The TSA has issued a “Market Research Announcement” in which the agency expresses a desire to expand its Pre-Check whitelist program by allowing private companies to carry out risk analysis of Americans that would determine whether they are “trusted” enough to participate in the trusted traveler program. This would be a major step toward turning the agency’s Pre-Check whitelist into the insidious kind of passenger profiling system that was proposed under the Bush Administration in the wake of 9/11, and a confirmation of our longstanding warnings that the logic of the risk-assessment approach to security will drive the government toward the use of more and more data on individuals. It would be the most significant of the new initiatives the TSA is looking at this year.
Currently, under Pre-Check, travelers who have attained a certain level within the frequent flier programs of six airlines can apply for the program by providing the government with certain information and, if they are accepted, receive access to expedited security lines. Department of Defense personnel and those with certain security clearances may now also join—and future expansions are inevitable. Although it is currently limited in scope, we have been warning that this kind of program points us down the road of engaging in background checks and discriminatory profiling of passengers. The concept raises knotty questions about fairness; we don’t know who is approved for this program and who is rejected, and based on what data, or what criteria for evaluating that data.
Defenders of Pre-Check point out that it is voluntary. However, as the agency explicitly states in this new document, “TSA desires to maximize appropriate participation in expedited screening initiatives.” In short, it hopes to lighten the screening load as much as possible by enrolling as many people as it can in Pre-Check. That means that ultimately, we face the prospect of a two-class airline security system, or even a system in which simply everyone has a Pre-Check ID, and the hapless group who can’t get one become a security underclass. Then the Pre-Check is adopted for all kinds of other purposes by piggybacking organizations, and like a “voluntary” credit card, it becomes impossible to fully participate in American life without one, and those who are shut out—and they won’t know why—face all kinds of obstacles and disadvantages.
As I discussed in this post, the Bush program, called CAPPS II, would have tapped into commercial data sources to perform background checks on every air passenger, and crunched that data to produce a profile of each traveler’s “risk to aviation.” The initial vision seemed to be to measure individuals’ “rootedness in their community,” measuring such things as how long a person has lived at their current address, held their current job, held a credit rating, etc. Among the numerous problems with this concept, it would have been enormously discriminatory in its impact (African-Americans, for example, tend to move more often than whites), and would have been grossly ineffective in spotting terrorists. (As Bruce Schneier has long pointed out, the danger is that to the extent you exempt some groups from security measures, you open up a pathway for terrorists to join or recruit their way into the program.)
We and others fought this terrible idea, and over several years of battles in Congress and the media, it was renamed “Secure Flight” and basically reduced to watch list checks. A victory of sorts—although the watch list system underpinning Secure Flight continues to be a mess.
Now it is clear that our concerns about Pre-Check sliding back towards some kind of CAPPS II-like profiling system have been warranted. In particular, the agency appears never to have lost its fixation with partnering with private-sector data aggregators to evaluate American citizens. The TSA writes:
TSA is particularly interested in techniques that … use non-governmental data elements to generate an assessment of the risk to the aviation transportation system that may be posed by a specific individual, and to communicate the identity of persons who have successfully passed this risk based assessment to TSA’s Secure Flight.
As I understand it, the concept here is that a company such as a data broker would sift through the enormous volumes of data they store on Americans and come up with a proposed algorithm for judging “the risk to the aviation transportation system” of any given individual. TSA would examine that algorithm, and upon the agency’s approval, the company would be authorized to sell Pre-Check memberships using that algorithm applied to its own data.
For now, the TSA says it “is seeking white papers that successfully demonstrate sound, well-reasoned concepts … to identify ‘known travelers’ pre-screened to a high degree of confidence.” The agency says it wants to allow “entities latitude to do what makes the most sense for them”:
TSA will specify a few common core requirements for process and algorithm content, while encouraging innovation by allowing participating entities to include additional elements in their algorithms as they see fit (as long as they are legal). These hybrid algorithms would have to meet certain performance criteria, described below.
Those criteria include:
The agency outlines a three-phase process for turning these white papers into functioning part of our security system. Phase 1 (30 days) is selection of promising submissions, phase 2 (45-60 days) is prototype implementation, and phase 3 (4-6 months) will be live prototyping on actual passengers at an actual airport.
Aside from the fundamental effectiveness questions of this concept, there are a number of major problems with it from a civil-liberties point of view:
Ultimately, the core problem with Pre-Check remains: it is (as I said here) caught between two possibilities: collecting so little information that it’s useless as a security measure, or so much that it is scarily intrusive. The TSA wants to take a long stride toward the latter. True, by outsourcing the data-crunching function to a private company, the agency won’t be collecting the information itself. That certainly ameliorates some of the privacy problems with the concept—but if anything worsens the other concerns, such as fairness, accuracy, due process, and the role of for-profit companies in providing what are essential government functions. Thwarted in its efforts to tap private databases a decade ago, the agency seems to be edging back toward that concept via a classic Surveillance-Industrial Complex strategy.