[Federal Register Volume 72, Number 163 (Thursday, August 23, 2007)]
[Proposed Rules]
[Pages 48355-48391]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-15960]



[[Page 48355]]

-----------------------------------------------------------------------

Part III





Department of Homeland Security





-----------------------------------------------------------------------



Transportation Security Administration



-----------------------------------------------------------------------



49 CFR Parts 1507, 1540, 1544, and 1560



 Secure Flight Plan; Proposed Rule



Privacy Act of 1974: System of Records; Secure Flight Plans; Notice



Privacy Act of 1974: Implementation of Exemptions; Secure Flight 
Records; Proposed Rule

Federal Register / Vol. 72, No. 163 / Thursday, August 23, 2007 / 
Proposed Rules

[[Page 48356]]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

49 CFR Parts 1540, 1544, and 1560

[Docket No. TSA-2007-28572]
RIN 1652-AA45


Secure Flight Program

AGENCY: Transportation Security Administration, DHS.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Intelligence Reform and Terrorism Prevention Act (IRTPA) 
requires the Department of Homeland Security (DHS) to assume from 
aircraft operators the function of conducting pre-flight comparisons of 
airline passenger information to Federal Government watch lists for 
international and domestic flights. The Transportation Security 
Administration (TSA) is currently developing the Secure Flight program 
and issuing this rulemaking to implement this congressional mandate.
    This rule proposes to allow TSA to begin implementation of the 
Secure Flight program, under which TSA would receive passenger and 
certain non-traveler information, conduct watch list matching against 
the No Fly and Selectee portions of the Federal Government's 
consolidated terrorist watch list, and transmit boarding pass printing 
instructions back to aircraft operators. TSA would do so in a 
consistent and accurate manner while minimizing false matches and 
protecting privacy information.
    Also in this volume of the Federal Register, U.S. Customs and 
Border Protection (CBP) is publishing a final rule to implement pre-
departure advance passenger and crew manifest requirements for 
international flights and voyages departing from or arriving into the 
United States, using CBP's Advance Passenger Information System (APIS). 
These rules are related. We propose that, when the Secure Flight rule 
becomes final, aircraft operators would submit passenger information to 
DHS through a single DHS portal for both the Secure Flight and APIS 
programs. This would allow DHS to integrate the watch list matching 
component of APIS into Secure Flight, resulting in one DHS system 
responsible for watch list matching for all aviation passengers.

DATES: Submit comments by October 22, 2007.

ADDRESSES: You may submit comments, identified by the TSA docket number 
to this rulemaking, using any one of the following methods:
    Comments Filed Electronically: You may submit comments through the 
docket Web site at http://dms.dot.gov. You also may submit comments 
through the Federal eRulemaking portal at http://www.regulations.gov.
    Comments Submitted by Mail, Fax, or In Person: Address or deliver 
your written, signed comments to the Docket Management System at: U.S. 
Department of Transportation, Docket Operations, M-30, West Building 
Ground Floor, Room W12-140, 1200 New Jersey Ave., SE., Washington, DC 
20590; Fax: 202-493-2251.
    See SUPPLEMENTARY INFORMATION for format and other information 
about comment submissions.

FOR FURTHER INFORMATION CONTACT: Kevin Knott, Policy Manager, Secure 
Flight, Office of Transportation Threat Assessment and Credentialing, 
TSA-19, Transportation Security Administration, 601 South 12th Street, 
Arlington, VA 22202-4220, telephone (240) 568-5611.

SUPPLEMENTARY INFORMATION:

Comments Invited

    TSA invites comments relating to the appropriateness, 
effectiveness, and any economic, environmental, energy, or federalism 
impacts resulting from the required provisions of this rulemaking. 
Interested persons may do this by submitting written comments, data, or 
views. See ADDRESSES above for information on where to submit comments.
    With each comment, please include your name and address, identify 
the docket number at the beginning of your comments, and give the 
reason for each comment. The most helpful comments reference a specific 
portion of the rulemaking, explain the reason for any recommended 
change, and include supporting data. You may submit comments and 
material electronically, in person, by mail, or fax as provided under 
ADDRESSES, but please submit your comments and material by only one 
means. If you submit comments by mail or delivery, submit them in two 
copies, in an unbound format, no larger than 8.5 by 11 inches, suitable 
for copying and electronic filing.
    If you want TSA to acknowledge receipt of comments submitted by 
mail, include with your comments a self-addressed, stamped postcard on 
which the docket number appears. We will stamp the date your comments 
were received on the postcard and mail it to you.
    TSA will file in the public docket all comments received by TSA, 
except for comments containing confidential information and sensitive 
security information (SSI).\1\ TSA will consider all comments received 
on or before the closing date for comments and will consider comments 
filed late to the extent practicable. The docket is available for 
public inspection before and after the comment closing date.
---------------------------------------------------------------------------

    \1\ ``Sensitive Security Information'' or ``SSI'' is information 
obtained or developed in the conduct of security activities, the 
disclosure of which would constitute an unwarranted invasion of 
privacy, reveal trade secrets or privileged or confidential 
information, or be detrimental to the security of transportation. 
The protection of SSI is governed by 49 CFR part 1520.
---------------------------------------------------------------------------

Handling of Confidential or Proprietary Information and Sensitive 
Security Information (SSI) Submitted in Public Comments

    Do not submit comments that include trade secrets, confidential 
commercial or financial information, or SSI to the public regulatory 
docket. Please submit such comments separately from other comments on 
the rulemaking. Comments containing this type of information should be 
appropriately marked as containing such information and submitted by 
mail to the address listed in FOR FURTHER INFORMATION CONTACT section.
    Upon receipt of such comments, TSA will not place the comments in 
the public docket and will handle them in accordance with applicable 
safeguards and restrictions on access. TSA will hold them in a separate 
file to which the public does not have access, and place a note in the 
public docket that TSA has received such materials from the commenter. 
If TSA receives a request to examine or copy this information, TSA will 
treat it as any other request under the Freedom of Information Act 
(FOIA) (5 U.S.C. 552) and the Department of Homeland Security's (DHS) 
FOIA regulation found in 6 CFR part 5.

Reviewing Comments in the Docket

    Please be aware that anyone is able to search the electronic form 
of all comments received into any of our dockets by the name of the 
individual submitting the comment (or signing the comment, if submitted 
on behalf of an association, business, labor union, etc.). You may 
review the applicable Privacy Act Statement published in the Federal 
Register on April 11, 2000 (65 FR 19477), or you may visit http://dms.dot.gov.
    You may review the comments in the public docket by visiting the 
Dockets Office between 9 a.m. and 5 p.m., Monday through Friday, except 
Federal holidays. The Dockets Office is located

[[Page 48357]]

in the West Building Ground Floor, Room W12-140, at the Department of 
Transportation address, previously provided under ADDRESSES. Also, you 
may review public dockets on the Internet at http://dms.dot.gov.

Availability of Rulemaking Document

    You can get an electronic copy using the Internet by--
    (1) Searching the Department of Transportation's electronic Docket 
Management System (DMS) Web page (http://dms.dot.gov/search);
    (2) Accessing the Government Printing Office's Web page at http://www.gpoaccess.gov/fr/index.html; or
    (3) Visiting TSA's Security Regulations Web page at http://www.tsa.gov and accessing the link for ``Research Center'' at the top 
of the page.
    In addition, copies are available by writing or calling the 
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to 
identify the docket number of this rulemaking.

Abbreviations and Terms Used in This Document

APIS--Advance Passenger Information System
ATSA--Aviation and Transportation Security Act
AOIP--Aircraft Operator Implementation Plan
CBP--U.S. Customs and Border Protection
DHS--Department of Homeland Security 2005 DHS Appropriations Act--
Department of Homeland Security Appropriations Act, 2005
2007 DHS Appropriations Act--Department of Homeland Security 
Appropriations Act, 2007
DHS TRIP--Department of Homeland Security Traveler Redress Inquiry 
Program
FBI--Federal Bureau of Investigation
FOIA--Freedom of Information Act
GAO--Government Accountability Office
HSPD--Homeland Security Presidential Directive
IATA--International Air Transport Association
IRTPA--Intelligence Reform and Terrorism Prevention Act of 2004
PNR--Passenger Name Record
PRI--Passenger Resolution Information
PIA--Privacy Impact Assessment
SFPD--Secure Flight Passenger Data
SSI--Sensitive Security Information
SORN--System of Records Notice
TSA--Transportation Security Administration
TSC--Terrorist Screening Center
TSDB--Terrorist Screening Database

Outline of Notice of Proposed Rulemaking

I. Background
    A. Current Watch List Matching
    1. Watch List Matching for Domestic Flights
    2. Watch List Matching for International Flights
    B. Secure Flight Program Summary
    C. Implementation Stages of Secure Flight
    1. Implementation of Secure Flight for Domestic Flights
    2. Implementation of Secure Flight for International Flights
    D. Privacy Documents
    E. Secure Flight Testing and Information Collection Requirements
    1. Secure Flight Testing
    2. Information Collection Requirements
    F. The Watch List Matching Process Under Secure Flight
    G. Operational Testing of Secure Flight
    H. Proposed Compliance Schedule
    I. Additional Issues Under Consideration and Open to Public 
Comment
    1. Data Elements
    2. Identification Requirements
    J. Department of Homeland Security Appropriations Act
II. Section-by-Section Analysis
III. Regulatory Analyses
    A. Paperwork Reduction Act
    B. Regulatory Impact Analyses
    1. Regulatory Evaluation Summary
    2. Executive Order 12866 Assessment
    3. Regulatory Flexibility Act Assessment
    4. International Trade Impact Assessment
    5. Unfunded Mandates Assessment
    C. Executive Order 13132, Federalism
    D. Environmental Analysis
    E. Energy Impact Analysis
List of Subjects
The Proposed Amendments

I. Background

    TSA performs passenger and baggage screening at the Nation's 
commercial airports.\2\ Aircraft operators currently supplement this 
security screening by performing passenger watch list matching using 
the Federal No Fly and Selectee Lists, as required under security 
directives that TSA issued following the terrorist attacks of September 
11, 2001. Aircraft operators also conduct this watch list matching 
process for non-traveling individuals authorized to enter the sterile 
area \3\ of an airport in order to escort a passenger or for some other 
purpose approved by TSA.
---------------------------------------------------------------------------

    \2\ See the Aviation and Transportation Security Act (ATSA) 
(Pub. L. 107-71, 115 Stat. 597, Nov. 19, 2001).
    \3\ ``Non-traveling individual'' would be defined in this Notice 
of Proposed Rulemaking as an individual to whom a covered aircraft 
operator or covered airport operator seeks to issue an authorization 
to enter the sterile area of an airport in order to escort a minor 
or a passenger with disabilities or for some other purpose permitted 
by TSA. It would not include employees or agents of airport or 
aircraft operators or other individuals whose access to a sterile 
area is governed by another TSA regulation or security directive. 
Proposed 49 CFR 1560.3.
    ``Sterile area'' is defined as a portion of airport defined in 
the airport security program that provides passengers access to 
boarding aircraft and to which the access generally is controlled by 
TSA, or by an aircraft operator under part 1544 of this chapter or a 
foreign air carrier under part 1546 of this chapter, through the 
screening of persons and property. 49 CFR 1540.5.
---------------------------------------------------------------------------

    The Intelligence Reform and Terrorism Prevention Act of 2004 
(IRTPA) requires TSA to assume from air carriers the comparison of 
passenger information to the automatic Selectee and No Fly Lists and to 
utilize all appropriate records in the consolidated and integrated 
watch list that the federal government maintains.\4\ The final report 
of the National Commission on Terrorist Attacks Upon the United States 
(9/11 Commission Report) recommends that the watch list matching 
function ``should be performed by TSA and it should utilize the larger 
set of watch lists maintained by the Federal Government.'' See 9/11 
Commission Report at 393.
---------------------------------------------------------------------------

    \4\ Pub. L. 108-458, 118 Stat. 3638, Dec. 17, 2004.
---------------------------------------------------------------------------

    Consequently, pursuant to Sec.  4012(a) of the IRTPA, TSA is 
issuing this NPRM to propose implementation of the Secure Flight 
program. Under the program, TSA would receive passenger and certain 
non-traveler information from aircraft operators, conduct watch list 
matching, and transmit watch list matching results back to aircraft 
operators.
    The purpose of the Secure Flight program is to assume the watch 
list matching function from aircraft operators and to more effectively 
and consistently prevent certain known or suspected terrorists from 
boarding aircraft where they may jeopardize the lives of passengers and 
others. The program is designed to better focus enhanced passenger 
screening efforts on individuals likely to pose a threat to civil 
aviation, and to facilitate the secure and efficient travel of the vast 
majority of the traveling public by distinguishing them from 
individuals on the watch list.
    In general, the Secure Flight program would compare passenger 
information only to the No Fly and Selectee List components of the 
Terrorist Screening Database (TSDB), which contains the Federal 
Government's consolidated terrorist watch list, maintained by the 
Terrorist Screening Center (TSC).\5\ However, as recommended by the 9/
11

[[Page 48358]]

Commission, TSA may use ``the larger set of watch lists maintained by 
the Federal Government,'' when warranted by security considerations. 
For example, TSA may learn that flights on a particular route may be 
subject to increased security risk. If this happens, TSA may decide to 
compare passenger information on some or all of the flights on that 
route against the full TSDB or other government databases, such as 
intelligence or law enforcement databases.
---------------------------------------------------------------------------

    \5\ The TSC was established by the Attorney General in 
coordination with the Secretary of State, the Secretary of Homeland 
Security, the Director of the Central Intelligence Agency, the 
Secretary of the Treasury, and the Secretary of Defense. The 
Attorney General, acting through the Director of the Federal Bureau 
of Investigation (FBI), established the TSC in support of Homeland 
Security Presidential Directive 6 (HSPD-6), dated September 16, 
2003, which required the Attorney General to establish an 
organization to consolidate the Federal Government's approach to 
terrorism screening and provide for the appropriate and lawful use 
of terrorist information in screening processes.
---------------------------------------------------------------------------

    This proposed rule would affect covered flights operated by U.S. 
aircraft operators that are required to have a full program under 49 
CFR 1544.101(a), and covered flights operated by foreign air carriers 
that are required to have a security program under 49 CFR 1546.101(a) 
or (b). These aircraft operators generally are the passenger airlines 
that offer scheduled and public charter flights from commercial 
airports. This proposed rule refers to them as ``covered U.S. aircraft 
operators'' and ``covered foreign air carriers'' respectively, and 
``covered aircraft operators'' collectively.
    The proposed rule would cover all flights conducted by covered U.S. 
aircraft operators, as well as all flights conducted by a covered 
foreign air carrier arriving in or departing from the United States or 
overflying the continental United States (referred to as ``covered 
international flights''). TSA is proposing to conduct watch list 
matching for overflights in order to protect the United States from 
terrorist activity that could occur in its airspace. The proposed rule 
collectively refers to the flights conducted by U.S. carriers and 
covered international flights that would be regulated under this 
proposed rule as ``covered flights.''
    IRTPA also requires DHS to assume from air carriers the task of 
comparing passenger information for international flights to or from 
the United States against the Federal Government's consolidated and 
integrated terrorist watch list before departure of such flights. 
Initially, CBP will implement this requirement and conduct pre-
departure watch list matching for international flights, through its 
Advance Passenger Information System (APIS). APIS is a widely-utilized 
electronic data interchange system that international commercial air 
and vessel carriers use to electronically transmit to CBP certain data 
on passengers and crew members. The former U.S. Customs Service, in 
cooperation with the former Immigration and Naturalization Service 
(INS) and the airline industry, developed APIS in 1988. On July 14, 
2006, CBP published a notice of proposed rulemaking to require air and 
vessel carriers to submit to CBP passenger manifest information before 
departure of an international flight to or from the United States and 
for voyages from the United States to enable CBP to conduct watch list 
matching on passengers before they board an international flight or 
depart on certain voyages.\6\
---------------------------------------------------------------------------

    \6\ 71 FR 40035.
---------------------------------------------------------------------------

    In response to a substantial number of comments from the aviation 
industry, DHS is proposing a unified approach to watch list matching 
for international and domestic passenger flights, to avoid unnecessary 
duplication of watch list matching efforts and resources and reduce the 
burden on aircraft operators. CBP's APIS Pre-Departure Final Rule 
published elsewhere in this issue of the Federal Register and this 
notice of proposed rulemaking (NPRM) are being published jointly to 
explain DHS's proposed unified approach. Beginning on the effective 
date of the APIS Pre-Departure final rule, CBP will perform the watch 
list matching function for international flights to or from the United 
States as part of its overall screening of travelers. However, DHS 
proposes to ultimately transfer the watch list matching function to the 
Secure Flight program. If this approach is adopted, TSA would assume 
the aviation passenger watch list matching function for domestic and 
international passengers covered by this proposed rule, and CBP would 
continue to conduct border enforcement functions under the APIS 
program. DHS is establishing one portal through which aircraft 
operators will send their passenger information for both programs, with 
the goal of streamlining the transmission of passenger information, if 
the unified approach is adopted.

A. Current Watch List Matching

1. Watch List Matching for Domestic Flights
    Under security directives issued by TSA, covered U.S. aircraft 
operators currently conduct pre-flight watch list matching for 
passengers on domestic flights using the Federal No Fly and Selectee 
Lists. Aircraft operators also apply this process to non-traveling 
individuals authorized to enter the sterile area beyond the screening 
checkpoint in order to escort a minor or a passenger with disabilities, 
or for another purpose authorized by TSA.
    Under the current watch list matching process, when an aircraft 
operator has a reservation from a passenger with a name that is the 
same as, or similar to, a name on the No Fly List, TSA requires the 
aircraft operator to notify law enforcement personnel and TSA in order 
to determine whether that passenger is in fact the individual whose 
name is on the No Fly List. If the passenger is verified as an 
individual on the No Fly List, the aircraft operator is prohibited from 
transporting the passenger. When an aircraft operator has a reservation 
from a passenger with a name that is the same as, or similar to, a name 
on the Selectee List, TSA requires the aircraft operator to identify 
the individual to TSA for enhanced screening at security screening 
checkpoints.\7\
---------------------------------------------------------------------------

    \7\ Individuals may undergo enhanced screening at security 
screening checkpoints for a variety of other reasons, such as random 
selection or as a result of triggering a metal detector alarm.
---------------------------------------------------------------------------

2. Watch List Matching for International Flights
    Covered aircraft operators also currently conduct watch list 
matching for passengers on international flights in the same manner 
described above for domestic flights as required in TSA security 
directives and emergency amendments to a security program. 
Additionally, CBP conducts various activities, including watch list 
matching, to screen passengers on commercial international flights 
arriving in and departing from the United States through the Advance 
Passenger Information System (APIS). CBP conducts such activities in 
order to protect the United States from threats of terrorism and to 
carry out CBP's border enforcement mission.
    Under CBP's APIS regulations (19 CFR part 122), air carriers 
departing foreign ports destined for the United States are required to 
electronically submit passenger information to CBP no later than 
fifteen minutes after the departure of aircraft destined for the United 
States and 15 minutes prior to departure of aircraft from the United 
States. ``Departure'' currently is defined to be the moment the 
aircraft's wheels leave the tarmac. See 19 CFR 122.49. The current 
system allows CBP to supplement the watch list matching currently 
completed by air carriers prior to boarding. If CBP's screening 
identifies that a person on a no-fly list is on an aircraft bound for, 
or departing from, the United States, that aircraft will be diverted 
from its intended destination.
    In this volume of the Federal Register, CBP is publishing a final 
rule entitled ``Advance Electronic Submission of Passenger and Crew 
Member Manifests for Commercial

[[Page 48359]]

Aircraft and Vessels'' (APIS Pre-Departure Final Rule). This rule, 
which becomes effective 180 days after publication, will require air 
carriers to provide the passenger information it currently provides to 
CBP, but requires air carriers to provide it no later than the time the 
flight crew secure the aircraft doors for takeoff.
    When commercial air carriers are certified to transmit APIS data 
under the pre-departure APIS requirements of the new APIS Pre-Departure 
Final Rule, CBP will assume from those carriers the responsibility of 
conducting pre-departure watch list matching for international flights 
to or from the United States. Once CBP receives the information, it 
will complete the watch list matching process and return instructions 
concerning each passenger to the covered aircraft operators. Covered 
aircraft operators will be required to follow the instructions when 
issuing boarding passes to passengers, identifying passengers for 
enhanced screening, and allowing passengers to board the aircraft or 
preventing them from doing so. If the Secure Flight program is 
finalized as envisioned in this proposed rule, it will take over this 
watch list matching function for aircraft operators covered under this 
proposed rule from CBP.

B. Secure Flight Program Summary

1. Secure Flight Passenger Data
    Under the Secure Flight program proposed under this rule, TSA would 
require covered aircraft operators to collect information from 
passengers, transmit passenger information to TSA for watch list 
matching purposes, and process passengers in accordance with TSA 
instructions regarding watch list matching results. Under this proposed 
rule, TSA would collect Secure Flight Passenger Data (SFPD), consisting 
of the information summarized below (and discussed in greater detail in 
section I.E.2 ``information collection requirements'' infra).
    For passengers on covered flights, TSA is proposing to require 
covered aircraft operators to request a passenger's full name, gender, 
date of birth, and Redress Number \8\ (if available) or known traveler 
number \9\ (if available once the known traveler program is 
implemented). Even though covered aircraft operators would be required 
to request all of the above data elements from passengers, passengers 
would only be required to provide their full name at the time of 
reservation to allow TSA to perform watch list matching. They would not 
be required by TSA to provide the other data elements to aircraft 
operators at the time of reservation. Covered aircraft operators would 
be required to transmit to TSA the information provided by the 
passenger in response to the request described above.
---------------------------------------------------------------------------

    \8\ A Redress Number is a unique number that DHS currently 
assigns to individuals who use the DHS Traveler Redress Inquiry 
Program (TRIP). Under the proposed rule, individuals would use the 
Redress Number in future correspondence with DHS and when making 
future travel reservations. The Redress Number is further discussed 
in the Secure Flight Information Collection Requirements section 
below.
    \9\ A known traveler number would be a unique number assigned to 
``known travelers'' for whom the Federal Government has already 
conducted a threat assessment and has determined do not pose a 
security threat. The known traveler number is further discussed in 
the Secure Flight Information Collection Requirements section.
---------------------------------------------------------------------------

    Covered aircraft operators also would be required to transmit to 
TSA passport information, if available. Although not required to be 
requested by TSA under this proposed rule, passport information may be 
provided by passengers either voluntarily or under other travel 
requirements such as CBP APIS requirements if a passenger is traveling 
abroad. Additionally, covered aircraft operators would be required to 
transmit to TSA certain non-personally identifiable information such as 
itinerary information, record locator numbers etc. to allow TSA to 
effectively prioritize watch list matching efforts, communicate with 
the covered aircraft operator, and facilitate an operational response, 
if necessary, to an individual who is on the watch list.
    When a non-traveling individual seeks authorization from a covered 
aircraft operator to enter an airport sterile area (such as to escort a 
minor or assist a passenger with a disability), TSA also is proposing 
to require covered aircraft operators to request from the non-traveler 
and transmit to TSA, the same information requested from passengers (to 
the extent available), as well as certain non-personally identifiable 
information, including the airport code for the sterile area to which 
the non-traveler seeks access.
    The following chart details the information that TSA would require 
covered aircraft operators to request from passengers and certain non-
traveling individuals, the information that those individuals would be 
required to provide, and the information covered aircraft operators 
would be required to transmit to TSA if available:

                         Proposed Information Collection Requirements for Secure Flight
----------------------------------------------------------------------------------------------------------------
                                                          Covered aircraft
                                                           operators must     Passengers and    Covered aircraft
                                                            request from       certain non-      operators must
                     Data elements                        passengers  and     travelers must    transmit to TSA,
                                                            certain non-         provide          if available
                                                             travelers
----------------------------------------------------------------------------------------------------------------
Full Name..............................................                 X                  X                  X
Date of Birth..........................................                 X   .................                 X
Gender.................................................                 X   .................                 X
Redress Number or Known Traveler Number................                 X   .................                 X
Passport Information \10\..............................  .................  .................                 X
Itinerary Information \11\.............................  .................  .................                 X
Reservation Control Number.............................  .................  .................                 X
Record Sequence Number.................................  .................  .................                 X
Record Type............................................  .................  .................                 X
Passenger Update Indicator.............................  .................  .................                 X
Traveler Reference Number..............................  .................  .................                 X
----------------------------------------------------------------------------------------------------------------

    This proposed rule would not compel the passenger or non-traveler 
to provide the majority of the information that covered aircraft 
operators request. However, if that individual elected not to provide 
the requested information,

[[Page 48360]]

