workers--a Transportation 

Worker Identity Credential (TWIC)--that could be used to positively 

identify transportation workers such as pilots and flight attendants 

and to expedite their processing at airport security checkpoints. TSA 

had been studying the TWIC program for several months. Initially, the 

agency had planned to implement the TWIC program first, saying that any 

registered traveler program would be implemented after establishing the 

TWIC program. In recent months, congressional appropriations 

restrictions have caused TSA to postpone TWIC’s development. According 

to a senior agency official, however, TSA was still planning to go 

forward with studying the registered traveler program concept.

A Registered Traveler Program Is Intended to Improve Airport Security 

While Reducing the Inconvenience of Security Screening:

Although most of the 22 stakeholders we interviewed supported a 

registered traveler program, several stakeholders opposed it. Our 

literature review and supporters of the program whom we interviewed 

identified two primary purposes for such a program--improving the 

quality and efficiency of airport security and reducing the 

inconvenience that some travelers have experienced by reducing 

uncertainties about the length of delay and the level of scrutiny they 

are likely to encounter. The literature we reviewed and more than a 

half-dozen of the 22 stakeholders we contacted suggested that such a 

program could help improve the quality and efficiency of security by 

allowing security officials to target resources at potentially higher 

risk travelers. Several stakeholders also indicated that it could 

reduce the inconvenience of heightened security measures for some 

travelers, thus encouraging Americans to fly more often, and thereby 

helping to improve the economic health of the aviation industry. 

Representatives of air traveler groups identified other potential uses 

of a registered traveler program that were not directly linked to 

improving aviation security, such as better tracking of frequent flier 

miles for program participants.

Many Stakeholders We Contacted Indicated That a Registered Traveler 

Program Could Potentially Improve Aviation Security and More 

Effectively Target Resources:

Many of the 22 stakeholders we contacted and much of the literature we 

reviewed identified the improvement of aviation security as a key 

purpose for implementing a registered traveler program. Such a program 

would allow officials to target security resources at those travelers 

who pose a greater security risk or about whom little is known. This 

concept is based on the idea that not all travelers present the same 

threat to aviation security, and thus not everyone requires the same 

level of scrutiny. Our recent work on addressing homeland security 

issues also highlights the need to integrate risk management into the 

nation’s security planning and to target resources at high-priority 

risks.[Footnote 3] The concept is similar to risk-based security models 

that have already been used in Europe and Israel, which focus security 

on identifying risky travelers and more appropriately matching 

resources to those risks, rather than attempting to detect objects on 

all travelers. For example, one study suggested that individuals who 

had been prescreened through background checks and credentialed as 

registered travelers be identified as low risk and therefore subjected 

to less stringent security. This distinction would allow security 

officials to direct more resources and potentially better screening 

equipment at other travelers who might pose a higher security risk, 

presumably providing better detection and increased deterrence.

In addition, several stakeholders also suggested that a registered 

traveler program would enable TSA to more efficiently use its limited 

resources. Several of these stakeholders suggested that a registered 

traveler program could help TSA more cost-effectively focus its 

equipment and personnel needs to better meet its security goals. For 

example, two stakeholders stated that TSA would generally not have to 

intensively screen registered travelers’ checked baggage with 

explosives detection systems that cost about $1 million each. As a 

result, TSA could reduce its overall expenditures for such machines. In 

another example, a representative from a major airline suggested that 

because registered travelers would require less stringent scrutiny, TSA 

could provide a registered traveler checkpoint lane that would enable 

TSA to use fewer screeners at its checkpoint lanes; this would reduce 

the number of passenger screeners from the estimated 33,000 that it 

plans to hire nationwide.

In contrast, several stakeholders and TSA officials said that less 

stringent screening for some travelers could weaken security. For 

example, two stakeholders expressed concerns that allowing some 

travelers to undergo less stringent screening could weaken overall 

aviation security by introducing vulnerabilities into the system. 

Similarly, the first head of TSA had publicly opposed the program 

because of the potential for members of “sleeper cells”--terrorists who 

spend time in the United States building up a law-abiding record--to 

become registered travelers in order to take advantage of less 

stringent security screening. The program manager heading TSA’s 

Registered Traveler Task Force explained that the agency has 

established a baseline level of screening that all passengers and 

workers will be required to undergo, regardless of whether they are 

registered. Nevertheless, a senior TSA official told us that the agency 

now supports the registered traveler concept as part of developing a 

more risk-based security system, which would include a refined version 

of the current automated passenger prescreening system. While the 

automated prescreening system is used on all passengers, it focuses on 

those who are most likely to present threats. In contrast to a 

registered traveler program, the automated system is not readily 

apparent to air passengers. Moreover, the registered traveler program 

would focus on those who are not likely to present threats, and it 

would be voluntary. Some stakeholders we contacted said that a 

registered traveler program, if implemented, should serve to complement 

the automated system, rather than replace it.

Some Believe That a Registered Traveler Program Could Potentially 

Reduce the Inconvenience of Security Screening Procedures:

According to the literature we reviewed and our discussions with 

several stakeholders, reducing the inconvenience of security screening 

procedures implemented after September 11, 2001, constitutes another 

major purpose of a registered traveler program, in addition to 

potentially improving security. The literature and these stakeholders 

indicated that participants in a registered traveler program would 

receive consistent, efficient, and less intrusive screening, which 

would reduce their inconvenience and serve as an incentive to fly more, 

particularly if they are business travelers. According to various 

representatives of aviation and business travelers groups, travelers 

currently face uncertainty regarding the time needed to get through 

security screening lines and inconsistency about the extent of 

screening they will encounter at various airports. For example, one 

stakeholder estimated that prior to September 11, 2001, it took about 5 

to 8 seconds, on average, for a traveler to enter, be processed, and 

clear a security checkpoint; since then, it takes about 20 to 25 

seconds, on average, resulting in long lines and delays for some 

travelers. As a result, travelers need to arrive at airports much 

earlier than before, which can result in wasted time at the airport if 

security lines are short or significant time spent in security lines if 

they are long. Additionally, a few stakeholders stated that travelers 

are inconvenienced when they are subjected to personal searches or 

secondary screening at the gates for no apparent reason.

