Aviation Security: Registered Traveler Program Policy and	 
Implementation Issues (22-NOV-02, GAO-03-253).			 
                                                                 
The aviation industry and business traveler groups have proposed 
the registered traveler concept as a way to reduce long waits in 
airport security lines caused by heightened security screening	 
measures implemented after the September 11 terrorist attacks. In
addition, aviation security experts have advocated this concept  
as a way to better target security resources to those travelers  
who might pose greater security risks. The Aviation and 	 
Transportation Security Act of November 2001 allows the 	 
Transportation Security Administration (TSA) to consider	 
developing a registered traveler program as a way to address	 
these two issues. GAO completed this review to inform Congress	 
and TSA of policy and implementation issues related to the	 
concept of a registered traveler program.			 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-03-253 					        
    ACCNO:   A05573						        
  TITLE:     Aviation Security: Registered Traveler Program Policy and
Implementation Issues						 
     DATE:   11/22/2002 
  SUBJECT:   Airport security					 
	     Commercial aviation				 
	     Customer service					 
	     Law enforcement					 
	     Risk management					 
	     Safety standards					 
	     National preparedness				 
	     Transportation safety				 
	     Transportation workers				 
	     Travel						 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-03-253

                                       A

Report to the Honorable Kay Bailey Hutchison, U. S. Senate

November 2002 AVIATION SECURITY Registered Traveler Program Policy and
Implementation Issues

GAO- 03- 253

Lett er

November 22, 2002 The Honorable Kay Bailey Hutchison United States Senate
Dear Senator Hutchison: The terrorist attacks of September 11, 2001,
highlighted gaps in aviation security and have continued to affect the
ease with which Americans have traditionally traveled by air. Since the
attacks, Congress has taken

measures to enhance the security of our nation*s air transportation system
through passage of the Aviation and Transportation Security Act (the Act),
1 which federalized passenger screeners, mandated the use of explosives
detection equipment to screen all checked baggage, called for the
reenforcement of cockpit doors, and expanded the federal air marshal
program. More extensive screening of passengers and carry- on baggage at
airport security checkpoints has been one of the most immediate and
visible changes over the past year. The Act also allows for the
consideration of other approaches to improve security, such as

*establish[ ing] requirements to implement trusted passenger programs and
use available technologies to expedite security screening of passengers
who participate in such programs, thereby allowing security screening
personnel to focus on those passengers who should be subject to more
extensive screening.* Under such a program* which is referred to as a
*trusted,* *known,* or *registered* traveler program* those who

voluntarily apply to participate in the program and successfully pass
background checks would receive a unique identifier or card that enables
them to be screened more quickly and promotes greater focus on those
passengers who require more extensive screening at airport security
checkpoints. 2 Recently, discussion among Members of Congress and the
aviation industry, at congressional committee hearings and elsewhere, has

focused on a registered traveler program as one possible way to better
manage security risks by targeting resources more effectively while at the
same time reducing long waits at security checkpoints. 1 P. L. 107- 71.

2 Several different names have been applied to this concept; for this
report we refer to it as a registered traveler program.

You asked us to provide information on issues associated with developing
and implementing a registered traveler program. As agreed with your
office, this report includes information on (1) the potential purposes of
a

registered traveler program, (2) the key policy and implementation issues
that have been raised by interested parties concerning how a registered
traveler program might be designed and implemented, and (3) the basic
principles that the Transportation Security Administration (TSA) might
consider if it implements such a program. In obtaining this information,
we conducted an extensive review of existing literature on registered
traveler or similar programs, including key studies on issues associated
with implementing a registered traveler program. In addition, we
interviewed 22

key stakeholders, including officials from the federal government, airline
industry, aviation security consulting groups, vendors developing and
testing registered traveler applications, and organizations concerned with
issues of data privacy and civil liberties. The intent of these interviews
was

to obtain the opinions and perspectives of officials from organizations
that possess extensive awareness of the key issues related to such a
program. We did not, however, attempt to empirically validate the
information expressed by these officials. (See appendix I for information
on our scope and methodology and appendix II for a complete list of
interviewees.) We also visited and interviewed officials associated with
registered traveler*

type programs in two European countries. We will report later on ongoing
work related to issues such as the nature and scope of similar programs
already established in the United States and abroad and the potential
costs, benefits, and alternatives to implementing a registered traveler
program. We performed our work from July 2002 through October 2002 in
accordance with generally accepted government auditing standards.

Results in Brief A registered traveler program offers potential for
improving security and reducing inconvenience to participating travelers,
but it raises several important policy and implementation issues. Our
literature review, along

with supporters of the program whom we interviewed, identified two primary
purposes for such a program. First, it could improve security by better
targeting security resources at passengers about whom little is known or
who might present a greater security risk. In other words, the

program could serve as a useful risk- management tool by selecting the
appropriate level of security screening for a passenger according to a
prior assessment of personal background information and of that
individual*s potential threat to security. In contrast, two stakeholders
told us that they were worried about such a program*s creating new
security threats. Second, such a program might reduce the inconvenience
some travelers

have experienced as they go through airport security checkpoints, by
reducing uncertainties about the length of delay and the level of scrutiny
they would likely encounter. Proponents of the program believe that this
benefit would encourage travelers, particularly business travelers, to fly
more often and thus would help improve the economic health of the aviation
industry. It could also benefit related industries that are linked to air
travel, including aviation- related manufacturers, and tourism- related
businesses, such as hotels and travel agents. Our literature review and
discussions with stakeholders identified additional potential objectives
of a registered traveler program, such as expediting customer check- in at
the ticket counter, tracking miles for frequent fliers, and using
demographic data on these travelers for marketing by airlines and others
in the tourist industry. However, two representatives of civil liberties
groups told us that they opposed such expanded uses of this information as
an invasion of a

traveler*s privacy. Our review identified a number of key policy and
implementation issues that might have to be addressed before a registered
traveler program could be implemented. Stakeholders representing the
aviation industry told us,

for example, that many of the following policy questions should be left to
the federal government to resolve: (1) What criteria should be established
to determine eligibility to apply for the program? (2) What kinds of
background checks should be used to certify that applicants are eligible
to

enroll in the program, and who should perform these? (3) Which
securityscreening procedures should registered travelers undergo, and how
should these differ from those used for unregistered travelers? and (4) To
what extent do equity, privacy, and liability issues have to be resolved
prior to program implementation? Stakeholders offered a variety of options
and

opinions regarding these questions. For example, stakeholders indicated
that the federal government should determine whether eligibility to apply
for participation in a registered traveler program should be limited only
to those who have held U. S. citizenship for a specified number of years,
or whether citizens from other countries should be allowed to participate.
Similarly, stakeholders differed in their views about whether background
checks should be limited to credit checks and other publicly available
information, or should also include checking an applicant*s name against
national databases of criminal records. In addition to these policy

questions, several stakeholders we contacted raised a number of practical
questions to consider when designing and implementing a program, including
(1) What technology decisions have to be addressed in designing a
registered traveler program? (2) How many airports and how many passengers
should participate in a registered traveler program? and (3)

How much will the program cost, and who will be responsible for its
financing? For example, although most stakeholders we contacted agree that
proven biometric identification technology is available and is a necessary
component of a registered traveler program, they differ as to which
technology should be used.

Regardless of how these key policy and implementation issues are decided,
we identified* based on our discussions with stakeholders and our review
of pertinent literature and best practices for implementing new programs*
the following basic principles to help TSA if it implements a registered
traveler program:

 Incorporate *lessons learned* from similar programs, especially those
related to security procedures, technology, user acceptance, and costs.
For example, the United States and Canada have implemented a program that
accelerates the inspection of low- risk, pre- enrolled border crossers at
ports of entry, while several airports in Europe have experimented with
programs similar to that of a registered traveler program.

 Initially test the program on a small scale to determine whether it
would be feasible and effective, and whether enough travelers would be
willing to participate.

 Develop performance measures and a system to assess how effectively the
program meets stated goals.

