What GAO Found
Since 2009, Secure Flight has changed from a program that identifies passengers as high risk solely by matching them against the No Fly and Selectee Lists to one that assigns passengers a risk category: high risk, low risk, or unknown risk. In 2010, following the December 2009 attempted attack of a U.S.-bound flight, which exposed gaps in how agencies used watchlists to screen individuals, the Transportation Security Administration (TSA) began using risk-based criteria to identify additional high-risk passengers who may not be in the Terrorist Screening Database (TSDB), but who should be designated as selectees for enhanced screening. Further, in 2011, TSA began screening against additional identities in the TSDB that are not already included on the No Fly or Selectee Lists. In addition, as part of TSA PreüTM, a 2011 program through which TSA designates passengers as low risk for expedited screening, TSA began screening against several new lists of preapproved low-risk travelers. TSA also began conducting TSA Pre✓™ risk assessments, an activity distinct from matching against lists that uses the Secure Flight system to assign passengers scores based upon travel-related data, for the purpose of identifying them as low risk for a specific flight.
TSA has processes in place to implement Secure Flight screening determinations at airport checkpoints, but could take steps to enhance these processes. TSA information from May 2012 through February 2014 indicates that screening personnel have made errors in implementing Secure Flight determinations at the checkpoint. However, TSA does not have a process for systematically evaluating the root causes of these screening errors. GAO's interviews with TSA officials at airports yielded examples of root causes TSA could identify and address. Evaluating the root causes of screening errors, and then implementing corrective measures, in accordance with federal internal control standards, to address those causes could allow TSA to strengthen security screening at airports.
Since 2009, Secure Flight has established program goals that reflect new program functions to identify additional types of high-risk and also low-risk passengers; however, current program performance measures do not allow Secure Flight to fully assess its progress toward achieving all of its goals. For example, Secure Flight does not have measures to assess the extent of system matching errors. Establishing additional performance measures that adequately indicate progress toward goals would allow Secure Flight to more fully assess the extent to which it is meeting program goals. Furthermore, TSA lacks timely and reliable information on all known cases of Secure Flight system matching errors. More systematic documentation of the number and causes of these cases, in accordance with federal internal control standards, would help TSA ensure Secure Flight is functioning as intended.
This is a public version of a sensitive report that GAO issued in July 2014. Information that the Department of Homeland Security (DHS) and the Department of Justice deemed sensitive has been removed.
Why GAO Did This Study
In 2009, DHS's TSA began using Secure Flight to screen passengers against high-risk lists. These lists, subsets of the TSDB—the U.S. government's consolidated list of known and suspected terrorists—included the No Fly List, to identify those who should be prohibited from boarding flights, and the Selectee List, to identify those who should receive enhanced screening at airport checkpoints.
GAO was asked to assess the current status of the program. This report examines (1) changes to the Secure Flight program since 2009, (2) TSA's efforts to ensure that Secure Flight's screening determinations for passengers are implemented at airport checkpoints, and (3) the extent to which program performance measures assess progress toward goals. GAO analyzed TSA data and documents—including checkpoint data from 2012 through 2014 and Secure Flight performance measures—and interviewed relevant DHS officials.
GAO recommends that TSA develop a process to regularly evaluate the root causes of screening errors at security checkpoints and implement measures to address these causes. GAO also recommends that TSA develop measures to address all aspects of performance related to program goals and develop a mechanism to systematically document the number and causes of Secure Flight system matching errors. DHS concurred with GAO's recommendations.
Recommendations for Executive Action
|Transportation Security Administration||1. To further improve the implementation of Secure Flight risk determinations at the screening checkpoint, the Transportation Security Administration's Administrator should develop a process for regularly evaluating the root causes of screening errors across airports so that corrective measures can be identified.|
|Transportation Security Administration||2. To address the root causes of screening errors at the checkpoint, thereby strengthening checkpoint operations, the Transportation Security Administration's Administrator should implement the corrective measures TSA identifies through a root cause evaluation process.|
|Transportation Security Administration||3. To assess the progress of the Secure Flight program toward achieving its goals, the Transportation Security Administration's Administrator should develop additional measures to address key performance aspects related to each program goal, and ensure these measures clearly identify the activities necessary to achieve progress toward the goal.|
|Transportation Security Administration||4. To provide Secure Flight program managers with timely and reliable information on cases in which TSA learns of Secure Flight system matching errors, the Transportation Security Administration's Administrator should develop a mechanism to systematically document the number and causes of such cases, for the purpose of improving program performance.|