While some stakeholders attributed reductions in the number of 

passengers traveling by air to these inconveniences, others attributed 

it to the economic downturn. Some literature and three stakeholders 

indicated that travelers, particularly business travelers making 

shorter trips (up to 750 miles), have as a result of these 

inconveniences reduced the number of flights they take or stopped 

flying altogether, causing significant economic harm to the aviation 

industry. For example, according to a survey of its frequent fliers, 

one major airline estimates that new airport security procedures and 

their associated inconveniences have caused 27 percent of its former 

frequent fliers to stop flying. Based on this survey’s data, the Air 

Transport Association, which represents major U.S. air carriers, 

estimates that security inconveniences have cost the aviation industry 

$2.5 billion in lost revenue since September 11, 2001. Supporters of a 

registered traveler program indicated that it would be a component of 

any industry recovery and that it is particularly needed to convince 

business travelers to resume flying. To the extent that registered 

travelers would fly more often, the program could also help revitalize 

related industries that are linked to air travel, including aviation-

related manufacturing and such tourism-related businesses as hotels and 

travel agencies. However, not all stakeholders agreed that a registered 

traveler program would significantly improve the economic condition of 

the aviation industry. For example, officials from another major U.S. 

airline believed that the declining overall economy has played a much 

larger role than security inconveniences in reducing air travel. They 

also said that most of their customers currently wait 10 minutes or 

less in security lines, on average--significantly less than immediately 

after September 11, 2001--and that security inconveniences are no 

longer a major issue for their passengers.

Other Potential Uses for a Registered Traveler Program:

In addition to the two major purposes of a registered traveler program, 

some stakeholders and some literature we reviewed identified other 

potential uses. For example, we found that such a program could be part 

of an enhanced customer service package for travelers and could be used 

to expedite check-in at airports and to track frequent flier miles. 

Some stakeholders identified potential law enforcement uses, such as 

collecting information obtained during background checks to help 

identify individuals wanted by the police, or tracking the movement of 

citizens who might pose criminal risks. Finally, representatives of air 

traveler groups envisioned extensive marketing uses for data collected 

on registered travelers by selling it to such travel-related businesses 

as hotels and rental car companies and by providing registered 

travelers with discounts at these businesses. Two stakeholders 

envisioned that these secondary uses would evolve over time, as the 

program became more widespread. However, civil liberties advocates we 

spoke with were particularly concerned about using the program for 

purposes beyond aviation security, as well as about the privacy issues 

associated with the data collected on program participants and with 

tracking their movements.

Key Policy and Implementation Issues Associated with a Registered 

Traveler Program:

Our literature review and discussions with stakeholders identified a 

number of policy and implementation issues that might need to be 

addressed if a registered traveler program is to be implemented. 

Stakeholders we spoke with held a wide range of opinions on such key 

policy issues as determining (1) who should be eligible to apply to the 

program; (2) the type and the extent of background checks needed to 

certify that applicants can enroll in the program, and who should 

perform them; (3) the security screening procedures that should apply 

to registered travelers, and how these would differ from those applied 

to other travelers; and (4) the extent to which equity, privacy, and 

liability issues would impede program implementation. Most stakeholders 

indicated that only the federal government has the resources and 

authority to resolve these issues. In addition to these policy 

questions, our research and stakeholders identified practical 

implementation issues that need to be considered before a program could 

be implemented. These include deciding (1) which technologies to use, 

and how to manage the data collected on travelers; (2) how many 

airports and how many passengers should participate in a registered 

traveler program; and (3) which entities would be responsible for 

financing the program, and how much it would cost.

Most Stakeholders We Contacted Agreed That the Federal Government 

Should Address Key Policy Issues When Developing a Registered Traveler 


Most stakeholders we contacted agreed that, ultimately, the federal 

government should make the key policy decisions on program eligibility 

criteria, requirements for background checks, and specific security-

screening procedures for registered travelers. In addition, the federal 

government should also address equity, privacy, and liability issues 

raised by such a program. Stakeholders also offered diverse suggestions 

as to how some of these issues could be resolved, and a few expressed 

eagerness to work with TSA.

Stakeholders Identified Differing Options for Program Eligibility:

Although almost all the stakeholders we contacted agreed that a 

registered traveler program should be voluntary, they offered a wide 

variety of suggestions as to who should be eligible to apply to the 

program. These suggestions ranged from allowing any U.S. or foreign 

citizen to apply to the program to limiting it only to members of 

airline frequent flier programs. Although most stakeholders who 

discussed this issue with us favored broad participation, many of them 

felt it should be limited to U.S. citizens because verifying 

information and conducting background checks on foreigners could be 

very difficult. Several stakeholders said that extensive participation 

would be desirable from a security perspective because it would enable 

security officials to direct intensive and expensive resources toward 

unregistered travelers who might pose a higher risk. Several 

stakeholders indicated that it would be unfair to limit the program 

only to frequent fliers, while representatives from two groups 

indicated that such a limitation could provide airlines an incentive to 

help lure these travelers back to frequent air travel.

Stakeholders Proposed Alternatives for Background Check Requirements:

We also found differing opinions as to the type and extent of 

background check needed to determine whether an applicant should be 

eligible to enroll in a registered traveler program. For example, one 

stakeholder suggested that the background check should primarily focus 

on determining whether the applicant exists under a known identity and 

truly is who he or she claims to be. This check could include 

verification that an individual has paid income taxes over a certain 

period of time (for example, the past 10 years), has lived at the same 

residence for a certain number of years, and has a sufficient credit 

history. Crosschecking a variety of public and private data sources, 

such as income tax payment records and credit histories, could verify 

that an applicant’s name and social security number are consistent. 

However, access to income tax payment records would probably require an 

amendment to existing law.[Footnote 4] Another stakeholder said that 

program’s background check should be similar to what is done when 

a U.S. passport. A passport check consists, in part, of a name check 

against a database that includes information from a variety of federal 

sources, including intelligence, immigration, and child support 

data. In contrast, others felt that applicants should undergo a more 

substantial check, such as an FBI-type background check, similar to 


airline or federal government employees must pass; or a criminal 

background check, to verify that the applicant does not have a criminal 

history. This could include interviewing associates and neighbors as 

well as credit and criminal history checks. In this case, applicants 

with criminal histories might be denied the right to participate in a 

registered traveler program.