 Use technologies that are interoperable among different airports and
enrollment sites, and select technologies that can readily be updated to
keep pace with new developments in security technology, biometrics,

and data sharing. At a minimum, interoperability refers to using
compatible technologies at different airport checkpoints across the
country and, more broadly, could be seen as including other access control
points, such as border crossings and ports of entry. Background A safe and
secure aviation system is a critical component to securing the nation*s
overall physical infrastructure and maintaining its economic vitality.
Billions of dollars and a myriad of programs and policies have been

devoted to achieving such a system. Critical to ensuring aviation security
are screening checkpoints, at which screening personnel check over 2
million individuals and their baggage each day for weapons, explosives,

and other dangerous articles that could pose a threat to the safety of an
aircraft and those aboard it. All passengers who seek to enter secure
areas at the nation*s airports must pass through screening checkpoints and
be

cleared by screeners. In addition, many airline and airport employees,
including flight crews, ground personnel, and concession vendors, have to
be cleared by screeners. At the nation*s 429 commercial airports that are

subject to security requirements, screeners use a variety of technologies
and procedures to screen individuals. These include x- ray machines to
examine carry- on baggage, metal detectors to identify any hidden metallic

objects, and physical searches of items, including those that cannot be
scanned by x- rays, such as baby carriers or baggage that has been x-
rayed and contains unidentified objects.

In response to the terrorist attacks of September 11, 2001, the Federal
Aviation Administration (FAA) and the air carriers implemented new
security controls to improve security. These actions included increased
screening of baggage and passengers at airport checkpoints with the use of

explosives trace detection devices and hand- held metal detectors, the
mandatory removal of laptop computers from carrying cases, and the removal
of shoes. They included additional screening of randomly selected
passengers at an airline*s boarding gate. Although these initiatives have

been a visible sign of heightened security procedures, they have also, in
some instances, caused longer security delays, inconvenienced the
traveling public, and raised questions about the merits of using these
techniques on assumed lower- risk travelers, such as young children.

Congress has also taken actions to improve aviation security. In November
2001, it passed the Aviation and Transportation Security Act, which
transferred aviation security from FAA to the newly created TSA and
directed TSA to take over responsibility for airport screening. The Act
also left to TSA*s discretion whether to *establish requirements to
implement trusted passenger programs and use available technologies to
expedite security screening of passengers who participate in such
programs, thereby allowing security screening personnel to focus on those
passengers who should be subject to more extensive screening.* In response
to this Act, officials representing aviation and business travel groups
have proposed developing a registered traveler program. Under their
proposals, travelers who voluntarily provide personal information and

clear a background check would be enrolled as registered travelers. These
participants would receive some form of identification, such as a card
that includes a unique personal characteristic like a fingerprint, which
they

would use at an airport to verify their identity and enrollment in the
program. Because they would have been prescreened, they would be entitled
to different security screening procedures at the airport. These could be
as simple as designating a separate line for registered travelers, or
could include less intrusive screening. Although TSA had initially
resisted such a program because of concerns that it could weaken the
airport

security system, it has recently changed its position and has begun
assessing the feasibility and need for such a program and considering the
implementation of a test program.

The concept underlying a registered traveler program is similar to one
that TSA has been studying for transportation workers* a Transportation
Worker Identity Credential (TWIC)* that could be used to positively
identify transportation workers such as pilots and flight attendants and
to expedite their processing at airport security checkpoints. TSA had been

studying the TWIC program for several months. Initially, the agency had
planned to implement the TWIC program first, saying that any registered
traveler program would be implemented after establishing the TWIC program.
In recent months, congressional appropriations restrictions have caused
TSA to postpone TWIC*s development. According to a senior

agency official, however, TSA was still planning to go forward with
studying the registered traveler program concept.

A Registered Traveler Although most of the 22 stakeholders we interviewed
supported a Program Is Intended to

registered traveler program, several stakeholders opposed it. Our
literature review and supporters of the program whom we interviewed
identified two Improve Airport

primary purposes for such a program* improving the quality and efficiency
Security While

of airport security and reducing the inconvenience that some travelers
have Reducing the experienced by reducing uncertainties about the length
of delay and the level of scrutiny they are likely to encounter. The
literature we reviewed Inconvenience of and more than a half- dozen of the
22 stakeholders we contacted suggested Security Screening

that such a program could help improve the quality and efficiency of
security by allowing security officials to target resources at potentially
higher risk travelers. Several stakeholders also indicated that it could
reduce the inconvenience of heightened security measures for some
travelers, thus encouraging Americans to fly more often, and thereby
helping to improve the economic health of the aviation industry.
Representatives of air traveler groups identified other potential uses of
a

registered traveler program that were not directly linked to improving
aviation security, such as better tracking of frequent flier miles for
program participants.

Many Stakeholders We Many of the 22 stakeholders we contacted and much of
the literature we Contacted Indicated That a reviewed identified the
improvement of aviation security as a key purpose

Registered Traveler for implementing a registered traveler program. Such a
program would Program Could Potentially

allow officials to target security resources at those travelers who pose a
greater security risk or about whom little is known. This concept is based
Improve Aviation Security

on the idea that not all travelers present the same threat to aviation and
More Effectively Target security, and thus not everyone requires the same
level of scrutiny. Our Resources

recent work on addressing homeland security issues also highlights the
need to integrate risk management into the nation*s security planning and
to target resources at high- priority risks. 3 The concept is similar to
riskbased security models that have already been used in Europe and
Israel, which focus security on identifying risky travelers and more
appropriately matching resources to those risks, rather than attempting to
detect objects

on all travelers. For example, one study suggested that individuals who
had been prescreened through background checks and credentialed as
registered travelers be identified as low risk and therefore subjected to
less

stringent security. This distinction would allow security officials to
direct more resources and potentially better screening equipment at other
travelers who might pose a higher security risk, presumably providing
better detection and increased deterrence.

In addition, several stakeholders also suggested that a registered
traveler program would enable TSA to more efficiently use its limited
resources. Several of these stakeholders suggested that a registered
traveler program

could help TSA more cost- effectively focus its equipment and personnel
needs to better meet its security goals. For example, two stakeholders
stated that TSA would generally not have to intensively screen registered
travelers* checked baggage with explosives detection systems that cost
about $1 million each. As a result, TSA could reduce its overall
expenditures for such machines. In another example, a representative from

a major airline suggested that because registered travelers would require
less stringent scrutiny, TSA could provide a registered traveler
checkpoint lane that would enable TSA to use fewer screeners at its
checkpoint lanes; this would reduce the number of passenger screeners from
the estimated

33, 000 that it plans to hire nationwide. 3 Homeland Security: A Framework
for Addressing the Nation*s Efforts, GAO- 01- 1158T (Washington, D. C.:
Sept. 21, 2001).

In contrast, several stakeholders and TSA officials said that less
stringent screening for some travelers could weaken security. For example,
two stakeholders expressed concerns that allowing some travelers to
undergo less stringent screening could weaken overall aviation security by
introducing vulnerabilities into the system. Similarly, the first head of
TSA had publicly opposed the program because of the potential for members
of *sleeper cells** terrorists who spend time in the United States
building up a law- abiding record* to become registered travelers in order
to take advantage of less stringent security screening. The program
manager heading TSA*s Registered Traveler Task Force explained that the
agency

has established a baseline level of screening that all passengers and
workers will be required to undergo, regardless of whether they are
registered. Nevertheless, a senior TSA official told us that the agency
now supports the registered traveler concept as part of developing a more
riskbased security system, which would include a refined version of the
current automated passenger prescreening system. While the automated
prescreening system is used on all passengers, it focuses on those who are
most likely to present threats. In contrast to a registered traveler
program, the automated system is not readily apparent to air passengers.
Moreover, the registered traveler program would focus on those who are not
likely to present threats, and it would be voluntary. Some stakeholders we

contacted said that a registered traveler program, if implemented, should
serve to complement the automated system, rather than replace it. Some
Believe That a According to the literature we reviewed and our discussions
with several Registered Traveler

stakeholders, reducing the inconvenience of security screening procedures
Program Could Potentially implemented after September 11, 2001,
constitutes another major purpose Reduce the Inconvenience of a registered
traveler program, in addition to potentially improving security. The
literature and these stakeholders indicated that participants of Security
Screening in a registered traveler program would receive consistent,
efficient, and Procedures

less intrusive screening, which would reduce their inconvenience and serve
as an incentive to fly more, particularly if they are business travelers.
According to various representatives of aviation and business travelers
groups, travelers currently face uncertainty regarding the time needed to

get through security screening lines and inconsistency about the extent of
screening they will encounter at various airports. For example, one
stakeholder estimated that prior to September 11, 2001, it took about 5 to
8 seconds, on average, for a traveler to enter, be processed, and clear a
security checkpoint; since then, it takes about 20 to 25 seconds, on
average, resulting in long lines and delays for some travelers. As a
result, travelers need to arrive at airports much earlier than before,
which can

result in wasted time at the airport if security lines are short or
significant time spent in security lines if they are long. Additionally, a
few stakeholders stated that travelers are inconvenienced when they are
subjected to personal searches or secondary screening at the gates for no
apparent reason.

