[Federal Register Volume 69, Number 185 (Friday, September 24, 2004)]
[Notices]
[Pages 57342-57345]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 04-21478]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

[Docket No. TSA-2004-19160]


Reports, Forms, and Recordkeeping Requirements: Agency 
Information Collection Activity Under OMB Review; Secure Flight Test 
Phase

AGENCY: Transportation Security Administration (TSA), Department of 
Homeland Security (DHS).

ACTION: Notice of emergency clearance request.

-----------------------------------------------------------------------

SUMMARY: TSA has submitted a request for emergency processing of a new 
public information collection to the Office of Management and Budget 
(OMB) for review and clearance under the Paperwork Reduction Act of 
1995 (Pub. L. 104-13, 44 U.S.C. 3501, et seq.). This notice announces 
that the Information Collection Request (ICR) abstracted below has been 
forwarded to OMB for review and comment. The purpose of the ICR is to 
facilitate testing of TSA's Secure Flight program, which will prescreen 
airline passengers using information maintained by the Federal 
Government about individuals known or suspected to be engaged in 
terrorist activity and certain other information related to passengers' 
itineraries--specifically, passenger name record (PNR) data. On a 
limited basis, TSA will also test the use of commercial data to 
identify instances in which passenger information is incorrect or 
inaccurate. TSA does not assume that the result of comparison of 
passenger information to commercial data is determinative of 
information accuracy or the intent of the person who provided the 
passenger information.
    In order to test the Secure Flight program, TSA is proposing to 
issue an order to all domestic aircraft operators directing them to 
submit a limited set of historical passenger name records to TSA. The 
ICR describes the nature of

[[Page 57343]]

the information collection and its expected burden.

DATES: Send your comments by October 25, 2004. A comment to OMB is most 
effective if OMB receives it within 30 days of publication.

ADDRESSES: Comments may be faxed to the Office of Information and 
Regulatory Affairs, Office of Management and Budget, Attention: DHS-TSA 
Desk Officer, at (202) 395-5806.

FOR FURTHER INFORMATION CONTACT: Conrad Huygen, Office of 
Transportation Security Policy, TSA-9, Transportation Security 
Administration, 601 South 12th Street, Arlington, VA 22202-4220; 
telephone (571) 227-3250; facsimile (571) 227-1954; e-mail 
[email protected].

SUPPLEMENTARY INFORMATION:

Background

    TSA currently performs passenger and baggage screening with 
screening personnel and equipment at the nation's airports. This 
screening is supplemented by a system of computer-based passenger 
screening known as the Computer-Assisted Passenger Prescreening System 
(CAPPS), which is operated by U.S. aircraft operators. CAPPS analyzes 
information in passenger name records (PNRs) using certain evaluation 
criteria in order to determine whether a passenger or his property 
should receive a higher level of security screening prior to boarding 
an aircraft. A PNR is a record that contains detailed information about 
an individual's travel on a particular flight, including information 
provided by the passenger when making the flight reservation. Though 
the content of PNRs varies among airlines, PNRs may include, among 
other information: (1) Passenger name; (2) reservation date; (3) travel 
agency or agent; (4) travel itinerary information; (5) form of payment; 
(6) flight number; and (7) seating location. Operationally, CAPPS is 
not a single system. CAPPS is programmed into the separate computer 
systems through which airline passenger reservations are made.
    Passenger prescreening also involves the comparison of identifying 
information of airline passengers against lists of individuals known to 
pose or suspected of posing a threat to civil aviation or national 
security. Aircraft operators currently carry out this function, using 
lists provided by TSA. Because the lists are provided in an 
unclassified form, the amount of information that they include is 
limited.
    After a lengthy review of the initial plans for a successor system 
to CAPPS, and consistent with a recommendation of the National 
Commission on Terrorist Attacks upon the United States (9/11 
Commission), the Department of Homeland Security is moving forward with 
a next-generation system of domestic passenger prescreening, called 
``Secure Flight,'' that meets the following goals: (1) Identifying, in 
advance of flight, passengers known or suspected to be engaged in 
terrorist activity; (2) moving passengers through airport screening 
more quickly and reducing the number of individuals unnecessarily 
selected for secondary screening; and (3) fully protecting passengers' 
privacy and civil liberties.