No matter what the extent of these checks, most stakeholders generally 

agreed that the federal government should perform or oversee them. They 

gave two reasons for this: (1) the federal government has access to the 

types of data sources necessary to complete them, and (2) airlines 

would be unwilling to take on the responsibility for performing them 

because of liability concerns. One stakeholder also suggested that the 

federal government could contract out responsibility for background 

checks to a private company, or that a third-party, nonprofit 

organization could be responsible for them. A majority of stakeholders 

also agreed that the federal government should be responsible for 

developing the criteria needed to determine whether an applicant is 

eligible to enroll and for making the final eligibility determination.

Some stakeholders also stated that background checks should result in a 

simple yes or no determination, meaning that all applicants who passed 

the background check would be able to enroll in the program and the 

ones who did not pass would be denied. Other stakeholders alternatively 

recommended that all applicants be assigned a security score, 

determined according to the factors found during the background check. 

This security score would establish the level of screening given an 

individual at a security checkpoint. TSA has indicated that, at a 

minimum, the government would have to be responsible for ensuring that 

applicants are eligible to enroll and that the data used to verify 

identities and perform background checks are accurate and up-to-date.

Security Screening Procedures for Registered Travelers Would Differ 

from Procedures for Other Passengers:

All the stakeholders we contacted agreed that registered travelers 

should be subjected to some minimum measure of security screening, and 

that the level of screening designated for them should generally be 

less extensive and less intrusive than the security screening required 

for all other passengers. Most stakeholders anticipated that a 

participant would receive a card that possessed some unique identifier, 

such as a fingerprint or an iris scan, to identify the participant as a 

registered traveler and to verify his or her identity. When arriving at 

an airport security checkpoint, the registered traveler would swipe the 

card through a reader that would authenticate the card and verify the 

individual’s identity by matching him or her against the specific 

identifier on the card. If the card is authenticated and the holder is 

verified as a registered traveler, the traveler would proceed through 

security. Most stakeholders suggested that registered travelers pass 

through designated security lines, to decrease the total amount of time 

they spend waiting at the security checkpoint. If the equipment cannot 

read the card or verify the traveler’s identity, or if that passenger 

is deemed to be a security risk, then the traveler would be subjected 

to additional security screening procedures, which might also include 

full-body screening and baggage searches. If the name on the registered 

traveler card matches a name on a watch-list or if new concerns about 

the traveler emerge, the card could be revoked.

A common suggestion was that registered travelers would undergo pre-

September 11th security-screening measures, which involved their 

walking through a magnetometer and the x-raying of their carry-on 

baggage. Moreover, they would not be subjected to random selection or 

additional security measures unless warranted, and they would be 

exempted from random secondary searches at the boarding gate. According 

to TSA officials, the agency is willing to consider some differentiated 

security procedures for program participants.

As for security procedures for those not enrolled in such a program, 

several stakeholders agreed that nonparticipants would have to undergo 

current security screening measures, at a minimum. Current security 

measures involve walking through a magnetometer, having carry-on 

baggage run through an x-ray machine, and being subjected to random 

searches of baggage for traces of explosives, hand searches for 

weapons, and the removal of shoes for examination. Travelers may also 

be randomly selected for rescreening in the gate area, although TSA has 

planned pilot programs to determine whether to eliminate this 

rescreening. Other stakeholders suggested that travelers who were not 

enrolled in the registered traveler program should be subjected to 

enhanced security screening, including more stringent x-rays and 

baggage screening than are currently in place at the airports. These 

stakeholders thought that because little would be known about 

nonparticipants, they should be subjected to enhanced security 

screening measures.

In addition, several stakeholders mentioned that a registered traveler 

program might be useful in facilitating checked-baggage screening. For 

example, one stakeholder suggested that the x-ray screening of 

registered travelers’ baggage could be less intensive than the 

screening required for all other passengers, thus reducing the time it 

would take to screen all checked baggage. A few stakeholders even 

suggested that the most sophisticated baggage screening technology, 

such as explosives detection machines, would not be needed to screen a 

registered traveler’s checked baggage. However, the 2001 Aviation and 

Transportation Security Act requires the screening of all checked 

baggage, and using a registered traveler program to lessen the level of 

the checked baggage screening would not be permissible under the 

requirements of the Act.

Stakeholders Raised Equity, Privacy, and Liability Concerns:

Finally, our research and discussions with stakeholders raised 

nonsecurity-related policy issues, including equity, privacy, and 

liability concerns that could impede implementation of a registered 

traveler program. With respect to equity issues, some stakeholders 

raised concerns that the federal government should carefully develop 

eligibility and enrollment criteria that would avoid automatically 

excluding certain classes of people from participating in the program. 

For example, requiring applicants to pay a high application or 

enrollment fee could deter some applicants for financial reasons. In 

addition, concern was expressed that certain races and ethnicities, 

mainly Arab-Americans, would be systematically excluded from program 

participation. Most stakeholders, however, did not generally view 

equity issues as being a major obstacle to developing the program, and 

one pointed to the precedent set by existing government programs that 

selectively confer known status to program participants. For example, 

the joint U.S./Canadian NEXUS pilot program, a program for travelers 

who frequently cross the U.S./Canadian border, is designed to 

streamline the movement of low-risk travelers across this border by 

using designated passage lanes and immigration-inspection booths, as 

well as some risk-management techniques similar to those proposed for 

use in a registered traveler program.

With respect to privacy issues, civil liberties advocates we spoke with 

expressed concerns that the program might be used for purposes beyond 

its initial one and that participants’ information would need 

protection. They were particularly concerned about the potential for 

such a program to lead to the establishment of a national identity 

card, or to other uses not related to air travel. For example, some 

suggested that there could be enormous pressure on those who are not 

part of the program to apply, given the advantages of the program, and 

this would therefore, in effect, lead to a national identity card. One 

stakeholder raised a concern about the card’s becoming a prerequisite 

for obtaining a job that includes traveling responsibilities, or the 

collected information’s being used for other purposes, such as 

identifying those sought by police. Others countered that because 

participation in a registered traveler program would be voluntary, 

privacy concerns should not be a significant issue. According to TSA 

attorneys, legal protections already in place to prevent the 

proliferation of private information are probably applicable, and 

additional safeguards for this program could be pursued.