While some stakeholders attributed reductions in the number of passengers
traveling by air to these inconveniences, others attributed it to the
economic downturn. Some literature and three stakeholders indicated that
travelers, particularly business travelers making shorter trips (up to 750
miles), have as a result of these inconveniences reduced the number of
flights they take or stopped flying altogether, causing significant
economic

harm to the aviation industry. For example, according to a survey of its
frequent fliers, one major airline estimates that new airport security
procedures and their associated inconveniences have caused 27 percent of

its former frequent fliers to stop flying. Based on this survey*s data,
the Air Transport Association, which represents major U. S. air carriers,
estimates that security inconveniences have cost the aviation industry
$2.5 billion in lost revenue since September 11, 2001. Supporters of a
registered traveler program indicated that it would be a component of any
industry recovery and that it is particularly needed to convince business
travelers to resume flying. To the extent that registered travelers would
fly more often, the program could also help revitalize related industries
that are linked to air travel, including aviation- related manufacturing
and such tourism- related businesses as hotels and travel agencies.
However, not all stakeholders agreed that a registered traveler program
would significantly improve the

economic condition of the aviation industry. For example, officials from
another major U. S. airline believed that the declining overall economy
has played a much larger role than security inconveniences in reducing air
travel. They also said that most of their customers currently wait 10

minutes or less in security lines, on average* significantly less than
immediately after September 11, 2001* and that security inconveniences are
no longer a major issue for their passengers.

Other Potential Uses for a In addition to the two major purposes of a
registered traveler program,

Registered Traveler some stakeholders and some literature we reviewed
identified other

Program potential uses. For example, we found that such a program could be
part of an enhanced customer service package for travelers and could be
used to

expedite check- in at airports and to track frequent flier miles. Some
stakeholders identified potential law enforcement uses, such as collecting
information obtained during background checks to help identify

individuals wanted by the police, or tracking the movement of citizens who
might pose criminal risks. Finally, representatives of air traveler groups
envisioned extensive marketing uses for data collected on registered

travelers by selling it to such travel- related businesses as hotels and
rental car companies and by providing registered travelers with discounts
at these businesses. Two stakeholders envisioned that these secondary uses
would evolve over time, as the program became more widespread. However,
civil liberties advocates we spoke with were particularly concerned about
using

the program for purposes beyond aviation security, as well as about the
privacy issues associated with the data collected on program participants
and with tracking their movements.

Key Policy and Our literature review and discussions with stakeholders
identified a Implementation Issues number of policy and implementation
issues that might need to be addressed if a registered traveler program is
to be implemented.

Associated with a Stakeholders we spoke with held a wide range of opinions
on such key

Registered Traveler policy issues as determining (1) who should be
eligible to apply to the

Program program; (2) the type and the extent of background checks needed
to

certify that applicants can enroll in the program, and who should perform
them; (3) the security screening procedures that should apply to
registered travelers, and how these would differ from those applied to
other travelers; and (4) the extent to which equity, privacy, and
liability issues would impede program implementation. Most stakeholders
indicated that only the federal government has the resources and authority
to resolve these issues. In addition to these policy questions, our
research and stakeholders identified practical implementation issues that
need to be considered before a program could be implemented. These include
deciding (1) which

technologies to use, and how to manage the data collected on travelers;
(2) how many airports and how many passengers should participate in a
registered traveler program; and (3) which entities would be responsible
for financing the program, and how much it would cost.

Most Stakeholders We Most stakeholders we contacted agreed that,
ultimately, the federal Contacted Agreed That the government should make
the key policy decisions on program eligibility

Federal Government Should criteria, requirements for background checks,
and specific securityscreening

Address Key Policy Issues procedures for registered travelers. In
addition, the federal government should also address equity, privacy, and
liability issues raised When Developing a

by such a program. Stakeholders also offered diverse suggestions as to how
Registered Traveler

some of these issues could be resolved, and a few expressed eagerness to
Program

work with TSA. Stakeholders Identified Differing Although almost all the
stakeholders we contacted agreed that a registered Options for Program
Eligibility

traveler program should be voluntary, they offered a wide variety of
suggestions as to who should be eligible to apply to the program. These
suggestions ranged from allowing any U. S. or foreign citizen to apply to
the program to limiting it only to members of airline frequent flier
programs. Although most stakeholders who discussed this issue with us
favored broad participation, many of them felt it should be limited to U.
S. citizens because verifying information and conducting background checks
on foreigners could be very difficult. Several stakeholders said that
extensive participation would be desirable from a security perspective
because it would enable security officials to direct intensive and
expensive resources toward unregistered travelers who might pose a higher
risk. Several stakeholders indicated that it would be unfair to limit the
program only to

frequent fliers, while representatives from two groups indicated that such
a limitation could provide airlines an incentive to help lure these
travelers back to frequent air travel.

Stakeholders Proposed We also found differing opinions as to the type and
extent of background Alternatives for Background check needed to determine
whether an applicant should be eligible to Check Requirements

enroll in a registered traveler program. For example, one stakeholder
suggested that the background check should primarily focus on determining
whether the applicant exists under a known identity and truly is who he or
she claims to be. This check could include verification that an individual
has paid income taxes over a certain period of time (for example, the past
10 years), has lived at the same residence for a certain number of years,
and has a sufficient credit history. Crosschecking a variety of public and
private data sources, such as income tax payment records and credit
histories, could verify that an applicant*s name and

social security number are consistent. However, access to income tax

payment records would probably require an amendment to existing law. 4
Another stakeholder said that the program*s background check should be
similar to what is done when issuing a U. S. passport. A passport check
consists, in part, of a name check against a database that includes
information from a variety of federal sources, including intelligence,

immigration, and child support enforcement data. In contrast, others felt
that applicants should undergo a more substantial check, such as an
FBItype background check, similar to what current airline or federal
government employees must pass; or a criminal background check, to verify
that the applicant does not have a criminal history. This could

include interviewing associates and neighbors as well as credit and
criminal history checks. In this case, applicants with criminal histories
might be denied the right to participate in a registered traveler program.

No matter what the extent of these checks, most stakeholders generally
agreed that the federal government should perform or oversee them. They
gave two reasons for this: (1) the federal government has access to the
types of data sources necessary to complete them, and (2) airlines would

be unwilling to take on the responsibility for performing them because of
liability concerns. One stakeholder also suggested that the federal
government could contract out responsibility for background checks to a

private company, or that a third- party, nonprofit organization could be
responsible for them. A majority of stakeholders also agreed that the
federal government should be responsible for developing the criteria
needed to determine whether an applicant is eligible to enroll and for
making the final eligibility determination. Some stakeholders also stated
that background checks should result in a

simple yes or no determination, meaning that all applicants who passed the
background check would be able to enroll in the program and the ones who
did not pass would be denied. Other stakeholders alternatively recommended
that all applicants be assigned a security score, determined according to
the factors found during the background check. This security

score would establish the level of screening given an individual at a
security checkpoint. TSA has indicated that, at a minimum, the government
would have to be responsible for ensuring that applicants are eligible to
enroll and that the data used to verify identities and perform background
checks are accurate and up- to- date.

4 26 U. S. C. 6103.

