• Who We Are
• For Travelers
• What We Do
• Join Us
• Our Approach
• Media Room
• Research Center

---

• Media Room
• DHS Leadership Journal Posts
• News & Happenings
• Press Releases
• RSS and News Feeds
• Speakers Bureau
• Terminal Madness
• Testimony & Speeches
• Workforce Stories

Assistant Secretary Kip Hawley's Oral Testimony Before the U.S. House of Representatives

Testimony & Speeches

Before the Subcommittee on
Economic Security, Infrastructure, Protection and Cybersecurity
Committee on Homeland Security
United States House of Representative

November 3, 2005

Good afternoon Chairman Lungren, Congresswoman Sanchez, and members of the Subcommittee. Thank you for this opportunity to speak with you about the progress we are making with our domestic Registered Traveler (RT) Program since testifying on this matter last June, and discuss the program in the context of Secretary Chertoff's risk-based strategy.

The Aviation and Transportation Security Act (ATSA), P.L. 107-71, directed TSA to explore options for expedited travel at airports commensurate with having information that a traveler does not pose nor is suspected of posing a known threat. In the simplest of terms, the Registered Traveler Program concept is to conduct more extensive threat screening in advance of travel on individuals who choose to participate in the program, and to provide those who are accepted into the program with expedited screening at the airport.

Adapting to a Changing Threat Environment

Created in the aftermath of the 9/11 terrorist attacks, the Transportation Security Administration continues to pursue its vital mission of protecting our Nation's transportation systems. Fundamentally, our challenge is to protect passengers, freight, and our transportation network in a constantly changing threat environment. We know that terrorists will not only look for weaknesses in our transportation system and its security measures, but they will also adapt to perceived security measures. Our approach to security in every transportation sector, including aviation, therefore, must be based on flexibility and adaptability.

TSA is pursuing a security strategy based on Secretary Chertoff's Second Stage Review, the National Strategy for Transportation Security, and the following four operating principles:

First, we will use risk/value analysis to make investment and operational decisions.
That means that we will assess risks based not only on threat and vulnerability, but on the potential consequences of a particular threat to people, transportation assets, and the economy. Further, we will assess and undertake risk management and risk mitigation measures based on their effect on total transportation network risk. This holistic approach to risk assessment and risk mitigation may lead us, for example, to redirect the actions of our airport screeners to focus less on identifying and removing less threatening items from carry-on luggage, so that their time and attention can be spent on identifying potential components of an improvised explosive device.

Second, we will avoid giving terrorists or potential terrorists an advantage based on our predictability. TSA will deploy resources – whether they are canine teams, screeners, air marshals, or inspectors – and establish protocols flexibly based on risk, so that terrorists cannot use the predictability of security measures to their advantage in planning or carrying out a threat. This may mean changing or adding to inspection routines on a daily or hourly basis to introduce uncertainty into terrorist planning efforts.

Third, we will continue to intervene early based on intelligence, and focus our security measures on the terrorist, as well as the means for carrying out the threat.
Enhancing and expanding the techniques to identify suspicious persons or to detect explosive devices at screener checkpoints is necessary. However, the strongest defense posture detects the terrorist well before the attempt to launch an attack has begun. A coordinated interagency intelligence collection and analysis effort must stand as the first line of defense. Effective dissemination of timely intelligence products to those who need them is a vital component of this effort.

And, finally, we will build and take advantage of security networks. As you may know, I am pursuing a restructuring of TSA that will put a renewed emphasis on building information sharing networks in every transportation sector – rail, transit, maritime, and trucking, as well as aviation. Not only will we work more closely with stakeholders in these industries, we will put a renewed emphasis on sharing intelligence, capacity, and technology with other law enforcement, intelligence gathering and security agencies at every level of government.

Application of Key Principles to a Registered Traveler Program

The relevance and importance of these operational principles are key factors in the development of our plans to institute a nationally available Registered Traveler Program.

In particular, we believe that an effective Registered Traveler Program can and will:

• Provide a significantly higher level of assurance that people in the program do not have terrorist intentions;
• Allow TSA to focus its screener resources on passengers that present a potentially higher risk;
• Retain an element of randomness with regard to secondary screening in order to maintain uncertainty among terrorists who may attempt to thwart the program;
• Protect the privacy of individuals who participate in the program; and
• Make air travel easier for domestic passengers.

Registered Traveler Pilot Programs

Registered Traveler Pilot Programs were initiated in five airports on a staggered basis during the summer of 2004. In partnership with Northwest Airlines, United Airlines, Continental, and American Airlines, TSA established pilot programs at Minneapolis-St. Paul (MSP), Los Angeles (LAX), Houston Intercontinental (IAH), Boston (BOS) and Washington, DC (DCA). Each of the five pilot programs enrolled approximately 2,000people, who were invited to participate by the airlines from among their "very frequent" fliers. Participation was limited to U.S. citizens, U.S. nationals, and permanent legal residents of the U.S. Participation in the program was entirely voluntary. Participants in these five initial pilot programs were not charged a fee.

Participating passengers provided personal biographic (name, address, phone number, date of birth, and in some locations, social security number) and biometric (fingerprint and/or iris scan) information, as well as government-issued identification (passport or driver's license). Maintaining this information in the database allows continuous screening of the travelers as those databases are updated. The validity of the document was verified using electronic document scanners. The biographic information was used to perform a name-based check against a consolidated terrorist screening database. When a participant initiated travel at his/her home airport, his identity and threat status was confirmed using biometric readers at special kiosks located near the TSA security checkpoint. After identity verification at the biometric kiosk, participants went through normal primary TSA screening, but were not subject to random secondary screening. However, if a program participant caused the walk-through metal detector to alarm or an x-ray of his carry-on items indicated the possible presence of prohibited items, additional screening was conducted. Because the pilot programs were designed to test the effectiveness of the technology and operational processes, participants could not be offered the range of expedited screening benefits that might be available under a fully-validated Registered Traveler program. It was critical to ensure that security was not compromised under the pilot programs.

The initial five pilots ended in September 2005. In June 2005, TSA initiated a sub-pilot program at Orlando International Airport (MCO). Consistent with our goal of engaging the private sector in the work of TSA, this sub-pilot (known as the Private Sector Known Traveler Program) is intended to test the feasibility and advantages and disadvantages of using a public-private partnership model for the program. In addition, the sub-pilot is testing whether people are willing to pay a fee to participate in such a program. Under the Orlando sub-pilot, participants pay a fee of $80. The Orlando sub-pilot is expected to continue past January under the terms agreed to by the Greater Orlando Airport Authority and TSA, and to merge with a nationwide Registered Traveler Program when practical.

Lessons Learned Thus Far

An independent evaluation of the five initial pilot programs was conducted by PMA/Booz Allen Hamilton. The evaluation concluded that the Register Traveler concept is viable.

The biometric identity verification technology performed accurately and rapidly under airport conditions. Biometric verification took, on average, approximately 10 seconds. With the use of dual biometrics (fingerprints and iris scan) identification verification was successful 99 percent of the time, a significantly higher success rate than achieved using fingerprints alone. The pilot programs also tested the use of smart card technology versus a card-less option, and concluded that smart card technology would enhance the security, efficiency and technical capacity of the system.

In addition, participants had an overwhelmingly positive impression of the program, and a desire to see the program continued and expanded. Ninety-five percent of the participants surveyed indicated that the system was easy to use; ninety-eight percent supported its continuation. Further, based on the results of the Orlando sub-pilot, we have concluded that the public will accept the involvement of a private company in a Registered Traveler Program that collects and processes biographic and biometric data, and that a fee-based program can attract participants. The elasticity of the fee structure (i.e., the extent to specific fee amount affects enrollment decisions) could not be tested under this model.

Next Steps

TSA is pleased with the results of the five pilot programs that have concluded and look forward to the results of the sub-pilot that is still underway. We are committed to the development of a Registered Traveler Program that will enhance aviation security, ease travel for passengers, and permit TSA to better focus security resources based on risk.