Through our review, we identified two particular liability issues 

potentially associated with the concept of a registered traveler 

program. First, it is uncertain which entity would be liable and to 

what extent that entity would be liable if a registered traveler were 

to commit a terrorist act at an airport or on a flight. Second, it is 

also unclear what liability issues might arise if an applicant were 

rejected based on false or inaccurate information, or the applicant did 

not meet the eligibility criteria. For the most part, stakeholders who 

addressed the liability issue maintained that, because the federal 

government is already responsible for aviation security, and because it 

is likely to play an integral role in developing and administering such 

a program, security breaches by registered travelers would not raise 

new liability concerns. Although the assumption of screening 

responsibilities has increased the federal government’s potential 

exposure to liability for breaches of aviation security, TSA 

representatives were unsure what the liability ramifications would be 

for the federal government for security breaches or terrorist acts 

committed by participants of a registered traveler program.

Fewer stakeholders offered views on whether there would be liability 

issues if an applicant were denied participation in a registered 

traveler program because of false or inaccurate information. However, 

some indicated that the federal government’s participation, 

particularly in developing eligibility criteria, would be key to 

mitigating liability issues. One stakeholder said that the program must 

include appeal procedures to specify under what conditions an 

individual could appeal if denied access to the program, who or what 

entity would hear an appeal, and whether an individual would be able to 

present evidence in his or her defense. Other stakeholders, however, 

stressed the importance of keeping eligibility criteria and reasons for 

applicant rejection confidential, because they believe that 

confidentiality would be crucial to maintaining the security of the 

program. TSA maintained that if the program were voluntary, 

participants might have less ability to appeal than they would in a 

government entitlement program, in which participation might be 

guaranteed by statute.

Some Stakeholders Also Identified Practical Implementation Issues to 


In addition to key policy issues, some stakeholders we spoke with 

identified a number of key program implementation issues to consider. 

Specifically, they involve choosing appropriate technologies, 

determining how to manage data collection and security, defining the 

program’s scope, and determining the program’s costs and financing 


Stakeholders Differed on the Use of Biometric Technology in a 

Registered Traveler Program:

Our research indicated that developing and implementing a registered 

traveler program would require key choices about which technologies to 

use. Among the criteria cited by stakeholders were a technology’s 

ability to (1) provide accurate data about travelers, (2) function well 

in an airport environment, and (3) safeguard information from fraud. 

One of the first decisions that would have to be made in this area is 

whether to use biometrics to verify the identity of registered 

passengers and, if so, which biometric identifier to use. The term 

“biometrics” refers to a wide range of technologies that can be used to 

verify a person’s identity by measuring and analyzing human 

characteristics. Identifying a person’s physiological characteristics 

is based on data derived from scientifically measuring a part of the 

body.[Footnote 5] Biometrics provides a highly accurate confirmation of 

the identity of a specific person.

While the majority of those we interviewed said that some sort of 

biometric identifier is critical to an effective registered traveler 

program, there was little agreement among stakeholders as to the most 

appropriate biometric for this program. Issues to consider when making 

decisions related to using biometric technology include the accuracy of 

a specific technology, user acceptance, and the costs of implementation 

and operation. Although there is no consensus on which biometric 

identifier should be used for a registered traveler program, three 

biometric identifiers were cited most frequently as offering the 

requisite capabilities for a program: iris scans (using the distinctive 

features of the iris), fingerprints, and hand geometry (using 

distinctive features of the hand). Although each of the three 

identifiers has been used in airport trials, there are disadvantages 

associated with each of them. (Appendix III outlines some of the 

advantages and disadvantages of each.):

A few stakeholders also claimed that a biometric should not be part of 

a registered traveler program. Among the reasons cited were that 

biometric technology is expensive, does not allow for quick processing 

of numerous travelers, and is not foolproof. Some studies conducted 

have concluded that current biometric technology is not as infallible 

as biometric vendors claim. For example, a German technology magazine 

recently demonstrated that using reactivated latent images and 

forgeries could defeat fingerprint and iris recognition systems. In 

addition, one stakeholder stated that an identity card with a two-

dimensional barcode that stores personal data and a picture would be 

sufficient to identify registered travelers. Such a card would be 

similar to those currently used as drivers’ licenses in many states.

Registered Traveler Program Raises Data Storage and Maintenance Issues:

In addition to choosing specific technologies, stakeholders said that 

decisions will be needed regarding the storage and maintenance of data 

collected for the program. These include decisions regarding where a 

biometric or other unique identifier and personal background 

information should be stored. Such information could be stored either 

on a card embedded with a computer chip or in a central database, which 

would serve as a repository of information for all participants. 

Stakeholders thought the key things to consider in deciding how to 

store this information are speed of accessibility, levels of data 

protection, methods to update information, and protections against 

forgery and fraudulent use by others. One stakeholder who advocates 

storing passenger information directly on a “smart” card containing an 

encrypted computer chip said that this offers more privacy protections 

for enrollees and would permit travelers to be processed more quickly 

at checkpoints than would a database method. On the other hand, 

advocates for storing personal data in a central database said that it 

would facilitate the updating of participants’ information. Another 

potential advantage of storing information in a central database is 

that it could make it easier to detect individuals who try to enroll 

more than once, by checking an applicant’s information against 

information on all enrollees in a database. In theory, this process 

would prevent duplication of enrollees.

Another issue related to storing participant information is how to 

ensure that the information is kept up-to-date. If participant 

information is stored in a database, then any change would have to be 

registered in a central database. If, however, information is stored on 

an identification card, then the card would have to feature an embedded 

computer chip to which changes could be made remotely. Keeping 

information current is necessary to ensure that the status of a 

registered traveler has not changed because of that person’s recent 

activities or world events. One stakeholder noted the possibility that 

a participant could do something that might cause his or her 

eligibility status to change. In response to that concern, he stressed 

that a registered traveler program should incorporate some sort of 

“quick revoke” system. When that traveler is no longer entitled to the 

benefits associated with the program, a notification would appear the 

next time the card is registered in a reader.