Secure Flight Description

    Secure Flight will involve the comparison of information in PNRs 
for domestic flights to names in the Terrorist Screening Database 
(TSDB) maintained by the Terrorist Screening Center (TSC), including 
the expanded TSA No-Fly and Selectee Lists, in order to identify 
individuals known or suspected to be engaged in terrorist activity. TSA 
will apply, within the Secure Flight system, a streamlined version of 
the existing CAPPS rule set related to suspicious indicators associated 
with travel behavior, as identified in passengers' itinerary-specific 
PNR. This should provide a security benefit, while at the same time 
improving the efficiency of the pre-screening process and reducing the 
number of persons selected for secondary screening. TSA will also build 
a ``random'' element into the new program to protect against those who 
might seek to reverse-engineer the system.
    The Secure Flight program is fully consistent with the 
recommendation in the final report of the 9/11 Commission, which states 
at page 392:

    ``[I]mproved use of ``no-fly'' and ``automatic selectee'' lists 
should not be delayed while the argument about a successor to CAPPS 
continues. This screening function should be performed by TSA and it 
should utilize the larger set of watch lists maintained by the 
Federal Government. Air carriers should be required to supply the 
information needed to test and implement this new system.''

    Expansion of these lists to include information not previously 
included for security reasons will be possible as integration and 
consolidation of the information related to individuals known or 
suspected to be engaged in terrorist activity maintained by TSC is 
completed and the U.S. Government assumes the responsibility for 
administering the watch list comparisons. Secure Flight will automate 
the vast majority of watch list comparisons; will allow TSA to apply 
more consistent procedures where automated resolution of potential 
matches is not possible; and will allow for more consistent response 
procedures at airports for those passengers identified as potential 
matches.

Secure Flight Testing Phase

    Secure Flight represents a significant step in securing domestic 
air travel and safeguarding terrorism related national security 
information. It will dramatically improve the administration of 
comparisons of passenger information with data maintained by TSC and 
will reduce the long-term costs to air carriers and passengers 
associated with maintaining the present system, which is operated 
individually by each air carrier that flies in the United States.
    However, such comparisons will not permit TSA to identify passenger 
information that is incorrect or inaccurate. For this reason and on a 
very limited basis, in addition to testing TSA's ability to compare 
passenger information with data maintained by TSC, TSA will separately 
test the use of commercial data to determine if use of such data is 
effective in identifying passenger information that is incorrect or 
inaccurate. This test will involve commercial data aggregators who 
provide services to the banking, home mortgage and credit industries. 
These procedures will be governed by strict privacy and data security 
protections. TSA will not store the commercially available data that 
would be used by commercial data aggregators. TSA will use this test of 
commercial data to determine whether such use: (1) Could accurately 
identify when passengers' information is inaccurate or incorrect; (2) 
would not result in inappropriate differences in treatment of any 
protected category of persons; and (3) could be governed by data 
security safeguards and privacy protections that are sufficiently 
robust to ensure that commercial entities or other unauthorized 
entities do not gain access to passenger personal information and to 
ensure that the government does not gain inappropriate access to 
sensitive personal information. TSA will defer any decision of whether 
commercial data will be used in its prescreening programs, such as 
Secure Flight, until a thorough assessment of test results is completed 
and until the agency publishes a new System of Records Notice 
announcing how commercial data might be used and individuals' privacy 
will be protected.
    In order to obtain the passenger information necessary to test the 
Secure Flight program, TSA proposes to issue

[[Page 57344]]

an order to all domestic aircraft operators directing them to submit a 
limited set of historical PNRs to TSA that cover commercial scheduled 
domestic flights. The order covers PNRs with domestic flight segments 
completed in the month of June 2004. However, the order will exclude 
those PNRs with flight segments that occurred after June 30, 2004. The 
purpose of this limitation is to ensure that during the test phase, TSA 
does not obtain any information about future travel plans of passengers 
on domestic flights. The order also proposes to exclude PNR flight 
segments to or from the United States. TSA requests comments from all 
interested parties on this proposed order. The text of the proposed 
order is set forth below:

TRANSPORTATION SECURITY ADMINISTRATION ORDER

    Pursuant to the authority vested in me as Assistant Secretary of 
Homeland Security (Transportation Security Administration) (TSA) by 
delegation from the Secretary of Homeland Security, 49 U.S.C. 
40113(a), and other authorities described below, I hereby direct 
[U.S. aircraft operator] to provide passenger name records (PNRs) to 
TSA in accordance with the terms of this order.