In keeping with Congressional direction and consistent with the results of the pilot and sub-pilot programs, we have established the following operational framework for the Registered Traveler Program:

• TSA will establish the requirements for a security background check and the biometric standards for the program, and will certify participating vendors.
• Program participants will receive benefits commensurate with the background check that is performed.
• The program will provide for interoperability at all Registered Traveler sites from the onset of operations. This means that a Registered Traveler participant must be able to access the program at any airport with a Registered Traveler-enabled checkpoint lane.
• The program will be able to accommodate all eligible enrollees through the use of technology that incorporates biometrics.
• The program will use a public-private partnership model with a clear delineation of responsibilities, and will take advantage of the private sector's ability to adapt operations to meet customer expectations and make rapid capital investment decisions.
• The program will define the role of the Transportation Security Clearinghouse.
• The program will include an element of random security checks in order to deter terrorist attempts to compromise the program.
• The program will be fully funded by fees.
• The program will protect the privacy of participants.

Let me briefly describe a few significant issues that we are currently working to resolve.

Interoperability. Interoperability is defined as creating a biometric system in which the act of verification at any airport draws the same result regardless of the specific hardware and software used at the individual airport. Standards are still evolving for the biometric industry so the challenge will be in defining a system requirement to allow for interoperability while maintaining a level field for competition among manufacturers. In order to ensure that program participants can access the Registered Traveler Program benefits offered at any participating airport, TSA must develop and promulgate technical and policy guidelines prior to program launch. TSA is working with experts throughout DHS, as well as international industry leaders, to ensure that these requirements are fully identified and clearly defined. In addition, we are working with other DHS agencies to determine where systems, equipment and database sharing might be feasible, with a view toward potential future integration with various international travel facilitation programs managed by U.S. Customs and Border Protection (CBP) and the U.S. VISIT Program.

Roles and Responsibilities. TSA is committed to maximizing private sector involvement in the operations of the Registered Traveler Program without compromising security requirements. Potential opportunities for private sector involvement include participant recruitment and marketing, participant enrollment, identity verification at the airport, and vendor qualification verification. TSA is currently working to clearly define these opportunities and the qualifications required to perform these tasks, as well as the legal and contractual agreements required to establish and maintain these relationships. In addition, we are working to appropriately define the roles and responsibilities of the Transportation Security Clearinghouse, and to establish the business processes and technological requirements to meet these requirements.

Passenger Benefits. TSA is currently examining the full range of potential benefits that can be offered to Registered Traveler participants, consistent with risk-based high standards of security. These options range from exempting participants from some current screening requirements, such as the removal of coats and shoes, to providing separate dedicated screening lanes to Registered Travelers as volume permits. To the extent possible, TSA believes that benefits should be consistent across airport environments. However, our ability to provide benefits such as dedicated screening lanes will be limited by the design and space availability at participating airports. In addition, TSA is strongly considering whether a full criminal history records check should be undertaken. We would anticipate that a full criminal records check, when done in conjunction with our collected biometrics, would allow us to better screen applicants to the program and provide them with more significant benefits. In sum, an analysis of both the effect on risk and the feasibility of each potential benefit is necessary prior to establishing a baseline set of benefits that can be guaranteed to program participants.

Program Fees. The establishment of program fees is closely linked to program benefit decisions. People will make decisions regarding enrollment based on both the cost of program participation and the benefits offered. A key premise of the program will be that it is funded entirely through fees. I want to acknowledge and thank Congress for granting DHS the authority to set and collect Registered Traveler fees.

Compatibility. TSA is also examining whether and how to integrate individuals who have security clearances through other programs, as well as whether and how the program can be made compatible with other domestic and international trusted traveler initiatives.

In addition to the factors already discussed, it will also be necessary for TSA to work with the airports to incorporate RT requirements as amendments to their respective Airport Security Plans (ASP). The ASP governs the security measures and responsibilities for an airport. To the extent possible, TSA will provide a template to facilitate this effort. But we also recognize that a degree of customization will be necessary based on the individual security needs at each airport.

In order to make fully informed program decisions, TSA intends to offer an opportunity for public comment to solicit additional ideas and recommendations regarding potential business models and other program elements. We have already informally consulted with stakeholders in the development of these procedures and are eager to move forward as quickly as practical.

As you know, TSA's primary mission is to secure our Nation's transportation systems. The Registered Traveler Pilot Program has demonstrated the viability of using security threat assessments and biometric-based identity verification technology in an airport environment. We believe that a nationwide Registered Traveler program can provide expedited screening for many travelers and enhance aviation security, as well.

Thank you for the opportunity to testify today. We look forward to working with the Subcommittee as we continue our efforts to strengthen homeland security. I will be pleased to answer any questions you may have.