TSA may have insufficient information to distinguish him or her from a 
person on the watch list. Accordingly, the individual may be more 
likely to experience delays, be subject to additional screening, be 
denied transport, or be denied authorization to enter a sterile area. 
Without a full name, watch list matching is incredibly unreliable; 
therefore the proposed rule would require an individual seeking to 
travel on a covered flight or authorization to enter a sterile area to 
provide his or her full name, as it appears on the individual's 
verifying identity document. The proposed rule would also prohibit 
covered aircraft operators from accepting a reservation, or accepting a 
request for authorization to enter a sterile area, from an individual 
who does not provide a full name.
---------------------------------------------------------------------------

    \10\ Passport information is the following information from a 
passenger's passport: (1) Passport number; (2) country of issuance; 
(3) expiration date; (4) gender; (5) full name.
    \11\ Itinerary information is the following information about a 
covered flight: (1) Departure airport code; (2) aircraft operator; 
(3) departure date; (4) departure time; (5) arrival date; (6) 
scheduled arrival time; (7) arrival airport code; (8) flight number; 
(9) operating carrier (if available). For non-traveling individuals, 
the itinerary information is the airport code for the sterile area 
to which the non-traveling individual seeks access.
---------------------------------------------------------------------------

2. 72-Hour Requirement
    Under the Secure Flight proposed rule, covered aircraft operators 
would be required to transmit Secure Flight Passenger Data to TSA 
approximately 72 hours prior to the scheduled flight departure 
time.\12\ Requiring SFPD approximately 72 hours prior to scheduled 
flight departure time would support the security mission of the Secure 
Flight program and facilitate a streamlined watch list matching process 
for aircraft operators and passengers in at least the following ways.
---------------------------------------------------------------------------

    \12\ In the APIS Pre-Departure Final Rule, CBP also encourages, 
but does not mandate, all carriers to submit the information up to 
72 hours in advance when available, to facilitate clearance.
---------------------------------------------------------------------------

    TSA considered a number of factors in determining that aircraft 
operators should submit SFPD to TSA approximately 72 hours before 
scheduled flight departure time. TSA reviewed reservation trend 
analyses which indicates that, on average, an estimated 90-93% of 
travel reservations are finalized and become stable (e.g. not subject 
to cancellation or timing changes) 72 hours before the scheduled flight 
departure time. Accordingly, TSA determined that it would not be 
practicable to require aircraft operators to submit information earlier 
than 72 hours prior to flight departure time, as such information would 
still be subject to change and would not provide sufficiently reliable 
information for TSA to begin watch list matching or engage in any 
necessary coordination with law enforcement.
    During a standard travel day, TSA estimates that over 2.4 million 
passengers use covered aircraft operators for domestic and 
international travel (either destined for or departing from the United 
States). Although approximately 99% of passenger travel reservations 
would be finalized within 24 hours of the departure of any flight, 24 
hours would not provide TSA with sufficient time to adequately screen 
2.4 million passengers and, when necessary, coordinate operational 
responses in the event of identification of a terrorist suspect or as 
needed to identify and disrupt a suspected terrorist plot potentially 
involving a variety of flights or aircraft operators, foreign or 
domestic.
    It is important to note that, in any one day, TSA would be 
conducting watch list matching on not only the 2.4 million travelers 
for one designated travel day, but TSA also would continue to conduct 
watch list matching for the 2.4 million travelers for each of the two 
days before the date of departure of the flight. In total, over a 72-
hour period, TSA could be conducting watch list matching for up to 7.2 
million travelers traveling within a 72-hour period.
    Accordingly, TSA is proposing that covered aircraft operators 
submit SFPD approximately 72 hours in advance.
    Security benefits. A 72-hour period would provide the significant 
security benefit of allowing the U.S. government to coordinate an 
operational response to a match on a watch list--not only before the 
flight departs, but even in advance of the individual's arrival at the 
airport. Also, TSA could provide a single watch list matching solution 
for both domestic and international flights, because TSA would have the 
time to prioritize the domestic and international watch list matching 
workload and accommodate last-minute reservations and changes.
    Benefits to covered aircraft operators and passengers. The 72-hour 
period would also allow TSA to complete watch list matching in time to 
allow covered aircraft operators to begin issuing boarding passes to 
passengers 24 hours prior to departure. Watch list matching that takes 
place immediately prior to the flight's departure, such as that allowed 
by CBP's APIS rule, would not allow TSA to communicate with covered 
aircraft operators regarding the issuance of boarding passes 24 hours 
prior to departure. Additionally, passengers' travel experiences would 
be enhanced because TSA would use that time to adjudicate potential 
watch list matches and coordinate with other government agencies as 
necessary, to resolve as many false positives as possible before such 
individuals arrive at the airport or experience delay or inconvenience.
    TSA welcomes public comment on this timeframe, as well as on 
alternate timeframes, and will consider these comments in the 
development of the final rule. As always, comments that include an 
analytical justification are most useful.
3. Instructions to Covered Aircraft Operators
    TSA would match the SFPD provided by covered aircraft operators 
against the watch list. Based on the watch list matching results, TSA 
would instruct an aircraft operator to process the individual in the 
normal manner, to identify the individual for enhanced screening at a 
security checkpoint, or to deny the individual transport or 
authorization to enter the airport sterile area. To ensure the 
integrity of the boarding pass instructions and to prevent use of 
fraudulent boarding passes, TSA would also provide instructions on 
placing codes on the boarding passes. Covered aircraft operators would 
be required to comply with the TSA instructions.
4. Summary of Requirements
    A brief summary of the requirements proposed in this NPRM is 
presented below. A detailed explanation of these requirements is 
provided in the Section-by-Section Analysis.
     Requirements of Covered Aircraft Operators. This proposed 
rule would require aircraft operators that conduct certain scheduled 
and public charter flights to:
     Submit an Aircraft Operator Implementation Plan (AOIP) to 
TSA for approval.
     Conduct operational testing with TSA.
     Request full name, date of birth, gender, and Redress 
Number (if available) or known traveler number (if implemented and 
available) from passengers and non-traveling individuals.
     Transmit Secure Flight Passenger Data for passengers and 
non-traveling individuals, in accordance with the aircraft operator's 
AOIP, approximately 72 hours prior to the scheduled flight departure 
time.
     Make a privacy notice available on public Web sites and 
self-service kiosks before collecting any personally identifiable 
information from passengers or non-traveling individuals.

[[Page 48361]]

     Request a verifying identity document at the airport 
ticket counter if TSA has not informed the covered aircraft operator of 
the results of watch list matching for an individual by the time the 
individual attempts to check-in, or informs the covered aircraft 
operator that an individual must be placed on inhibited status and may 
not be issued a boarding pass or authorization to enter a sterile area. 
A verifying identity document is one that has been issued by a Federal, 
State, local, or tribal government that contains the individual's full 
name, photo, and date of birth, and is non-expired; though a non-
expired passport issued by a foreign government will also be considered 
a verifying identity document. This requirement would be in addition to 
the current requirement that aircraft operators request all passengers 
and non-traveling individuals to provide identification at the time of 
check-in or at a screening checkpoint.
     When necessary, submit information from the verifying 
identity document to TSA to resolve potential watch list matches. In 
some cases, TSA may also request that the covered aircraft operator 
communicate a physical description of the individual.
     Not issue to an individual a boarding pass or 
authorization to enter a sterile area or permit an individual to board 
an aircraft or enter a sterile area if the individual does not provide 
a verifying identity document when requested under circumstances 
described above, unless otherwise authorized by TSA.
     Prohibit issuance of boarding passes or authorizations to 
enter a sterile area to individuals whom TSA has placed on inhibited 
status. Prohibit these individuals from boarding an aircraft.
     Comply with instructions from TSA to designate identified 
individuals for enhanced screening before boarding a flight or 
accessing a sterile area.
     Place separate codes on boarding passes in accordance with 
TSA instructions.
     Requirements of Individuals. Individuals who wish to make 
a reservation on a covered flight or to access a sterile area must 
provide their full names to the covered aircraft operators. This 
proposed rule would require those passengers and non-traveling 
individuals for whom TSA has not provided watch list matching results 
or has provided inhibited status to present a verifying identity 
document, in order to board an aircraft or to enter a sterile area. 
Individuals also would continue to be subject to the current 
requirement that aircraft operators request all passengers and non-
traveling individuals to provide identification at the time of check-in 
or at a screening checkpoint.
     Government Redress Procedures Available to Individuals. 
This proposed rule explains the redress procedures for individuals who 
believe they have been improperly or unfairly delayed or prohibited 
from boarding a flight as a result of the Secure Flight program. These 
individuals may seek assistance through the redress process by 
submitting certain personal information, as well as copies of certain 
identification documents, to the existing DHS Traveler Redress Inquiry 
Program (DHS TRIP). The proposed rule explains the process the Federal 
Government will use to review the information submitted and to provide 
a timely written response.

C. Implementation Stages of Secure Flight

    TSA proposes to implement this rule in two stages. The first stage 
would include covered flights between two domestic points in the United 
States, and the second stage would include covered flights to or from 
the United States, flights that overfly the continental United States, 
and all other flights (such as international point-to-point flights) 
operated by covered U.S. aircraft operators not covered in the first 
stage.
1. Implementation of Secure Flight for Domestic Flights
    During the first stage of implementation, TSA would assume the 
watch list matching function for domestic flights conducted by covered 
U.S. aircraft operators. TSA would conduct operational testing with 
each covered U.S. aircraft operator to ensure that the aircraft 
operator's system is compatible with TSA's system. After successful 
operational testing with a covered U.S. aircraft operator, TSA would 
assume the watch list matching function for domestic flights from that 
aircraft operator.
2. Implementation of Secure Flight for International Flights
    Until TSA implements the Secure Flight program for international 
flights by covered aircraft operators, DHS plans for CBP to conduct 
pre-departure watch list matching for international flights under the 
APIS Pre-Departure Final Rule. This interim approach will allow DHS to 
more quickly address the threat of terrorism on flights arriving in and 
departing from the United States.
    During the second stage of Secure Flight implementation, TSA will 
assume the watch list matching function for covered international 
flights from CBP. There are a few differences between the two 
processes. First, covered aircraft operators would need to request 
passenger information at the time of reservation, as required under 
this proposed rule. Second, as described below, TSA would utilize 
Secure Flight Passenger Data, which requires collection of different 
data elements than under the APIS regulations. For its non-watch list 
matching functions, which CBP will continue to perform under the APIS 
rule, CBP would continue to collect APIS data. Given this, and to 
provide a single point of contact, covered aircraft operators can 
transmit both APIS data and Secure Flight Passenger Data in a single 
transmission to the DHS portal, which will route information to TSA and 
CBP as appropriate.
    The following tables list the data elements that CBP will collect 
under its APIS regulations, and that TSA will collect under the Secure 
Flight program.

------------------------------------------------------------------------
                                    APIS  regulations
           Data elements              (international     Secure flight
                                      flights) \13\        NPRM \14\
------------------------------------------------------------------------
Full Name.........................                 X                  X
Date of Birth.....................                 X                  X
Gender............................                 X                  X
Redress Number or Known Traveler    .................                 X
 Number...........................
Passport Number*..................                 X                  X
Passport Country of Issuance*.....                 X                  X
Passport Expiration Date*.........                 X                  X
Passenger Name Record Locator.....                 X   .................
International Air Transport                        X                  X
 Association (IATA) Foreign
 Airport Code--place of
 origination......................

[[Page 48362]]

 
IATA Code--Port of First Arrival..                 X                  X
IATA Code of Final Foreign Port                    X   .................
 for In-transit Passengers........
Airline Carrier Code..............                 X                  X
Flight Number.....................                 X                  X
Date of Aircraft Departure........                 X                  X
Time of Aircraft Departure........                 X                  X
Date of Aircraft Arrival..........                 X                  X
Scheduled Time of Aircraft Arrival                 X                  X
Citizenship.......................                 X   .................
Country of Residence..............                 X   .................
Status on Board Aircraft..........                 X   .................
Travel Document Type..............                 X   .................
Alien Registration Number**.......                 X
Address While in U.S.--(except for                 X   .................
 outbound flights, U.S. citizens,
 lawful permanent residents, crew
 and intransit passengers)........
Reservation Control Number........  .................                 X
Record Sequence Number............  .................                 X
Record Type.......................  .................                 X
Passenger update indicator........  .................                 X
Traveler Reference Number.........  .................                 X
------------------------------------------------------------------------
*If required.
**If applicable.

    TSA would require covered aircraft operators to transmit to TSA the 
available passenger information required under this proposed rule that 
resides in covered aircraft operators' systems. Covered aircraft 
operators must submit this information, through the same DHS portal 
used for APIS submissions, approximately 72 hours before departure of a 
covered flight. Those that elect to transmit all manifest information 
required under the Pre-Departure APIS rule at the same time would be 
able to send a single transmission to DHS for the Secure Flight and 
Pre-Departure APIS programs and would receive a single boarding pass 
printing instruction in return. Under the APIS regulations, such 
aircraft operators would then be required to validate the information 
submitted against the individual's passport or other travel document 
and transmit passenger information to DHS only if it is different from 
the information previously submitted, no later than 30 minutes prior to 
or up to the securing of the doors of an aircraft under CBP's APIS Pre-
Departure rule.
---------------------------------------------------------------------------

    \13\ All APIS data elements are required.
    \14\ Covered aircraft operators must provide data elements 
listed for Secure Flight, to the extent they are available.
---------------------------------------------------------------------------

    Covered aircraft operators that do not elect to transmit all 
manifest information required under the Pre-Departure APIS rule 
approximately 72 hours in advance would submit validated APIS 
information no later than 30 minutes prior to or up to the securing of 
the doors of an aircraft under CBP's Pre-Departure APIS rule. The 
aircraft operator would only receive a boarding pass printing 
instruction from DHS after the APIS transmission if the transmitted 
APIS data differs from the SFPD that was transmitted 72 hours prior to 
departure.
    Additionally, for reservations made within 72 hours of scheduled 
flight departure time, covered aircraft operators would be required to 
transmit Secure Flight Passenger Data as soon as possible. If the 
covered aircraft operator is also ready to transmit APIS information at 
that time, the covered aircraft operator would be able to send one 
transmission for both Secure Flight and Pre-Departure APIS and would 
receive one boarding pass printing instruction. If the covered aircraft 
operator is not ready to transmit passenger under Pre-Departure APIS at 
the same time, the covered aircraft operator would be required to 
transmit the passenger information separately for Secure Flight and 
APIS.
    Covered aircraft operators would use the same portal to transmit 
Secure Flight Passenger Data to TSA as they will to transmit APIS data 
to CBP. Covered U.S. aircraft operators would not need to undergo 
additional operational testing during the second phase, because they 
would have already conducted operational testing with TSA during the 
first phase. TSA, however, would need to conduct operational testing 
with the covered foreign air carriers, which would not have previously 
conducted operational testing with TSA, to confirm that the Secure 
Flight process operates properly from end-to-end with these carriers.
    Once TSA assumes responsibility under Secure Flight for the watch 
list matching function for the majority of passengers covered by the 
APIS regulation, CBP would no longer be responsible for pre-departure 
watch list matching or the issuance of related boarding pass printing 
instructions for covered flights. Consequently, covered aircraft 
operators would receive, and would have to comply with, one set of 
instructions from DHS, via TSA, regarding the issuance of boarding 
passes to or the boarding of passengers on covered international 
flights. CBP would, however, continue to require carriers to provide 
APIS data to carry out its border enforcement mission. CBP would 
continue to require covered aircraft operators and passengers to comply 
with CBP's APIS regulations, including passengers presenting their 
passports or other required travel documents at the airport to the 
aircraft operators in order for the aircraft operator to verify the 
APIS information and to transmit it to CBP if the APIS information was 
not previously transmitted or if the verified APIS information is 
different from the information previously transmitted.
    In some international airports, passengers may transit from one 
international flight to another, where the flights are operated by 
different aircraft operators and only the second flight would be a 
covered flight under this proposed rule. TSA understands that 
currently, in these situations, the aircraft operator operating the 
first flight

[[Page 48363]]

may issue a boarding pass for both legs of the passenger's itinerary, 
including the flight to the United States. Under this proposed rule, 
the aircraft operator operating the first flight would not be able to 
issue a boarding pass for the second flight until that aircraft 
operator received an appropriate boarding pass printing instruction 
from TSA. This would allow TSA to minimize the security risk of 
allowing passengers who have not yet been compared against the watch 
list to have access to aircraft and the secure area of an airport. TSA 
is seeking comment on this proposed requirement.

D. Privacy Documents

    TSA is committed to safeguarding individuals' privacy in conducting 
the Secure Flight Program to the greatest extent possible. In 
conjunction with this NPRM, TSA is publishing a Privacy Impact 
Assessment (PIA) for the Secure Flight Program, a Privacy Act System of 
Records Notice (SORN), DHS/TSA 019, and an NPRM proposing Privacy Act 
exemptions for the Secure Flight Program. All three documents outline 
how TSA would collect, use, store, protect, and retain personally 
identifiable information collected and used as part of the Secure 
Flight Program and identify the privacy risks and mitigation measures 
that would be employed to reduce or eliminate privacy risks, such as 
false positive matches or insufficient safeguards for the information. 
All three documents are available at http://www.tsa.gov and the SORN 
and the NPRM proposing the Privacy Act exemptions will be published in 
the Federal Register. TSA invites public comments on the SORN and NPRM 
proposing Privacy Act exemptions. TSA will respond to public comments 
received on the PIA, SORN, and NPRM through the rulemaking process and 
revise the respective documents as appropriate.
    TSA has developed a comprehensive approach to promoting compliance 
with the Fair Information Practices codified in the Privacy Act of 
1974, the E-Government Act of 2002, DHS and TSA privacy policies, and 
Office of Management and Budget (OMB) privacy guidance. Comprehensive 
privacy requirements are being included in the program requirements to 
allow TSA to identify privacy issues and risks at each phase of the 
program and implement privacy principles across Secure Flight systems 
and operations. The Secure Flight program has designated an individual 
to work closely with the TSA Director of Privacy Policy and Compliance 
as well as the DHS Chief Privacy Officer to promote compliance with the 
published documents for the program, including the SORN and the PIA. 
This individual would also routinely monitor and review the operations 
that authorized users perform on personal information according to a 
schedule to be determined and will be responsible for the 
implementation of the privacy program.
    The Secure Flight program seeks to balance the competing interests 
of data collection minimization and reduction of false positives 
through individual choice. TSA has limited the proposed information 
collection requirements for Secure Flight to the data elements TSA 
believes are minimally necessary for effective watch list matching of 
aviation passengers, as discussed in Section E.2. below. The proposed 
rule leaves individuals with the choice to decline to provide certain 
data elements. For the vast majority of individuals, a decision to 
forgo providing these data elements should have no effect on their 
watch list matching results and will result in less information being 
held by TSA. For some individuals, however, TSA may be unable to 
perform effective automated watch list matching without this 
information and, as a result, those individuals may be more likely to 
be subject to additional screening or be denied boarding or 
authorization to enter a sterile area.
    The Secure Flight Program also would mitigate the privacy risk of 
false positive matches to the watch list by supplementing the initial 
automated comparison with a manual assessment conducted by a Secure 
Flight analyst, but only if necessary to complete the watch list 
matching process. Individuals will be provided with the opportunity 
under the DHS Traveler Redress Inquiry Program (TRIP) redress process 
and under the Privacy Act of 1974 to access and correct personal 
information, subject to the Privacy Act exemptions proposed for Secure 
Flight records and other applicable legal constraints. Secure Flight 
would not utilize commercial data to verify identities, nor would it 
use algorithms to assign risk scores to individuals.
    TSA is proposing to retain records for most individuals encountered 
by Secure Flight for a short period of time.\15\ The vast majority of 
records are expected to be destroyed within seven (7) days of 
completion of directional travel.\16\ Records for individuals not 
identified as potential matches by the automated matching tool would be 
retained for seven days after the completion of the individual's 
directional travel for audit purposes. Records for individuals who are 
potential matches would be retained for seven years after the 
completion of the individual's directional travel. These records would 
be available if needed as part of the redress process and, as a result, 
may help to expedite future travel. Records concerning confirmed 
matches are expected to be retained for 99 years. This retention period 
is consistent with TSC's NARA-approved records retention schedule for 
TSDB records. In case of a terrorist event, records concerning the 
event, which may possibly include passenger information, would be 
retained in accordance with a separate TSA record retention schedule 
covering major security incident records. This information would be 
retained to support the investigation and documentation of a terrorist 
event. Such records would be maintained in accordance with applicable 
SORNs, DHS/TSA 001, Transportation Security Enforcement Records System, 
69 FR 71818, 71829 (December 10, 2004) and DHS/TSA 011, Transportation 
Security Intelligence Service Operations Files, 69 FR 71828, 71835 
(December 10, 2004).
---------------------------------------------------------------------------

    \15\ The retention schedule will be submitted for approval to 
the National Archives and Records Administration (NARA). TSA will 
retain the records in accordance with the retention schedule 
approved by NARA.
    \16\ Directional travel means the individual's one-way travel to 
his or her destination.
---------------------------------------------------------------------------

    The Secure Flight Program would further minimize potential privacy 
risks by integrating administrative, technical, and physical security 
safeguards to limit collection of personally identifiable information 
and to protect information against unauthorized disclosure, use, 
modification or destruction. Specifically, administrative safeguards 
will restrict the permissible uses of personal information and 
implement the controls for adherence to those uses. As part of 
technical safeguards employed, Secure Flight will employ role-based 
access controls and audit logging (that is, the chronicling of 
information accesses and uses of information) to control and monitor 
the use of personal information. Further, all personnel who will be 
authorized to handle personal information for the Secure Flight program 
will be required to complete TSA privacy training when they join the 
program and on at least an annual basis thereafter. Personal 
information will only be disclosed to, and used by, authorized 
individuals who have a need to know the information in order to perform 
their duties. These safeguards will further minimize the potential 
privacy risk that personal information may be improperly used. The PIA

[[Page 48364]]

addresses all of these safeguards in more detail.
    TSA will issue an amended PIA and a revised SORN in conjunction 
with the Secure Flight Final Rule if necessary. Although not required, 
covered aircraft operators may voluntarily choose to begin testing with 
TSA prior to TSA publishing a final rule. The PIA and the SORN would 
cover any testing between an aircraft operator and TSA including both 
domestic and international flights.