Background and Authority

    1. The Secretary of Homeland Security has delegated to the 
Assistant Secretary of Homeland Security (TSA), subject to the 
Secretary's guidance and control, the authority vested in the 
Secretary by section 403(2) of the Homeland Security Act (HSA) 
respecting TSA, including that related to civil aviation security 
under the Aviation and Transportation Security Act (ATSA).
    2. Under 49 U.S.C. 114(e)(1) and 44901(a), TSA is responsible 
for, among other things, providing for the screening of passengers 
traveling in air transportation and intrastate air transportation.
    3. One component of passenger screening is the Computer-Assisted 
Passenger Prescreening System (CAPPS), an automated screening system 
developed by the Federal Aviation Administration (FAA) in 
cooperation with U.S. aircraft operators. U.S. aircraft operators 
implemented CAPPS in 1997.
    4. CAPPS analyzes information in PNRs using certain evaluation 
criteria in order to determine whether a passenger will be selected 
for a higher level of security screening prior to boarding. A PNR is 
a record that contains detailed information about an individual's 
travel on a particular flight, including information provided by the 
individual when making the flight reservation. While the Federal 
Government established the CAPPS selection criteria, CAPPS is 
operated entirely by U.S. aircraft operators.
    5. Passenger prescreening also involves the comparison of 
identifying information of airline passengers against lists of 
individuals known to pose or suspected of posing a threat to civil 
aviation or national security. Aircraft operators currently carry 
out this function, using lists provided by TSA. Because the lists 
are provided in an unclassified form, the amount of information they 
include is limited. For this reason, TSA will take over from 
aircraft operators the function of screening passengers against such 
lists and use a larger set of data maintained by the Federal 
Government for this purpose. This is consistent with the 
recommendation by the National Commission on Terrorist Attacks upon 
the United States (9/11 Commission) related to the use of expanded 
``No-Fly'' and ``Automatic Selectee'' lists, and the 9/11 Commission 
recommendation that aircraft operators be required to supply the 
information needed to test and implement such a system.
    6. Under 49 U.S.C. 114(f)(8), TSA has authority to identify and 
undertake research and development activities necessary to enhance 
transportation security.
    7. In accordance with the authority in 49 U.S.C. 44903(j)(2), 
TSA is in the process of developing a successor system to CAPPS that 
will be operated entirely by TSA and will incorporate the screening 
of passengers against data maintained by the Terrorist Screening 
Center (TSC) about individuals known or reasonably suspected to be 
or have been engaged in conduct constituting, in preparation for, in 
aid of, or related to terrorism.
    8. In order to test such a system, TSA must have access to 
information contained in the PNRs for domestic passenger flights.
    9. TSA has broad authority under 49 U.S.C. 40113(a) to issue 
orders necessary to carry out its functions, including its 
responsibility to provide for the security screening of passengers 
under 49 U.S.C. 114(e)(1) and 44901(a), as well as its power to 
identify and undertake research and development activities necessary 
to enhance transportation security under 49 U.S.C. 114(f)(8).

Findings

    10. The security pre-screening of passengers, as mandated by 
Congress, is vital to aviation security and the national security.
    11. After a lengthy review of the initial plans for a successor 
system to CAPPS, and consistent with the recommendation of the 9/11 
Commission, the Department of Homeland Security is moving forward 
with a next generation system of domestic passenger prescreening 
that meets the following goals: (1) Identifying, in advance of 
flight, passengers known or suspected to be engaged in terrorist 
activity; (2) moving of passengers through airport screening more 
quickly and reducing the number of individuals unnecessarily 
selected for secondary screening; and (3) fully protecting 
passengers' privacy and civil liberties.
    12. In the revised program, known as Secure Flight, TSA will 
compare information in airline PNRs for domestic flights to 
information in the Terrorist Screening Database (TSDB) at TSC, 
including expanded TSA No-Fly and Selectee lists, in order to 
identify individuals known or suspected to be engaged in terrorist 
activity. The Secure Flight program also will analyze information in 
PNRs using a streamlined version of the existing CAPPS evaluation 
criteria. TSA will use the PNRs obtained under this order to test 
these aspects of the program.
    13. TSA also will test whether comparing passenger information 
to other commercially available data can help identify passenger 
information that is inaccurate or incorrect.
    14. In order to develop and test such a system, TSA must obtain 
PNRs from aircraft operators.
    15. Therefore, TSA is issuing this order to aircraft operators 
directing them to provide PNRs for testing of a new passenger 
prescreening system.

Action Ordered

    16. On October 29, 2004, the aircraft operator must submit to 
its Principal Security Inspector (PSI) all PNRs with flight segments 
flown during the month of June 2004 that reflect itineraries of 
passengers for transport by the aircraft operator on a scheduled 
flight within the United States, in operations subject to a full 
security program under 49 CFR 1544.101(a).
    17. Within seven days of the date of this order, the aircraft 
operator must submit to the PSI a plan for meeting the requirement 
in paragraph 16.
    18. The aircraft operator must exclude the following from the 
set of PNRs submitted to its PSI:
    a. Any PNR reflecting an itinerary that includes one or more 
flight segments that have not been completed on or before June 30, 
2004;
    b. Any flight segment from a PNR that represents one or more 
flight segments to or from the United States; and
    c. Information related to changes in the PNR prior to completion 
of the flight itinerary (PNR history).
    19. The aircraft operator must include in the set of PNRs 
submitted to its PSI:
    a. Any PNRs reflecting itineraries that were cancelled in whole 
or in part; and
    b. All active fields from each PNR.
    20. For purposes of this order, the term United States includes 
U.S. territories and possessions.
    21. For purposes of this order, the term ``PNR'' means the 
electronic record maintained by the aircraft operator detailing 
information about an individual's travel on a particular flight and 
any other information contained in that record.
    22. The aircraft operator must provide the PNRs to the PSI on 
optical media in an unpacked or uncompressed form, in a structured 
data format or XML, if available.
    23. The aircraft operator must provide to the PSI information 
about the aircraft operator's PNR data schema and layout, such as a 
PNR format book and a data dictionary that includes all acronyms and 
codes used in the PNRs, including any acronyms or codes not standard 
to the International Air Transport Association.

Information Collection

Transportation Security Administration (TSA)

    Title: Secure Flight Testing Phase.
    Type of Request: Emergency processing request of new collection.
    OMB Control Number: Not yet assigned.

[[Page 57345]]

    Form(s): None.
    Affected Public: Business or other for-profit; each aircraft 
operator conducting scheduled flights within the United States in 
operations subject to a full security program under 49 CFR 1544.101(a).
    Abstract: In order to test the Secure Flight concept, TSA will 
collect from the aircraft operators historical PNR data for all flights 
completed during the month of June 2004 that reflect itineraries of 
passengers for transport by the aircraft operator on a scheduled flight 
within the United States in operations subject to a full security 
program under 49 CFR 1544.101(a).
    TSA will compare passengers' identifying information in the PNRs 
for domestic flights to data maintained in the Terrorist Screening 
Database (TSDB), including expanded TSA No-Fly and Selectee lists, in 
order to test the ability to identify individuals known or reasonably 
suspected to be or have been engaged in conduct constituting, in 
preparation for, in aid of, or related to terrorism. On a limited 
basis, TSA also will use the information in PNRs to test the use of 
commercial data to determine if it is effective in identifying 
passengers' information that is incorrect or inaccurate.
    Number of Respondents: 77.
    Estimated Annual Burden Hours: 10,850.
    Estimated Annual Cost: $810,000.
    TSA is soliciting comments to--
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology.

    Issued in Arlington, Virginia, on September 21, 2004.
Lisa S. Dean,
Privacy Officer.
[FR Doc. 04-21478 Filed 9-21-04; 12:58 pm]
BILLING CODE 4910-62-P