Security Screening Procedures All the stakeholders we contacted agreed
that registered travelers should for Registered Travelers Would be
subjected to some minimum measure of security screening, and that the
Differ from Procedures for Other level of screening designated for them
should generally be less extensive Passengers

and less intrusive than the security screening required for all other
passengers. Most stakeholders anticipated that a participant would receive
a card that possessed some unique identifier, such as a fingerprint or an
iris scan, to identify the participant as a registered traveler and to
verify his or her identity. When arriving at an airport security
checkpoint, the registered traveler would swipe the card through a reader
that would authenticate the card and verify the individual*s identity by
matching him or her against the

specific identifier on the card. If the card is authenticated and the
holder is verified as a registered traveler, the traveler would proceed
through security. Most stakeholders suggested that registered travelers
pass through designated security lines, to decrease the total amount of
time they spend waiting at the security checkpoint. If the equipment
cannot read the

card or verify the traveler*s identity, or if that passenger is deemed to
be a security risk, then the traveler would be subjected to additional
security screening procedures, which might also include full- body
screening and baggage searches. If the name on the registered traveler
card matches a name on a watch- list or if new concerns about the traveler
emerge, the card

could be revoked. A common suggestion was that registered travelers would
undergo preSeptember 11th security- screening measures, which involved
their walking through a magnetometer and the x- raying of their carry- on
baggage. Moreover, they would not be subjected to random selection or
additional security measures unless warranted, and they would be exempted
from random secondary searches at the boarding gate. According to TSA

officials, the agency is willing to consider some differentiated security
procedures for program participants.

As for security procedures for those not enrolled in such a program,
several stakeholders agreed that nonparticipants would have to undergo
current security screening measures, at a minimum. Current security
measures involve walking through a magnetometer, having carry- on baggage
run

through an x- ray machine, and being subjected to random searches of
baggage for traces of explosives, hand searches for weapons, and the
removal of shoes for examination. Travelers may also be randomly selected
for rescreening in the gate area, although TSA has planned pilot programs
to determine whether to eliminate this rescreening. Other stakeholders
suggested that travelers who were not enrolled in the registered traveler
program should be subjected to enhanced security screening, including

more stringent x- rays and baggage screening than are currently in place
at the airports. These stakeholders thought that because little would be
known about nonparticipants, they should be subjected to enhanced security
screening measures.

In addition, several stakeholders mentioned that a registered traveler
program might be useful in facilitating checked- baggage screening. For
example, one stakeholder suggested that the x- ray screening of registered
travelers* baggage could be less intensive than the screening required for
all other passengers, thus reducing the time it would take to screen all

checked baggage. A few stakeholders even suggested that the most
sophisticated baggage screening technology, such as explosives detection
machines, would not be needed to screen a registered traveler*s checked
baggage. However, the 2001 Aviation and Transportation Security Act
requires the screening of all checked baggage, and using a registered
traveler program to lessen the level of the checked baggage screening
would not be permissible under the requirements of the Act.

Stakeholders Raised Equity, Finally, our research and discussions with
stakeholders raised nonsecurityrelated

Privacy, and Liability Concerns policy issues, including equity, privacy,
and liability concerns that

could impede implementation of a registered traveler program. With respect
to equity issues, some stakeholders raised concerns that the federal
government should carefully develop eligibility and enrollment criteria
that would avoid automatically excluding certain classes of people from

participating in the program. For example, requiring applicants to pay a
high application or enrollment fee could deter some applicants for
financial reasons. In addition, concern was expressed that certain races
and ethnicities, mainly Arab- Americans, would be systematically excluded
from program participation. Most stakeholders, however, did not generally
view equity issues as being a major obstacle to developing the program,
and one

pointed to the precedent set by existing government programs that
selectively confer known status to program participants. For example, the
joint U. S./ Canadian NEXUS pilot program, a program for travelers who
frequently cross the U. S./ Canadian border, is designed to streamline the
movement of low- risk travelers across this border by using designated
passage lanes and immigration- inspection booths, as well as some
riskmanagement

techniques similar to those proposed for use in a registered traveler
program.

With respect to privacy issues, civil liberties advocates we spoke with
expressed concerns that the program might be used for purposes beyond its
initial one and that participants* information would need protection.

They were particularly concerned about the potential for such a program to
lead to the establishment of a national identity card, or to other uses
not related to air travel. For example, some suggested that there could be

enormous pressure on those who are not part of the program to apply, given
the advantages of the program, and this would therefore, in effect, lead
to a national identity card. One stakeholder raised a concern about the
card*s becoming a prerequisite for obtaining a job that includes traveling
responsibilities, or the collected information*s being used for other
purposes, such as identifying those sought by police. Others countered
that

because participation in a registered traveler program would be voluntary,
privacy concerns should not be a significant issue. According to TSA
attorneys, legal protections already in place to prevent the proliferation
of private information are probably applicable, and additional safeguards
for this program could be pursued. Through our review, we identified two
particular liability issues potentially associated with the concept of a
registered traveler program. First, it is uncertain which entity would be
liable and to what extent that entity would be liable if a registered
traveler were to commit a terrorist act at an airport or on a flight.
Second, it is also unclear what liability issues might arise if an
applicant were rejected based on false or inaccurate information, or the
applicant did not meet the eligibility criteria. For the most part,
stakeholders who addressed the liability issue maintained that, because
the federal government is already responsible for aviation security, and
because it is likely to play an integral role in developing and
administering such a program, security breaches by registered travelers
would not raise new liability concerns. Although the assumption of
screening responsibilities has increased the federal government*s
potential exposure to liability for breaches of aviation security, TSA
representatives were unsure what the liability ramifications would be for
the federal government for security breaches or terrorist acts committed
by participants of a registered traveler program.

Fewer stakeholders offered views on whether there would be liability
issues if an applicant were denied participation in a registered traveler
program because of false or inaccurate information. However, some
indicated that the federal government*s participation, particularly in
developing eligibility criteria, would be key to mitigating liability
issues. One stakeholder said that the program must include appeal
procedures to specify under what conditions an individual could appeal if
denied access to the program, who or what entity would hear an appeal, and
whether an individual would be able to present evidence in his or her
defense. Other

stakeholders, however, stressed the importance of keeping eligibility
criteria and reasons for applicant rejection confidential, because they
believe that confidentiality would be crucial to maintaining the security
of

the program. TSA maintained that if the program were voluntary,
participants might have less ability to appeal than they would in a
government entitlement program, in which participation might be guaranteed
by statute. Some Stakeholders Also In addition to key policy issues, some
stakeholders we spoke with Identified Practical identified a number of key
program implementation issues to consider. Implementation Issues to

Specifically, they involve choosing appropriate technologies, determining
Consider how to manage data collection and security, defining the
program*s scope, and determining the program*s costs and financing
structure.

Stakeholders Differed on the Use Our research indicated that developing
and implementing a registered

of Biometric Technology in a traveler program would require key choices
about which technologies to Registered Traveler Program

use. Among the criteria cited by stakeholders were a technology*s ability
to (1) provide accurate data about travelers, (2) function well in an
airport environment, and (3) safeguard information from fraud. One of the
first

decisions that would have to be made in this area is whether to use
biometrics to verify the identity of registered passengers and, if so,
which biometric identifier to use. The term *biometrics* refers to a wide
range of technologies that can be used to verify a person*s identity by
measuring and analyzing human characteristics. Identifying a person*s
physiological characteristics is based on data derived from scientifically
measuring a part of the body. 5 Biometrics provides a highly accurate
confirmation of the identity of a specific person. While the majority of
those we interviewed said that some sort of biometric identifier is
critical to an effective registered traveler program, there was little
agreement among stakeholders as to the most appropriate biometric for this
program. Issues to consider when making decisions related to using
biometric technology include the accuracy of a specific technology, user
acceptance, and the costs of implementation and operation. Although there
is no consensus on which biometric identifier should be used for a
registered traveler program, three biometric identifiers were cited most 5
The term *biometrics* is commonly used to mean both biometric technologies
and the characteristics themselves.