Stakeholders Had Different Opinions about the Scope of a Registered 

Traveler Program:

Stakeholders differed in their opinions as to how many airports and how 

many passengers should participate in a registered traveler program. 

While some believe that the program should be as expansive as possible, 

others maintain that the program would function most efficiently and 

cost-effectively if it were limited to those airports with the most 

traffic and to those passengers who fly the most frequently.

As for airports, some suggested that all 429 airports subject to 

security requirements in the United States should be equipped to 

support the program, to convince more passengers to enroll. Others 

contended that, because of equipment costs, the program should 

optimally include only the largest airports, such as the fewer than 100 

airports that the FAA classifies as Category X and Category 1 airports, 

which the vast majority of the nation’s air travelers use.

There were also different opinions as to whether the program should 

limit enrollment to frequent travelers or should strive for wider 

enrollment to maximize participation. Representatives of a passenger 

group asserted that the program should be limited to passengers who fly 

regularly because one of the goals of the program would be to process 

known passengers more quickly, and that having too many enrollees would 

limit the time saved. Others, however, maintained that the program 

should enroll as many passengers as possible. This case is made largely 

based on security concerns--the more people who register, the more 

information is known about a flight’s passengers.

Views Differ on the Program’s Costs and Financing:

It is unclear who would fund any registered traveler program, although 

a majority of the stakeholders we contacted who discussed the issue 

expect that participants would have to fund most of its costs. 

Representatives of aviation traveler groups said that participants 

would be willing to bear almost all of the costs. One airline 

representative estimated that frequent passengers would be willing to 

pay up to $100 for initial enrollment and an additional $25 to $50 

annually for renewal. For similar reasons, some stakeholders have 

suggested that the airlines bear some of the costs of the program, 

probably by offering subsidies and incentives for their passengers to 

join, since the aviation industry would also benefit. For instance, one 

stakeholder said that airlines might be willing to partially subsidize 

the cost if the airlines could have access to some of the participant 


A few stakeholders also expect that the federal government would pay 

for some of the cost to develop a registered traveler program. One 

stakeholder who said the government should pay for a significant 

portion of the program did so based on the belief that national 

security benefits will accrue from the program and so, therefore, 

funding it is a federal responsibility. Others maintained that 

significant long-term federal funding for the program is unrealistic 

because of the voluntary aspect of the program, the possibility that it 

might be offered only to selected travelers, and TSA’s current funding 


In addition to the uncertainty about which entity would primarily fund 

a registered traveler program, there are also questions about how much 

the program would cost. None of the stakeholders who were asked was 

able to offer an estimate of the total cost of the program. A 

technology vendor who has studied this type of program extensively 

identified several primary areas of cost, which include but are not 

limited to background checks, computer-chip-enabled cards, card 

readers, biometric readers, staff training, database development, 

database operations, and enrollment center staffing. The fact that the 

costs of many of these components are uncertain makes estimating the 

overall program costs extremely difficult. For example, one stakeholder 

told us that extensive background checks for enrollees could cost as 

much as $150 each, while another stakeholder maintained that detailed, 

expensive background checks would be unnecessary. Therefore, the choice 

of what type of background check to use if a program is implemented 

would likely significantly influence the program’s overall costs. Our 

research indicated that there are also significant price range 

differences in computer-chip-enabled cards and biometric readers, among 

other components.

Key Principles to Guide Program Implementation:

Regardless of the policy and program decisions made about a registered 

traveler program, we identified several basic principles TSA might 

consider if it implements such a program. We derived these principles 

from our discussions with stakeholders and from review of pertinent 

literature as well as best practices for implementing new programs. 

Chief among these is the principle that vulnerabilities in the aviation 

system be assessed in a systematic way and addressed using a 

comprehensive risk management plan. Accordingly, the registered 

traveler program must be assessed and prioritized along with other 

programs designed to address security vulnerabilities, such as 

enhancing cockpit security, controlling access to secure areas of the 

airport, preventing unsafe items from being shipped in cargo or checked 

baggage, and ensuring the integrity of critical air traffic control-

computer systems. TSA officials also noted that the agency is 

responsible for the security of all modes of transportation, not just 

aviation. They added that a program such as registered traveler needs 

to be assessed in the broader context of border security, which can 

include the security of ports and surface border crossings overseen by 

a number of federal agencies, such as Customs, Coast Guard, and INS. 

TSA might consider the following principles if, and when, a registered 

traveler program is implemented:

* Apply lessons learned from and experience with existing programs that 

share similarities with the registered traveler program. This 

information includes lessons related to such issues as eligibility 

criteria, security procedures, technology choices, and funding costs.

* Test the program initially on a smaller scale to demonstrate its 

feasibility and effectiveness, and that travelers will be willing to 


* Develop performance measures and a system for assessing whether the 

program meets stated mission and goals.

* Use technologies that are interoperable across different enrollment 

sites and access-control points, and select technologies that can 

readily be updated to keep pace with new developments in security 

technology, biometrics, and data sharing. At a minimum, 

interoperability refers to using compatible technologies at different 

airport checkpoints across the country and, more broadly, could be seen 

as including other access-control points, such as border crossings and 

ports of entry.

Apply Lessons Learned from Similar Programs:

Using lessons learned from existing programs offers TSA an opportunity 

to identify key policy and implementation issues as well as possible 

solutions to them. Although not of the scope that a nationwide U.S. 

registered traveler program would likely be, several existing smaller 

programs, both in the United States and abroad, address some of the 

same issues as the registered traveler concept and still present 

excellent opportunities for policymakers to learn from real-life 

experiences. For example, in the United States, the INS already has 

border control programs both at airports and roadway checkpoints to 

expedite the entry of “known” border crossers. Internationally, similar 

programs exist at Ben Gurion Airport in Israel, Schiphol Airport in 

Amsterdam, and Dubai International Airport in the United Arab Emirates. 

In the past, similar pilot programs have also been run at London’s 

Gatwick and Heathrow airports. All of these programs rely on 

credentialing registered travelers to expedite their processing and are 

candidates for further study. Finally, programs established by the 

Department of Defense and the General Services Administration that use 

cards and biometrics to control access to various parts of a building 

offer potential technology-related lessons that could help design a 

registered traveler program. (Appendix IV offers a brief description of 

some of the U.S. and foreign programs.) TSA’s program manager for the 

Registered Traveler Task Force stressed that his agency has no role in 

these other programs, which are different in purpose and scope from the 

registered traveler concept. He added that these programs focus on 

expediting crossing at international borders, while the registered 

traveler concept focuses on domestic security.