E. Secure Flight Testing and Information Collection Requirements

    After initial Secure Flight testing described below, TSA has 
limited the proposed information collection requirements for Secure 
Flight to the data elements TSA believes are minimally necessary for 
aviation passenger watch list matching. In making this determination, 
TSA balanced the privacy interest in minimizing the collection of 
personal information with the security need to conduct effective watch 
list matching, without unnecessarily delaying innocent individuals due 
to false positive watch list matches.
1. Secure Flight Testing
    Prior to initiating this rulemaking, TSA performed testing of the 
agency's ability to conduct automated watch list matching for purposes 
of the Secure Flight program and separately, testing to determine 
whether the use of commercial data would be effective in identifying 
passenger information that is incorrect or inaccurate. On September 24, 
2004, TSA published in the Federal Register a number of documents 
necessary to allow the agency to begin testing the Secure Flight 
program. These documents included: (1) A proposed order to U.S. 
aircraft operators directing them to provide a limited set of 
historical passenger name records (PNRs) to TSA for use in testing the 
program (69 FR 57342); (2) a Privacy Act System of Records Notice for 
records involved in testing the program (69 FR 57345); and (3) a 
Privacy Impact Assessment (PIA) of program testing (69 FR 57352[0]).
    On November 15, 2004, after reviewing the comments received in 
response to these documents, TSA published in the Federal Register the 
final order directing U.S. aircraft operators to provide to TSA, by 
November 23, 2004, a limited set of historical PNRs for testing of the 
Secure Flight program.\17\ TSA also published revisions to the system 
of records notice and the Privacy Impact Assessment (PIA) on June 22, 
2005,\18\ to make clear that the purpose of commercial data testing was 
``to test the Government's ability to verify the identities of 
passengers using commercial data and to improve the efficacy of watch 
list comparisons by making passenger information more complete and 
accurate using commercial data.''
---------------------------------------------------------------------------

    \17\ 69 FR 65619.
    \18\ 70 FR 36320.
---------------------------------------------------------------------------

    After reviewing the results of the testing and the comments 
received concerning the testing, TSA determined that it will not use 
commercial data in the program. This decision is consistent with 
Section 514(f) of the Department of Homeland Security Appropriations 
Act, 2007 (2007 DHS Appropriations Act), Public Law 109-295 (Oct. 4, 
2006), which currently prohibits TSA from using appropriated funds on 
data or a database that is obtained from, or remains under the control 
of, a non-Federal entity (other than passenger information from 
aircraft operators) for the Secure Flight program.
2. Information Collection Requirements
    Based on the automated watch list matching test results and TSA's 
experience in conducting security threat assessments that include watch 
list matching, TSA has carefully selected the personal information that 
TSA believes is necessary to conduct effective watch list matching for 
aviation passengers. Consequently, under the proposed rule, TSA would 
collect Secure Flight Passenger Data consisting of the information 
described below.
    Full Name, Gender, and Date of Birth:
    Based on the automated watch list matching test results and TSA's 
experience in conducting security threat assessments that include watch 
list matching, TSA believes that an individual's full name, gender, and 
date of birth are critically important for effective automated matching 
against the watch list. This proposed rule, therefore, would require 
covered aircraft operators to request full name, gender, and date of 
birth from all passengers and non-traveling individuals accessing 
sterile areas. As discussed in the Section-by-Section Analysis below, 
TSA defines ``full name'' in proposed Sec.  1560.3 (Terms Used in This 
Part) and uses it as the primary attribute to conduct watch list 
matching. Partial names, which some aircraft operators currently 
collect, would increase the likelihood of false positive matches, 
because partial names are more likely to match a number of different 
entries on the watch list. As a result, this proposed rule would 
require individuals seeking a reservation on a covered flight or 
authorization to enter a sterile area to provide their full names and 
would prohibit covered aircraft operators from authorizing entry to a 
sterile area or accepting a reservation for a passenger on a covered 
flight who does not provide a full name.
    Many names, including English and non-English names, do not 
indicate gender, because they can be used by either gender. 
Additionally, names not derived from the Latin alphabet, when 
transliterated into English, do not generally denote gender. Providing 
information on gender will reduce the number of false positive watch 
list matches, because the information will distinguish persons who have 
the same or similar names but who are of different gender. Date of 
birth is also helpful in distinguishing a passenger from an individual 
on a watch list with the same or similar name, thereby reducing the 
number of false positive watch list matches.
    Under the proposed rule, TSA would not compel individuals to 
provide their gender and date of birth when aircraft operators request 
it. Without this information, however, TSA may be unable to rule out 
such individuals as a watch list match, and consequently they may be 
subject to additional screening or be denied boarding or authorization 
to enter a sterile area. Covered aircraft operators would then be 
required to transmit to TSA the names, gender, and dates of birth for 
passengers on covered flights, to the extent they are available as part 
of the reservation process. For example, if a passenger provides a full 
name but does not provide gender or a date of birth, the covered 
aircraft operator would be required to transmit to TSA the full name. 
If a covered aircraft operator were to input data required to be 
requested from individuals into the system where it stores SFPD--such 
as data from a passenger profile stored by the aircraft operator in the 
ordinary course of business--the aircraft operator would be required to 
include that data as part of the SFPD transmitted to TSA, even though 
the individual did not provide that information at the time of 
reservation.
    Redress Number:
    This proposed rule would also require covered aircraft operators to 
request an individual's Redress Number, if available. DHS will assign 
this unique number to individuals who use the DHS Traveler Redress 
Inquiry Program (DHS TRIP), because they believe they have been 
incorrectly delayed, identified for enhanced screening, denied 
boarding, or denied access to a sterile area.

[[Page 48365]]

Individuals who have already undergone TSA's redress process would not 
need to use DHS TRIP to reapply for redress once the Secure Flight 
process is operational. Individuals may be less likely to be delayed by 
false positive matches to the watch list if they provide their Redress 
Number at the time of making a flight reservation or requesting access 
to a sterile area. TSA is proposing to require that each covered 
aircraft operator request this information to provide the opportunity 
for an individual to use his or her assigned Redress Number to 
facilitate travel or access to a sterile area.
    Known Traveler Number:
    In addition, the proposed rule provides that covered aircraft 
operators may be required to request a known traveler number from 
passengers and non-traveling individuals, if available. The known 
traveler number would be a unique number assigned to ``known 
travelers'' for whom the Federal Government has already conducted a 
terrorist security threat assessment and has determined do not pose a 
terrorist security threat. The known traveler number would enable TSA 
to identify these ``known travelers,'' further reducing the number of 
false positive matches to the watch list, and reduce unnecessary 
duplication of Federal Government watch list matching efforts. Although 
TSA would continue to conduct watch list matching for ``known 
travelers,'' by having the known traveler numbers of these individuals, 
TSA would be able to identify them as individuals who have already 
completed a Federal terrorist security threat assessment. The proposed 
rule would not compel individuals to provide a known traveler number 
upon request from the aircraft operator. Without a known traveler 
number, however, the individual may be more likely to experience 
delays, be subjected to enhanced screening, be denied boarding, or be 
denied access to a sterile area.
    Because TSA has not yet determined which categories of individuals 
should be considered ``known travelers,'' we specifically seek comment 
on this provision. The proposed rule would not require covered aircraft 
operators to initially request the known traveler number along with the 
other passenger identification information. Instead, once TSA has 
determined the categories of individuals that should be considered as 
``known travelers,'' TSA would provide covered aircraft operators 
written notification 30 days in advance that they must begin to collect 
and transmit the known traveler number. TSA is adding this known 
traveler number requirement in the proposed rule now to allow covered 
aircraft operators advance planning in making all necessary system 
changes. Once TSA informs covered aircraft operators that they must 
begin to collect and transmit the known traveler number, covered 
aircraft operators may transmit the known traveler number in the 
Redress Number field, as it would not be necessary for the covered 
operators to send both the Redress Number and the known traveler number 
to TSA.
    Passport Information:
    TSA proposes to require covered aircraft operators to transmit 
certain information from an individual's passport (passport number, 
country of issuance, expiration date, gender, and full name), if 
available. The proposed rule, however, does not propose to require 
covered aircraft operators to collect the passport information if they 
do not otherwise collect it in the normal course of business or unless 
otherwise required by other rules, such as APIS. Based on TSA's 
experience in conducting security threat assessments that include watch 
list matching, TSA believes that passport information would enable TSA 
analysts to resolve possible false positive matches and make the watch 
list matching process more accurate.
    For passengers who have previously flown on an international flight 
as part of their travel itinerary, the covered aircraft operator may 
already have the passport information if the covered aircraft operator 
was required to collect passport information for the previous flight 
pursuant to requirements under regulations issued by CBP. For such 
passengers, TSA would require covered aircraft operators to transmit 
passport information to TSA as part of the initial SFPD transmission. 
For passengers whose itinerary includes a domestic flight that connects 
to an international flight, covered aircraft operators often collect 
passport information when the passenger checks in for the domestic 
flight. For these passengers, covered aircraft operators would be 
required under this proposed rule to transmit the passport information 
to TSA as soon as it is available. In cases where passport information 
is available, the proposed rule would require covered aircraft 
operators to transmit the passport information to TSA, in order to 
verify the information provided at the time of reservation, facilitate 
identification of individuals who are on the watch list, and further 
minimize false positive matches.
    Information Used To Manage Messaging:
    This rule also proposes to require covered aircraft operators to 
provide certain non-personally identifiable data fields, including 
passenger itinerary information (or airport code for non-travelers 
requesting sterile area access) for TSA to effectively prioritize watch 
list matching efforts, communicate with the covered aircraft operator, 
and facilitate an operational response, if necessary, to an individual 
who is on the watch list. For example, if TSA identifies an individual 
on the watch list, TSA or the TSC may need to engage law enforcement 
officials to question or detain the individual, as appropriate.

F. The Watch List Matching Process Under Secure Flight

    The proposed rule would require all covered aircraft operators to 
request the information discussed above from passengers on a covered 
flight and non-traveling individuals. The proposed rule, however, would 
not require all covered aircraft operators to begin transmitting that 
information to TSA at the same time. TSA proposes to bring covered 
aircraft operators into Secure Flight in phases and require aircraft 
operators to begin providing passenger and non-traveler information to 
TSA in accordance with the deadlines set forth in their approved AOIP, 
discussed further below.
    For passengers, TSA proposes to require covered aircraft operators 
to transmit the SFPD including itinerary information. For non-traveling 
individuals, TSA proposes that covered aircraft operators transmit the 
SFPD including the airport code for the airport sterile area that the 
non-traveling individual seeks to enter.
    TSA proposes that information be transmitted to TSA approximately 
72 hours in advance of departure, unless the individual makes a 
reservation within 72 hours of the scheduled flight departure time, 
changes a flight within 72 hours of the scheduled flight departure 
time, or requests to enter a sterile area upon arrival at the airport. 
In such cases, TSA would require covered aircraft operators to send the 
required information to TSA immediately. TSA, in coordination with the 
TSC where necessary, would compare the passenger and non-traveler 
information obtained from each covered aircraft operator to information 
contained in the watch list. TSA would also compare passenger and non-
traveler information to a list of individuals who have previously been 
distinguished from persons on the watch list.
    If an automated comparison using the information transmitted to TSA

[[Page 48366]]

indicates that the passenger is not a match to the watch list, TSA will 
notify the aircraft operator that check-in and boarding pass issuance 
for the individual can proceed normally. Such individuals will undergo 
standard passenger and baggage screening. If the automated comparison 
using the passenger or non-traveler information identifies a potential 
match to the Selectee List, TSA will notify the covered aircraft 
operator that the passenger or non-traveling individual and his or her 
baggage must be identified for enhanced screening. TSA is also 
considering adding a random element to Secure Flight, whereby 
individuals may be selected for enhanced screening even though they are 
not a match to the watch list. The addition of this random element 
would provide Secure Flight with another layer of security, because it 
would introduce unpredictability into the process.
    TSA expects to complete the watch list matching process for, and 
permit covered aircraft operators to issue boarding passes to, the vast 
majority of passengers through this fully-automated initial comparison. 
If the automated comparison indicates a reasonably similar or exact 
match to a person on the No Fly component of the watch list, TSA will 
inform the covered aircraft operator that the individual must be placed 
on inhibited status and consequently, the aircraft operator may not 
issue a boarding pass or other authorization to enter the sterile area 
for that individual unless further resolution procedures indicate that 
the individual may be issued a boarding pass or authorization to enter 
a sterile area. If the SFPD for that individual contains sufficient 
data, a TSA analyst will then conduct a preliminary analysis of the 
individual identified as a potential match. The TSA analyst will review 
all available information to determine if the passenger appears to be 
the individual on the No Fly component of the watch list. If necessary, 
the TSA analyst will check other classified and unclassified 
governmental terrorist, law enforcement, and intelligence databases, 
including databases maintained by the Department of Homeland Security, 
Department of Defense, National Counter Terrorism Center, and Federal 
Bureau of Investigation (FBI), in order to resolve the possible match 
between the individual and a person on the No Fly component of the 
watch list.
    This careful review process is intended to significantly reduce the 
number of false positive matches identified by the automated watch list 
check. If the TSA analyst determines that the individual is not a match 
to the No Fly component of the watch list, TSA will inform the covered 
aircraft operator that the individual no longer has inhibited status, 
and the aircraft operator may issue a boarding pass or authorization to 
enter a sterile area to that individual. If the TSA analyst identifies 
a possible match between a passenger and an individual identified on 
the No Fly component of the watch list, TSA will send the passenger 
information to TSC and request confirmation of the match.
    TSA may be unable to complete the watch list matching process for 
an individual, if, for instance, the individual fails to provide his or 
her full name, gender, and date of birth when making the flight 
reservation, or if the individual's full name, gender, and date of 
birth and other information in the SFPD are insufficient to distinguish 
him or her from an individual who appears on the No Fly component of 
the watch list. The proposed rule provides that if TSA or TSC cannot 
determine from the information provided by the covered aircraft 
operator whether an individual is a match to the No Fly component of 
the watch list prior to the individual's arrival at the airport or 
online check-in, it will be necessary for the individual to provide 
additional information at the airport. These individuals may be asked 
to present to the covered aircraft operator a verifying identity 
document, which must be an unexpired form of identification that is 
issued by a Government (Federal, State, local, or tribal), and contains 
the individual's full name, photo, and date of birth or an unexpired 
passport issued by a foreign government. This requirement would not 
replace current requirements that covered aircraft operators request 
all passengers and non-traveling individuals to provide identification, 
such as at check-in or at the screening checkpoint.
    Once the individual provides a verifying identity document to the 
covered aircraft operator, the proposed rule would require the aircraft 
operator to update the passenger's SFPD with the additional information 
from the individual's verifying identity document and transmit it to 
TSA. There may be occasions where the aircraft operator will need to 
call TSA. In such cases, the aircraft operator may be asked to provide 
additional identifying information, such as a physical description, 
referred to as ``Passenger Resolution Information,'' that TSA may need 
to complete the watch list matching process. TSA will complete the 
watch list matching process, in coordination with the TSC, and provide 
the aircraft operator with watch list matching results for that 
individual.
    Where warranted, any Federal agency or other public, private, or 
appropriate foreign government entity may be notified to initiate an 
operational response.\19\ The agency or entity will be provided with 
sufficient information about the passenger and his or her itinerary to 
facilitate coordination of the operational response. The Federal 
Security Director, Federal Air Marshals, or other law enforcement 
personnel responsible for airport security may also be notified to 
facilitate a timely law enforcement response to the individual 
identified in the watch list. Further inquiry by law enforcement may, 
for example, help resolve a situation of mistaken identity or confirm 
the determination made in the screening process that an individual 
should be denied boarding or entry to a sterile area.
---------------------------------------------------------------------------

    \19\ For the types of public and private entities that TSA may 
notify, see ``Routine Uses of Records Maintained in the System, 
Including Categories of Users and Purposes of Such Uses'' in the 
Federal Register notice entitled ``Privacy Act of 1974: System of 
Records; Secure Flight Records.'' [Add FR citation]
---------------------------------------------------------------------------

G. Operational Testing of Secure Flight

    As part of the implementation of the Secure Flight program, TSA 
would conduct operational testing of TSA's capabilities to interact 
with and perform watch list matching for each covered aircraft operator 
before assuming the watch list matching function from each aircraft 
operator. During the operational testing for each covered aircraft 
operator, the covered aircraft operator would establish data 
transmission connections to TSA through an established DHS portal, and 
TSA would test its ability to receive passenger and non-traveler 
information, conduct watch list matching and transmit watch list 
matching results back to the aircraft operator in real-time. 
Operational testing will allow TSA to refine program operations and 
ensure that TSA will be able to effectively conduct watch list matching 
for passengers and non-traveling individuals of each covered aircraft 
operator before TSA assumes the watch list matching function.
    Covered U.S. aircraft operators would continue to match passengers 
against the watch lists for domestic flights under current procedures 
during their operational test phase and would maintain responsibility 
for denying issuance of boarding passes or identifying individuals for 
enhanced screening as a result of their own watch list matching 
determinations. If, during operational testing, TSA identifies a

[[Page 48367]]

match to the No Fly and Selectee Lists that a covered aircraft operator 
has not identified, TSA may identify such passengers to the TSC and the 
covered aircraft operator for appropriate action, as permitted under 
section 514(d) of the 2007 DHS Appropriations Act. Once TSA assumes the 
watch list matching function from a covered aircraft operator, the 
aircraft operator would discontinue conducting watch list comparisons 
for passengers and non-traveling individuals.
    For international flights, covered U.S. aircraft operators would be 
required to follow CBP boarding pass printing instructions in 
accordance with the APIS Pre-Departure Final Rule until TSA informs the 
covered U.S. aircraft operator that it will assume the watch list 
matching function. Foreign air carriers would also be required to 
follow CBP boarding pass printing instructions in accordance with the 
APIS Pre-Departure Final Rule during operational testing and until TSA 
informs the covered foreign air carrier that TSA will assume the watch 
list matching function.
    The proposed rule also states that TSA would provide prior written 
notification to each covered aircraft operator of the date on which it 
would assume the watch list matching function from that covered 
aircraft operator. Because operational testing would begin with covered 
aircraft operators in phases, TSA would likely transition to 
implementation in phases as well and may continue operational testing 
with some covered aircraft operators while beginning implementation 
with others.

H. Proposed Compliance Schedule

    TSA believes that most of the new provisions concerning covered 
aircraft operators' collection and transmission of SFPD in this 
proposed rule are achievable within 60 days after the effective date of 
the final rule. However, TSA intends to implement some provisions on a 
rolling basis. TSA requests comment on the proposed compliance schedule 
below:
    (1) The final rule would become effective 60 days after the date of 
publication in the Federal Register.
    (2) In accordance with proposed Sec.  1560.109, TSA would require 
covered aircraft operators to submit their AOIP no later than 30 days 
after the effective date.
    (3) In accordance with proposed Sec. Sec.  1560.101(a) and 
1560.103, TSA would require covered aircraft operators to begin 
requesting the information from passengers and non-traveling 
individuals and begin providing the privacy notice no later than 60 
days after the effective date. TSA would not require covered aircraft 
operators to request information from passengers who made reservations 
on covered flights prior to that date.
    (4) In accordance with proposed Sec.  1560.101(a), TSA would 
require covered aircraft operators to begin requesting known traveler 
numbers from passengers and non-traveling individuals 30 days after 
receiving written notice from TSA.
    (5) TSA anticipates that it would require covered aircraft 
operators to have the capability to transmit SFPD for covered flights 
to TSA no later than 60 days after the effective date.
    (6) TSA proposes that covered aircraft operators be required to 
begin transmitting SFPD to TSA in accordance with a schedule approved 
by TSA, as provided in each covered aircraft operator's AOIP. TSA 
expects the first phase of implementation to cover domestic flights 
operated by covered U.S. aircraft operators. A second phase of 
implementation would extend to international flights operated by 
covered U.S. aircraft operators as well as flights arriving in or 
departing from the United States and flights overflying the continental 
United States operated by covered foreign air carriers.
    (7) Once TSA assumes the function of watch list matching from a 
covered aircraft operator, in accordance with proposed Sec.  1560.105, 
TSA would require that aircraft operator request identification, 
identify individuals for enhanced screening, or deny individuals 
boarding or access to a sterile area, in accordance with TSA 
instructions. TSA proposes to inform each covered aircraft operator in 
writing at least 60 days before the date on which TSA will assume the 
watch list matching function.
    (8) Aircraft operators that begin covered operations after the 
effective date of this rule will be covered by this rule.

I. Additional Issues Under Consideration and Open to Public Comment

1. Data Elements
    TSA requests comments on the proposed data elements TSA would 
require covered aircraft operators to request from passengers and 
transmit to TSA under this NPRM, as discussed in section I.D. of this 
preamble. During operational testing and implementation, TSA will 
continue to evaluate the value of the data elements required.
    As part of the evaluation of data elements, TSA will consider, and 
seeks comment on, whether to mandate collection of not just the full 
name, but also date of birth and gender. As currently proposed, it is 
optional for individuals to provide their date of birth and gender in 
order to provide individuals with the greatest ability to exercise 
control over the data elements provided. For the vast majority of 
individuals, a decision to forgo providing these data elements should 
have no effect and will result in aircraft operators, reservations 
agents, and TSA holding less information. For what is expected to be a 
relatively small number of individuals, however, a decision not to 
provide date of birth and gender will result in an inability to 
automatically distinguish them from someone on the watch list. These 
individuals may be inconvenienced by secondary screening that they 
otherwise might not have undergone or, if they are possible matches to 
the No-Fly List, they may be required to provide more information than 
they would have provided had they simply initially provided date of 
birth and gender. Mandating collection of all three data elements will 
reduce possible matches down to the smallest number of individuals.
2. Identification Requirements
    In order to increase the security benefit of the Secure Flight 
program, TSA is also considering strengthening the identification 
requirements at the security screening checkpoint. For example, TSA may 
consider requiring individuals to present a form of identification to 
be able to proceed through the checkpoint and enter a sterile area. 
Strengthening the requirement that an individual provide evidence at 
the security screening checkpoint that he or she is the person to whom 
the boarding pass or other authorization was issued would provide 
additional assurance that the individual has not used an assumed 
identity when making a reservation in order to defeat the watch list 
matching process.

J. Department of Homeland Security Appropriations Act

    On October 18, 2004, the President signed into law the Department 
of Homeland Security Appropriations Act, 2005 (2005 DHS Appropriations 
Act) (Pub. L. 108-334, 118 Stat. 1298, Oct. 18, 2004). Section 522(a) 
of the 2005 DHS Appropriations Act purports to prohibit TSA from 
implementing the Secure Flight program, by prohibiting the use of 
appropriated funds for Secure Flight on other than a test basis, until 
the Government Accountability Office (GAO) submits a report to the 
Senate and House Appropriations Committees

[[Page 48368]]

addressing ten operational and policy items.
    Further, on October 4, 2006, the President signed into law the 2007 
DHS Appropriations Act, which purports to prohibit TSA from 
implementing the Secure Flight program, by prohibiting the use of 
appropriated funds for Secure Flight on other than a test basis, until 
the Secretary of Homeland Security certifies, and the GAO reports, that 
the ten items listed in the 2005 DHS Appropriations Act are 
successfully met. Department of Homeland Security Appropriations Act of 
2007, Pub. L. 109-295, Sec. 514 (Oct. 4, 2006).
    TSA is taking appropriate action to address the ten items listed in 
the 2005 DHS Appropriations Act provisions. On February 23, 2007, TSA 
submitted a report to Congress outlining TSA's plan for certification 
under the 2007 DHS Appropriations Act.
    Certification of some of the 2005 DHS Appropriations Act provisions 
cannot be completed until operational testing is conducted with at 
least one covered aircraft operator. As discussed above, TSA would 
conduct operational testing with aircraft operators before fully 
implementing the Secure Flight program for covered aircraft operators 
under this proposed rule. Additionally, although not required, covered 
aircraft operators may voluntarily choose to begin testing with TSA 
prior to publication of a final rule.
    After operational testing with at least one aircraft operator and 
the correction of any problems uncovered during the testing, DHS will 
be able to certify that the ten items listed in the 2005 DHS 
Appropriations Act have been successfully met. Once DHS makes the 
required certification, the Department plans to provide an opportunity 
for GAO to submit its report. TSA would publish a notice in the Federal 
Register announcing that it is ready to assume the watch list matching 
function from the first covered aircraft operator.

II. Section-by-Section Analysis

Part 1540--Civil Aviation Security: General Rules

Section 1540.107--Submission to Screening and Inspection

    Under current Sec.  1540.107, individuals must submit to screening 
and inspection of their persons and their accessible property in order 
to enter a sterile area or board an aircraft. The proposed rule would 
add an additional requirement concerning the verifying identity 
document. The current regulatory text in Sec.  1540.107 would become 
proposed Sec.  1540.107(a).
    The proposed rule would add Sec.  1540.107(b), which provides that 
an individual must provide his or her full name when making a 
reservation for a covered flight or a request for authorization to 
enter a sterile area.
    When TSA has not provided watch list matching results or has placed 
an individual on inhibited status, covered aircraft operators would not 
be permitted to issue a boarding pass to the individual and would be 
required to request a verifying identity document, as described in 
Sec.  1560.3, from the individual, as explained further in the 
discussion of Sec.  1560.9 below. Therefore, the proposed rule would 
add Sec.  1540.107(c) to prohibit any individual from boarding an 
aircraft or accessing a sterile area who fails to present a verifying 
identity document when a covered aircraft operator requests it under 
proposed Sec.  1560.9. TSA may permit certain individuals who do not 
present a verifying identity document, as described in Sec.  
1560.9(c)(1), to board a flight or enter a sterile area, on a case-by-
case basis after determining that the individuals have valid reasons 
for not presenting a verifying identity document.

Part 1544--Aircraft Operator Security: Air Carriers and Commercial 
Operators

Section 1544.103--Form, Content, and Availability

    Section 1544.103(c) lists the contents of aircraft operators' 
security programs. The proposed rule adds Sec.  1544.103(c)(22) to make 
the AOIP a part of the security programs. Further discussion of the 
inclusion of the AOIP in the security program is included in the 
Section-by-Section Analysis portion for Sec.  1560.13--Aircraft 
Operator Implementation Plan.

Subpart A--General

Part 1560--Secure Flight Program

    The proposed rule adds a new part 1560 to title 49, setting forth 
the obligations of covered aircraft operators and covered airport 
operators under the Secure Flight program.