frequently as offering the requisite capabilities for a program: iris
scans (using the distinctive features of the iris), fingerprints, and hand
geometry (using distinctive features of the hand). Although each of the
three

identifiers has been used in airport trials, there are disadvantages
associated with each of them. (Appendix III outlines some of the
advantages and disadvantages of each.) A few stakeholders also claimed
that a biometric should not be part of a

registered traveler program. Among the reasons cited were that biometric
technology is expensive, does not allow for quick processing of numerous
travelers, and is not foolproof. Some studies conducted have concluded

that current biometric technology is not as infallible as biometric
vendors claim. For example, a German technology magazine recently
demonstrated that using reactivated latent images and forgeries could
defeat fingerprint and iris recognition systems. In addition, one
stakeholder stated that an identity card with a two- dimensional barcode
that stores personal data and a picture would be sufficient to identify
registered travelers. Such a card would be similar to those currently used
as drivers* licenses in many states. Registered Traveler Program

In addition to choosing specific technologies, stakeholders said that
Raises Data Storage and decisions will be needed regarding the storage and
maintenance of data Maintenance Issues collected for the program. These
include decisions regarding where a biometric or other unique identifier
and personal background information

should be stored. Such information could be stored either on a card
embedded with a computer chip or in a central database, which would serve
as a repository of information for all participants. Stakeholders thought
the key things to consider in deciding how to store this information

are speed of accessibility, levels of data protection, methods to update
information, and protections against forgery and fraudulent use by others.
One stakeholder who advocates storing passenger information directly on a
*smart* card containing an encrypted computer chip said that this offers
more privacy protections for enrollees and would permit travelers to be

processed more quickly at checkpoints than would a database method. On the
other hand, advocates for storing personal data in a central database said
that it would facilitate the updating of participants* information.
Another potential advantage of storing information in a central database
is that it could make it easier to detect individuals who try to enroll
more than once, by checking an applicant*s information against information
on all enrollees in a database. In theory, this process would prevent
duplication of enrollees.

Another issue related to storing participant information is how to ensure
that the information is kept up- to- date. If participant information is
stored in a database, then any change would have to be registered in a
central database. If, however, information is stored on an identification
card, then

the card would have to feature an embedded computer chip to which changes
could be made remotely. Keeping information current is necessary to ensure
that the status of a registered traveler has not changed because of that
person*s recent activities or world events. One stakeholder noted the

possibility that a participant could do something that might cause his or
her eligibility status to change. In response to that concern, he stressed
that a registered traveler program should incorporate some sort of *quick
revoke* system. When that traveler is no longer entitled to the benefits
associated with the program, a notification would appear the next time the
card is registered in a reader.

Stakeholders Had Different Stakeholders differed in their opinions as to
how many airports and how Opinions about the Scope of a

many passengers should participate in a registered traveler program. While
Registered Traveler Program

some believe that the program should be as expansive as possible, others
maintain that the program would function most efficiently and
costeffectively if it were limited to those airports with the most traffic
and to those passengers who fly the most frequently.

As for airports, some suggested that all 429 airports subject to security
requirements in the United States should be equipped to support the
program, to convince more passengers to enroll. Others contended that,
because of equipment costs, the program should optimally include only the
largest airports, such as the fewer than 100 airports that the FAA
classifies as Category X and Category 1 airports, which the vast majority
of the nation*s air travelers use.

There were also different opinions as to whether the program should limit
enrollment to frequent travelers or should strive for wider enrollment to
maximize participation. Representatives of a passenger group asserted that
the program should be limited to passengers who fly regularly because one
of the goals of the program would be to process known passengers more
quickly, and that having too many enrollees would limit the time saved.
Others, however, maintained that the program should enroll as many
passengers as possible. This case is made largely based on security
concerns* the more people who register, the more information is known
about a flight*s passengers.

Views Differ on the Program*s It is unclear who would fund any registered
traveler program, although a

Costs and Financing majority of the stakeholders we contacted who
discussed the issue expect

that participants would have to fund most of its costs. Representatives of
aviation traveler groups said that participants would be willing to bear
almost all of the costs. One airline representative estimated that
frequent

passengers would be willing to pay up to $100 for initial enrollment and
an additional $25 to $50 annually for renewal. For similar reasons, some
stakeholders have suggested that the airlines bear some of the costs of
the program, probably by offering subsidies and incentives for their
passengers

to join, since the aviation industry would also benefit. For instance, one
stakeholder said that airlines might be willing to partially subsidize the
cost if the airlines could have access to some of the participant
information.

A few stakeholders also expect that the federal government would pay for
some of the cost to develop a registered traveler program. One stakeholder
who said the government should pay for a significant portion of the
program did so based on the belief that national security benefits will
accrue from the program and so, therefore, funding it is a federal

responsibility. Others maintained that significant long- term federal
funding for the program is unrealistic because of the voluntary aspect of
the program, the possibility that it might be offered only to selected
travelers, and TSA*s current funding constraints.

In addition to the uncertainty about which entity would primarily fund a
registered traveler program, there are also questions about how much the
program would cost. None of the stakeholders who were asked was able to
offer an estimate of the total cost of the program. A technology vendor
who has studied this type of program extensively identified several
primary

areas of cost, which include but are not limited to background checks,
computer- chip* enabled cards, card readers, biometric readers, staff
training, database development, database operations, and enrollment center
staffing. The fact that the costs of many of these components are
uncertain makes estimating the overall program costs extremely difficult.
For example, one stakeholder told us that extensive background checks for

enrollees could cost as much as $150 each, while another stakeholder
maintained that detailed, expensive background checks would be
unnecessary. Therefore, the choice of what type of background check to use
if a program is implemented would likely significantly influence the
program*s overall costs. Our research indicated that there are also
significant price range differences in computer- chip* enabled cards and
biometric readers, among other components.

Key Principles to Guide Regardless of the policy and program decisions
made about a registered Program

traveler program, we identified several basic principles TSA might
consider if it implements such a program. We derived these principles from
our Implementation

discussions with stakeholders and from review of pertinent literature as
well as best practices for implementing new programs. Chief among these is
the principle that vulnerabilities in the aviation system be assessed in a
systematic way and addressed using a comprehensive risk management plan.
Accordingly, the registered traveler program must be assessed and
prioritized along with other programs designed to address security
vulnerabilities, such as enhancing cockpit security, controlling access to
secure areas of the airport, preventing unsafe items from being shipped in
cargo or checked baggage, and ensuring the integrity of critical air
traffic

control* computer systems. TSA officials also noted that the agency is
responsible for the security of all modes of transportation, not just
aviation. They added that a program such as registered traveler needs to
be assessed in the broader context of border security, which can include
the security of ports and surface border crossings overseen by a number of
federal agencies, such as Customs, Coast Guard, and INS. TSA might
consider the

following principles if, and when, a registered traveler program is
implemented:

 Apply lessons learned from and experience with existing programs that
share similarities with the registered traveler program. This information
includes lessons related to such issues as eligibility criteria, security
procedures, technology choices, and funding costs.

 Test the program initially on a smaller scale to demonstrate its
feasibility and effectiveness, and that travelers will be willing to
participate.

 Develop performance measures and a system for assessing whether the
program meets stated mission and goals.

 Use technologies that are interoperable across different enrollment
sites and access- control points, and select technologies that can readily
be updated to keep pace with new developments in security technology,
biometrics, and data sharing. At a minimum, interoperability refers to
using compatible technologies at different airport checkpoints across the
country and, more broadly, could be seen as including other accesscontrol
points, such as border crossings and ports of entry.

Apply Lessons Learned from Using lessons learned from existing programs
offers TSA an opportunity to Similar Programs

identify key policy and implementation issues as well as possible
solutions to them. Although not of the scope that a nationwide U. S.
registered traveler program would likely be, several existing smaller
programs, both in the United States and abroad, address some of the same
issues as the registered traveler concept and still present excellent
opportunities for policymakers to learn from real- life experiences. For
example, in the

United States, the INS already has border control programs both at
airports and roadway checkpoints to expedite the entry of *known* border
crossers. Internationally, similar programs exist at Ben Gurion Airport in
Israel, Schiphol Airport in Amsterdam, and Dubai International Airport in
the United Arab Emirates. In the past, similar pilot programs have also
been run at London*s Gatwick and Heathrow airports. All of these programs
rely on credentialing registered travelers to expedite their processing
and are candidates for further study. Finally, programs established by the
Department of Defense and the General Services Administration that use
cards and biometrics to control access to various parts of a building
offer potential technology- related lessons that could help design a
registered traveler program. (Appendix IV offers a brief description of
some of the U. S. and foreign programs.) TSA*s program manager for the
Registered Traveler Task Force stressed that his agency has no role in
these other programs, which are different in purpose and scope from the
registered traveler concept. He added that these programs

focus on expediting crossing at international borders, while the
registered traveler concept focuses on domestic security.