Test the Program to Demonstrate Its Feasibility, Effectiveness, and 

Acceptance															:

In addition to these programs, information could also be gleaned from a 

registered traveler pilot program. For example, the Air Transport 

Association has proposed a passenger and employee pilot program. ATA’s 

proposed program would include over 6,000 participants, covering both 

travelers who passed a background check and airline employees. ATA’s 

proposal assumes that (1) the appropriate pool of registered traveler 

participants will be based on background checks against the FBI/TSA 

watch list, and (2) airlines would determine which employees could 

apply, and would initiate background checks for them. ATA estimates 

that the pilot program would initially cost about $1.2 million to 

implement. To allow TSA and the airlines to evaluate the effectiveness 

of the program’s technologies and procedures and their overall impact 

on checkpoint efficiency, ATA plans to collect data on enrollment 

procedures, including: the number of individuals who applied and were 

accepted, the reasons for rejection, and customer interest in the 

program; reliability of the biometric cards and readers; and checkpoint 

operational issues.

In our discussions, the Associate Under Secretary for Security 

Regulation and Policy at TSA made it clear that he thought developing a 

registered traveler pilot program on a small scale would be a necessary 

step before deciding to implement a national program. TSA officials 

responsible for assessing a registered traveler program said that they 

hope to begin a pilot program by the end of the first quarter of 2003. 

They also noted that much of the available information about the 

registered traveler concept is qualitative, rather than quantitative. 

They added that, because the cost-effective nature of a registered 

traveler program is not certain, a financial analysis is needed that 

considers the total cost of developing, implementing, and maintaining 

the technology and the program. Along these lines, they believe that a 

pilot program and rigorous, fact-based analysis of the costs and 

benefits of this program will be useful for determining (1) whether the 

hassle factor really exists, and if so to what extent, (2) whether a 

registered traveler program will effectively address the need to 

expedite passenger flow or to manage risk, and (3) whether such a 

program would be the risk-mitigation tool of choice, given the 

realities of limited resources.

Develop Performance Measures to Ensure the Program Is Achieving Its 


In addition to developing performance-based metrics to evaluate the 

effectiveness of a pilot program, TSA could consider developing similar 

metrics to measure the performance of a nationwide program if one is 

created. Our previous work on evaluating federal programs has stressed 

the importance of identifying goals, developing related performance 

measures, collecting data, analyzing data, and reporting 

results.[Footnote 6] Collecting such information is most useful if the 

data-gathering process is designed during the program’s development and 

initiated with its implementation. Periodic assessment of the data 

should include comparisons with previously collected baseline data.

The implementation of a registered traveler program could be helped by 

following those principles. For example, determining whether, and how 

well, the program improves aviation security and alleviates passenger 

inconvenience requires that measurements be developed and data 

collected and analyzed to demonstrate how well these goals are being 

met. Such information could include the success of screeners at 

detecting devices not allowed on airplanes for both enrollees and 

nonparticipants, or the average amount of time it takes for enrollees 

to pass through security screening.

Use Technologies That Are Interoperable and That Can Be Upgraded in the 


An effective registered traveler program depends on using technologies 

that are interoperable across various sites and with other 

technologies, and can be readily updated to keep pace with new 

developments in security technology, biometrics, and data sharing. Such 

a program is unlikely to be airport-or airline-specific, which means 

that the various technologies will have to be sufficiently standardized 

for enrollees to use the same individual cards or biometrics at many 

airports and with many airlines. Consequently, the technologies 

supporting the nationwide system need to be interoperable so that they 

can communicate with one another. The FAA’s experience with employee 

access cards offers a good lesson on the dangers of not having 

standards to ensure that technologies are interoperable. As we reported 

in 1995,[Footnote 7] different airports have installed different types 

of equipment to secure doors and gates. While some airports have 

installed magnetic stripe card readers, others have installed proximity 

card readers, and still another has installed hand-scanning equipment 

to verify employee identity. As a result, an official from one airline 

stated that employees who travel to numerous airports have to carry 

several different identity cards to gain access to specific areas.

Another important interoperability issue is the way in which the 

personal data associated with a registered traveler program relates to 

other existing information on travelers, most important of which is the 

automated passenger prescreening system information. Some stakeholders 

believe it will be crucial that the registered traveler program is 

integrated into the automated system. Given TSA’s focus on developing 

and launching a revised automated passenger prescreening system, such 

integration will likely be essential. Integrating the data depends on 

finding a workable technology solution. Furthermore, TSA officials 

added that interoperability may extend beyond aviation to passengers 

who enter the United States at border crossings or seaports. They noted 

that ensuring the interoperability of systems across modes of 

transportation overseen by a variety of different federal agencies will 

be a complex and expensive undertaking.

An equally important factor to consider is how easily a technology can 

be upgraded as related technologies evolve and improve. As stakeholders 

made clear to us, because technologies surrounding identification cards 

and biometrics are evolving rapidly, often in unpredictable ways, the 

technology of choice today may not be cost-effective tomorrow. To 

ensure that a registered traveler program will not be dependent on 

outdated technologies, it is essential to design a system flexible 

enough to adapt to new technological developments as they emerge. For 

example, if fingerprints were initially chosen as the biometric, the 

supporting technologies should be easily adaptable to other biometrics, 

such as iris scans. An effective way to make them so is to use 

technology standards for biometrics, data storage, and operating 

systems, rather than to mandate specific technology solutions.

Concluding Observations:

A registered traveler program is one possible approach for managing 

some of the security vulnerabilities in our nation’s aviation and 

broader transportation systems. However, numerous unresolved policy and 

programmatic issues would have to be addressed before developing and 

implementing such a program. These issues include, for example, the 

central question of whether such a program will effectively enhance 

security or will inadvertently provide a means to circumvent and 

compromise new security procedures. These issues also include 

programmatic and administrative questions, such as how much such a 

program would cost and what entities would provide its financing. Our 

analysis of existing literature and our interviews with stakeholders 

helped identify some of these key issues but provide no easy answers. 

The information we developed should help to focus and shape the debate 

and to identify key issues to be addressed when TSA considers whether 

to implement a registered traveler program.

Agency Comments:

We provided the Department of Transportation (DOT) with a draft of this 

report for review and comment. DOT provided both oral and written 

comments. TSA’s program manager for the Registered Traveler Task Force 

and agency officials present with legal and other responsibilities 

related to this program said that the report does an excellent job of 

raising a number of good issues that TSA should consider as it 

evaluates the registered traveler concept. These officials provided a 

number of clarifying comments, which we have incorporated where 


Unless you publicly announce its contents earlier, we plan no further 

distribution of this report until 15 days from the date of this letter. 

At that time, we will send copies of this report to interested Members 

of Congress, the Secretary of Transportation, and the Under Secretary 

of Transportation for Security. We will also make copies available to 

others upon request. In addition, the report will be available at no 

charge on the GAO Web site at

If you or your staff have any questions about this report, please 

contact me at (202) 512-3650. I can also be reached by E-mail at Key contributors are listed in appendix V.

Signed by Gerald L. Dillingham:

Gerald L. Dillingham, Ph.D.

Director, Physical Infrastructure:

[End of section]


Appendix I: Scope and Methodology:

To obtain and develop information on the purpose of a registered 

traveler program and the key policy and implementation issues in 

designing and implementing it, we conducted an extensive search of 

existing information and carried out interviews with key stakeholders. 

These interviews included officials from the federal government, the 

aviation industry, aviation security consultants, vendors developing 

and testing registered traveler applications, and organizations 

concerned with issues of data privacy and civil liberties.

We conducted a literature search that identified existing studies, 

policy papers, and articles from the federal government, the aviation 

industry, and other organizations on numerous issues associated with 

designing and implementing a registered traveler program. These issues 

included the goals or purposes of a registered traveler program and 

policy and programmatic issues such as the potential costs, security 

procedures, and technology choices for such a program. We also 

identified existing studies and papers on specific items, such as the 

applicability of biometric technologies for use in a registered 

traveler program and the extent to which programs already exist in the 

United States and abroad (this detailed information is presented in 

appendix IV). This literature search also identified key stakeholders 

regarding designing and implementing a registered traveler program.

Based on our literature search, we identified a list of 25 key 

stakeholders who could provide professional opinions on a wide range of 

issues involved in a registered traveler program. We chose these 

stakeholders based on their influence in the aviation industry as well 

as their expertise in such issues as aviation security, identification 

technologies, civil liberties, and the air-travel experience. In total, 

we conducted 22 interviews. We also visited and interviewed officials 

associated with registered traveler-type programs in two European 

countries. The intent of our interviews was to gain a further 

understanding of the issues surrounding a registered traveler program 

and specific information on such items as the potential costs for 

implementing a registered traveler program and the technology needs of 

such a program. In conducting our interview process, we developed a 

standard series of questions on key policy and implementation issues, 

sent the questions to the stakeholders in advance, and conducted the 

interviews. We then summarized the interviews to identify any key 

themes and areas of consensus or difference on major issues. We did 

not, however, attempt to empirically validate the information provided 

to us by stakeholders through these interviews.

To identify basic principles that TSA should consider if it decides to 

implement a registered traveler program, we analyzed existing studies 

to identify overriding themes that could impact the policy or 

implementation of such a program. We also analyzed the results of our 

interviews, to generate a list of key principles.

We performed our work from July 2002 through October 2002 in accordance 

with generally accepted government auditing standards.

[End of section]

Appendix II: Interviews Conducted:

As part of our review of the concept of a registered traveler program, 

we interviewed the following three aviation experts, each of whom spoke 

on his own behalf:

Admiral Cathal Flynn, former FAA Associate Administrator for Civil 

Aviation Security 

Douglas Laird, aviation security consultant

Robert Poole, transportation policy expert:

We also interviewed representatives from the following 19 


Air Line Pilots Association

Airports Council International 

Air Transport Association 

Air Travelers Association 

American Civil Liberties Union 

Association of Corporate Travel Executives 

Continental Airlines

EagleCheck (technology developer) 

Electronic Privacy Information Center 

EyeTicket (technology developer) 

ICTS International

I/O Software (technology developer)


National Air Transportation Association 

National Safe Skies Alliance

Northwest Airlines

Transportation Security Administration 


United Airlines:

[End of section]

Appendix III: Testing Results on Leading Biometrics:

The International Biometrics Group considers four types of biometric 

identifiers as the most suitable for air-travel applications. These 

identifiers are fingerprint recognition, iris recognition, hand 

geometry, and facial recognition. Each of these biometrics has been 

employed, at least on a small scale, in airports worldwide. The 

following information describes how each biometric works and compares 

their functionality.

Types of Biometric Technologies:

Fingerprint recognition:

This technology extracts features from impressions made by the distinct 

ridges on the fingertips. The fingerprints can be either flat or 

rolled. A flat print captures only an impression of the central area 

between the fingertip and the first knuckle; a rolled print captures 

ridges on both sides of the finger. The technology is one of the best 

known and most widely used biometric technologies.

Iris recognition:

This technology is based on the distinctly colored ring surrounding the 

pupil of the eye. The technology uses a small, high-quality camera to 

capture a black-and-white high-resolution image of the iris. It then 

defines the boundaries of the iris, establishes a coordinate system 

over the iris, and defines the zones for analysis within that 

coordinate system. Made from elastic connective tissue, the iris is a 

very plentiful source of biometric data, having approximately 450 

distinctive characteristics.

Hand geometry:

This technology measures the width, height, and length of the fingers, 

distances between joints, and shapes of the knuckles. The technology 

uses an optical camera and light-emitting diodes with mirrors and 

reflectors to capture three-dimensional images of the back and sides of 

the hand. From these images, 96 measurements are extracted from the 

hand. Hand geometry systems have been in use for more than 10 years for 

access control at facilities ranging from nuclear power plants to day 

care centers.

Facial recognition:

This technology identifies people by areas of the face not easily 

altered--the upper outlines of the eye sockets, the areas around the 

cheekbones, and the sides of the mouth. The technology is typically 

used to compare a live facial scan with a stored template, but it can 

also be used to compare static images, such as digitized passport 

photographs. Facial recognition can be used in both verification and 

identification systems. In addition, because facial images can be 

captured from video cameras, facial recognition is the only biometric 

that can also be used for surveillance purposes.

Table 1: Important Features of Biometric Technologies:

Technology: How it works; Fingerprint: Captures and compares fingertip 

patterns; Iris: Captures and compares iris patterns; Facial: Captures 

and compares facial patterns; Hand: Measures and compares dimensions of 

hand and fingers.

Technology: Cost of device; Fingerprint: Low; Iris: High; Facial: 

Moderate; Hand: Moderate.

Technology: Enrollment time; Fingerprint: About 3 minutes, 30 seconds; 

Iris: 2 minutes, 15 seconds; Facial: About 3 minutes; Hand: About 1 


Technology: Transaction time[A]; Fingerprint: 9 to 19 seconds; Iris: 12 

seconds; Facial: 10 seconds; Hand: 6 to 10 seconds.

Technology: False nonmatch rate[B]; Fingerprint: .2%-36%; Iris: 1.9%-

6%; Facial: 3.3%-70%; Hand: 0%-5%.

Technology: False match rate (FMR)[C]; Fingerprint: 0%-8%; Iris: Less 

than 1%; Facial: 0.3%-5%; Hand: 0%-2.1%.

Technology: User acceptance issues; Fingerprint: Associated with law 

enforcement, hygiene concerns; Iris: User resistance, usage difficulty; 

Facial: Potential for privacy misuse; Hand: Hygiene concerns.

Technology: Factors affecting performance[D]; Fingerprint: Dirty, dry, 

or worn fingertips; Iris: Poor eyesight, glare, or reflections; Facial: 

Lighting, orientation of face, and sunglasses; Hand: Hand injuries, 

arthritis, swelling.

Technology: Demonstrated vulnerability[E]; Fingerprint: Artificial 

fingers, reactivated latent prints; Iris: High-resolution picture of 

iris; Facial: Notebook computer with digital photographs; Hand: None.

Technology: Variability with ages[F]; Fingerprint: Stable; Iris: 

Stable; Facial: Affected by aging; Hand: Stable.

Technology: Commercial availability since; Fingerprint: 1970s; Iris: 

1997; Facial: 1990s; Hand: 1970s.

[A] Amount of time it takes to verify machine-read biometric versus 

stored biometric.

[B] The probability that individuals who should be matched are not 

matched by a biometrics system.

[C] The probability of an erroneous match in a single template 


[D] Human characteristics or measurement condition circumstances that 

could adversely affect accuracy of biometric systems.

[E] Demonstrated methods of beating biometric systems that have been 

employed in tests.

[F] Effects of age, if any, of individual on his or her biometric 


Source: GAO analysis.

[End of table]

[End of section]

Appendix IV: Information about Existing Programs for Registered 


[See PDF for Image]

[A] Please see appendix III for an explanation of hand geometry 

verification technology. Two-finger geometry is a variation on hand 


[B] The passport reader used in the IP@SS pilot program was being 

tested for the ability to read ink and proper passport dimensions only.

Source: GAO’s analysis of program information.

[End of section]

Appendix V: GAO Contacts and Staff Acknowledgments:

GAO Contacts:

Gerald L. Dillingham (202) 512-3650

Bonnie A. Beckett (202) 512-6525:


Key contributors to this assignment were Jean Brady, David Dornisch, 

David Goldstein, David Hooper, Bob Kolasky, Heather Krause, David 

Lichtenfeld, and Cory Roman.


[1] P.L. 107-71.

[2] Several different names have been applied to this concept; for this 

report we refer to it as a registered traveler program.

[3] Homeland Security: A Framework for Addressing the Nation’s Efforts, 

GAO-01-1158T (Washington, D.C.: Sept. 21, 2001).

[4] 26 U.S.C. 6103.

[5] The term “biometrics” is commonly used to mean both biometric 

technologies and the characteristics themselves.

[6] Managing for Results: Analytic Challenges in Measuring Performance, 

GAO/HEHS/GGD-97-138 (Washington, D.C.: May 1997).

[7] Aviation Security: FAA Can Help Ensure That Airports’ Access 

Control Systems Are Cost-Effective, GAO/RCED-95-25 (Washington, D.C.: 

Mar. 1995).

GAO’s Mission:

The General Accounting Office, the investigative arm of Congress, 

exists to support Congress in meeting its constitutional 

responsibilities and to help improve the performance and accountability 

of the federal government for the American people. GAO examines the use 

of public funds; evaluates federal programs and policies; and provides 

analyses, recommendations, and other assistance to help Congress make 

informed oversight, policy, and funding decisions. GAO’s commitment to 

good government is reflected in its core values of accountability, 

integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony:

The fastest and easiest way to obtain copies of GAO documents at no 

cost is through the Internet. GAO’s Web site ( ) contains 

abstracts and full-text files of current reports and testimony and an 

expanding archive of older products. The Web site features a search 

engine to help you locate documents using key words and phrases. You 

can print these documents in their entirety, including charts and other 


Each day, GAO issues a list of newly released reports, testimony, and 

correspondence. GAO posts this list, known as “Today’s Reports,” on its 

Web site daily. The list contains links to the full-text document 

files. To have GAO e-mail this list to you every afternoon, go to and select “Subscribe to daily E-mail alert for newly 

released products” under the GAO Reports heading.

Order by Mail or Phone:

The first copy of each printed report is free. Additional copies are $2 

each. A check or money order should be made out to the Superintendent 

of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 

more copies mailed to a single address are discounted 25 percent. 

Orders should be sent to:

U.S. General Accounting Office

441 G Street NW,

Room LM Washington,

D.C. 20548:

To order by Phone: 	

	Voice: (202) 512-6000:

	TDD: (202) 512-2537:

	Fax: (202) 512-6061:

To Report Fraud, Waste, and Abuse in Federal Programs:


Web site: E-mail:

Automated answering system: (800) 424-5454 or (202) 512-7470:

Public Affairs:

Jeff Nelligan, managing director, (202) 512-4800 U.S.

General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.