Section 1560.1--Scope, Purpose, and Implementation

    Section 1560.1 of the proposed rule states the scope, purpose, and 
implementation of new part 1560. Under Sec.  1560.1(a), new part 1560 
would apply to aircraft operators required to adopt a full program 
under 49 CFR 1544.101(a) and foreign air carriers required to adopt a 
security program under 49 CFR 1546.101(a) or (b). This proposed rule 
would also cover airport operators rule in the event that TSA approves 
a program through which an airport operator may similarly authorize 
non-traveling individuals to enter a sterile area.
    Proposed Sec.  1560.1(b) also sets forth the purpose of new part 
1560, which is intended for the dual mission of facilitating legitimate 
air travel by the general public, as well as the effective detection of 
individuals identified on Federal Government watch lists. As part of 
TSA's layered approach to aviation security, the Secure Flight program 
seeks to enhance the security of domestic and international air travel 
by moving the passenger watch list matching function from individual 
aircraft operators to the Government. To support this mission, TSA 
requires enhanced watch list matching capabilities and processes to 
accurately and consistently identify individuals on Government watch 
lists who may pose a threat to aviation or national security.
    Finally, proposed Sec.  1560.1(c) describes an implementation 
approach where Secure Flight program capabilities are phased in over a 
period of time. Each covered aircraft operator would be required to 
begin requesting passenger and non-traveler information and have the 
capability to transmit the required information to TSA by a TSA-
specified date. As discussed in section I(G) of this preamble, TSA 
anticipates that the date would be 60 days after the effective date of 
the final rule. The date and manner in which individual covered 
aircraft operators would begin transmitting passenger information to 
TSA for watch list matching would be set forth in the covered aircraft 
operator's AOIP, as described in further detail in the analysis of 
Sec.  1560.109. TSA would not publicly release the specific 
implementation dates for each covered aircraft operator, because such 
information is sensitive security information (SSI) under 49 CFR part 
1520.
    TSA anticipates that the first phase of Secure Flight under this 
proposed rule would result in the transfer of responsibility for 
domestic passenger watch list matching from covered U.S. aircraft 
operators to TSA. The second phase of Secure Flight under this proposed 
rule would result in the transfer of responsibility for all other 
passenger watch list matching conducted by covered U.S. aircraft 
operators as well as passenger watch list matching for flights arriving 
in or departing from the United States and flights overflying the 
continental United States operated by covered foreign air carriers to 
TSA.

[[Page 48369]]

    Below is a table that sets forth the proposed implementation 
requirements of this NPRM:

----------------------------------------------------------------------------------------------------------------
                                       Optional implementation    Notification sent to
                                            available\20\           covered operator     Implementation required
----------------------------------------------------------------------------------------------------------------
Submission of an AOIP................  The date of publication  This notice of proposed  30 days after the
                                        of the final rule.       rulemaking.              effective date of this
                                                                                          rule.
Covered aircraft operators begin       None...................  This notice of proposed  60 days after the
 requesting required information from                            rulemaking.              effective date of this
 passengers for domestic flights.                                                         rule.
Covered aircraft operators begin       None...................  Provided in the covered  The date specified in
 transmitting SFPD to TSA for                                    aircraft operator's      the covered aircraft
 domestic flights.                                               AOIP.                    operator's AOIP.
TSA will assume watch list matching    None...................  Written notification 60  60 days after
 function from covered aircraft                                  days prior to the date   notification from TSA.
 operators.                                                      of required
                                                                 implementation.
Covered aircraft operators must begin  None...................  Written notification 30  30 days after
 requesting known traveler number                                days prior to the date   notification from TSA.
 from passengers.                                                of required
                                                                 implementation.
Covered aircraft operators begin       None...................  This notice of proposed  60 days after the
 requesting required information from                            rulemaking.              effective date of this
 passengers for international flights.                                                    rule.
Covered aircraft operators begin       None...................  Provided in the covered  The date specified in
 transmitting SFPD to TSA for                                    aircraft operator's      the covered aircraft
 international flights.                                          AOIP.                    operator's AOIP.
----------------------------------------------------------------------------------------------------------------

Section 1560.3--Terms Used in This Part

    Aircraft Operator Implementation Plan (AOIP). Under proposed Sec.  
1560.3, ``Aircraft Operator Implementation Plan'' or ``AOIP'' means a 
written procedure describing how and when a covered aircraft operator 
or airport operator transmits passenger and flight information and non-
traveler information to TSA, as well as other related matters discussed 
in Sec.  1560.109 or the Consolidated User Guide.
---------------------------------------------------------------------------

    \20\ Aircraft operators that voluntarily choose to participate 
in testing with TSA before required to do so under the final rule 
may begin to implement some or all of the requirements of this 
proposed rule.
---------------------------------------------------------------------------

    Airport Code. This proposed rule defines ``airport code'' as the 
official code for an airport designated by the International Air 
Transport Association (IATA).
    Consolidated User Guide. The proposed rule defines ``Consolidated 
User Guide'' as the document developed by DHS to provide guidance to 
aircraft operators that must transmit passenger information to one or 
more components of DHS on operational processing and transmission of 
passenger information to all required components in a unified manner.
    Covered Aircraft Operator. Section 1560.3 of this proposed rule 
defines ``covered aircraft operator'' as each aircraft operator 
required to carry out a full program under 49 CFR 1544.101(a) or a 
security program under 49 CFR 1546.101(a) or (b).
    Covered Airport Operator. For purposes of proposed part 1560, 
``covered airport operator'' means each airport operator that seeks to 
authorize non-traveling individuals to enter a sterile area for a 
purpose permitted by TSA. ``Airport operator'' is defined in Sec.  
1540.5 as a person that operates an airport serving an aircraft 
operator or a foreign air carrier required to have a security program 
under 49 CFR parts 1544 or 1546. Because non-traveling individuals who 
enter a sterile area must be subject to watch list matching, airport 
operators that seek to authorize their entry to a sterile area are 
covered by this proposed rule.
    Covered Flight. This proposed rule defines the term ``covered 
flight'' to describe those flights for which TSA would conduct 
passenger watch list matching. This proposed rule would cover any 
operation of a U.S. aircraft operator that is subject to or operated 
under a full program under 49 CFR 1544.101(a). This includes flights 
operated by such aircraft operators anywhere in the world. ``Covered 
flight'' also means any operation of a foreign air carrier subject to 
or operated under a security program under 49 CFR 1546.101(a) or (b) 
arriving in or departing from the United States, or overflying the 
continental United States. Covered flight does not include any flight 
for which TSA has determined that the Federal Government (e.g., CBP) is 
conducting passenger matching comparable to the matching conducted 
pursuant to this part.
    In the event TSA determines that a different Federal Government 
agency is conducting comparable watch list matching to matching under 
Secure Flight for a particular flight, TSA would inform the covered 
aircraft operator that that flight does not constitute covered flights 
under the proposed rule.
    Date of Birth. For purposes of proposed part 1560, ``date of 
birth'' means the day, month, and year of an individual's birth.
    Department of Homeland Security Traveler Redress Inquiry Program or 
DHS TRIP. For purposes of this proposed rule, DHS TRIP means the 
voluntary program through which individuals may request redress if they 
believe they have been unfairly or incorrectly (1) denied or delayed 
boarding transportation due to DHS screening programs, (2) denied or 
delayed entry into or departure from the United States at a port of 
entry, or (3) identified for additional (secondary) screening at U.S. 
transportation facilities, including airports and seaports.
    Full Name. TSA needs an individual's complete name to perform 
effective watch list matching. However, TSA recognizes that in many 
non-English speaking cultures, family names may be given first, as 
opposed to being used as a last name. In order to address the 
differences in naming conventions, TSA is proposing to define ``full 
name'' as an individual's full name as it appears on a verifying 
identity document held by that individual.
    Inhibited Status. Proposed Sec.  1560.3 defines ``inhibited 
status'' as the status of a passenger or non-traveling individual to 
whom TSA has instructed a covered aircraft operator or a covered 
airport operator not to issue a boarding pass or provide access to the 
sterile area.
    Itinerary Information. This proposed rule defines ``itinerary 
information'' as

[[Page 48370]]

information reflecting a passenger's or non-traveling individual's 
itinerary specified in the covered aircraft operator's AOIP. For 
passengers, itinerary information includes:
    (1) Departure airport code.
    (2) Aircraft operator.
    (3) Departure date.
    (4) Departure time.
    (5) Arrival date.
    (6) Scheduled arrival time.
    (7) Arrival airport code.
    (8) Flight number.
    (9) Operating carrier (if available).
    For non-traveling individuals, itinerary information is the airport 
code for the sterile area to which the non-traveler seeks access.
    Known Traveler Number. For purposes of proposed part 1560, ``known 
traveler number'' means a unique number assigned to individuals for 
whom the Federal Government has conducted a security threat assessment 
and determined do not pose a security threat. TSA would require covered 
aircraft operators to request a known traveler number from passengers 
and non-traveling individuals after TSA implements this provision and 
notifies covered aircraft operators in writing that they must begin to 
request it.
    Non-traveling Individual (non-traveler). For purposes of proposed 
part 1560, ``non-traveling individual'' or ``non-traveler'' means an 
individual to whom a covered aircraft operator or covered airport 
operator seeks to issue an authorization to enter the sterile area of 
an airport in order to escort a minor or a passenger with disabilities 
or for some other purpose permitted by TSA. ``Non-traveling 
individual'' does not include employees or agents of airport or 
aircraft operators or other individuals whose access to a sterile area 
is governed by another TSA regulation or security directive.
    Overflying the Continental United States. This proposed rule 
defines ``overflying the continental United States'' as departing from 
an airport or location outside the United States, and transiting the 
airspace of the continental United States en route to another airport 
or location outside the United States. Airspace of the continental 
United States includes the airspace over the continental United States 
and the airspace overlying the territorial waters between the 
continental United States coast and 12 nautical miles from the 
continental United States coast. However, the proposed rule provides 
that ``overflying the continental United States'' does not apply to 
flights that transit the airspace of the continental United States 
between two airports or locations in the same country, where that 
country is Canada or Mexico. For example, a flight operated by Air 
Canada between Toronto and Vancouver that transits the airspace over 
Michigan and Illinois would not be ``overflying the continental United 
States'' for purposes of this proposed rule. The Assistant Secretary of 
Homeland Security (Transportation Security Administration) may exclude 
other categories of flights from the definition of ``overflying the 
continental United States'' in writing to the affected aircraft 
operators. TSA is also considering, and requests comments on, whether 
``overflying the continental United States'' should not apply to 
flights overflying selected geographic areas of the continental United 
States, based on a risk assessment.
    In this proposed rule, flights ``overflying the continental United 
States'' are a category of ``covered flights'' for which TSA would 
conduct passenger watch list matching in order to protect the airspace 
over the continental United States and prevent individuals on a watch 
list from taking control of an aircraft with the hostile intent to harm 
the United States. As discussed above, TSA has limited the proposed 
information collection requirements for Secure Flight, including for 
passengers ``overflying the continental United States,'' to the data 
elements TSA believes are minimally necessary for effective watch list 
matching of aviation passengers. The limited Secure Flight Passenger 
Data collected for passengers on flights ``overflying the continental 
United States'' will be used for the limited purpose of watch list 
matching and will be retained for a short period of time. We welcome 
comments on the timeframe for retention of information collected for 
passengers on such flights.
    Under the proposed rule, individuals on the No Fly component of the 
watch list would be prohibited from boarding flights that would be 
entering the airspace of the continental United States and individuals 
on the Selectee component of the watch list would undergo enhanced 
screening prior to boarding such a flight. An aircraft carrying an 
individual or individuals on the watch list may be kept out of the 
airspace of the continental United States or rerouted away from 
populated areas and critical infrastructure within the continental 
United States. In addition, if an aircraft carrying an individual on 
the watch list were permitted to continue through the airspace of the 
United States, the aircraft may be escorted by military aircraft to 
protect against an effort to harm the United States.
    Passenger. This proposed rule defines ``passenger'' as an 
individual who has, or seeks to obtain, a reservation for transport on 
a covered flight. Proposed Sec.  1560.3 expressly excludes from the 
definition of ``passenger'' any crew member traveling on duty. The 
definition also excludes any individual with flight deck privileges 
under 49 CFR 1544.237 traveling on the flight deck. The definition does 
not exclude an employee who is not on duty, such as an employee on 
deadhead status, and who is traveling in the cabin.
    Passenger Resolution Information (PRI). For purposes of proposed 
part 1560, ``Passenger Resolution Information'' or ``PRI'' is the 
information that TSA may request that a covered aircraft operator or 
covered airport operator provide to TSA for an individual whom TSA 
places in an inhibited status and from whom the covered aircraft 
operator or covered airport operator is required to request additional 
information. TSA may request that a covered aircraft operator or 
covered airport operator provide to TSA any subset of PRI that is 
necessary to resolve a potential match to a watch list. PRI includes, 
but is not limited to, the following:
    (1) Covered aircraft operator's agent identification number or 
agent sine, which is a term used in the aviation industry to mean an 
agent's personal identification code;
    (2) Type of verifying identity document presented by the passenger;
    (3) Identification number on the verifying identity document;
    (4) Verifying identity document issue date;
    (5) Name of the Governmental authority that issued the verifying 
identity document; and
    (6) Physical attributes of the passenger such as height, eye color, 
or scars, if requested by TSA.
    Passport Information. Proposed Sec.  1560.3 defines ``Passport 
information'' to include the following information from an individual's 
passport:
    (1) Passport number.
    (2) Country of issuance.
    (3) Expiration date.
    (4) Gender.
    (5) Full name.
    Redress Number. For purposes of proposed part 1560, ``Redress 
Number'' means the number assigned by DHS TRIP to an individual through 
the redress process described in proposed 49 CFR part 1560, subpart C.
    Secure Flight Passenger Data (SFPD). For purposes of this proposed 
rule, ``Secure Flight Passenger Data'' or ``SFPD'' is the information 
regarding a passenger or non-traveling individual

[[Page 48371]]

that a covered aircraft operator or covered airport operator transmits 
to TSA, to the extent available, pursuant to Sec.  1560.101. SFPD is 
the following information regarding a passenger or non-traveling 
individual:
    (1) Full name.
    (2) Date of birth.
    (3) Gender.
    (4) Redress number or known traveler number (once implemented).
    (5) Passport information.
    (6) Reservation control number.
    (7) Record sequence number.
    (8) Record type.
    (9) Passenger update indicator.
    (10) Traveler reference number.
    (11) Itinerary information.
    Self-service Kiosk. A ``self-service kiosk'' is a kiosk operated by 
a covered aircraft operator that is capable of accepting a passenger 
reservation or a request for authorization to enter a sterile area from 
a non-traveling individual.
    Sterile Area. A ``sterile area'' is the portion of an airport 
defined in 49 CFR 1540.5 and generally means an area with access 
limited to persons who have undergone security screening by TSA.
    Terrorist Screening Center (TSC). This proposed rule defines TSC as 
the entity established by the Attorney General to carry out Homeland 
Security Presidential Directive 6 (HSPD-6), dated September 16, 2003, 
to consolidate the Federal Government's approach to terrorism screening 
and provide for the appropriate and lawful use of terrorist information 
in screening processes.
    Verifying Identity Document. Proposed Sec.  1560.3 defines 
``verifying identity document'' as a valid non-expired passport issued 
by a foreign government or a valid non-expired document issued by a 
Government (Federal, State, or tribal) and that includes the following 
information for the individual:
    1. Full name.
    2. Date of birth.
    3. Photograph of the individual.
    Watch list. For purposes of proposed part 1560, ``watch list'' 
refers to the No Fly and Selectee List components of the TSDB 
maintained by the TSC. For certain flights, the ``watch list'' may 
include the larger set of watch lists maintained by the Federal 
Government as warranted by security considerations.

Subpart B--Collection and Transmission of Secure Flight Passenger Data 
for Watch List Matching

Section 1560.101--Request for and Transmission of Information to TSA

    Proposed Sec.  1560.101 sets forth the requirement that covered 
aircraft operators request passenger information and non-traveler 
information and transmit such information to TSA.
    Under proposed Sec.  1560.101(a), covered aircraft operators must 
begin requesting all required information and have the capability to 
transmit required information on a date to be specified by TSA. TSA 
anticipates requiring covered U.S. aircraft operators to begin 
requesting all required information no later than 60 days after the 
effective date of the final rule. TSA would require aircraft operators 
that become covered aircraft operators after the effective date to 
begin requesting passenger and non-traveler information the date it 
becomes a covered operator. Covered aircraft operators would then begin 
transmitting required information to TSA in accordance with their AOIP. 
TSA plans to phase covered aircraft operators into Secure Flight over 
an extended period of time, with the first covered aircraft operators 
projected to transmit their SFPD to TSA no later than 60 days after the 
effective date.
    The proposed definition of SFPD lists the information that covered 
aircraft operators would be required to transmit, to the extent 
available, under proposed Sec.  1560.101(b). From that list, covered 
aircraft operators would be required to ask individuals for their full 
name, date of birth, gender, and Redress Number or known traveler 
number when they make a reservation with the covered aircraft operator 
or seek access to an airport sterile area. Proposed Sec.  
1560.101(a)(3) states that covered aircraft operators may not accept a 
reservation, or accept a request for access to a sterile area, for any 
individual who does not provide a full name. Although aircraft 
operators would be required to request this information for watch list 
matching purposes, passengers and non-traveling individuals would not 
be required to provide their date of birth, gender, or Redress Number 
(if applicable) to make a reservation or a request for authorization to 
enter a sterile area. Although individuals would not be required to 
provide their date of birth, gender, or Redress Number, were they to 
provide it they would be subject to Sec.  1540.103(b) regarding making 
a fraudulent or intentionally false record entry.
    Secure Flight Passenger Data with missing information may result in 
TSA being unable to distinguish the individual from a person on the 
watch list. Consequently, TSA may instruct the covered aircraft 
operator to place the individual on inhibited status or to designate 
the individual for enhanced screening. A covered aircraft operator 
would not be able to issue a boarding pass or authorization to enter a 
sterile area to an individual on inhibited status unless the resolution 
process resulted in TSA giving an instruction permitting the covered 
aircraft operator to issue a boarding pass or authorization.
    Although TSA would not require covered aircraft operators to ask 
for passport information from individuals, TSA would require covered 
aircraft operators to transmit that information if they collect 
passport information in the normal course of business or in accordance 
with another regulatory requirement, such as APIS. TSA would use 
passport information, as well as full name, date of birth, gender, and 
Redress Number for watch list matching purposes.
    TSA would use the other information in the Secure Flight Passenger 
Data--the reservation control number, the record sequence number, the 
record type, the passenger update indicator, the traveler reference 
number, and the itinerary information--to manage the SFPD. TSA would 
use the reservation control number and the record sequence number to 
identify SFPD for a particular individual and to establish the version 
level of watch list matching requests or changes to the SFPD. The 
record type would indicate the type of record the covered aircraft 
operator is transmitting and the passenger update indicator would flag 
an individual's SFPD if that individual's information has changed. The 
traveler reference number would be assigned to each passenger in a SFPD 
transmission to TSA. This would allow the system to correctly associate 
watch list matching results to each passenger in a SFPD transmission, 
which is particularly important in cases where a SFPD transmission 
contains more than one passenger.
    Proposed Sec.  1560.101(a)(2) also provides TSA may require covered 
aircraft operators to begin accepting other known traveler numbers from 
Federal programs approved for use by TSA from passengers and non-
travelers. TSA would inform covered aircraft operators in writing of 
the date on which they must begin to request an approved category of 
known traveler numbers. TSA expects that the covered aircraft operator 
would request this information from the individual making a reservation 
on a covered flight or requesting access to a sterile area. The covered 
aircraft operator must include the information provided by the 
passenger in response to this request in the SFPD. When TSA begins 
accepting known traveler numbers, TSA will only require the covered 
aircraft operator to include one reference number in the SFPD. That 
reference number could be

[[Page 48372]]

a redress number or a known traveler number.
    To ensure that covered aircraft operators request and collect the 
required information at the time an individual makes a reservation, 
proposed Sec.  1560.101(a)(4) makes covered aircraft operators 
responsible for ensuring that third parties (i.e., travel agencies) 
that generate a reservation on the covered aircraft operator's behalf 
take the steps necessary to comply with the requirements of proposed 
Sec.  1560.101.
    Proposed Sec.  1560.101(b) requires covered aircraft operators to 
transmit SFPD to TSA prior to flight departure time, in accordance with 
each aircraft operator's AOIP. TSA anticipates requiring that covered 
aircraft operators transmit SFPD to TSA approximately 72 hours prior to 
scheduled flight departure time for reservations made 72 hours or more 
before the scheduled departure time of the flight, because the vast 
majority of reservations are completed by 72 hours prior to flight 
departure time and remain unchanged after that time. For reservations 
made within 72 hours of scheduled flight departure time, TSA 
anticipates requiring covered aircraft operators to transmit the SFPD 
immediately after the reservation is made.
    TSA would require covered aircraft operators to transmit SFPD for 
each flight even if the flight is a connecting flight or the return 
flight of a roundtrip reservation for the passenger. TSA would not 
require covered aircraft operators to transmit separate SFPD for 
continuing segments of a through flight. After TSA receives the SFPD 
transmission under proposed Sec.  1560.101, it will compare the SFPD 
provided by the covered aircraft operators to the watch list.
    Covered aircraft operators would have the option to transmit SFPD 
to TSA individually or in batch transmissions. Covered aircraft 
operators would also have to establish connectivity to TSA, most likely 
through one of the following methods: (1) By establishing a direct 
connection to TSA; (2) through a secure virtual private network using 
the Internet or a service provider's private network; or (3) through a 
third-party value added network. Regardless of which connectivity 
method covered aircraft operators would use to communicate with TSA, 
the covered aircraft operators would be responsible for all costs 
associated with transmitting data from the covered aircraft operator to 
TSA and vice versa. TSA anticipates that covered aircraft operators 
would select the most efficient method for the anticipated volume of 
messaging between their system and Secure Flight.
    TSA is aware that other Federal agencies, such as CBP, are 
conducting, or will conduct, watch list matching for airline 
passengers. TSA is working with these other agencies to develop ways to 
eliminate unnecessary duplication of comparable screening efforts and 
thereby reduce governmental and private sector costs.
    Covered aircraft operators would be required to accurately transmit 
passenger and non-traveler SFPD. However, covered aircraft operators 
would not be required to validate the underlying accuracy of the 
collected passenger information on covered domestic flights \21\ or 
non-traveler information. Furthermore proposed Sec.  1560.101(d) would 
require covered aircraft operators to transmit information updates to 
reflect changes to any information required in the SFPD.
---------------------------------------------------------------------------

    \21\ Covered aircraft operators would validate passenger 
information on covered international flights because CBP regulations 
at 19 CFR Part 122 require covered aircraft operators to validate 
passengers' APIS information (which includes the passport or other 
appropriate travel document).
---------------------------------------------------------------------------

Section 1560.103--Notice

    TSA is committed to providing transparency about the Secure Flight 
program. In order to inform passengers and non-traveling individuals 
about the use of their personally identifying information, TSA will 
publish on its Web site a privacy notice that explains why TSA is 
collecting this information, how it will use the information, and the 
effect of not providing this information. Additionally, this proposed 
rule would require covered aircraft operators that collect information 
for TSA to use in connection with Secure Flight watch list matching to 
provide the privacy notice to individuals from whom information is 
collected through a Web site or a self-service kiosk.
    Proposed Sec.  1560.103(a) would require a covered aircraft 
operator to make the privacy notice available before the covered 
aircraft operator collects the information. Covered aircraft operators 
must make available, on their Web sites, through the aircraft 
operator's self-service kiosk, or through a link to TSA's Web site, the 
following complete privacy notice, as set forth in proposed Sec.  
1560.103(b):
    The Transportation Security Administration requires us to collect 
information from you for purposes of watch list matching, under the 
authority of 49 U.S.C. sec. 114, and the Intelligence Reform and 
Terrorism Prevention Act of 2004. Providing this information is 
voluntary; however, if it is not provided, you may be subject to 
additional screening or denied transport or authorization to enter a 
sterile area. TSA may share information you provide with law 
enforcement or intelligence agencies or others under its published 
system of records notice. For more on TSA Privacy policies or to view 
the system of records notice and the privacy impact assessment, please 
see TSA's Web site at www.tsa.gov.
    This requirement would also apply to information collected on third 
party internet reservation Web sites for reservations on covered 
flights. Covered aircraft operators would be responsible for ensuring 
that these Web sites make available the complete privacy notice or 
provide a link to TSA's Web site.
    Covered aircraft operators must use the above language to provide 
the complete privacy notice, unless TSA approves alternative language. 
For instance, if a governmental entity or entities develop a common 
privacy notice for use for international flights, that common privacy 
notice may be approved for use in lieu of the privacy notice above. 
Individuals who wish further information with respect to TSA's privacy 
policies are referred to TSA's Web site.
    In the event a covered aircraft operator creates an alternative 
electronic means to request information in order to comply with Sec.  
1560.101(a) from individuals directly, proposed Sec.  1560.103(a) would 
require the covered aircraft operator to make the privacy notice 
available through that new mechanism, unless TSA provided an exemption. 
This provision is intended to ensure that the privacy notice is 
available to individuals in the event electronic means to collect 
information directly from individuals, beyond Web sites and self-
service kiosks, emerge in the future through aviation industry 
innovation.
    DHS requests comments on this notice provision generally. In 
particular, DHS requests comments on how a privacy notice could be 
provided (if necessary and considering such issues as feasibility, 
costs, and the effectiveness of the notice) during the collection of 
information through means not identified in proposed sec. 1560.103.

