Summary

We have been reviewing the Department of Homeland Security's (DHS) Transportation Security Administration's (TSA) efforts to develop and implement the Secure Flight program. The purpose of Secure Flight is to compare information on domestic airline passengers against information on known or suspected terrorists to identify passengers who should undergo additional security scrutiny. As we reported in February and March 2005, to develop Secure Flight, TSA has been conducting tests to compare data from airline reservation systems, such as name and flight number, with data from the government's consolidated terrorist watch lists, which include names of known and suspected terrorists. We also reported that TSA has been testing the use of selected data available from commercial data sources--private companies that maintain records on individual names, addresses, phone numbers, and other information--as a means of verifying the accuracy of passenger-provided data. In this letter, we report on key aspects of TSA's disclosure of its use of personal information during commercial data testing for Secure Flight as required by the Privacy Act, and TSA's actions to more fully disclose its use of personal information. We will continue our assessment of Secure Flight privacy protections as part of our ongoing review of the Secure Flight program.

During the course of our ongoing review of the Secure Flight program, we found that TSA did not fully disclose to the public its use of personal information in its fall 2004 privacy notices as required by the Privacy Act. In particular, the public was not made fully aware of, nor had the opportunity to comment on, TSA's use of personal information drawn from commercial sources to test aspects of the Secure Flight program. In September 2004 and November 2004, TSA issued privacy notices in the Federal Register that included descriptions of how such information would be used. However, these notices did not fully inform the public before testing began about the procedures that TSA and its contractors would follow for collecting, using, and storing commercial data. In addition, the scope of the data used during commercial data testing was not fully disclosed in the notices. Specifically, a TSA contractor, acting on behalf of the agency, collected more than 100 million commercial data records containing personal information such as name, date of birth, and telephone number without informing the public. As a result of TSA's actions, the public did not receive the full protections of the Privacy Act. On June 10, 2005, we briefed TSA on our concerns about privacy protection issues related to Secure Flight testing. TSA officials stated that they recognized the merits of GAO's concerns, and on June 22, 2005, the agency published revised privacy notices to more fully disclose the nature of tests being conducted. The revised notices clarified the purpose of commercial data testing for Secure Flight and expanded the categories of records and individuals covered by the system of records as it applied to commercial data tests. In moving forward, TSA officials stated that they will put procedures in place to ensure that prior to making any change in testing procedures, the TSA Privacy Officer and TSA counsel would be consulted to determine whether a change to TSA's privacy notices would be required to inform the public. TSA officials also stated that no adverse consequences resulted from the use of commercial data because the data were used only in a test environment and not to make passenger prescreening decisions prior to actual flights. TSA officials further stated that data collected from commercial sources will not be used during the initial operation of Secure Flight, which is expected to begin in late 2005 or early 2006. TSA is, however, considering the use of such data in the future, if the data can be shown to improve the ability of Secure Flight to identify known or suspected terrorists.