Summary

After the events of September 11, 2001, Congress created the Transportation Security Administration (TSA) and directed it to assume the function of passenger prescreening--or the matching of passenger information against terrorist watch lists to identify persons who should undergo additional security scrutiny--for domestic flights, which is currently performed by the air carriers. To do so, TSA is developing Secure Flight. This testimony covers TSA's progress and challenges in (1) developing, managing, and overseeing Secure Flight; (2) coordinating with key stakeholders critical to program operations; (3) addressing key factors that will impact system effectiveness; and (4) minimizing impacts on passenger privacy and protecting passenger rights. This testimony includes information on areas of congressional interest that GAO has previously reported on.

TSA has made some progress in developing and testing the Secure Flight program. However, TSA has not followed a disciplined life cycle approach to manage systems development, or fully defined system requirements. Rather, TSA has followed a rapid development method intended to develop the program quickly. This process has been ad hoc, resulting in project activities being conducted out of sequence, requirements not being fully defined, and documentation containing contradictory information or omissions. Further, while TSA has taken steps to implement an information security management program for protecting information and assets, its efforts are incomplete. Finally, TSA is proceeding to develop Secure Flight without a program management plan containing program schedule and cost estimates. Oversight reviews of the program have also raised questions about program management. Without following a more rigorous and disciplined life cycle process, including defining system requirements, the Secure Flight program is at serious risk of not meeting program goals. Over the past year, TSA has made some progress in managing risks associated with developing Secure Flight, and has recently taken actions that recognize the need to install more rigor and discipline into the development process. TSA has also taken steps to collaborate with Secure Flight stakeholders whose participation is essential to ensuring that passenger and terrorist watch list data are collected and transmitted to support Secure Flight. However, key program stakeholders--including the U.S. Customs and Border Protection, the Terrorist Screening Center, and air carriers--stated that they need more definitive information about system requirements from TSA to plan for their support of the program. In addition, several activities that will affect Secure Flight's effectiveness are under way, or have not yet been decided. For example, TSA conducted name-matching tests, which compared passenger and terrorist screening database data, to evaluate the ability of the system to function. However, TSA has not yet made key policy decisions which could significantly impact program operations, including what passenger data it will require air carriers to provide and the name-matching technologies it will use. Further, Secure Flight's system development documentation does not fully explain how passenger privacy protections are to be met, and TSA has not issued the privacy notices that describe how it will protect passenger data once Secure Flight becomes operational. As a result, it is not possible to assess how TSA is addressing privacy concerns. TSA is also determining how it will provide for redress, as mandated by Congress, to provide aviation passengers with a process to appeal determinations made by the program and correct erroneous information contained within the prescreening process. However, TSA has not finalized its redress polices.