Frequently Asked Questions
Office of Privacy Policy and Compliance
Traveler Redress | Frequently Asked Questions | DHS Privacy Office
Watch Lists
I have been selected for secondary screening. Does that mean I am on a watch list?
No, not necessarily. There are several reasons why individuals may be selected for secondary screening. Random selection is a significant component of TSA security measures. Further, you may have been selected based on factors under CAPPS, may have set off an alarm at the checkpoint, or may have a name similar to a person on a watch list.
What are the watch lists?
Historically, nine government agencies maintained watch lists with names of known or suspected terrorists and criminals. Two of these lists, the "No Fly" and "Selectee" lists were maintained by TSA. The "No Fly" list is a list of individuals who are prohibited from boarding an aircraft. The "Selectee" list is a list of individuals who must undergo additional security screening before being permitted to board an aircraft. After 9/11 the Terrorist Screening Center (TSC) was created through a Presidential Directive to be administered by the Federal Bureau of Investigation, U.S. Department of Justice, in cooperation with the Departments of Homeland Security, Defense, State, and Treasury, as well as the Central Intelligence Agency. The purpose for the TSC is to consolidate terrorism based watch lists in one central database, the Terrorist Screening Center Database (TSDB), and make that data available for use in screening. Intelligence and law enforcement agencies nominate individuals to be put on the watch list based on established criteria, with the list maintained by the TSC. TSA's "No-Fly" and "Selectee" lists are subsets of the TSDB and are maintained by the TSC.
For TSC FAQs, please see: http://www.fbi.gov/terrorinfo/counterrorism/faqs.htm
Can individuals who feel that they must have a name similarity to people on the "No Fly" and "Selectee" lists get help to minimize inconvenience at airport screening checkpoints?
Yes. TSA established the Office of Transportation Security Redress (OTSR) to aid passengers who experience delays at the airport screening checkpoint because of a name similiarity. The Office has developed a process for people to resolve potential name matches. Individuals who are in need of assistance can get more information and/or begin the process by going to TSA's website www.tsa.gov.
Secure Flight
What is Secure Flight and how does it relate to prior efforts for CAPPS II?
Secure Flight is a program being developed to comply with the Intelligence Reform and Terrorism Prevention Act, and the recommendations of the 9/11 Commission, both of which mandated that TSA assume the passenger pre-screening function from the airlines. Responsibility for watch list matching is intended to permit TSA to control the information it uses for screening and to enhance the security of that information. It will also allow TSA to improve screening procedures and allow for more consistent procedures across airports for passengers identified as potential matches.
In designing Secure Flight, the Department of Homeland Security took into consideration the privacy concerns raised during the development of CAPPS II. Secure Flight will be a more focused check of passenger information against a consolidated Federal watch list maintained by the Terrorist Screening Center. It will not be used to check for outstanding wants and warrants nor will it use a risk assessment algorithm as CAPPS II was designed to do. Secure Flight does not use commercial data for identity verification.
Can I request records relating to me from the Secure Flight Test System?
Yes. Beginning in August 2005, several advocacy groups encouraged individuals to submit requests for their records under the Secure Flight Test System. Because the Secure Flight program is still under development and the only records within TSA's possession are in a format originally supplied by the participating air carriers, TSA does not have the capability to perform a simple computer based search to locate any responsive records. Instead, TSA must search by individual air carrier, then manually process any name matches to determine if the information in the record is the requesters. This is a lengthy process that involves sorting through several different fields of data. Because the program is in the development process, there are no threat analysis records or other similar records regarding any individual passenger. Thus, the records potentially responsive to a request will contain only the data provided by the air carrier, which varies by air carrier but generally is limited to name, contact phone number, address, and flight itinerary. Commercial data used to test the utility of commercial data in verifying passenger identity was destroyed pursuant to a government wide records retention schedule and in keeping with the Privacy Act's requirement that agencies only retain data that is relevant and necessary. Once the data was no longer needed for the test or to respond to any outstanding information requests from the public, TSA directed the destruction using two party controlled material destruction methods and degaussing of electronic records.
Registered Traveler
What is Registered Traveler?
The Registered Traveler program is a voluntary program designed to expedite security screening for passengers who are willing to provide biometric and other data to provide an elevated sense of assurance that they actually are the individual they claim to be, and undergo a security threat assessment.
To be part of the Registered Traveler program, volunteer participants provide biographic information and a biometric identifier to TSA and undergo a security threat. Participation by the individual traveler will be entirely voluntary. If individuals don't want to participate in Registered Traveler, they can simply continue to go through the normal screening process they currently go through at the airports.
Does TSA plan to make Registered Traveler a mandatory program in the future?
No. Registered Traveler will be offered by the private sector with TSA largely playing a facilitating role by setting program standards and security measures. It is not expected that RT will become a mandatory program at any time in the future, but will continue to be a voluntary program with the private sector offering benefits and incentives to participants.
Will individuals who are not Registered Travelers undergo greater scrutiny at the airports?
No. Registered Traveler is a voluntary program designed to benefit individuals who wish to undergo expedited security screening at the airport checkpoints. Individuals who do not wish to participate in the Registered Traveler program will continue to go through the normal security screening process at the airport and should experience no difference in that process.
TSA Privacy
How has TSA evaluated the privacy impact that the Transportation Worker Identification Credential (TWIC) might have on individuals?
TSA is well aware of the sensitive nature of biometrics and examined various methods on how to most effectively mitigate privacy risk to determine what would provide the strongest protection for individuals' personal information.
TSA published a Privacy Impact Assessment on the TWIC Program based on the Notice of Proposed Rulemaking for the program. That PIA may be revised in response to public comments prior to implementation of the Final Rule. In short, in order to protect individual privacy and data integrity, the TWIC was designed to include only the applicant's name and photograph on the card, and biometric data (fingerprint templates) and a PIN to be stored on the card's integrated circuit chips. The fingerprint template stored on the credential cannot be used to develop a fingerprint image. The TWIC card system enables the use of biometrics to verify access rights rather than storing extensive amounts of personal information on the card. The credential cannot be read unless there is mutual authentication between the credential and the reader. No data will be transmitted beyond the local facility when the credential is read. Biometric data is PIN-protected on the contact chip. The data stored in the various technologies used in the credential, such as magnetic stripe, and contactless chip technologies is protected in accordance with Federal Information Processing Standard (FIPS) 201-1. FIPS 201-1 provides detailed requirements for Personal Identity Verification programs required to comply with Homeland Security Presidential Directive-12.
How is TSA addressing the issue of privacy protection and RFID?
TSA currently has no plans to use RFID to monitor individuals. Because RFID have the potential for significant privacy impact, the TSA Office of Privacy Policy & Compliance will closely monitor any proposals for RFID use to mitigate impacts on individual privacy.
How can TSA ensure the security of personal information it collects?
TSA takes a number of steps to ensure the security of personal information it collects about individuals. TSA's Office of Privacy Policy & Compliance collaborates with the Chief Information Security Office (CISO) to work with program offices during the design and implementation of systems to ensure compliance with the Federal Information Security Management Act (FISMA) and the Privacy Act, 5 U.S.C. §552a. In addition to design and implementation standards, the CISO ensures that the systems are secured against unauthorized use through the use of a layered, defense-in-depth security approach involving procedural and information security safeguards as mandated by FISMA following National Institute of Standards and Technology (NIST) guidance. Periodic audits of systems are undertaken.TSA ensures personnel accessing the system have security training commensurate with their duties and responsibilities. All personnel are trained through TSA's Security and Awareness Training Program as well as Privacy Training when they join the organization and periodically thereafter. The status of personnel who have completed the training is reported on a monthly basis.
Has TSA exempted itself from the Privacy Act?
No. The Privacy Act permits Federal agencies to exempt some of its systems of records from some provisions of the Privacy Act. For example, where a system contains information about a law enforcement investigation, TSA exempts access to the records to prevent the subjects of an investigation from learning of the existence of or content of the investigation.
What are TSA's policies regarding pat-downs and how are they serving a security need?
TSA expanded its pat down procedures to strengthen its ability to detect explosives at the security checkpoints. Transportation security officers (TSOs) use the front of the hand to screen a passenger's entire back and abdomen, the arms from shoulder to wrist and legs from mid-thigh to ankle. TSOs communicate with the passenger and explain the process prior to conducting the search. Pat-downs are conducted by TSOs of the same gender whenever possible and private screenings are available at the passenger's request. Patting down the chest area may be conducted if there is an alarm from a hand-held metal detector or an irregularity in the person's clothing outline. TSOs conduct the inspections in a professional, respectful manner, while maintaining the highest security standards.