Test the Program to Demonstrate In addition to these programs, information
could also be gleaned from a

Its Feasibility, Effectiveness, and registered traveler pilot program. For
example, the Air Transport Acceptance

Association has proposed a passenger and employee pilot program. ATA*s
proposed program would include over 6,000 participants, covering both
travelers who passed a background check and airline employees. ATA*s
proposal assumes that (1) the appropriate pool of registered traveler
participants will be based on background checks against the FBI/ TSA

watch list, and (2) airlines would determine which employees could apply,
and would initiate background checks for them. ATA estimates that the
pilot program would initially cost about $1. 2 million to implement. To
allow TSA and the airlines to evaluate the effectiveness of the program*s
technologies and procedures and their overall impact on checkpoint
efficiency, ATA plans to collect data on enrollment procedures, including:

the number of individuals who applied and were accepted, the reasons for
rejection, and customer interest in the program; reliability of the
biometric cards and readers; and checkpoint operational issues.

In our discussions, the Associate Under Secretary for Security Regulation
and Policy at TSA made it clear that he thought developing a registered
traveler pilot program on a small scale would be a necessary step before
deciding to implement a national program. TSA officials responsible for

assessing a registered traveler program said that they hope to begin a
pilot program by the end of the first quarter of 2003. They also noted
that much of the available information about the registered traveler
concept is qualitative, rather than quantitative. They added that, because
the costeffective

nature of a registered traveler program is not certain, a financial
analysis is needed that considers the total cost of developing,
implementing, and maintaining the technology and the program. Along these
lines, they believe that a pilot program and rigorous, fact- based

analysis of the costs and benefits of this program will be useful for
determining (1) whether the hassle factor really exists, and if so to what
extent, (2) whether a registered traveler program will effectively address
the need to expedite passenger flow or to manage risk, and (3) whether
such a program would be the risk- mitigation tool of choice, given the
realities of limited resources.

Develop Performance Measures In addition to developing performance- based
metrics to evaluate the to Ensure the Program Is effectiveness of a pilot
program, TSA could consider developing similar Achieving Its Goals

metrics to measure the performance of a nationwide program if one is
created. Our previous work on evaluating federal programs has stressed the
importance of identifying goals, developing related performance measures,
collecting data, analyzing data, and reporting results. 6 Collecting such
information is most useful if the data- gathering process is designed
during the program*s development and initiated with its implementation.

Periodic assessment of the data should include comparisons with previously
collected baseline data.

The implementation of a registered traveler program could be helped by
following those principles. For example, determining whether, and how
well, the program improves aviation security and alleviates passenger
inconvenience requires that measurements be developed and data collected
and analyzed to demonstrate how well these goals are being met. Such
information could include the success of screeners at detecting devices
not allowed on airplanes for both enrollees and nonparticipants, or 6
Managing for Results: Analytic Challenges in Measuring Performance, GAO/
HEHS/ GGD97- 138 (Washington, D. C.: May 1997).

the average amount of time it takes for enrollees to pass through security
screening. Use Technologies That Are An effective registered traveler
program depends on using technologies Interoperable and That Can Be

that are interoperable across various sites and with other technologies,
and Upgraded in the Future

can be readily updated to keep pace with new developments in security
technology, biometrics, and data sharing. Such a program is unlikely to be
airport- or airline- specific, which means that the various technologies
will have to be sufficiently standardized for enrollees to use the same
individual

cards or biometrics at many airports and with many airlines. Consequently,
the technologies supporting the nationwide system need to be interoperable
so that they can communicate with one another. The FAA*s

experience with employee access cards offers a good lesson on the dangers
of not having standards to ensure that technologies are interoperable. As
we reported in 1995, 7 different airports have installed different types
of

equipment to secure doors and gates. While some airports have installed
magnetic stripe card readers, others have installed proximity card
readers, and still another has installed hand- scanning equipment to
verify employee identity. As a result, an official from one airline stated
that employees who

travel to numerous airports have to carry several different identity cards
to gain access to specific areas. Another important interoperability issue
is the way in which the personal data associated with a registered
traveler program relates to other existing information on travelers, most
important of which is the automated passenger prescreening system
information. Some stakeholders believe it will be crucial that the
registered traveler program is integrated into the automated system. Given
TSA*s focus on developing and launching a revised automated passenger
prescreening system, such integration will likely be essential.
Integrating the data depends on finding a workable technology solution.
Furthermore, TSA officials added that interoperability may extend beyond
aviation to passengers who enter the United States at border crossings or
seaports. They noted that ensuring the interoperability of systems across
modes of transportation overseen by a variety of different federal
agencies will be a complex and expensive undertaking.

An equally important factor to consider is how easily a technology can be
upgraded as related technologies evolve and improve. As stakeholders 7
Aviation Security: FAA Can Help Ensure That Airports* Access Control
Systems Are CostEffective,

GAO/ RCED- 95- 25 (Washington, D. C.: Mar. 1995).

made clear to us, because technologies surrounding identification cards
and biometrics are evolving rapidly, often in unpredictable ways, the
technology of choice today may not be cost- effective tomorrow. To ensure
that a registered traveler program will not be dependent on outdated

technologies, it is essential to design a system flexible enough to adapt
to new technological developments as they emerge. For example, if
fingerprints were initially chosen as the biometric, the supporting
technologies should be easily adaptable to other biometrics, such as iris
scans. An effective way to make them so is to use technology standards for
biometrics, data storage, and operating systems, rather than to mandate
specific technology solutions. Concluding A registered traveler program is
one possible approach for managing some Observations

of the security vulnerabilities in our nation*s aviation and broader
transportation systems. However, numerous unresolved policy and
programmatic issues would have to be addressed before developing and
implementing such a program. These issues include, for example, the
central question of whether such a program will effectively enhance
security or will inadvertently provide a means to circumvent and
compromise new security procedures. These issues also include programmatic
and administrative questions, such as how much such a program would cost
and what entities would provide its financing. Our analysis of existing
literature and our interviews with stakeholders helped identify some of
these key issues but provide no easy answers. The

information we developed should help to focus and shape the debate and to
identify key issues to be addressed when TSA considers whether to
implement a registered traveler program. Agency Comments We provided the
Department of Transportation (DOT) with a draft of this report for review
and comment. DOT provided both oral and written comments. TSA*s program
manager for the Registered Traveler Task Force

and agency officials present with legal and other responsibilities related
to this program said that the report does an excellent job of raising a
number of good issues that TSA should consider as it evaluates the
registered traveler concept. These officials provided a number of
clarifying comments, which we have incorporated where appropriate.

Unless you publicly announce its contents earlier, we plan no further
distribution of this report until 15 days from the date of this letter. At
that time, we will send copies of this report to interested Members of
Congress,

the Secretary of Transportation, and the Under Secretary of Transportation
for Security. We will also make copies available to others upon request.
In addition, the report will be available at no charge on the GAO Web site
at http:// www. gao. gov.

If you or your staff have any questions about this report, please contact
me at (202) 512- 3650. I can also be reached by E- mail at dillinghamg@
gao. gov. Key contributors are listed in appendix V.

Gerald L. Dillingham, Ph. D. Director, Physical Infrastructure

Appendi Appendi xes x I

Scope and Methodology To obtain and develop information on the purpose of
a registered traveler program and the key policy and implementation issues
in designing and implementing it, we conducted an extensive search of
existing information and carried out interviews with key stakeholders.
These interviews included officials from the federal government, the
aviation industry, aviation security consultants, vendors developing and
testing registered

traveler applications, and organizations concerned with issues of data
privacy and civil liberties. We conducted a literature search that
identified existing studies, policy papers, and articles from the federal
government, the aviation industry, and other organizations on numerous
issues associated with designing and implementing a registered traveler
program. These issues included the goals or purposes of a registered
traveler program and policy and

programmatic issues such as the potential costs, security procedures, and
technology choices for such a program. We also identified existing studies
and papers on specific items, such as the applicability of biometric

technologies for use in a registered traveler program and the extent to
which programs already exist in the United States and abroad (this
detailed information is presented in appendix IV). This literature search
also identified key stakeholders regarding designing and implementing a
registered traveler program. Based on our literature search, we identified
a list of 25 key stakeholders who could provide professional opinions on a
wide range of issues involved

in a registered traveler program. We chose these stakeholders based on
their influence in the aviation industry as well as their expertise in
such issues as aviation security, identification technologies, civil
liberties, and the air- travel experience. In total, we conducted 22
interviews. We also

visited and interviewed officials associated with registered traveler*
type programs in two European countries. The intent of our interviews was
to gain a further understanding of the issues surrounding a registered
traveler program and specific information on such items as the potential
costs for implementing a registered traveler program and the technology
needs of such a program. In conducting our interview process, we developed
a standard series of questions on key policy and implementation issues,
sent the questions to the stakeholders in advance, and conducted the

interviews. We then summarized the interviews to identify any key themes
and areas of consensus or difference on major issues. We did not, however,
attempt to empirically validate the information provided to us by
stakeholders through these interviews.

To identify basic principles that TSA should consider if it decides to
implement a registered traveler program, we analyzed existing studies to
identify overriding themes that could impact the policy or implementation
of such a program. We also analyzed the results of our interviews, to
generate a list of key principles.

We performed our work from July 2002 through October 2002 in accordance
with generally accepted government auditing standards.

Appendi x II

Interviews Conducted As part of our review of the concept of a registered
traveler program, we interviewed the following three aviation experts,
each of whom spoke on his own behalf: Admiral Cathal Flynn, former FAA
Associate Administrator for Civil Aviation Security Douglas Laird,
aviation security consultant

Robert Poole, transportation policy expert We also interviewed
representatives from the following 19 organizations: Air Line Pilots
Association Airports Council International Air Transport Association Air
Travelers Association American Civil Liberties Union Association of
Corporate Travel Executives Continental Airlines EagleCheck (technology
developer) Electronic Privacy Information Center EyeTicket (technology
developer) ICTS International

I/ O Software (technology developer) Microsoft National Air Transportation
Association

National Safe Skies Alliance Northwest Airlines Transportation Security
Administration Unisys United Airlines

Appendi x II I Testing Results on Leading Biometrics The International
Biometrics Group considers four types of biometric identifiers as the most
suitable for air- travel applications. These identifiers are fingerprint
recognition, iris recognition, hand geometry, and facial recognition. Each
of these biometrics has been employed, at least on a small scale, in
airports worldwide. The following information describes how each biometric
works and compares their functionality. Types of Biometric Fingerprint
recognition

Technologies This technology extracts features from impressions made by
the distinct

ridges on the fingertips. The fingerprints can be either flat or rolled. A
flat print captures only an impression of the central area between the
fingertip and the first knuckle; a rolled print captures ridges on both
sides of the finger. The technology is one of the best known and most
widely used biometric technologies.

Iris recognition

This technology is based on the distinctly colored ring surrounding the
pupil of the eye. The technology uses a small, high- quality camera to
capture a black- and- white high- resolution image of the iris. It then
defines the boundaries of the iris, establishes a coordinate system over
the iris, and

defines the zones for analysis within that coordinate system. Made from
elastic connective tissue, the iris is a very plentiful source of
biometric data, having approximately 450 distinctive characteristics.

Hand geometry

This technology measures the width, height, and length of the fingers,
distances between joints, and shapes of the knuckles. The technology uses
an optical camera and light- emitting diodes with mirrors and reflectors
to capture three- dimensional images of the back and sides of the hand.
From these images, 96 measurements are extracted from the hand. Hand

geometry systems have been in use for more than 10 years for access
control at facilities ranging from nuclear power plants to day care
centers.

Facial recognition

This technology identifies people by areas of the face not easily altered*
the upper outlines of the eye sockets, the areas around the cheekbones,
and the sides of the mouth. The technology is typically used to compare a

live facial scan with a stored template, but it can also be used to
compare static images, such as digitized passport photographs. Facial
recognition can be used in both verification and identification systems.
In addition, because facial images can be captured from video cameras,
facial recognition is the only biometric that can also be used for
surveillance

purposes.

Table 1: Important Features of Biometric Technologies Technology
characteristic Fingerprint Iris Facial Hand

How it works Captures and compares Captures and compares Captures and
compares Measures and compares fingertip patterns iris patterns facial
patterns dimensions of hand and fingers Cost of device Low High Moderate
Moderate Enrollment time About 3 minutes, 30

2 minutes, 15 seconds About 3 minutes About 1 minute seconds Transaction
time a 9 to 19 seconds 12 seconds 10 seconds 6 to 10 seconds

False nonmatch rate b .2%* 36% 1. 9%* 6% 3. 3%* 70% 0%* 5% False match
rate (FMR) c 0%* 8% Less than 1% 0.3%* 5% 0%* 2. 1% User acceptance issues
Associated with law User resistance, usage

Potential for privacy Hygiene concerns enforcement, hygiene difficulty
misuse concerns

Factors affecting Di r t y, d r y, or wor n Poor eyesight, glare, or
Lighting, orientation of

Hand injuries, arthritis, performance d fingertips reflections face, and
sunglasses swelling Demonstrated Artificial fingers, High- resolution
picture of

Notebook computer with None vulnerability e reactivated latent prints iris
digital photographs Variability with ages f Stable Stable Affected by
aging Stable

Commercial availability 1970s 1997 1990s 1970s since a Amount of time it
takes to verify machine- read biometric versus stored biometric.

b The probability that individuals who should be matched are not matched
by a biometrics system. c The probability of an erroneous match in a
single template comparison. d Human characteristics or measurement
condition circumstances that could adversely affect accuracy of biometric
systems.

e Demonstrated methods of beating biometric systems that have been
employed in tests. f Effects of age, if any, of individual on his or her
biometric identifiers.

Source: GAO analysis.

Information about Existing Programs for

Appendi x V I Registered Travelers Privium Card, Automatic Border Passage
Program

Schiphol Airport, Amsterdam, the Netherlands Purpose To improve border
security and passenger convenience. Eligibility/ enrollment Passengers
from European Union, Norway, Iceland, and Liechtenstein.

In the enrollment phase, the traveler is qualified and registered. This
process includes a passport review, background check, and iris scan. All
collected information is encrypted and embedded on a smart card. 2, 500
passengers have enrolled in the program.

Technology vendor IBM Biometric Iris scan Process In the traveling phase,
the passenger approaches a gated kiosk and inserts the smart card in a
card reader. The system reads the card and allows valid registered
travelers to enter an isolated area. The passenger then looks into an iris
scan camera. If the iris scan matches the data stored on the card, the
passenger is allowed to continue through the gate. If the system cannot
match the iris scan to the information on the card, the passenger is
directed to the regular passport check lane.

User fees As of October 1, 2002, there is a 99- 119 Euro ($ 97*$ 118)
annual fee for participating passengers. Benefits According to program
officials, the entire automatic border passage procedure is typically
completed in about 10* 15 seconds. The system can process four to five
people per minute. Status Ongoing Other information There are plans to
expand the program so that airlines and airports can use it for passenger

identification and for tracking such functions as ticketing, check- in,
screening, and boarding. There are also plans to develop components of the
technology to provide secure- employee and staff access to restricted
areas of travel and transportation facilities. Express Entry Program

Ben Gurion Airport, Tel Aviv, Israel Purpose To expedite passenger
processing at passport control areas. Eligibility/ enrollment Israeli
citizens and frequent international travelers.

Travelers who have dual U. S./ Israel citizenship can take advantage of
the Ben Gurion program, as well as the INS*s INSPASS program. During
enrollment, applicants submit biographic information and biometric hand
geometry. Applicants also receive an in- depth interview. Approximately
80, 000 Israeli citizens have enrolled in the program.

Technology vendor Electronic Data Systems Biometric Hand geometry Process
During arrival and departure, participants use a credit card for initial
identification in one of 21

automated inspection kiosks at the airport. The participant then places
his or her hand in the hand reader for identity verification. If verified,
the system prints a receipt, which allows the traveler to proceed through
a system- controlled gate. If the person*s identity cannot be verified,
the individual is referred to an inspector. User fees $20*$ 25 annual
membership fee for participants.

Benefits According to program officials, the entire automated verification
process takes 20 seconds. Passport control lines at Ben Gurion airport can
take up to 1 hour. Status Ongoing Other information The program allows
airport personnel to concentrate on high- risk travelers, reduces
bottlenecks with automated kiosks, improves airport cost- effectiveness,
generates new revenue for the airport authority, and expands security
capabilities at other Israeli borders.

JetStream

Heathrow Airport, London, England Program purpose To expedite passenger
processing at passport control. Eligibility/ enrollment Non- United
Kingdom, non- European Union, non- visa frequent travelers (mostly
American and Canadian business travelers) originating from John F. Kennedy
International Airport or

Dulles International Airport on Virgin Atlantic or British Airways. To
enroll, participants record their iris images with EyeTicket, have their
passports scanned, and submit to a background check with U. K.
immigration. 900 of 1,000 applicants were approved for participation; 300
enrolled. Technology vendor EyeTicket Corporation Biometric Iris scan
Process Upon arrival in London, participants are able to bypass the
regular immigration line and proceed through a designated border entry
lane. Participants look into an iris scan camera,

and the image is compared against the scan taken at enrollment. If the two
iris images match, participants are able to proceed through immigration.
User fees There were no user fees associated with the pilot program.
Benefits According to EyeTicket, the average processing time per passenger
is 12 seconds. Status Completed. Six- month trial ran from January 31,
2002, to July 31, 2002.

IP@ SS (Integrated Passenger Security System)

Newark International Airport, Newark, New Jersey (Continental Airlines);
Gatwick Airport, London, England (Delta Airlines) Purpose To expedite and
simplify the processes of passenger identification and security screening.
Eligibility/ enrollment In June 2002, 6,909 passengers were processed
through IP@ SS. Officials report that about 99 percent of passengers
volunteered for the program. Technology vendor ICTS International

Biometric Two- finger geometry a Process Continental Airlines has two
kiosks for tourist class, one for business and first classes, and one at
the Continental gate for flights between Newark and Tel Aviv. Each station
is staffed with a trained security agent who asks passengers for travel
documents, including the individual*s passport, which is scanned by an
automated reader. b After being cleared, the passenger can enroll in a
biometric program in which biometric information is transferred to a

smart card. The passenger then takes the card to the boarding gate and
inserts it into the card reader and inserts fingers into the reader. If
the information corresponds with the information contained on the smart
card, the passenger is cleared to board the plane. Cards are surrendered
to program officials after each use, and the information is scrambled to
prevent misuse.

User fees There were no user fees associated with the pilot programs.
Status Ongoing. ICTS International plans to launch pilot programs at other
U. S. and European

airports.

Other information The pilot programs at Newark and Gatwick are technology
demonstrations and are used only to aid in the departure process. ICTS may
test a *sister city* concept, in which the participant can take the card
to his or her destination to aid in the deplaning/ arrival process there.
CANPASS

Douglas, British Columbia; Niagara Falls, Fort Erie, and Windsor, Ontario;
Lacolle, Quebec, Canada Purpose To expedite border crossings for low- risk
frequent commuters. CANPASS is a project of the

Canada- U. S. Shared Border Accord. Eligibility/ enrollment Citizens and
permanent residents of the United States and Canada are eligible to
participate in the CANPASS program. As part of the application process, an
applicant provides personal identification, vehicle identification, and
driver*s license information. Background checks are performed on all
applicants. As of October 1, 2001, there were approximately 119,743
participants in the CANPASS

program. Technology Technology varies from site to site. At Douglas, the
participant receives only a letter of authorization and a windshield
decal; at Windsor, a participant receives a photo ID card. Process A
participant receives a letter of authorization and a windshield decal,
which can be used only

on a vehicle registered in the CANPASS system. When a vehicle enters the
lane, a license plate reader reads the plate on the car. Membership in the
CANPASS program is validated with data available through the license plate
reader and other sources. At the applicable crossings, a participant must
show the CANPASS identification card to the border inspector. User fees
There are no fees associated with the CANPASS system.

Status The CANPASS Highway program was closed as a result of the events of
September 11, 2001; however, the program is still currently available at
the Whirlpool Bridge in Niagara Falls, Ontario.

Other information The CANPASS program operates in conjunction with the
SENTRI/ PORTPASS program. SENTRI/ PORTPASS (Secure Electronic Network for
Travelers* Rapid Inspection/ Port Passenger Accelerated Service System)

Detroit, Michigan; Buffalo, New York; El Paso and Hidalgo, Texas; Otay
Mesa and San Ysidro, California Eligibility/ enrollment Citizens and
permanent residents of the United States and Canada and certain citizens
and non- immigrants of Mexico are eligible to apply for program
participation. Applicants must undergo an FBI background check, an
Interagency Border Inspection System (IBIS) check, vehicle search, and
personal interview prior to participation. Applicants must provide
evidence of citizenship, residence, and employment or financial support.
Fingerprints and a digital photograph are taken at the time of
application. If cleared for enrollment, the passenger receives an
identification card and a transponder, which must be installed in the
registered vehicle. During 2000, approximately 792 participants were
registered for the Detroit program, and 11, 700 were registered for the
Otay Mesa program. Technology Transponders and magnetic card readers
recall electronic photographs of registered drivers and their passengers.
Images are presented on a monitor for border inspectors to visually
confirm participants. Process Participants use designated SENTRI lanes to
cross the border. The system automatically identifies the vehicles and the
participants authorized to use the program. Border inspectors compare
digitized photographs that appear on computer screens in the inspectors*
booths with the vehicles* passengers.

User fees There is no charge for the U. S./ Canada program. The SENTRI
program for the United States and Mexico is $129 ($ 25 enrollment fee per
person, $24 fingerprinting fee, and $80 systems fee). Benefits According
to an El Paso INS official, delays in border crossing are typically around
60* 90 minutes, but can be more than 2 hours. The SENTRI lane at a bridge
border crossing has wait times of no more than 30 minutes.

According to program officials, in Otay Mesa, CA, SENTRI participants wait
approximately 4* 5 minutes in the inspection lane, while nonparticipants
can wait up to 3 hours in a primary inspection lane.

Status Unknown

NEXUS British Columbia/ Washington; Ontario/ Michigan Purpose To expedite
border crossings for low- risk frequent commuters. NEXUS is a pilot
project of the

Canada- U. S. Shared Border Accord. Eligibility/ enrollment Canadian and
U. S. lawful, national, and permanent residents are eligible to apply for
program participation. Applicants complete an application that is reviewed
by the U. S. Customs Service, INS, Canada Customs and Revenue Service, and
Citizenship and Immigration, Canada. Applicants are required to provide
proof of citizenship and residency, employment authorizations, and visas.
Background checks are performed by officials of both countries.
Participants must also provide a fingerprint biometric of two index
fingers, which is verified

against an INS database for any American immigration violations. (Unlike
the CANPASS/ PORTPASS programs, NEXUS is a harmonized border- crossing
program with common eligibility requirements, a joint enrollment process,
and a common application and identity card.) Since 2000, program
administrators have issued 4, 415 identification cards to participants.
Technology Enrollees must provide a two- finger print biometric. Photo
identification cards are given to all

participants. Process The NEXUS identification card allows participants to
use NEXUS- designated lanes in the United States and Canada and to cross
the border without routine customs and immigration questioning.

User fees A nonrefundable processing fee of $80 Canadian or $50 U. S. must
be paid every 5 years. Benefits According to a study on the NEXUS Program,
participants can save 20 minutes, compared with using the regular primary
inspection lanes. Status Ongoing

Other information Officials may request full fingerprints to verify
identity. The two- finger print biometric or full prints may be shared
with other government and law enforcement agencies. In addition, any
personal information provided will also be shared with other government
and law enforcement agencies. Additional crossing points are scheduled to
open in 2003.

INSPASS (INS Passenger Accelerated Service System)/ CANPASS Airport

Detroit, Michigan; