What GAO Found
The Transportation Security Administration (TSA) has taken steps to implement several of the privacy oversight mechanisms it planned to establish when Secure Flight implementation began in 2009, but additional actions could allow TSA to sustain and strengthen its efforts. Overall, TSA has implemented mechanisms to identify privacy implications associated with program operations and address them as necessary. For example, TSA has regularly updated privacy documents to address changes in the Secure Flight program. TSA has also implemented privacy training for new Secure Flight staff, and all Department of Homeland Security (DHS) employees receive annual privacy training. However, existing Secure Flight staff do not receive job-specific privacy refresher training consistent with Office of Management and Budget (OMB) requirements. Providing job-specific privacy refresher training could further strengthen Secure Flight's protection of personally identifiable information (PII). TSA also documents some aspects of its Secure Flight privacy oversight mechanisms, such as scheduled destructions of passenger data and reviews of planned changes to the Secure Flight system. However, TSA does not have a mechanism to comprehensively document and track key privacy-related issues and decisions that arise through the development and use of Secure Flight—a mechanism TSA planned to develop when Secure Flight was implemented in 2009. Comprehensively documenting and tracking key privacy-related issues and decisions, in accordance with federal internal control standards, could help TSA ensure that these decisions are carried into the future in the event of a change in personnel.
The DHS Traveler Redress Inquiry Program (DHS TRIP) affords passengers who may have been incorrectly matched to or listed on high-risk lists based on the Terrorist Screening Database (TSDB)—the U.S. government's consolidated list of known and suspected terrorists—an opportunity to seek redress. Passengers who, through the redress process, are determined to have been misidentified to a TSDB-based high-risk list are added to the TSA Cleared List, which allows them to be cleared (not identified as high risk) nearly 100 percent of time. The DHS TRIP process also allows passengers determined to have been improperly included on a TSDB-based list (mislisted) to be removed, minimizing the likelihood they will be identified as matches during future travels. Although DHS TRIP is not able to provide redress for passengers who may have been misidentified to high-risk, rules-based lists—TSA's lists of passengers who meet intelligence-driven criteria indicating they may pose a greater security risk—according to TSA officials, TSA procedures for using the lists mitigate impacts on these passengers. In fiscal year 2013, DHS TRIP began working to reduce processing time for its redress and appeals cases. In fiscal year 2014, DHS TRIP reduced its target for one of its key performance indicators—average number of days for DHS TRIP redress cases to be closed—from 93 to 78 days—and, for the first time, established a performance goal for the appeals process of 92 days. For fiscal years 2011 through 2013, the average total processing time for an appeals case was about 276 days. DHS TRIP plans to periodically review its progress in achieving its appeals performance goal and determine by February 2015 whether further changes to the appeals process are warranted.
Why GAO Did This Study
Since 2009, Secure Flight has changed from a program that identifies passengers as high risk solely by matching them against subsets of the TSDB, to one that uses PII and other information to assign passengers a risk category: high risk, low risk, or unknown risk. Secure Flight has established privacy oversight mechanisms to protect this PII.
GAO was asked to assess the current status of the Secure Flight program. In July 2014, GAO reported on the status of the program's operations, including changes to the program since 2009, implementation of Secure Flight screening determinations at airport checkpoints, and program performance measures. This report examines (1) the extent to which TSA has implemented privacy oversight mechanisms to address Secure Flight privacy requirements, and (2) the extent to which DHS's redress process addresses any delays and inconveniences that result from Secure Flight screening. GAO analyzed TSA data for fiscal years 2011 through 2013 and documents—including Secure Flight privacy training materials, documentation of privacy protections, and processing times for redress cases—and interviewed relevant DHS officials.
GAO recommends that TSA provide job-specific privacy refresher training for Secure Flight staff and develop a mechanism to document and track key Secure Flight privacy issues and decisions. DHS concurred with GAO's recommendations.
Recommendations for Executive Action
|Transportation Security Administration||1. To further protect personally identifiable information in the Secure Flight system, the Transportation Security Administration's Administrator should provide job-specific privacy refresher training for Secure Flight staff.|
|Transportation Security Administration||2. To ensure Secure Flight has complete information for effective oversight of its privacy controls, the Transportation Security Administration's Administrator should develop a mechanism to comprehensively document and track key Secure Flight privacy issues and decisions.|