Aviation Security:
TSA Is Enhancing Its Oversight of Air Carrier Efforts to Identify Passengers on the No Fly and Selectee Lists, but Expects Ultimate Solution to Be Implementation of Secure Flight
GAO-08-992: Published: Sep 9, 2008. Publicly Released: Sep 9, 2008.
Additional Materials:
- Highlights Page:
- Full Report:
- Accessible Text:
Contact:
(202) 512-3000
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
Air carriers remain a front-line defense against acts of terrorism that target the nation's civil aviation system. A key responsibility of air carriers is to check passengers' names against terrorist watch-list records to identify persons who should be prevented from boarding (the No Fly List) or who should undergo additional security scrutiny (the Selectee List). Eventually, the Transportation Security Administration (TSA) is to assume this responsibility through its Secure Flight program. However, due to program delays, air carriers retain this role. You asked GAO to review domestic air carriers' watch-list-matching processes. GAO examined (1) the watch-list-matching requirements air carriers must follow that have been established by TSA, and (2) the extent to which TSA has assessed air carriers' compliance with these requirements. GAO reviewed TSA's security directives, internal guidance used by TSA's inspectors to assess air carriers' compliance with requirements, and inspection results, as well as interviewed staff from 14 of 95 domestic air carriers (selected to reflect a range in operational sizes). This report is the public version of a restricted report (GAO-08-453SU) issued in July 2008.
TSA's requirements for domestic air carriers to conduct watch-list matching include a requirement to identify passengers whose names are either identical or similar to those on the No Fly and Selectee lists. Similar-name matching is important because individuals on the watch list may try to avoid detection by making travel reservations using name variations. According to TSA's Office of Intelligence, there have been incidents of air carriers failing to identify potential matches by not successfully conducting similar-name matching. However, until revisions were initiated in April 2008, TSA's security directives did not specify what types of similar-name variations were to be considered by air carriers. Thus, in interviews with 14 air carriers GAO found inconsistent approaches to conducting similar-name matching. Due to such inconsistency, a passenger could be identified as a match by one air carrier and not by another. In addition, not every air carrier reported conducting similar name comparisons. Further, in January 2008, TSA conducted an evaluation of air carriers and found deficiencies in their capability to conduct similar-name matching. Shortly thereafter, in April 2008, TSA revised the No Fly List security directive to specify a baseline capability for conducting watch-list matching, and TSA reported that it planned to similarly revise the Selectee List security directive. Because the baseline capability requires that air carriers compare only the types of name variations specified in the directive, TSA recognizes that the new baseline capability will not address all vulnerabilities. However, TSA emphasized that establishing the baseline capability should improve air carriers' performance of watch-list matching and, in TSA's view, is the best interim solution pending the implementation of Secure Flight. TSA has undertaken various efforts to assess domestic air carriers' compliance with watch-list matching requirements; however, until 2008, TSA had conducted limited testing of air carriers' similar-name-matching capability. In 2005, for instance, TSA conducted an evaluation to determine whether air carriers had the capability to identify names that were identical--but not similar--to those on the No Fly List. Also, regarding regularly conducted inspections, TSA's guidance did not specifically direct inspectors to test air carriers' similar-name-matching capability, nor did the guidance specify the number or types of name variations to be assessed. Records in TSA's database for regular inspections conducted during 2007 made reference to name-match testing in 61 of the 1,145 watch-list-related inspections that GAO reviewed. Without criteria or standards for air carriers to follow in comparing name variations, TSA did not have a uniform basis for assessing compliance and addressing deficiencies. However, during the course of GAO's review and prompted by findings of the evaluation conducted in January 2008, TSA reported that its guidance for inspectors would be revised to help ensure air carriers' compliance with security directives. Although TSA has plans to strengthen its oversight of air carriers' compliance with the revised security directives, it is too early to assess the extent of such oversight since TSA's efforts are ongoing and not completed.
Jan 25, 2021
-
Southwest Border:
DHS and DOJ Have Implemented Expedited Credible Fear Screening Pilot Programs, but Should Ensure Timely Data EntryGAO-21-144: Published: Jan 25, 2021. Publicly Released: Jan 25, 2021.
Jan 21, 2021
-
Chemical Security:
Overlapping Programs Could Better Collaborate to Share Information and Identify Potential Security GapsGAO-21-12: Published: Jan 21, 2021. Publicly Released: Jan 21, 2021.
Jan 19, 2021
-
DHS Annual Assessment:
Most Acquisition Programs Are Meeting Goals but Data Provided to Congress Lacks Context Needed For Effective OversightGAO-21-175: Published: Jan 19, 2021. Publicly Released: Jan 19, 2021.
Dec 16, 2020
-
Coast Guard:
Actions Needed to Improve National Vessel Documentation Center OperationsGAO-21-100: Published: Dec 16, 2020. Publicly Released: Dec 16, 2020.
Nov 23, 2020
-
Southwest Border:
Information on Federal Agencies' Process for Acquiring Private Land for BarriersGAO-21-114: Published: Nov 17, 2020. Publicly Released: Nov 23, 2020.
Nov 12, 2020
-
Coast Guard Acquisitions:
Opportunities Exist to Reduce Risk for the Offshore Patrol Cutter ProgramGAO-21-9: Published: Oct 28, 2020. Publicly Released: Nov 12, 2020.
Oct 29, 2020
-
TSA Acquisitions:
TSA Needs to Establish Metrics and Evaluate Third Party Testing Outcomes for Screening TechnologiesGAO-21-50: Published: Oct 29, 2020. Publicly Released: Oct 29, 2020.
Oct 20, 2020
-
Homeland Security Acquisitions:
DHS Has Opportunities to Improve Its Component Acquisition OversightGAO-21-77: Published: Oct 20, 2020. Publicly Released: Oct 20, 2020.
Sep 30, 2020
-
Disaster Assistance:
Additional Actions Needed to Strengthen FEMA's Individuals and Households ProgramGAO-20-503: Published: Sep 30, 2020. Publicly Released: Sep 30, 2020. -
Supplemental Material for GAO-20-503:
FEMA Individuals and Households Program Applicant Data 2016 – 2018GAO-20-675SP: Published: Sep 30, 2020. Publicly Released: Sep 30, 2020.
Looking for more? Browse all our products here