Section 1560.105--Denial of Transport or Sterile Area Access and 
Designation for Enhanced Screening

    Proposed Sec.  1560.105 would apply to a covered aircraft operator 
beginning on the date that TSA assumes the watch list matching function 
from that aircraft operator. In order to determine whether

[[Page 48373]]

a passenger or non-traveling individual poses a threat to civil 
aviation or national security under the proposed Secure Flight program, 
TSA must conduct watch list matching of the individual. Therefore, 
consistent with authorities granted under 49 U.S.C. 114(h)(3) and 
44901(a) regarding the screening of passengers and property, TSA would 
prohibit covered aircraft operators from issuing a boarding pass until 
TSA has authorized release of the boarding pass upon conclusion of the 
watch list matching process. TSA also is proposing to apply this 
requirement to non-traveling individuals who seek authorization from a 
covered aircraft operator to enter an airport sterile area, because 
such individuals may attempt to board a flight as a passenger, pass 
prohibited items to a passenger, or otherwise become a security threat 
for that airport, acting alone or in concert with others in the sterile 
area.
    Once TSA receives passenger or non-traveler SFPD from covered 
aircraft operators, TSA, in coordination with TSC where necessary, will 
compare that information to information contained in the watch list. 
TSA will then send the covered aircraft operator the results of the 
watch list matching process. In most cases, TSA expects to be able to 
complete the watch list matching process for a passenger based on the 
SFPD transmitted to TSA in accordance with proposed Sec.  1560.101, and 
then communicate the boarding pass printing instruction to the covered 
aircraft operator prior to the time the passenger arrives at the 
airport for the flight.
    Proposed Sec.  1560.105(b) provides that a covered aircraft 
operator would not be permitted to issue a boarding pass or other 
authorization to enter a sterile area to a passenger or a non-traveling 
individual and must not allow that individual to board an aircraft or 
enter a sterile area until TSA informs the covered aircraft operator of 
the results of watch list matching for that passenger or non-traveling 
individual. If the covered aircraft operator transmitted updated SFPD 
in accordance with proposed Sec.  1560.101(c), previous TSA 
instructions would be voided. The covered aircraft operator would then 
be required to wait for watch list matching results from TSA, in 
response to the most recent SFPD submission for that passenger or non-
traveling individual, to ensure that the covered aircraft operator is 
acting on the most accurate instruction from TSA.
    Under proposed Sec.  1560.105(b), TSA would send one of three 
instructions to covered aircraft operators after they transmit SFPD to 
TSA. First, TSA may instruct a covered aircraft operator that a 
passenger or non-traveling individual must be placed on inhibited 
status. In that case, the covered aircraft operator must not issue a 
boarding pass, or other authorization to enter a sterile area, to the 
passenger or a non-traveling individual, and the covered aircraft 
operator must not allow an inhibited individual to board a flight or 
enter a sterile area.
    Second, TSA may instruct the covered aircraft operator that the 
passenger or non-traveling individual has been selected for enhanced 
screening at a security checkpoint. In that situation, the covered 
aircraft operator may issue the passenger a boarding pass or the non-
traveling individual authorization to enter the sterile area but must 
identify the passenger or non-traveling individual for enhanced 
screening, in accordance with procedures in the aircraft operator's 
security program. Third, TSA may send a cleared instruction for a 
passenger or non-traveling individual. In that case, the covered 
aircraft operator is permitted to issue the passenger or non-traveling 
individual a cleared boarding pass or authorization to enter the 
sterile area, unless the covered aircraft operator is required to 
identify the passenger or non-traveling individual for enhanced 
screening under other TSA procedures.
    As part of TSA's efforts to enhance boarding pass security and 
prevent fraud, TSA would require covered aircraft operators to place 
certain information on the boarding passes for passengers or 
authorizations to enter a sterile area for non-traveling individuals. 
As reflected in the proposed rule and explained in further detail 
below, TSA is considering requiring the information to be in a code 
format such as a bar code or optical character recognition format. The 
purpose of placing a code on the boarding passes and the authorizations 
to enter a sterile area is to prevent the use of unauthorized or 
altered boarding passes or authorizations to enter a sterile area by 
individuals who wish to fraudulently gain access to the sterile area or 
to board an aircraft. The code would not include any personally 
identifying information. TSA may also consider other forms of 
technology to verify the authenticity of boarding passes and 
authorizations to enter a sterile area. TSA seeks comments on the use 
of bar codes, optical character recognition, or other form of 
technology to ensure the integrity of the boarding passes and 
authorizations to enter a sterile area.
    Under the proposed rule, TSA's boarding pass instructions would 
include coding instructions for placing codes on the boarding passes or 
authorizations to enter a sterile area. The coding instructions would 
include a unique TSA-generated character string for security. TSA would 
not permit covered aircraft operators to issue a boarding pass or 
authorization to enter a sterile area unless the covered aircraft 
operator had placed the code on the boarding pass or authorization to 
enter a sterile area, and TSA would require covered aircraft operators 
to place the code on the boarding passes or authorizations to enter a 
sterile area separately from codes used for any other purposes. TSA 
authorized personnel with devices to read the codes would have the 
ability to scan the codes and authenticate the document. The 
Consolidated User Guide would provide technical information concerning 
the transmission and receipt of coded data. TSA would require aircraft 
operators to comply with the technical requirements in the Consolidated 
User Guide for placing codes on boarding passes and authorizations.
    TSA may consider developing a system whereby the devices used to 
read the code may be able to communicate with the Secure Flight program 
to verify some of the information in the SFPD and whether the 
individual has been selected for enhanced screening. With this system, 
the codes themselves still would not include any personally identifying 
information and the personally identifying information could only be 
accessed through a secure reading device. TSA seeks comment on the 
technology, privacy, and compliance issues associated with implementing 
a system that would place information on boarding passes and 
authorizations to enter a sterile area to ensure that the watch list 
matching results correspond to the information on boarding passes and 
authorizations to enter a sterile area.
    After TSA has returned to a covered aircraft operator a boarding 
pass instruction that a passenger must be placed on inhibited status or 
selected for enhanced screening, the covered aircraft operator cannot 
change that boarding pass instruction unless TSA sends an updated 
instruction based on additional information, such as an updated watch 
list or updated SFPD or otherwise authorizes the covered aircraft 
operator to change the boarding instruction. If TSA sends an updated 
instruction to a covered aircraft operator for a passenger or non-
traveling individual, the covered aircraft operator must acknowledge 
receipt of the updated instruction, comply with the updated 
instruction, and ignore all

[[Page 48374]]

previous instruction for that passenger or non-traveling individual. 
However, a covered aircraft operator can designate a more restrictive 
boarding pass status in conjunction with other TSA or aircraft operator 
procedures.
    If TSA has not provided a covered aircraft operator with watch list 
matching results for an individual by the time the individual attempts 
to check-in, or has informed the aircraft operator that an individual 
has been placed on inhibited status, the covered aircraft operator must 
provide TSA with additional information on the individual. This may be 
necessary if the available information for that individual is 
insufficient to distinguish him or her from a person on the watch list. 
Therefore, under proposed Sec.  1560.105(c) it would be necessary for 
the covered aircraft operator to request a verifying identity document 
from the individual to verify the SFPD already provided or obtain SFPD 
that was not provided at the time of reservation or at the time of 
check-in at the airport. Covered aircraft operators would then be 
required to update the SFPD with information from the verifying 
identity document and transmit the updated SFPD to TSA.
    However, under proposed Sec.  1560.105(c)(4), this requirement 
would not apply to minors under the age of 18 who do not have a 
verifying identity document. For those minors, TSA may authorize the 
minor, or an adult accompanying the minor, to state the minor's full 
name and date of birth on a case-by-case basis.
    In this regard, the NPRM also proposes to amend TSA's regulations 
by adding a new requirement in 49 CFR 1540.107 that a passenger seeking 
to obtain a boarding pass, or a non-traveling individual seeking access 
to an airport sterile area, must present a verifying identity document, 
as described in proposed Sec.  1560.105(c)(1), if a covered aircraft 
operator requests one for watch list matching purposes, in accordance 
with proposed Sec.  1560.105(c)(1). Under the proposed amendment to 
Sec.  1540.107 and proposed Sec.  1560.105(d), if an individual fails 
to comply with this request from a covered aircraft operator, he or she 
would be denied a boarding pass (or authorization to enter a sterile 
area), unless otherwise authorized by TSA. As discussed previously, TSA 
may authorize exceptions to the above requirement for verifying 
identity document on a case-by-case basis.
    If TSA needs additional information to resolve a possible 
misidentification, or to confirm that the passenger or non-traveling 
individual is the individual on the watch list, TSA may request that 
the aircraft operator communicate additional identifying information, 
referred to as PRI. For example, TSA may request biographical 
information such as height, hair color, eye color, or distinctive 
scars. TSA may request the information necessary for TSA, in 
coordination with the TSC, to resolve the possible misidentification or 
confirm that the individual is the person on a watch list. TSA will not 
require the covered aircraft operator to transmit such biographical 
information in a SFPD transmission. TSA anticipates requesting such 
biographical information over the telephone.
    TSA plans to retain the information necessary to complete an 
individual's watch list matching process, in accordance with a record 
retention schedule, which it will submit for approval to NARA, in order 
to expedite the watch list matching process for that individual during 
future travel. The requirements of this proposed rule would not 
supersede other requirements currently in effect that aircraft 
operators verify the identities of individuals prior to their entry 
into a sterile area.

Section 1560.107--Use of Watch List Matching Results by Covered 
Aircraft Operators

    Drawing upon the privacy principle of use limitation, TSA would 
only share watch list matching results with covered aircraft operators 
for purposes of compliance with their obligations to issue boarding 
passes to those who are authorized to receive them, identify 
individuals for enhanced screening, or deny individuals boarding or 
sterile area access. Therefore, under proposed Sec.  1560.107, TSA 
would limit covered aircraft operators' use of the watch list matching 
results to the purposes provided in Sec. Sec.  1560.1 and 1560.105 of 
the proposed rule. Under the proposed rule, covered aircraft operators 
may not use the watch list matching results for any purpose other than 
security purposes.

Section 1560.109--Aircraft Operator Implementation Plan

    Section 1560.109 of this proposed rule details the procedures for 
submission, approval, and modification of an AOIP. Under proposed Sec.  
1560.109(a), each covered aircraft operator must submit a proposed AOIP 
to TSA for approval. The proposed AOIP must set forth the specific 
means by which the covered aircraft operator will transmit passenger 
information and non-traveler information to TSA, the timing and 
frequency of transmission, and any other related matters. The AOIP may 
include, for example, the covered aircraft operator's plan for dealing 
with a system outage.
    Because DHS recognizes that covered aircraft operators would be 
required to comply with multiple requirements from Federal agencies, 
DHS is developing the means to consolidate the receipt and management 
of passenger information within a single communications interface. The 
consolidation of required data for both TSA and CBP into a single 
submission is intended to ease the operational and technical burden on 
the aircraft operator. DHS will provide guidance on these requirements 
in a Consolidated User Guide. Consequently, covered aircraft operators 
would need to prepare their proposed AOIP in accordance with DHS's 
Consolidated User Guide. DHS will issue the Consolidated User Guide on, 
or shortly after, the date of publication of the final rule and will 
work with each covered aircraft operator, as necessary, to provide 
technical assistance in developing its AOIP. DHS will issue a draft 
Consolidated User Guide based on this proposed rule on, or shortly 
after, the date of this NPRM. Because the Consolidated User Guide is 
SSI, the release, handling, and protection of the Consolidated User 
Guide would be subject to the regulations concerning the protection of 
SSI in 49 CFR part 1520.
    Proposed Sec.  1560.109(a)(1) would require aircraft operators that 
are covered aircraft operators on the effective date of the final rule 
to submit their AOIP for approval no later than 30 days after the 
effective date. Under Sec.  1560.109(a)(2), aircraft operators that 
become covered aircraft operators after the effective date must submit 
their AOIP as part of their security program under 49 CFR 1544.105(a) 
or 49 CFR 1546.105(a). TSA will review, approve, and modify these 
covered aircraft operators' proposed AOIP as part of its review of 
these covered aircraft operators' security programs.
    For aircraft operators that are covered aircraft operators on the 
effective date, TSA will review, modify, and approve their proposed 
AOIP under proposed Sec. Sec.  1560.109(b) and (c). If TSA approves a 
covered aircraft operator's proposed AOIP, the covered aircraft 
operator must implement the plan according to the schedule approved by 
TSA and set forth in the AOIP. If TSA disapproves and orders 
modifications to a proposed AOIP, TSA will provide written notice to 
the covered aircraft operator. Under proposed Sec.  1560.109(c)(1), the 
covered aircraft operator has two options. The first option is to make 
any changes to the AOIP that TSA requests in the notice and implement 
the AOIP

[[Page 48375]]

according to the schedule approved by TSA and set forth in the AOIP. 
The second option is to seek a reconsideration of TSA's initial 
decision. In order to seek a reconsideration, a covered aircraft 
operator must submit its petition for reconsideration to TSA within 30 
days of receiving the notice. The petition should include all 
supporting documentation. Under proposed Sec.  1560.109(c)(2), a 
designated TSA official will review the petition and will either amend 
or withdraw the notice or forward the petition to the Administrator for 
a final decision. Within 30 days of receiving the petition, the 
Administrator will dispose of the petition by amending or withdrawing 
the notice or affirming the notice to modify. TSA may, at its 
discretion, grant extensions to any schedule deadlines, on its own 
initiative or upon the request of a covered aircraft operator.
    Proposed Sec.  1560.109 would require that the AOIP become part of 
the covered aircraft operator's security program (as described in 49 
CFR part 1544, subpart B or 49 CFR part 1546, subpart B) once TSA 
approves the AOIP. Because the AOIP would be part of the security 
program, proposed Sec.  1560.109(e) states that amendments to the AOIP 
will be reviewed and approved or disapproved in accordance with the 
procedures in 49 CFR 1544.105 or 49 CFR 1546.105, which govern 
amendments to security programs. Sections 1544.105 and 1546.105 provide 
procedures by which aircraft operators may seek amendments to their 
security programs and TSA may order amendments to security programs 
including emergency amendments. These sections also describe how 
aircraft operators may seek reconsideration of the initial decision on 
the amendments.
    Proposed Sec.  1560.109(f) requires that the AOIP be handled and 
protected as SSI in accordance with 49 CFR part 1520. Because the AOIP 
would be a part of the covered aircraft operator's security program, 
the AOIP would be SSI under Sec.  1520.5(b)(1)(i).

Section 1560.111--Covered Airport Operators.

    Section 1560.111 of this proposed rule applies to a covered airport 
operator that has a program approved by TSA through which the airport 
operator may authorize non-traveling individuals to enter a sterile 
area. Under proposed Sec.  1560.111, no later than 30 days after 
receiving written notice from TSA, or such longer period as TSA may 
determine for good cause, a covered airport operator must adopt and 
carry out an AOIP and follow the procedures required of covered 
aircraft operators with respect to non-traveling individuals specified 
in proposed Sec.  1560.109. A covered aircraft operator's AOIP would 
become a part of the covered airport operator's security program under 
49 CFR part 1542, subpart B. Each covered airport operator must comply 
with the procedures required of covered aircraft operators in 
Sec. Sec.  1560.101(a), (c) and (d), 1560.103, and 1560.107 of this 
part, and any other applicable TSA requirements.

Subpart C--Passenger Redress

Section 1560.201--Applicability

    Sections 4012(a)(1) and 4012(a)(2) of IRTPA require TSA to 
establish appeal procedures for airline passengers who are delayed or 
denied boarding as a result of the watch list matching process as 
required by 49 U.S.C. 44903(j)(2)(C)(iii)(I), (j)(2)(G), and 49 U.S.C. 
44909(c)(6)(B). Accordingly, the NPRM proposes subpart C, which 
provides the redress procedures for individuals who believe they have 
been improperly or unfairly delayed or prohibited from boarding an 
aircraft or entering a sterile area as a result of the Secure Flight 
program.

Section 1560.203--Representation by Counsel

    Proposed Sec.  1560.203 provides that any person seeking redress 
under subpart C may be represented by counsel at his or her own 
expense.

Section 1560.205--Redress Process

    DHS and TSA currently provide a redress process for individuals who 
believe that they have been denied or delayed in boarding a flight. 
Proposed Sec.  1560.205 explains the regulatory framework for the 
redress process for Secure Flight. If an individual believes that he or 
she has been improperly or unfairly delayed or prohibited from boarding 
an aircraft or entering a sterile area as a result of the Secure Flight 
program, the individual may initiate the redress process through the 
existing DHS TRIP process. DHS TRIP is a web-based customer service 
initiative developed as a voluntary program to provide a one-stop 
mechanism for individuals to request redress. DHS TRIP provides 
traveler redress intake and processing support while working with 
relevant DHS components to review and respond to requests for redress.
    Under proposed Sec.  1560.205, an individual seeking redress may 
obtain the necessary forms and information to initiate the redress 
process for Secure Flight on the DHS TRIP Web site at http://www.dhs.gov/trip or by contacting DHS TRIP by mail. The DHS TRIP Office 
would assign the individual a unique identifier, recognized by the 
Secure Flight Program as a Redress Number. Under Sec.  1560.101 of this 
proposed rule, covered aircraft operators would be required to request 
the Redress Number from passengers and non-traveling individuals at the 
time of reservation or request for sterile area access, and transmit 
the number to TSA in the SFPD, if available.
    DHS TRIP will then share the redress request with TSA and any other 
necessary agencies for resolution. TSA, in coordination with the TSC 
and other appropriate Federal law enforcement or intelligence agencies, 
if necessary, will review all the documentation provided by the 
individual and provide the individual with a timely written response. 
TSA will correct any erroneous information and will inform the 
individual when the redress process has been completed. However, TSA 
will neither confirm nor deny whether an individual is on the watch 
list, because this information is derived from classified and sensitive 
law enforcement and intelligence information. This protects the 
operational counterterrorism and intelligence collection objectives of 
the Federal Government, as well as the personal safety of those 
involved in counterterrorism investigations. The watch list remains an 
effective tool in the Government's counterterrorism and transportation 
security efforts, because its contents are not disclosed.
    If TSA determines that the delay or prohibition from boarding, or 
access to a sterile area, resulted from a misidentification of the 
individual, TSA will retain the information provided by the individual 
to facilitate authentication of the individual's identity during future 
air travel and to prevent repeated and unnecessary delays of 
misidentified individuals, as required under 49 U.S.C. 
44903(j)(2)(G)(ii).

Section 1560.207--Oversight of process

    Finally, Sec.  1560.207 of the proposed rule provides that the 
redress program and its implementation are subject to review by the TSA 
and DHS Privacy Officers and the TSA and DHS Offices for Civil Rights 
and Civil Liberties to ensure that the process is protecting the 
privacy and civil liberties of passengers and non-traveling 
individuals.

[[Page 48376]]

III. Regulatory Analyses

A. Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501 et seq.) 
requires that a Federal agency consider the impact of paperwork and 
other information collection burdens imposed on the public and, under 
the provisions of PRA section 3507(d), obtain approval from the Office 
of Management and Budget (OMB) for each collection of information it 
conducts, sponsors, or requires through regulations.
    This proposed rule contains new information collection activities 
subject to the PRA. Accordingly, TSA has submitted the following 
information requirements to OMB for its review.
    Title: Secure Flight Program.
    Summary: TSA is proposing to establish this information collection 
in accordance with 49 U.S.C. 44903(j)(2)(C), which requires TSA to 
assume the passenger matching function of comparing passenger 
information to Federal watch lists and to establish an appeal procedure 
for those passengers delayed or denied boarding as a result of this 
process. In order to carry out effective watch list matching, TSA has 
determined that it must receive each individual's full name and, to the 
extent available, gender, date of birth, Redress Number, and known 
traveler number (when implemented) and passport information. Therefore, 
TSA is proposing to require U.S. aircraft operators that conduct 
certain scheduled and public charter flights, and foreign air carriers 
that conduct certain scheduled and public charter flights within, to or 
from the United States, and overflying the continental United States, 
to request this information from passengers or non-travelers seeking 
sterile area access on those flights. The covered aircraft operator 
must then communicate this information, as well as passport 
information, message management information, and itinerary information 
to the extent available, to TSA. The covered aircraft operator must 
also transmit relevant updates to the passenger's or non-traveler's 
information. Additionally, TSA may need the covered aircraft operators 
to obtain and communicate information from an individual's form of 
identification or a physical description (e.g., gender, height, weight, 
hair color, or eye color) of the individual. TSA would use all of this 
information during watch list matching.
    Prior to submitting any passenger information or non-traveler 
information, covered aircraft operators must first submit to TSA an 
AOIP describing how and when they will transmit passenger (or non-
traveler) information to TSA.
    In addition to aircraft operators that authorize non-traveling 
individuals to enter a sterile area, TSA may require airport operators 
that authorize non-traveling individuals to enter a sterile area for a 
purpose approved by TSA to provide TSA with information regarding non-
traveling individuals seeking authorization to enter a sterile area, 
for purposes of watch list matching, under the proposed rule.
    Use of: Under 49 U.S.C. 44903(j)(2)(C)(iv), TSA is authorized to 
collect from aircraft operators the passenger information needed to 
begin implementation of this matching function. TSA will use the 
information to enhance the security of air travel and support the 
Federal Government's counterterrorism efforts by enabling TSA to 
conduct watch list matching through the Secure Flight program and to 
identify individuals who warrant further scrutiny prior to entering an 
airport sterile area or boarding an aircraft or who warrant denial of 
boarding or access to an airport sterile area on security grounds. To 
identify those individuals, TSA will compare individuals' identifying 
data to information about individuals identified on the watch list.
    Respondents (including number of): The Secure Flight Program would 
require covered aircraft operators to submit passenger information to 
DHS for the purpose of watch list matching. Prior to submitting any 
passenger information to DHS, covered aircraft operators would first 
submit to TSA an Aircraft Operator Implementation Plan (AOIP). The AOIP 
would specify in detail the technology and processes an aircraft 
operator would use to transmit passenger information to DHS and receive 
and apply watch list responses. At the time of submission, 66 domestic 
and 146 foreign aircraft operators would be required to respond to the 
information collection. Consequently, TSA has determined this 
information collection would affect a total of 212 respondents. Each of 
these operators would be subject to both information collections; 
however, due to differences in the frequency of the submissions, the 
two collections result in differing numbers of annual respondents. 
Submission of AOIPs would affect an average of 71 respondents and 
transmission of passenger information would affect an annual average of 
163 respondents. With regards to airport operators authorizing non-
traveling individuals to enter a sterile area for a purpose approved by 
TSA, there are currently 437 domestic airports that are eligible. TSA 
has adopted this total as the maximum number of airport operator 
respondents that might transmit information to Secure Flight.
    Frequency: The AOIP would be a one-time submission, whereas 
collection of passenger information for purposes of watch list matching 
must occur on at least a daily basis. The commercial passenger aviation 
industry provides air transport to more than 2.5 million passengers per 
day, and aircraft operators accept reservations for transport on a 
continuous basis. Therefore, in order to be effective as a security 
measure, watch list matching of passengers and non-traveling 
individuals must be carried out on a near or real-time basis. 
Collecting passenger or non-traveling individuals' information from 
respondents less frequently than daily would not allow TSA to complete 
watch list matching of every passenger or non-traveling individual 
prior to their arrival at an airport security checkpoint. TSA's 
collection of information from respondents must occur on at least a 
daily basis, if not more frequently, in order to take into account new 
or changed reservations for air travel.
    Annual Burden Estimate: TSA has determined that the information 
aircraft operators would be required to collect from passengers is 
similar to that collected in the normal course of business and is 
therefore exempt from the PRA as defined in 5 CFR 1320.3(b)(2). 
Further, TSA was unable to estimate an hour burden for aircraft 
operators to transmit passenger information to DHS. TSA did not have 
sufficient data to calculate this burden. However, TSA has monetized 
the burden on the aircraft operators to modify and update their systems 
to transmit passenger information (see below). Accordingly, TSA has 
only estimated an hour burden for aircraft operators to submit their 
AOIPs.
    TSA estimated that each covered aircraft operator would invest 400 
hours in the AOIP process if the covered aircraft operator has not 
already connected to Customs and Border Protection's (CBP) APIS Quick 
Query (AQQ).\22\ TSA's estimate includes high-level planning, resource 
allocation, budgeting and management review and approval before 
submitting the AOIP to TSA. Since TSA was unable to estimate the number 
of respondent aircraft operator that might connect to AQQ prior to 
implementation of Secure Flight, TSA assessed the 400 hours

[[Page 48377]]

against each of the respondent aircraft operator, yielding a total of 
84,800 hours. Based on this total, the annual burden would be 28,300 
hours.
---------------------------------------------------------------------------

    \22\ For carriers that are already connected to AQQ, TSA 
estimated that such carriers would invest 200 hours in developing 
their AOIPs.
---------------------------------------------------------------------------

    In addition to the hour burden, it may cost respondents $129.2 
million in the first three years to modify and maintain systems to 
accommodate the new communication requirements. This breaks down to 
$125,200,000 in the first two years for capital startup costs and 
$4,000,000 in the second and third years for operations and 
maintenance, for an annual average of $43,000,000. The capital startup 
costs encompass the cost for additional bandwidth that aircraft 
operators may require to transmit data from reservations booked online 
as well as extensive system modifications to enable two-way 
communication between respondents and the Secure Flight system.
    With regards to airport operators authorizing non-traveling 
individuals to enter a sterile area for a purpose approved by TSA, TSA 
assumes respondents would submit an annual total of 240,000 responses. 
TSA anticipates that airport operators would use a web application to 
transmit the personal information to Secure Flight and receive a 
response in real time. In most cases, the TSA response should be nearly 
instantaneous; thus, TSA believes the proposed provision would not 
result in an appreciable hour burden on respondents.
    TSA is soliciting comments to
    (1) Evaluate whether the proposed information requirement is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    (2) Evaluate the accuracy of the agency's estimate of the burden;
    (3) Enhance the quality, utility, and clarity of the information to 
be collected; and
    (4) Minimize the burden of the collection of information on those 
who are to respond, including using appropriate automated, electronic, 
mechanical, or other technological collection techniques or other forms 
of information technology.
    Individuals and organizations may submit comments on the 
information collection requirements by October 22, 2007. Direct the 
comments to the address listed in the ADDRESSES section of this 
document, and fax a copy of them to the Office of Information and 
Regulatory Affairs, Office of Management and Budget, Attention: DHS-TSA 
Desk Officer, at (202) 395-5806. A comment to OMB is most effective if 
OMB receives it within 30 days of publication. TSA will publish the OMB 
control number for this information collection in the Federal Register 
after OMB approves it.
    As a protection provided by the Paperwork Reduction Act, as 
amended, an agency may not conduct or sponsor, and a person is not 
required to respond to, a collection of information unless it displays 
a currently valid OMB control number.

B. Regulatory Impact Analyses

1. Regulatory Evaluation Summary
    Changes to Federal regulations must undergo several economic 
analyses. First, Executive Order 12866, Regulatory Planning and Review 
(58 FR 51735, October 4, 1993), directs each Federal agency to propose 
or adopt a regulation only upon a reasoned determination that the 
benefits of the intended regulation justify its costs. Second, the 
Regulatory Flexibility Act of 1980 (5 U.S.C. 601 et seq., as amended by 
the Small Business Regulatory Enforcement Fairness Act (SBREFA) of 
1996) requires agencies to analyze the economic impact of regulatory 
changes on small entities. Third, the Office of Management and Budget 
directs Trade Agreements Act (19 U.S.C. 2531-2533) prohibits agencies 
from setting standards that create unnecessary obstacles to assess the 
effect of regulatory changes on foreign commerce of the United States. 
In developing U.S. standards, this Trade Act requires agencies to 
consider international trade standards and where appropriate, as the 
basis of U.S. standards. Fourth, the Unfunded Mandates Reform Act of 
1995 (2 U.S.C. 1531-1538) requires agencies to prepare a written 
assessment of the costs, benefits, and other effects of proposed or 
final rules that include a Federal mandate likely to result in the 
expenditure by State, local, or tribal governments, in the aggregate, 
or by the private sector, of $100 million or more annually (adjusted 
for inflation).
    TSA has prepared a separate detailed analysis document which is 
available to the public in the docket. With respect to these analyses, 
TSA provides the following conclusions and summary information.
    1. TSA has determined that this is an economically significant rule 
within the definition of Executive Order (EO) 12866, as estimated 
annual costs or benefits exceed $100 million in any year. The mandatory 
OMB Circular A-4 Accounting statement is included in the separate 
complete analysis and is not repeated here.
    2. The Initial Regulatory Flexibility Analysis (IRFA) shows that 
there is not likely a significant impact on a substantial number of 
small entities. As a normal practice, we provide the IRFA to the public 
but withhold the final formal certification of determination as 
required by the RFA until after we receive public comments and publish 
the Final Regulatory Flexibility Analysis (FRFA).
    3. Although the rule in general is unlikely to cause any adverse 
impact on international trade, there may be potential unfavorable 
responses to the overflight provisions of the proposed rule.
    4. The regulatory evaluation provides the required written 
assessment of Unfunded Mandates. The proposed rule is not likely to 
result in the expenditure by State, local, or tribal governments, in 
the aggregate, of $100 million or more annually (adjusted for 
inflation). However, the estimated impact on the private sector does 
exceed the inflation adjusted Unfunded Mandates threshold. The E.O. 
12866 analysis provided below also serves as the analysis required 
under UMRA.
2. Executive Order 12866 Assessment Benefits
    Benefits of the rule would occur in two phases: The first during 
operational testing and the second post-implementation. During 
operational testing, Secure Flight would screen passengers in parallel 
with the airlines. Primary responsibility for watch list matching would 
remain with covered aircraft operators during this period, but Secure 
Flight might notify aircraft operators if its watch list matching 
technology enabled it to detect a potential match the aircraft operator 
may have missed. Therefore, during the operational testing phase, 
benefits may include increased aviation security resulting from the 
detection of threats not identified by covered carriers participating 
in the testing.
    Most of the rule's benefits would occur post-implementation. Secure 
Flight would standardize the watch list matching process across 
domestic and foreign commercial airlines. Resulting benefits could 
include more accurate, timely, and comprehensive screening, and a 
reduction in false positives. This would occur because Secure Flight 
would have access to more data with which to distinguish passengers 
from records in the watch lists than is currently available to 
airlines. Further, the airlines would be relieved of watch list 
matching responsibilities, and TSA would be relieved of distributing 
the watch lists. Together, these factors would contribute to the 
overall objective of focusing resources on passengers identified as 
potential threats to aviation security.

[[Page 48378]]

    This benefit would be further augmented by the proposal to require 
covered airlines to print on boarding passes a unique code generated by 
the Secure Flight system for each watch list result returned. Depending 
on the final implementation method, this requirement would at a minimum 
allow checkpoint personnel to verify that a boarding or gate pass had 
been processed by the Secure Flight system. This would prevent 
individuals from passing through the checkpoint with a boarding or gate 
pass that had not originated in an airline system.
    By transferring responsibility for watch list matching of 
international passengers from CBP to TSA, the proposed rule would 
consolidate passenger prescreening operations within the Department of 
Homeland Security (DHS), thereby reducing redundancies between similar 
programs and facilitating better governance. The proposed rule would 
enable CBP to focus its resources on its mission of protecting U.S. 
borders while permitting TSA to apply its expertise in watch list 
matching consistently across all commercial air traffic within and 
overflying the United States. DHS expects that reducing overlap between 
these agencies' missions will improve national security through more 
efficient and targeted use of national resources.
    Other benefits could include increased security due to the watch 
list matching of non-traveling individuals who request access to a 
sterile area. Also, TSA anticipates it may allow airports to authorize 
non-traveling individuals to enter the airport sterile area. As a 
result, the proposed rule would establish requirements related to 
airports' transmission of data from non-traveling individuals to Secure 
Flight for watch list matching. These requirements would only apply to 
airports that requested and received authorization from TSA to grant 
non-traveling individuals access to the airport sterile area.
    Once TSA assumed primary responsibility for watch list matching, 
airlines would be relieved of their passenger watch list matching 
responsibilities. For the purposes of its analysis, TSA assumed that 
domestic implementation would be completed in the first year of the 
rule, and international implementation would be completed in the second 
year. However, the actual date the carriers would be completely 
relieved was unknown at the time of writing and would be contingent on 
several factors, such as the impact of budgetary constraints and the 
results of operational testing. Prior to implementation, operational 
testing would have to demonstrate that Secure Flight did not produce a 
large number of false positives, processed all matching requests in an 
efficient and accurate manner, and interfaced with a redress system for 
passengers who believe they have been incorrectly delayed or denied 
boarding as a result of Secure Flight matching. Elimination of their 
watch list matching responsibilities would enable airlines to 
reallocate to other tasks some of their operational resources currently 
dedicated to comparing passenger information to the watch lists and 
offset some costs imposed by the regulation. Due to the vast difference 
in resources used by each airline for watch list matching and 
uncertainty regarding the actual date each would be relieved of watch 
list duties, TSA was unable to quantify these cost savings.
    Further, while TSA conducted significant testing using previously 
collected passenger name record (PNR) data, no testing has been 
completed in a live environment using all of the passenger information 
requested by this proposed rule. The testing phase would provide TSA 
the opportunity to work with the airlines and other stakeholders to 
refine Secure Flight to achieve optimal results while the airlines 
continue to have primary responsibility for watch list matching. Thus, 
the testing phase would also allow TSA to collect baseline data 
necessary for quantification of potential benefits of Secure Flight.
    TSA has included in the Regulatory Evaluation a rough ``break-
even'' analysis which indicates the tradeoffs between program cost and 
program benefits (in the form of impact on baseline risk of a 
significant aviation-related terror attack) that would be required for 
Secure Flight to be a cost beneficial undertaking.

Costs

    As required, alternatives to the primary rule requirements were 
analyzed. The following table provides the ten-year primary, high, and 
low estimates each at undiscounted, 7%, and 3% discount rates.

                                    Total Costs by Scenario and Discount Rate
----------------------------------------------------------------------------------------------------------------
                        Total by scenario                          Undiscounted     7% Discount     3% Discount
----------------------------------------------------------------------------------------------------------------
Primary Scenario................................................        $3,129.9        $2,179.3        $2,659.7
High Scenario...................................................         3,907.8         2,725.8         3,323.0
Low Scenario....................................................         2,456.0         1,703.4         2,083.4
----------------------------------------------------------------------------------------------------------------

    All costs in the following summary are discounted present value 
costs using a 7% discount rate over 10 years unless noted as an annual 
cost. Both in this summary and the economic evaluation, descriptive 
language conveys the consequences of the regulation. Although the 
regulatory evaluation attempts to mirror the terms and wording of the 
regulation, no attempt is made to precisely replicate the regulatory 
language and readers are cautioned that the actual regulatory text, not 
the text of the evaluation, is binding.
    Given the global nature of commercial aviation and the prevalence 
of airline partnerships, TSA was unable to divide the incidence of the 
estimated costs between the domestic and foreign economies. Thus, the 
table below presents the aggregate costs attributable to the proposed 
Secure Flight rule. TSA has divided its discussion within each of the 
cost sections in the regulatory evaluation between domestic and 
international operations, reflecting the scope and phasing of the 
proposed rule. However, this distinction between costs accruing to 
domestic and international operations should not be confused with costs 
to the domestic and foreign economies.
    TSA estimated the cost impacts of this rulemaking would total from 
$1.703 billion to $2.726 billion over 10 years, discounted at 7%. Air 
carriers would incur total costs of $145.2 to $476.7 million, and 
travel agents would incur costs of $86.5 to $257.4 million. TSA 
projected Federal Government costs would be from $1.114 to $1.326 
billion. The total cost of outlays would be from $1.346 billion to 
$2.060 billion. Additionally, the cost to individuals (value of time) 
would be between $357.9 and $666.2 million. The following paragraphs 
discuss these costs.
    Air carriers would incur costs to comply with requirements of this 
rulemaking. Over the 10-year period from 2008 to 2017, TSA estimated 
air

[[Page 48379]]

carriers would incur average annual discounted costs of $15.6 to $52.5 
million to reprogram their computer systems to accept the additional 
data fields required by the rule and achieve two-way connectivity with 
TSA. Although TSA would require covered aircraft operators to collect 
and transmit SFPD, TSA would not mandate how covered aircraft operators 
would store or extract passengers' SFPD. Covered aircraft operators may 
choose to extract SFPDs from their reservation system or develop a 
separate system. Based on interviews with covered airlines, TSA has 
assumed for the purposes of this analysis that airlines would choose to 
use their reservation systems to collect and transmit SFPD.
    Because the proposed rule would require additional information to 
be requested, additional time would be required for airline call 
centers to complete reservations. TSA estimated these costs would be 
between $5.1 and $15.3 million per year. Together, the air carriers' 
average annual costs would range from $20.7 to $67.8 million.
    The proposed rule would not directly regulate travel agents. 
However, aircraft operators would be required to ensure that travel 
agencies request the additional passenger information. Therefore, 
travel agents, like covered aircraft operators, would have to spend 
additional time to complete airline reservations. TSA estimated the 
average annual cost to travel agents would range from $12.3 to $36.7 
million.
    The Federal Government would incur several costs as a result of the 
rule. These costs would include network infrastructure to enable 
communication between TSA and covered aircraft operator data systems, 
hardware and software procurement, operations and maintenance, and 
general support for implementation. The government would further incur 
costs to complete adjudication of name similarities or watch list 
matches and also for redress activities. Finally, the government would 
incur costs to implement a system at checkpoints to verify the codes 
issued by the Secure Flight system and printed on boarding and gate 
passes. The Government's estimated average annual cost would be from 
$158.6 million to $188.7 million.
    The proposed rule would also impact individuals. Time is a valuable 
economic resource, like labor, capital, and other factors of 
production, which may be utilized for work or relaxation. The loss of 
time imposes an opportunity cost on individuals. TSA attempted to 
quantify opportunity costs to individuals based on the incremental 
additional time required to make a reservation. TSA estimated these 
average annual costs to individuals would range from $51.0 to $94.8 
million.
3. Regulatory Flexibility Act Assessment: Initial Regulatory 
Flexibility Analysis (IRFA)
    The Regulatory Flexibility Act of 1980 (RFA) establishes ``as a 
principle of regulatory issuance that agencies shall endeavor, 
consistent with the objective of the rule and of applicable statutes, 
to fit regulatory and informational requirements to the scale of the 
business, organizations, and governmental jurisdictions subject to 
regulation.'' To achieve that principle, the RFA requires agencies to 
solicit and consider flexible regulatory proposals and to explain the 
rationale for their actions. The Act covers a wide range of small 
entities, including small businesses, not-for-profit organizations, and 
small governmental jurisdictions. Agencies must perform a review to 
determine whether a proposed or final rule will have a significant 
economic impact on a substantial number of small entities. If the 
determination is that it will, the agency must prepare a regulatory 
flexibility analysis as described in the Act.
    However, if an agency determines that a proposed or final rule is 
not expected to have a significant economic impact on a substantial 
number of small entities, section 605(b) of the 1980 RFA provides that 
the head of the agency may so certify and a regulatory flexibility 
analysis is not required. The certification must include a statement 
providing the factual basis for this determination, and the reasoning 
should be clear. Although TSA does not believe the proposed rule will 
have a significant impact on a substantial number of small entities, 
the agency has prepared an Initial Regulatory Flexibility Analysis 
(IRFA) for public review and comment. TSA requests comments on this 
IRFA and the potential impacts of the proposed rule on small 
businesses.

Section 1: Reasons for and Objectives of the Proposed Rule

2.1.1 Reason for the Proposed Rule

    Section 4012(a) of the Intelligence Reform and Terrorism Prevention 
Act requires the Transportation Security Administration (TSA) to assume 
from aircraft operators the function of conducting pre-flight 
comparisons of airline passenger information to Federal Government 
watch lists.

2.1.2 Objective of the Proposed Rule

    This proposed rule would allow TSA to begin implementation of the 
Secure Flight program, under which TSA would receive passenger and non-
traveler information, conduct watch list matching, and transmit gate 
and boarding pass printing instructions back to aircraft operators 
indicating whether individuals should be cleared to enter the sterile 
area, marked as selectees, or prohibited from receiving a gate or 
boarding pass.

Section 2: Affected Small Business Population and Estimated Impact of 
Compliance

2.2.1 Aircraft Operator Small Business Population

    The proposed Secure Flight rule would affect all aircraft operators 
conducting flight operations under a full security program per 49 CFR 
1544.101(a). In general, these aircraft operators are the major 
passenger airlines that offer scheduled and public charter flights from 
commercial airports. Specifically, the covered carriers would be those 
performing scheduled service or public charter passenger operations 
either with an aircraft having a passenger seating configuration of 61 
or more seats or having 60 or fewer seats if the aircraft enplanes from 
or deplanes into a sterile area.
    Of the 66 aircraft operators that are covered by the proposed rule, 
TSA estimated that 24 of these can be identified as small business 
entities. This is based on the Small Business Administration (SBA) 
Office of Size Standards' size standard of ``fewer than 1,500 
employees'' for small businesses within NAICS Code 481111, Scheduled 
Passenger Air Transportation, and those within NAICS Code 481211, 
Nonscheduled Chartered Passenger Air Transportation.\23\ For this 
analysis, air carrier employee counts were developed from publicly 
available information and from carrier filings with the U.S. Department 
of Transportation's Bureau of Transportation Statistics (BTS) and 
Federal Aviation Administration.
---------------------------------------------------------------------------

    \23\ Small Business Administration. Table: ``Small Business Size 
Standards Matched to North American Industry Classification 
System.'' Available at http://www.sba.gov/size/sizetable2002.html. 
Accessed May 4, 2006.
---------------------------------------------------------------------------

    In the Secure Flight regulatory evaluation, TSA divided covered 
carriers into four ``cost groups'' based on the nature of their 
reservations systems and BTS size classification (i.e., major, 
national, large regional, etc.).\24\ These groupings correspond to the 
estimated costliness of reprogramming airline

[[Page 48380]]

reservation systems to comply with the proposed Secure Flight 
requirements. Implementation Group 1 represents all legacy marketing 
carriers and their affiliates utilizing an older GDS or host airline 
reservation system (ARS). Legacy airlines, those flying prior to the 
Airline Deregulation Act of 1978, are all major airlines and have the 
oldest computer systems. Accordingly, TSA assumed this group would 
incur the highest compliance costs. Implementation Group 2 includes 
marketing carriers utilizing a newer GDS or host ARS, as well as 
national carriers subscribing to an older GDS. Implementation Group 3 
represents carriers with independently maintained reservation systems 
TSA determined were capable of receiving a direct connection to Secure 
Flight, as well as regional, commuter, and small airlines subscribing 
to an older GDS or host ARS. Airlines with very simple or no 
computerized reservation systems form Group 4. Rather than requiring 
Group 4 carriers to establish complex systems capable of connecting 
directly with Secure Flight, TSA would allow them to transmit passenger 
information through a secure Internet portal.
---------------------------------------------------------------------------

    \24\ For more information, please see Section 1.4.1.
---------------------------------------------------------------------------

    In Groups 1 and 2, smaller airlines often use the reservation 
systems of larger airlines. For example, a passenger may book a 
reservation with a large, marketing airline, but the flight may be 
operated by a smaller airline owned by or contracting with the 
marketing airline (an affiliate). In such cases, TSA assumed in its 
regulatory evaluation that the marketing airline would bear the cost of 
changes to the reservation system and designated those carriers as 
``points of implementation.'' Section 1.4.1 of the regulatory 
evaluation describes this distinction in greater detail.
    In the discussion below, TSA relaxes this assumption and treats 
affiliate carriers as if they are marketing carriers. Since no Group 1 
affiliate carriers are major airlines, they were re-categorized as 
Group 3 carriers (regional, commuter, or small carriers using an older 
GDS). Specifically, these are Carriers 3, 4, 8, and 9 in the 
tables.\25\ Although this method ensures a potential cost is estimated 
for all small business carriers, TSA notes that it likely overstates 
the actual cost that would be incurred. Thus, for this small business 
analysis, TSA considers 10 carriers under Implementation Groups 2 and 
3. The remaining 14 carriers belong to Group 4.
---------------------------------------------------------------------------

    \25\ Since in some cases the reported revenue data is 
proprietary, TSA substituted an ID number in place of company names.
---------------------------------------------------------------------------

    Table 2.2.1.a reports annual 2005 employment and operating revenues 
or sales \26\ TSA gathered for these 24 airlines (in one case the 
financial data is from 2002). These small air carriers are active in 
different areas of the passenger air transportation marketplace. Some 
provide scheduled passenger service in small niche markets, often as 
part of the larger route system of an established hub and spoke 
carrier; others provide charter transportation services to tour groups 
or organizations such as professional sports teams. Some of those that 
provide scheduled passenger services use reservation systems hosted by 
one of the existing ARS providers, while others handle phone 
reservations or receive reservations from travel agents. All of these 
small airlines would be subject to the proposed rule, however, due to 
the size of aircraft they use and/or because of the airport 
environments in which they operate. Thus, these airlines would collect 
more information from passengers, but TSA would take over their current 
requirement to compare passenger manifests to the watch lists.
---------------------------------------------------------------------------

    \26\ In cases for which annual revenues were not available, 
carrier filings of total annual sales were used as a proxy for 
revenue.

---------------------------------------------------------------------------

[[Page 48381]]

[GRAPHIC] [TIFF OMITTED] TP23AU07.000

2.2.2 Estimated Impact to Aircraft Operator Small Businesses

    TSA determined that the proposed rule would not cause a significant 
economic impact for a substantial number of these small business 
entities based on several considerations. First, under the current 
procedures, these small airlines must devote effort to matching 
passenger identification information to TSA watch lists but are not 
able to establish staff and back office activities that are dedicated 
to these security functions due to the small scale of their operations. 
Instead, the existing security responsibilities are fulfilled by 
airline personnel who may have other unrelated duties. These scale 
considerations suggest that the benefits of changing the current 
responsibilities by implementing the proposed rule may be weighted 
toward these smaller airlines, when considered on a per enplanement 
basis.
    In addition, given the variety of business activities pursued by 
the small carriers under consideration--scheduled passenger operations 
or charter operations, operations that collaborate with a larger hub 
and spoke carrier or that are independent of larger carriers, and 
operations that do or do not make use of an existing ARS host for 
processing reservations--it is difficult to estimate the costs that 
would be incurred by these small carriers should the proposed rule be 
implemented. In order to evaluate the possible economic impact of the 
proposed rule on small aircraft operators, TSA utilized two calculation 
methods: One for carriers in Groups 2 and 3, and a second for carriers 
in Group 4.
    Since reprogramming and data collection costs have already been 
presented in the aggregate for Groups 2 and 3 in Sections 1.6.2 and 
1.6.3 of the regulatory evaluation, TSA used the same techniques to 
calculate the potential impact to small business carriers in these two 
groups. Table 2.2.2.a below shows the outcome of these calculations.
    TSA first assigned an estimated initial reprogramming cost to each 
small business carrier based on whether it belonged to Group 2 or 3 
(column B). The initial reprogramming cost was used since this is the 
highest expenditure in any one year. Each carrier would also experience 
an increase in the time required to collect passenger data during 
reservations, as discussed in Section 1.6.3. To arrive at the maximum 
annual collection cost (column D), TSA annualized the total High 
Scenario Airline Collection Costs from Table 1.6.3.a. These airline 
collection costs are a function of reservations and TSA assumed an 
airline's share of reservations is proportional to its share of 
enplanements. Thus, TSA multiplied the total annual collection cost by 
each

[[Page 48382]]

carrier's share of enplanements (column C) to arrive at its proportion 
of the annual collection cost (column E). Adding the collection cost to 
the initial reprogramming cost yielded a per-carrier estimated cost of 
compliance (column F). TSA divided these estimated compliance costs by 
each carrier's reported revenue to determine the percent of revenue 
that would be expended on Secure Flight (column G).
    Although there is no hard and fast definition for ``significant 
economic impact,'' agencies frequently use 2% of an entity's revenue as 
a threshold. As can be seen in the table, in one case the estimated 
compliance cost exceeds 2% of the carriers' reported 2005 revenues and 
in one case it exceeds 8%. After reviewing the relevant information, 
however, TSA determined the threshold may not be applicable in this 
particular case. This is because the percentage is extremely sensitive 
to the estimated reprogramming cost (column B). TSA's estimated 
reprogramming costs for these carriers are based on assumptions about 
limited data and may overstate the costs to smaller carriers. This 
consideration is especially true of carrier 10. This carrier maintained 
its own reservation system until August 2005, when it began subscribing 
to a GDS. Consequently, its reprogramming costs may be significantly 
lower than projected here. Further, these carriers would have the 
option to use the Secure Flight web interface rather than reprogram 
their reservation systems if they determine reprogramming would be too 
costly.
    Based on these considerations, TSA determined the estimated 
compliance cost likely does not meet the requirements of a significant 
economic impact under the RFA; however, the agency invites comments on 
this analysis.

                                         Table 2.2.2.a.--Estimated Small Business Impact, Carrier Groups 2 and 3
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                             Estimated    Share of total    Annualized       Share of        Estimated      Compliance
                                            2005 annual       carrier         covered         airline         airline          total          cost as
   Small business carrier ID        operating       reprogram      carrier Enp     collection      collection      compliance      percent of
                                          revenues (000)    costs (000)      (percent)     costs* (000)    costs* (000)     cost* (000)      revenues*
                                                     (A)             (B)             (C)             (D)       (E) = C*D       (F) = B+E       (G) = F/A
--------------------------------------------------------------------------------------------------------------------------------------------------------
1.......................................        $204,000            $850            0.20         $11,690             $23            $873            0.43
2.......................................          80,300             425            0.18          11,690              21             446            0.56
3.......................................          78,100             425            0.13          11,690              15             440            0.56
4.......................................          60,000             425            0.07          11,690               8             433            0.72
5.......................................          45,100             425            0.10          11,690              12             437            0.97
6.......................................          42,800             425            0.09          11,690              11             436            1.02
7.......................................          18,600             425            0.01          11,690               1             426            2.29
8.......................................          39,600             425            0.06          11,690               7             432            1.09
9.......................................          24,000             425            0.02          11,690               2             427            1.78
10......................................           5,000             425            0.01          11,690               1             426            8.52
--------------------------------------------------------------------------------------------------------------------------------------------------------
* Reflect totals from the high case scenario presented in the regulatory evaluation.

    As discussed in Section 1.6.2 of the regulatory evaluation, TSA 
assumed Group 4 carriers would not have any reprogramming costs 
associated with implementation of Secure Flight but that 13 of the 16 
Group 4 carriers would spend $100,000 in the first year of the program 
on staff retraining and customer outreach. TSA did not have sufficient 
information, however, to reliably estimate costs incurred by these 
carriers due to changes in their reservation process. For the purpose 
of discussion, TSA here calculates a unit compliance cost per 
enplanement in order to illustrate the average impact of the proposed 
rule. The results of this calculation are shown in Table 2.2.2.b.
    TSA chose to use a broad assumption in developing its unit cost and 
therefore included the annual costs related to the entire reservations 
process for air transportation providers. As reported in Tables 1.6.3.a 
and 1.6.4.a, costs associated with the reservations process include 
airline and travel agency costs to make available privacy notices and 
request additional passenger information. In TSA's high scenario, these 
two categories total to approximately $34.2 million in fiscal year 
2008. This value can be normalized to a per enplanement basis using the 
reservations forecast reported in Table 1.4.1.a, which totals 672.1 
million in 2008. This normalized cost per enplanement equals $34.2/
672.1, or about $0.05 per enplanement (column B).
    Multiplying this normalized value by each carrier's 2005 annual 
enplanements total (column B) and adding in the implementation 
expenditure where applicable (column A), TSA estimated the cost to each 
of the small business entities identified (column D). As column F of 
Table 2.2.2.b indicates, this estimate for costs never exceeds 2% of 
2005 annual revenues for these small carriers. Note further that the 
annual enplanements value is unadjusted for round trip itineraries or 
for reservations that may have been generated as part of a marketing 
carrier's reservations process. Thus, the estimated values in Table 
2.2.2.b are very likely to be overstatements of the impact of the 
proposed rule on these small carriers.
    Finally, as noted previously, DHS will make available a Secure 
Flight Internet portal for the transmittal of passenger and other 
itinerary data from Group 4 small airlines to TSA. The availability of 
this interface would simplify the transition to the environment that 
will prevail once the proposed rule is implemented, while providing 
greater assurance regarding the provision of the relevant security data 
to TSA for comparison to the watch lists.

[[Page 48383]]



                                           Table 2.2.2.b.--Illustrative Small Business Impact, Carrier Group 4
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                           Maximum unit                                     Compliance
                                                          Assumed start-      FY 2005       compliance      Compliance      2005 annual       cost as
           Small business carrier ID                up outlay     enplanements      cost per          cost          operating      percent of
                                                                                            enplanement                      revenues      2005 revenues
                                                                     (A)             (B)             (C)     (D) = A+B*C             (E)       (F) = D/E
--------------------------------------------------------------------------------------------------------------------------------------------------------
11......................................................        $100,000         208,120           $0.05        $110,400     $74,300,000            0.15
12......................................................         100,000         344,741            0.05         117,200      76,392,000            0.15
13......................................................         100,000         506,292            0.05         125,300     137,900,000            0.09
14......................................................         100,000          91,571            0.05         104,600      68,600,000            0.15
15......................................................         100,000         836,409            0.05         141,800     132,500,000            0.11
16......................................................         100,000         329,418            0.05         116,500      33,400,000            0.35
17......................................................         100,000          82,529            0.05         104,100     105,265,872            0.10
18......................................................         100,000          18,707            0.05         100,900       6,330,280            1.59
19......................................................         100,000         329,083            0.05         116,500      35,649,201            0.33
20......................................................         100,000          35,788            0.05         101,800      12,000,000            0.85
21......................................................         100,000          22,511            0.05         101,100      14,229,510            0.71
22......................................................               0              0*            0.05               0         930,000           (\1\)
23......................................................               0          38,471            0.05           1,900               0           (\1\)
24......................................................               0          17,521            0.05             900               0           (\1\)
--------------------------------------------------------------------------------------------------------------------------------------------------------
* Carrier had not yet begun reporting enplanements to BTS.
(\1\) Data not available.

    The estimates provided in Table 2.2.2.b show how Group 4 small 
businesses would be impacted by Secure Flight were their operations 
comparable to those of airlines in Groups 1 through 3. As has been 
noted above, however, this is not the case. Consequently, the costs 
Group 4 airlines would actually incur to comply with Secure Flight may 
diverge significantly from the estimates presented. Nevertheless, the 
table illustrates that these costs would have to increase dramatically 
before they would constitute a significant economic impact.
    In the interest of arriving at more accurate estimates, TSA has 
outlined the assumptions underlying its calculations in Appendix A. TSA 
invites comments from the public and industry. TSA particularly 
welcomes comments that include or identify sources of data that will 
assist TSA in improving its assumptions.

2.2.3 Travel Agency Small Business Population

    The Small Business Administration (SBA) classifies any travel 
agency as a small business if it has revenues of less than $3.5 million 
annually.\27\ The SBA data provided in Table 2.2.3.a indicate that in 
2003 more than 98% of travel agencies had annual revenues less than $5 
million. Although the division of the SBA revenue categories do not 
allow for a precise count of the number of small business, the average 
revenue per firm of $1.9 million for the $1 million to $5 million 
category indicates that many of the firms in this category have 
revenues below the $3.5 million threshold. Consequently, the discussion 
of small businesses in the travel agency industry will be a discussion 
about the vast number of firms.
---------------------------------------------------------------------------

    \27\ Small Business Administration. Table: ``Small Business Size 
Standards matched to North American Industry Classification 
System.'' Available at http://www.sba.gov/size/sizetable2002.html. 
Accessed May 4, 2006.
    Note: The SBA size standard for travel agencies is based on 
``total revenues, excluding funds received in trust for an 
unaffiliated third party, such as bookings or sales subject to 
commissions. The commissions received are included as revenue.''
    \28\ Small Business Administration. Table: ``All Industries by 
NAICS codes, 2003.'' See TXT file ``2003'' available at http://www.sba.gov/advo/research/data.html. Accessed May 6, 2006.

                                                      Table 2.2.3.a.--Distribution of Travel Agencies (NAICS 561510) by Revenue, 2003 \28\
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                                                                                                       Total           Total
                                                                          Total        $0-$99,999    $100,000-$499,999  $500,000-$999,999  $1,000,000-$4,999,999    <$5,000,000     >$5,000,000
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Number of Firms....................................................          14,838           6,125             6,627              1,098                  714             14,564             274
Percent of Total...................................................          100.00           41.28             44.66               7.40                 4.81              98.15            1.85
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Tables 2.2.3.b through 2.2.3.d below reflect the recent story of 
the travel agent industry. The first two tables are based on 2002 data 
provided by the Airlines Reporting Corporation (ARC) to the National 
Commission to Ensure Consumer Information and Choice in the Airline 
Industry (the Commission). These ARC data include the gross value of 
airline tickets, which travel agents remit to the airlines, in addition 
to their commission and fee revenue. To factor out this airline 
revenue, the Commission stated that ``the average leisure agency 
derives slightly more than 50% of its revenue from commissions and fees 
for sale of airline tickets.'' \29\
---------------------------------------------------------------------------

    \29\ ``Upheaval in Travel Distribution: Impact on Consumers and 
Travel Agents, Report to Congress and the President,'' National 
Commission to Ensure Consumer Information and Choice in the Airline 
Industry, November 13, 2002 (``Commission Report''), p 89.
---------------------------------------------------------------------------

    When the Commission prepared its report ``Upheaval in Travel 
Distribution: Impact on Consumers and Travel Agents, Report to Congress 
and the President'' (Commission Report), the SBA had just increased the 
small business revenue threshold from $1 million to $3 million for 
travel agents. Consequently, the Commission used $5 million in total 
revenue (approximately $2.5 million in commission and fee revenue) as a 
proxy threshold for small businesses when creating Tables 2.2.3.b and 
2.2.3.c below. Although these tables do not capture the full universe 
of travel

[[Page 48384]]

agency small businesses, they nevertheless illustrate general trends 
affecting these entities.
    As can be seen in Tables 2.2.3.b and 2.2.3.c, the number of travel 
agencies whose sales are less than $5 million per year declined 
steadily through 2001. Correspondingly, the share of industry sales by 
these smaller firms also fell. At the same time, however, the largest 
firms increased both their share of industry sales and the dollar value 
of their sales.
---------------------------------------------------------------------------

    \30\ Commission Report, p. 114.

     Table 2.2.3.b.--Number of Travel Agencies by Size Category \30\
------------------------------------------------------------------------
         Agency Size             1995       1997       1999       2001
------------------------------------------------------------------------
$2M or Less.................     19,851     19,226     17,855     15,253
$2M-$5M.....................      2,356      2,803      2,482      1,770
$5M-$50M....................      1,059     1,2177      1,236     1,1015
Greater than $50M...........         77        107        117        117
------------------------------------------------------------------------
    Total...................     23,343     23,413     21,690     18,425
------------------------------------------------------------------------


    Table 2.2.3.c.--Share of Travel Agent Sales by Size Category \31\
------------------------------------------------------------------------
         Agency Size             1995       1997       1999       2001
------------------------------------------------------------------------
$2M or Less.................      25.3%      20.6%      16.9%      14.2%
$2M-$5M.....................       13.5       12.8       10.7        8.4
$5M-$50M....................       24.8       24.5       22.5       20.1
Greater than $50M...........       36.4       42.1       49.9       57.2
------------------------------------------------------------------------

    Table 2.2.3.d shows aggregate monthly statistics released by the 
Airlines Reporting Corporation indicating that the travel agent 
industry continued to contract and consolidate through 2005. 
Corresponding revenue data, however, was not available.
---------------------------------------------------------------------------

    \31\ Ibid.

              Table 2.2.3.d.--Travel Agencies Accredited by the Airlines Reporting Corporation \32\
----------------------------------------------------------------------------------------------------------------
                                                     2001         2002         2003         2004         2005
----------------------------------------------------------------------------------------------------------------
Retail Locations...............................       27,633       24,679       22,244       20,729       19,871
    Home Offices...............................        1,651        1,368        1,203        1,118        1,041
    Independent/Single Entities................       15,057       13,206       11,670       10,578        9,874
    Branch.....................................        6,696        6,171        5,695        5,474        5,451
    Restricted Access..........................          862          950        1,039        1,120        1,205
    On-site branch.............................        3,367        2,984        2,637        2,439        2,300
Satellite Ticket Providers.....................        6,347        4,693        3,204        2,413        1,975
Corporate Travel Departments...................          108          150          172          182          197
                                                ----------------------------------------------------------------
    Total Locations............................       34,088       29,522       25,620       23,324       22,043
        Change over previous year..............          N/A       13.39%       13.22%        8.96%       -5.49%
                                                ----------------------------------------------------------------
    Total Entities *...........................       17,678       15,674       14,084       12,998       12,317
        Change over previous year..............          N/A       11.34%       10.14%        7.71%       -5.24%
----------------------------------------------------------------------------------------------------------------
* Sum of Home Offices, Independent/Single Entities, Restricted Access, and Corporate Travel Departments.

2.2.4 Estimated Impact to Travel Agency Small Businesses
---------------------------------------------------------------------------

    \32\ ``End of Year Reporting and Settlement Results,'' Airlines 
Reporting Corporation press release, December 2002, December 2003, 
December 2004, December 2005. Available at http://www.arccorp.com/regist/news_sales_doc_stats.jsp. Accessed May 12, 2006.
---------------------------------------------------------------------------

    While not directly regulated, small travel agencies will certainly 
be affected by the implementation of Secure Flight. TSA anticipated the 
most significant burden on these entities would result from the 
increased time to collect additional passenger information. Small 
travel agencies may also incur incremental costs due to retraining of 
staff and reaching out to clients in order to update customer profiles 
prior to their next trip.
    In Section 1.6.4 of the regulatory evaluation, TSA estimated a cost 
that would be borne by non-Internet (brick-and-mortar) travel agencies 
as a result of the proposed requirements. Detailed industry data did 
not exist, however, that would allow TSA to determine the portion of 
that cost that would be borne by small travel agencies. In lieu of such 
information, TSA chose to calculate a minimum number of airline 
reservations the smallest travel agency size category would have to 
process in order for the requirements of the proposed rule to result in 
a ``significant economic impact.'' This calculation corresponds to the 
high estimate scenario and depends on a number of assumptions:
    1. The average hourly wage of small business travel agents is 
$20.69 (including benefits).
    2. In TSA's highest cost scenario, an additional 30 seconds per 
airline reservation would be needed to collect additional passenger 
information.
    3. The additional time to collect passenger information would be 
incurred for every airline reservation booked through a travel agency.

[[Page 48385]]

    4. The average revenue of the smallest travel agency firms 
(revenues between $0 and $99,999) is $47,204.\33\
---------------------------------------------------------------------------

    \33\ Small Business Administration. Table: ``All Industries by 
NAICS codes, 2003.'' See TXT file ``2003'' available at http://www.sba.gov/advo/research/data.html. Accessed May 6, 2006. Estimated 
receipts divided by number of firms, revenue class 0-99,999.
---------------------------------------------------------------------------

    5. Two percent of a small travel agency's revenue constitutes a 
``significant economic impact.''
    Accepting these assumptions, 2% of the smallest firm revenue would 
constitute an impact of $942 ($47,204 x 0.02). Reversing the 
calculations used in Section 1.6.4, this total must be converted into 
the additional reservation time it represents. This is accomplished by 
dividing $942 by the travel agent hourly wage, which yields 45.5 hours 
($942 / $20.69/hour). This cumulative 45.5 hours can then be broken 
down into individual reservations by dividing by the total incremental 
time per reservation, which is 0.008 hours (30 incremental seconds / 
3600 seconds/hour). Thus, 45.5 hours represent approximately 5,690 
airline reservations (45.5 hours / 0.008 hours/reservation). Under the 
most burdensome scenario, then, on average the smallest travel agencies 
would need to book 5,690 airline reservations in a year in order to 
potentially incur a significant economic impact as a result of the 
proposed rule.
    Table 2.2.4.a presents this threshold number of reservations for 
the range of data collection times presented in the Secure Flight 
regulatory evaluation. Alternatively, the table also presents the 
number of airline reservations a travel agency would have to process to 
meet 2% of the SBA small business threshold for travel agents.
    TSA has included these estimates and identified their accompanying 
assumptions in order to enable small travel agencies to provide 
comments to TSA on whether the proposed Secure Flight requirements 
would constitute a significant economic impact. These estimates below 
should be considered as a range of ``worst case scenarios.'' For 
example, reservations made for clients for whom a travel agency already 
has the requested Secure Flight information saved in a profile would 
not incur the additional data collection time.

                Table 2.2.4.a.--Airline Reservations Threshold for Small Business Travel Agencies
----------------------------------------------------------------------------------------------------------------
 
----------------------------------------------------------------------------------------------------------------
                                           Revenue class $0-$99,999
                                         SBA Small business threshold
----------------------------------------------------------------------------------------------------------------
Firm Revenue (A)..................                 $47,120
                                                  $3,500,000
2% of Revenue (B).................                   $942
                                                   $70,000
Average Agent Hourly Wage (C).....                  $20.69
                                                    $20.69
Total Incremental Hours (D) = B/C.                   45.5
                                                   3,383.5
----------------------------------------------------------------------------------------------------------------
         Estimate Scenario              High       Primary        Low          High       Primary        Low
----------------------------------------------------------------------------------------------------------------
Additional Hours per Reservation          0.008        0.006        0.003        0.008        0.006        0.003
 (E)..............................    (30 sec.)    (20 sec.)    (10 sec.)    (30 sec.)    (20 sec.)    (10 sec.)
Reservations (F) = D/E............        5,690        7,580       15,170      422,900      563,900    1,127,800
----------------------------------------------------------------------------------------------------------------

Section 3: Significant Alternatives Considered

    The proposed rule provides small business carriers the flexibility 
of either reprogramming their reservation systems to interface directly 
with the Secure Flight system or to transmit passenger and non-traveler 
information to Secure Flight through a secure Internet interface. Thus, 
small business carriers identified in Groups 2 and 3 would have the 
option of joining Group 4 and using the Internet portal if they 
determined reprogramming their systems to communicate directly with 
Secure Flight would be too costly. Similarly, small business carriers 
TSA has identified in this analysis as scheduled to use the Secure 
Flight Internet portal would have the option to reprogram their systems 
to communicate directly with Secure Flight if they determined using the 
portal would be too burdensome on their business processes.
    While either method would impose some costs on small businesses, 
TSA determined that exempting these carriers from the requirements of 
the proposed rule would fail to meet the mandate within the IRTPA that 
TSA assume the watch list matching function. Taking this into 
consideration, TSA determined the options described above would 
effectively minimize the impact to small businesses. TSA welcomes 
comments on these options and analyses as well as suggestions that may 
further reduce the impact on covered small businesses while achieving 
the heightened security objective of the proposed rule.

Section 4: Identification of Duplicative or Overlapping Federal Rules

    TSA is aware that other Federal agencies, such as the Centers for 
Disease Control and Prevention (CDC) and Customs and Border Protection 
(CBP), collect data concerning aviation passengers and may conduct or 
will conduct watch list matching for these passengers. TSA is working 
with other agencies, including the CDC and CBP, to develop ways to 
eliminate unnecessary duplication of comparable screening efforts and 
thereby reduce governmental and private sector costs. Therefore, the 
proposed rule allows TSA to relieve covered aircraft operators of the 
requirement to transmit passenger information if TSA determines that 
the U.S. government is conducting watch list matching for a passenger 
on a particular flight that is comparable to the screening conducted 
pursuant to proposed part 1560. TSA will work with each covered 
aircraft operator to establish the specific procedures and times for 
these transmissions as it develops its Aircraft Operator Implementation 
Plan.

Section 5: Initial Determination of No Significant Impact

    Based on the considerations above, TSA believes that it is unlikely 
the proposed rule would have a significant economic impact on a 
substantial number of the small entities subject to this rulemaking. 
However, TSA withholds final determination until receiving public 
comment and completing a Final Regulatory Flexibility Analysis (FRFA). 
In conducting this analysis, TSA acknowledges that the ability of 
carriers to share the incidence of security costs with their customers 
has been limited. TSA solicits comment on its analysis.
    While not required by the RFA, TSA has also considered the 
potential impact to small business travel agencies, as these entities 
would likely be indirectly impacted by the proposed rule given

[[Page 48386]]

their role in the airline reservation process. TSA was unable to 
determine if the proposed rule would have a significant economic impact 
on a substantial number of these small business travel agencies. TSA 
welcomes comments from the industry and other interested parties that 
will assist the agency in improving its assumptions and estimates.
4. International Trade Impact Assessment
    The Trade Agreement Act of 1979 prohibits Federal agencies from 
engaging in any standards or related activities that create unnecessary 
obstacles to the foreign commerce of the United States. Legitimate 
domestic objectives, such as security, are not considered unnecessary 
obstacles. The statute also requires consideration of international 
standards and, where appropriate, that they be the basis for U.S. 
standards. In addition, consistent with the Administration's belief in 
the general benefits and desirability of free trade, it is the policy 
of TSA to remove or diminish, to the extent feasible, barriers to 
international trade, including both barriers affecting the export of 
American goods and services to foreign countries and barriers affecting 
the import of foreign goods and services into the U.S.
    In keeping with U.S. obligations under the Convention on 
International Civil Aviation, it is TSA's policy to comply with 
International Civil Aviation Organization (ICAO) Standards and 
Recommended Practices to the maximum extent practicable. TSA has 
determined that there are no ICAO Standards and Recommended Practices 
that correspond to the regulatory standards established by this notice 
of proposed rulemaking (NPRM). TSA has assessed the potential effect of 
this NPRM and has determined that it is unlikely it would create 
barriers to international trade.
    However, when TSA reviewed the impact of foreign carrier 
overflights, the conclusion is not clear. The right of airlines from 
one country to overfly another country in the course of traveling to 
the destination country is the first of the well known ``freedoms of 
the air.'' This technical freedom has been engrained in international 
aviation since the Chicago Convention of 1944. How countries might 
react to the new conditions being placed on the fulfillment of this 
freedom is uncertain. International trade in travel and international 
shipping may be negatively impacted should foreign countries choose to 
respond in a retaliatory manner. One response by foreign carriers might 
be to avoid overflying the U.S. entirely, thereby lengthening flight 
routes and the costs of operation to those carriers. These reroutings 
would change airline costs and thus contribute to fare increases, which 
would affect trade between the departure and arrival countries, even 
though it would not directly affect trade involving the U.S. If the 
foreign carrier response is to reroute, it is not clear that such a 
change would eliminate all risks, since aircraft skirting the 
boundaries of U.S. airspace could be redirected into U.S. airspace by 
hijackers or terrorists.
5. Unfunded Mandates Assessment
    The Unfunded Mandates Reform Act of 1995 (the Act), enacted as 
Public Law 104-4 on March 22, 1995, is intended, among other things, to 
curb the practice of imposing unfunded Federal mandates on State, 
local, and tribal governments. Title II of the Act requires each 
Federal agency to prepare a written statement assessing the effects of 
any Federal mandate in a proposed or final agency rule that may result 
in a $100 million or more expenditure (adjusted annually for inflation) 
in any one year by State, local, and tribal governments, in the 
aggregate, or by the private sector. This proposed rulemaking would not 
impose an unfunded mandate on State, local, or tribal governments, but 
it would impose an unfunded mandate on the private sector. The analysis 
required under Title II of the Act is satisfied with the full 
Regulatory Impact Assessment in the docket.

C. Executive Order 13132, Federalism

    TSA has analyzed this notice of proposed rulemaking under the 
principles and criteria of Executive Order 13132, Federalism. We 
determined that this action will not have a substantial direct effect 
on the States, or the relationship between the National Government and 
the States, or on the distribution of power and responsibilities among 
the various levels of government, and, therefore, does not have 
federalism implications.

D. Environmental Analysis

    TSA has reviewed this action for purposes of the National 
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has 
determined that this action will not have a significant effect on the 
human environment.

E. Energy Impact Analysis

    TSA has assessed the energy impact of the action in accordance with 
the Energy Policy and Conservation Act (EPCA), Public Law 94-163, as 
amended (42 U.S.C. 6362). We have determined that this rulemaking is 
not a major regulatory action under the provisions of the EPCA.

List of Subjects

49 CFR Part 1540

    Air carriers, Aircraft, Airports, Law enforcement officers, 
Reporting and recordkeeping requirements, Security measures.

49 CFR Part 1544

    Air carriers, Aircraft, Airmen, Airports, Arms and munitions, 
Aviation safety, Explosives, Freight forwarders, Law enforcement 
officers, Reporting and recordkeeping requirements, Security measures.

49 CFR Part 1560

    Air carriers, Aircraft, Reporting and recordkeeping requirements, 
Security measures.

The Proposed Amendments

    For the reasons set forth in the preamble, the Transportation 
Security Administration proposes to amend Chapter XII of Title 49, Code 
of Federal Regulations, as follows:

SUBCHAPTER C--CIVIL AVIATION SECURITY

PART 1540--CIVIL AVIATION SECURITY: GENERAL RULES

    1. The authority citation for part 1540 continues to read as 
follows:

    Authority: 49 U.S.C. 114, 5103, 40113, 44901-44907, 44913-44914, 
44916-44918, 44935-44936, 44942, 46105.

    2. Revise Sec.  1540.107 to read as follows:

Subpart B--Responsibilities of Passengers and Other Individuals and 
Persons

* * * * *


Sec.  1540.107  Submission to screening and inspection.

    (a) No individual may enter a sterile area or board an aircraft 
without submitting to the screening and inspection of his or her person 
and accessible property in accordance with the procedures being applied 
to control access to that area or aircraft under this subchapter.
    (b) An individual must provide his or her full name, as defined in 
Sec.  1560.3 of this chapter, when--
    (1) The individual makes a reservation for a covered flight, as 
defined in Sec.  1560.3 of this chapter, or
    (2) The individual makes a request for authorization to enter a 
sterile area.
    (c) An individual may not enter a sterile area or board an aircraft 
if the

[[Page 48387]]

individual does not present a verifying identity document as defined in 
Sec.  1560.3 of this chapter, when requested for purposes of watch list 
matching under Sec.  1560.105(c) of this chapter, unless otherwise 
authorized by TSA on a case-by-case basis.

PART 1544--AIRCRAFT OPERATOR SECURITY: AIR CARRIERS AND COMMERCIAL 
OPERATORS

    3. The authority citation for part 1544 continues to read as 
follows:

    Authority: 49 U.S.C. 114, 5103, 40113, 44901-44905, 44907, 
44913-44914, 44916-44918, 44932, 44935-44936, 44942, 46105.
    4. Amend Sec.  1544.103 by adding new paragraph (c)(22) to read as 
follows:


Sec.  1544.103  Form, content, and availability.

* * * * *
    (c) * * *
    (22) The Aircraft Operator Implementation Plan (AOIP) as required 
under 49 CFR 1560.109.
    5. Add a new part 1560, to read as follows:

PART 1560--SECURE FLIGHT PROGRAM

Subpart A--General

Sec.
1560.1 Scope, purpose, and implementation.
1560.3 Terms used in this part.
Subpart B--Collection and Transmission of Secure Flight Passenger Data 
for Watch List Matching
1560.101 Request for and transmission of information to TSA.
1560.103 Notice.
1560.105 Denial of transport or sterile area access; Designation for 
enhanced screening.
1560.107 Use of watch list matching results by covered aircraft 
operators.
1560.109 Aircraft Operator Implementation Plan.
1560.111 Covered airport operators.
Subpart C--Passenger Redress
1560.201 Applicability.
1560.203 Representation by counsel.
1560.205 Redress process.
1560.207 Oversight of process.

    Authority: 49 U.S.C. 114, 40113, 44901, 44902, 44903.

Subpart A--General


Sec.  1560.1  Scope, purpose, and implementation.

    (a) Scope. This part applies to the following:
    (1) Aircraft operators required to adopt a security program for a 
full program operation under 49 CFR 1544.101(a);
    (2) Foreign air carriers required to adopt a security program under 
49 CFR 1546.101(a) or (b); and
    (3) Airport operators that seek to authorize individuals to enter a 
sterile area for purposes approved by TSA.
    (b) Purpose. The purpose of this part is to enhance the security of 
air travel within the United States and support the Federal 
Government's counterterrorism efforts by assisting in the detection of 
individuals identified on Federal Government watch lists who seek to 
travel by air, and to facilitate the secure travel of the public. This 
part enables TSA to operate a watch list matching program known as 
Secure Flight, which involves the comparison of passenger and non-
traveler information with the identifying information of individuals on 
Federal Government watch lists.
    (c) Implementation. Each covered aircraft operator must begin 
requesting the information described in Sec.  1560.101(a)(1) and have 
the capability to transmit Secure Flight Passenger Data to TSA 60 days 
after the effective date of this rule. Each covered aircraft operator 
must begin transmitting information to TSA as required in Sec.  
1560.101(b) on the date specified in, and in accordance with, its 
Aircraft Operator Implementation Plan. TSA will inform each covered 
aircraft operator 60 days prior to the date on which TSA will assume 
the watch list matching function from that aircraft operator.


Sec.  1560.3  Terms used in this part.

    In addition to the terms in Sec. Sec.  1500.3 and 1540.5 of this 
chapter, the following terms apply to this part:
    Aircraft Operator Implementation Plan or AOIP means a written 
procedure describing how and when a covered aircraft operator or 
airport operator transmits passenger and flight information and non-
traveler information to TSA, as well as other related matters.
    Airport code means the official code, designated by the 
International Air Transport Association (IATA), for an airport.
    Consolidated User Guide means a document developed by the 
Department of Homeland Security (DHS) to provide guidance to aircraft 
operators that must transmit passenger information to one or more 
components of DHS on operational processing and transmission of 
passenger information to all required components in a unified manner.
    Covered aircraft operator means each aircraft operator required to 
carry out a full program under 49 CFR 1544.101(a) or a security program 
under 49 CFR 1546.101(a) or (b).
    Covered airport operator means each airport operator that seeks to 
authorize non-traveling individuals to enter a sterile area for a 
purpose permitted by TSA.
    Covered flight means any operation of an aircraft operator that is 
subject to or operates under a full program under 49 CFR 1544.101(a). 
Covered flight also means any operation of an aircraft that is subject 
to or operates under a security program under 49 CFR 1546.101(a) or (b) 
arriving in or departing from the United States, or overflying the 
continental United States. Covered flight does not include any flight 
for which TSA has determined that the Federal Government is conducting 
passenger matching comparable to the matching conducted pursuant to 
this part.
    Date of birth means the day, month, and year of an individual's 
birth.
    Department of Homeland Security Traveler Redress Inquiry Program or 
DHS TRIP means the voluntary program through which individuals may 
request redress if they believe they have been: (1) Denied or delayed 
boarding transportation due to DHS screening programs; (2) denied or 
delayed entry into or departure from the United States at a port of 
entry; or (3) identified for additional (secondary) screening at U.S. 
transportation facilities, including airports, and seaports.
    Full name means an individual's full name as it appears on a 
verifying identity document held by the individual.
    Inhibited status means the status of a passenger or non-traveling 
individual to whom TSA has instructed a covered aircraft operator or a 
covered airport operator not to issue a boarding pass or to provide 
access to the sterile area.
    Itinerary information means information reflecting a passenger's or 
non-traveling individual's itinerary specified in the covered aircraft 
operator's AOIP. For non-traveling individuals, itinerary information 
is the airport code for the sterile area to which the non-traveler 
seeks access. For passengers, itinerary information includes the 
following:
    (1) Departure airport code.
    (2) Aircraft operator.
    (3) Departure date.
    (4) Departure time.
    (5) Arrival date.
    (6) Scheduled arrival time.
    (7) Arrival airport code.
    (8) Flight number.
    (9) Operating carrier (if available).
    Known traveler number means a unique number assigned to individuals 
for whom the Federal Government has

[[Page 48388]]

conducted a security threat assessment and determined do not pose a 
security threat.
    Non-traveling individual or non-traveler means an individual to 
whom a covered aircraft operator or covered airport operator seeks to 
issue an authorization to enter the sterile area of an airport in order 
to escort a minor or a passenger with disabilities or for some other 
purpose permitted by TSA. The term non-traveling individual or non-
traveler does not include employees or agents of airport or aircraft 
operators or other individuals whose access to a sterile area is 
governed by another TSA regulation or security directive.
    Overflying the continental United States means departing from an 
airport or location outside the United States and transiting the 
airspace of the continental United States en route to another airport 
or location outside the United States. Airspace of the continental 
United States includes the airspace over the continental United States 
and the airspace overlying the territorial waters between the 
continental U.S. coast and 12 nautical miles from the continental U.S. 
coast. Overflying the continental United States does not apply to:
    (1) Flights that transit the airspace of the continental United 
States between two airports or locations in the same country, where 
that country is Canada or Mexico; or
    (2) Any other category of flights that the Assistant Secretary of 
Homeland Security (Transportation Security Administration) designates 
in writing.
    Passenger means an individual who has, or seeks to obtain, a 
reservation for transport on a covered flight. The term passenger does 
not include:
    (1) A crew member traveling on duty; or
    (2) An individual with flight deck privileges under 49 CFR 1544.237 
traveling on the flight deck.
    Passenger Resolution Information or PRI means the information that 
a covered aircraft operator or covered airport operator transmits to 
TSA for an individual who TSA places in an inhibited status and from 
whom the covered aircraft operator or covered airport operator is 
required to request additional information and a Verifying Identity 
Document. Passenger Resolution Information includes, but is not limited 
to, the following:
    (1) Covered aircraft operator's agent identification number or 
agent sign.
    (2) Type of Verifying Identity Document presented by the passenger.
    (3) The identification number on the Verifying Identity Document.
    (4) Issue date of the Verifying Identity Document.
    (5) Name of the governmental authority that issued the Verifying 
Identity Document.
    (6) Physical attributes of the passenger such as height, eye color, 
or scars, if requested by TSA.
    Passport information means the following information from an 
individual's passport:
    (1) Passport number.
    (2) Country of issuance.
    (3) Expiration date.
    (4) Gender.
    (5) Full name.
    Redress Number means the number assigned by DHS to an individual 
processed through the redress procedures described in 49 CFR part 1560, 
subpart C.
    Secure Flight Passenger Data (SFPD). For purposes of this proposed 
rule, ``Secure Flight Passenger Data'' or ``SFPD'' is information 
regarding a passenger or non-traveling individual that a covered 
aircraft operator or covered airport operator transmits to TSA, to the 
extent available, pursuant to Sec.  1560.101. SFPD is the following 
information regarding a passenger or non-traveling individual:
    (1) Full name.
    (2) Date of birth.
    (3) Gender.
    (4) Redress number or known traveler number (once implemented).
    (5) Passport information.
    (6) Reservation control number.
    (7) Record sequence number.
    (8) Record type.
    (9) Passenger update indicator.
    (10) Traveler reference number.
    (11) Itinerary information.
    Self-service kiosk means a kiosk operated by a covered aircraft 
operator that is capable of accepting a passenger reservation or a 
request for authorization to enter a sterile area from a non-traveling 
individual.
    Sterile area means ``sterile area'' as defined in 49 CFR 1540.5.
    Terrorist Screening Center or TSC means the entity established by 
the Attorney General to carry out Homeland Security Presidential 
Directive 6 (HSPD-6), dated September 16, 2003, to consolidate the 
Federal Government's approach to terrorism screening and provide for 
the appropriate and lawful use of terrorist information in screening 
processes.
    Verifying Identity Document means an unexpired passport issued by a 
foreign government or an unexpired document issued by a government 
(Federal, State, or tribal) that includes the following information for 
the individual:
    (1) Full name.
    (2) Date of birth.
    (3) Photograph of the individual.
    Watch list refers to the No Fly and Selectee List components of the 
Terrorist Screening Database maintained by the Terrorist Screening 
Center. For certain flights, the ``watch list'' may include the larger 
set of watch lists maintained by the federal government as warranted by 
security considerations.

Subpart B--Collection and Transmission of Secure Flight Passenger 
Data for Watch List Matching


Sec.  1560.101  Request for and transmission of information to TSA.

    (a) Request for information. (1) Each covered aircraft operator 
must request the full name, gender, date of birth, and Redress Number 
for passengers on a covered flight and non-traveling individuals 
seeking access to an airport sterile area. The covered aircraft 
operator must include the information provided by the passenger in 
response to this request in the Secure Flight Passenger Data.
    (i) Except as provided in paragraph (a)(1)(ii) of this section, 
each covered aircraft operator must begin requesting the information 
described in paragraph (a)(1) of this section 60 days after the 
effective date of this rule.
    (ii) An aircraft operator that becomes a covered aircraft operator 
after the effective date must begin requesting the information on the 
date it becomes a covered aircraft operator.
    (2) Beginning on a date no later than 30 days after being notified 
in writing by TSA, each covered aircraft operator must additionally 
request the known traveler number for passengers on a covered flight 
and non-traveling individuals seeking access to an airport sterile 
area. The covered aircraft operator must include the known traveler 
number provided by the passenger in response to this request in the 
SFPD.
    (3) Each covered aircraft operator may not accept a reservation for 
any passenger on a covered flight who does not provide a full name. 
Each covered aircraft operator may not accept a request for 
authorization to enter a sterile area from a non-traveling individual 
who does not provide a full name.
    (4) Each covered aircraft operator must ensure that each third 
party that accepts a reservation, or accepts a request for 
authorization to enter a sterile area, on the covered aircraft 
operator's behalf complies with the requirements of this section.
    (b) Transmission of Secure Flight Passenger Data to TSA. Beginning 
on

[[Page 48389]]

the date provided in a covered aircraft operator's AOIP, the covered 
aircraft operator must electronically transmit Secure Flight Passenger 
Data (SFPD) to TSA, prior to the scheduled departure of each covered 
flight, in accordance with the AOIP.
    (1) To the extent available, each covered aircraft operator must 
electronically transmit SFPD to TSA for each passenger on a covered 
flight.
    (2) Each covered aircraft operator must transmit SFPD to TSA prior 
to the scheduled flight departure time, in accordance with the covered 
aircraft operator's AOIP.
    (c) Transmission of non-traveler information to TSA. Beginning on 
the date provided in a covered aircraft operator's AOIP, the covered 
aircraft operator must electronically transmit SFPD to TSA for each 
non-traveling individual, prior to authorizing access to an airport 
sterile area.
    (d) Retransmission of information. Each covered aircraft operator 
must retransmit to TSA updates to the information listed in paragraphs 
(b) and (c) of this section to reflect most recent changes to that 
information, as specified in the covered aircraft operator's AOIP.


Sec.  1560.103  Notice.

    (a) Electronic collection of information. (1) Current electronic 
collection of information. Prior to collecting information through a 
Web site or self-service kiosk from a passenger or non-traveling 
individual to comply with Sec.  1560.101(a), a covered aircraft 
operator must make available the complete privacy notice set forth in 
paragraph (b) of this section.
    (2) Other electronic collection of information. If a covered 
aircraft operator collects information directly from a passenger or 
non-traveling individual to comply with Sec.  1560.101(a) through an 
electronic means not described in paragraph (a)(1) of this section, the 
covered aircraft operator must make available the complete privacy 
notice set forth in paragraph (b) of this section.
    (b) Privacy notice. The covered aircraft operator may substitute 
its name for the word ``us,'' but the complete privacy notice otherwise 
must be identical to the following paragraph unless TSA has approved 
alternative language:

    The Transportation Security Administration requires us to 
collect information from you for purposes of watch list screening, 
under the authority of 49 U.S.C. section 114, and the Intelligence 
Reform and Terrorism Prevention Act of 2004. Providing this 
information is voluntary; however, if it is not provided, you may be 
subject to additional screening or denied transport or authorization 
to enter a sterile area. TSA may share information you provide with 
law enforcement or intelligence agencies or others under its 
published system of records notice. For more on TSA Privacy policies 
or to view the system of records notice and the privacy impact 
assessment, please see TSA's Web site at www.tsa.gov.


Sec.  1560.105  Denial of transport or sterile area access; designation 
for enhanced screening.

    (a) Applicability. (1) This section applies to a covered aircraft 
operator beginning on the date that TSA assumes the watch list matching 
function for the passengers and non-traveling individuals to whom that 
covered aircraft operator issues a boarding pass or other authorization 
to enter a sterile area. TSA will provide prior written notification to 
the covered aircraft operator no later than 60 days before the date on 
which it will assume the watch list matching function from that covered 
aircraft operator.
    (2) Prior to the date that TSA assumes the watch list matching 
function from a covered aircraft operator, the covered aircraft 
operator must comply with existing watch list matching procedures for 
passengers and non-traveling individuals, including denial of transport 
or sterile area access or designation for enhanced screening for 
individuals identified by the covered aircraft operator or TSA.
    (b) Watch list matching results. A covered aircraft operator must 
not issue a boarding pass or other authorization to enter a sterile 
area to a passenger or a non-traveling individual and must not allow 
that individual to board an aircraft or enter a sterile area, until TSA 
informs the covered aircraft operator of the results of watch list 
matching for that passenger or non-traveling individual, in response to 
the covered aircraft operator's most recent SFPD submission for that 
passenger or non-traveling individual.
    (1) Denial of boarding pass. If TSA sends a covered aircraft 
operator an instruction that the passenger or non-traveling individual 
must be placed on inhibited status, the covered aircraft operator must 
not issue a boarding pass or other authorization to enter a sterile 
area to that individual and must not allow that individual to board an 
aircraft or enter a sterile area.
    (2) Selection for enhanced screening. If TSA sends a covered 
aircraft operator an instruction that the passenger or non-traveling 
individual has been selected for enhanced screening at a security 
checkpoint, the covered aircraft operator may issue a boarding pass or 
other authorization to enter a sterile area to that individual and must 
identify the individual for enhanced screening, in accordance with 
procedures approved by TSA. The covered aircraft operator must place a 
separate code on the boarding pass that meets the requirements 
described in the Consolidated User Guide.
    (3) Cleared for boarding or entry into a sterile area. If TSA sends 
a covered aircraft operator an instruction that a passenger or non-
traveling individual is cleared, the covered aircraft operator may 
issue a boarding pass or other authorization to enter a sterile area to 
that individual, unless required under another TSA requirement to 
identify the passenger or non-traveling individual for enhanced 
screening. The covered aircraft operator must place a separate code on 
the boarding pass that meets the requirements described in the 
Consolidated User Guide.
    (4) Override by a covered aircraft operator. No covered aircraft 
operator may override a TSA instruction to place a passenger or non-
traveling individual in an inhibited status or to identify a passenger 
or non-traveling individual for enhanced screening, unless explicitly 
authorized by TSA to do so.
    (5) Updated SFPD from covered aircraft operator. When a covered 
aircraft operator sends an updated SFPD to TSA under Sec.  1560.101(d) 
for a passenger or non-traveling individual for whom TSA has already 
issued an instruction, all previous TSA instructions concerning the 
passenger or non-traveling individual are voided. The covered aircraft 
operator may not issue a boarding pass or grant authorization to enter 
a sterile area until it receives an updated instruction from TSA 
authorizing the issuance of a boarding pass or authorization to enter a 
sterile area. Upon receiving an updated instruction from TSA, the 
covered aircraft operator must acknowledge receipt of the updated 
instruction, comply with the updated instruction, and disregard all 
previous instructions.
    (6) Updated instruction from TSA. After TSA sends a covered 
aircraft operator an instruction under paragraph (b)(1), (b)(2), or 
(b)(3) of this section, TSA may receive additional information 
concerning the passenger and may send an updated instruction concerning 
that passenger to the covered aircraft operator. Upon receiving an 
updated instruction from TSA, the covered aircraft operator must 
acknowledge receipt of the updated instruction, comply with the updated 
instruction, and disregard all previous instructions.
    (c) Request for identification. (1) In general. If TSA has not 
informed the

[[Page 48390]]

covered aircraft operator of the results of watch list matching for an 
individual by the time the individual attempts to check in, or informs 
the covered aircraft operator that an individual has been placed in 
inhibited status, the aircraft operator must request from the 
individual a verifying identity document.
    (2) Transmission of Updated Secure Flight Passenger Data. Upon 
reviewing a passenger's verifying identity document, the covered 
aircraft operator must transmit the SFPD elements from the individual's 
verifying identity document to TSA.
    (3) Provision of Passenger Resolution Information. If requested by 
TSA, the covered aircraft operator must also provide to TSA the 
individual's Passenger Resolution Information as specified by TSA.
    (4) Exception for minors. If a covered aircraft operator is 
required to obtain information from an individual's verifying identity 
document under this paragraph (c), and the individual is younger than 
18 years of age and does not have a verifying identity document, TSA 
may, on a case-by-case basis, authorize the minor or an adult 
accompanying the minor to state the individual's full name and date of 
birth in lieu of providing a verifying identity document.
    (d) Failure to obtain identification. If a passenger or non-
traveling individual does not present a verifying identity document 
when requested by the covered aircraft operator, in order to comply 
with paragraph (c) of this section, the covered aircraft operator must 
not issue a boarding pass or give authorization to enter a sterile area 
to that individual and must not allow that individual to board an 
aircraft or enter a sterile area, unless otherwise authorized by TSA.


Sec.  1560.107  Use of watch list matching results by covered aircraft 
operators.

    A covered aircraft operator must not use any watch list matching 
results provided by TSA for purposes other than those provided in Sec.  
1560.105 and security purposes.


Sec.  1560.109  Aircraft Operator Implementation Plan.

    (a) Content of the Aircraft Operator Implementation Plan (AOIP). 
Each covered aircraft operator must adopt and carry out an AOIP that 
sets forth the specific means by which the covered aircraft operator 
will request and transmit information under Sec.  1560.101, the timing 
and frequency of transmission, and any other related matters, in 
accordance with the Consolidated User Guide.
    (b) Submission of Aircraft Operator Implementation Plan (AOIP). 
Each covered aircraft operator must submit a proposed AOIP to TSA for 
approval.
    (1) Aircraft operators that are covered aircraft operators on the 
effective date of this rule must submit their proposed AOIP no later 
than 30 days after the effective date. Review, modification, and 
approval of proposed AOIPs will be conducted under paragraphs (b) and 
(c) of this section.
    (2) An aircraft operator that becomes a covered aircraft operator 
after the effective date must submit a proposed AOIP as part of its 
proposed security program under 49 CFR 1544.105(a) or 49 CFR 
1546.105(a). Review, modification, and approval of the proposed AOIP 
will be conducted under the procedures set forth in 49 CFR 1544.105 or 
1546.105, as appropriate, rather than paragraphs (b) and (c) of this 
section.
    (c) Approval and implementation of Aircraft Operator Implementation 
Plan (AOIP). If TSA approves a covered aircraft operator's proposed 
AOIP, the covered aircraft operator must implement the plan according 
to the schedule set forth in the AOIP and approved by TSA.
    (d) Disapproval and modification of Aircraft Operator 
Implementation Plan (AOIP). (1) If TSA disapproves and orders 
modifications to a proposed AOIP submitted under paragraph (a)(1) of 
this section, TSA will provide written notice to the covered aircraft 
operator. The covered aircraft operator must either:
    (i) Make any changes to the AOIP that TSA requests in the notice 
and implement the plan according to the schedule approved by TSA and 
set forth in the AOIP; or
    (ii) Petition TSA to reconsider the modification(s) in the notice 
within 30 days of receiving the notice. A petition for reconsideration 
with supporting documentation must be filed with the designated 
official.
    (2) The designated official, upon receipt of a petition for 
reconsideration and supporting documentation, may amend or withdraw the 
notice to modify, or transmit the petition, together with any pertinent 
information and supporting documentation, to the Administrator for 
reconsideration. The Administrator disposes of the petition within 30 
days of receipt by either directing the designated official to withdraw 
or amend the notice, or by affirming the notice to modify.
    (3) TSA may, at its discretion, grant extensions to any schedule 
deadlines, on its own initiative or upon the request of a covered 
aircraft operator.
    (e) Incorporation Into Security Program. Once an AOIP is approved, 
the AOIP becomes part of the covered aircraft operator's security 
program as described in 49 CFR part 1544, subpart B, or 49 CFR part 
1546, subpart B, as appropriate, and any amendments will be made in 
accordance with the procedures in those subparts.
    (f) Handling of Aircraft Operator Implementation Plan (AOIP). An 
AOIP contains sensitive security information (SSI) and must be handled 
and protected in accordance with 49 CFR part 1520.


Sec.  1560.111  Covered airport operators.

    (a) Applicability. This section applies to a covered airport 
operator that has a program approved by TSA through which the covered 
airport operator may authorize non-traveling individuals to enter a 
sterile area.
    (b) Requirements. No later than 30 days after receiving written 
notice from TSA, or such longer period as TSA may determine for good 
cause, a covered airport operator must adopt and carry out an AOIP in 
accordance with Sec.  1560.109. Each covered airport operator must 
comply with the procedures required of covered aircraft operators in 
Sec. Sec.  1560.101(a), (c), and (d), 1560.103, and 1560.107 of this 
part and any other applicable TSA requirements when authorizing non-
traveling individuals to enter a sterile area.

Subpart C--Passenger Redress


Sec.  1560.201  Applicability.

    This subpart applies to individuals who believe they have been 
improperly or unfairly delayed or prohibited from boarding an aircraft 
or entering a sterile area, as a result of the Secure Flight program.


Sec.  1560.203  Representation by counsel.

    A person may be represented by counsel at his or her own expense 
during the redress process.


Sec.  1560.205  Redress process.

    (a) If an individual believes he or she has been improperly or 
unfairly delayed or prohibited from boarding an aircraft or entering a 
sterile area as a result of the Secure Flight program, the individual 
may seek assistance through the redress process established under this 
section.
    (b) An individual may obtain the forms and information necessary to 
initiate the redress process on the DHS TRIP Web site at http://www.dhs.gov/trip or by contacting the DHS TRIP office by mail. Written 
requests may be

[[Page 48391]]

sent to the DHS TRIP office and must include the individual's name and 
current address. DHS will provide the necessary documents and 
information to individuals through its Web site or by mail.
    (c) The individual must send to the DHS TRIP office the personal 
information and copies of the specified identification documents. If 
TSA needs additional information in order to continue the redress 
process, TSA will so notify the individual in writing and request that 
additional information. The DHS TRIP office will assign the passenger a 
unique identifier, which TSA will recognize as the Redress Number, and 
the passenger may use that Redress Number in future correspondence with 
TSA and when making future travel reservations.
    (d) TSA, in coordination with the TSC and other appropriate Federal 
law enforcement or intelligence agencies, if necessary, will review all 
the documentation and information requested from the individual, 
correct any erroneous information, and provide the individual with a 
timely written response.


Sec.  1560.207  Oversight of process.

    The redress process and its implementation are subject to review by 
the Offices of the TSA and DHS Privacy Officers and the TSA and DHS 
Offices for Civil Rights and Civil Liberties.

    Issued in Arlington, Virginia, on August 8, 2007.
Kip Hawley,
Assistant Secretary.
[FR Doc. E7-15960 Filed 8-22-07; 8:45 am]
BILLING CODE 9110-05-P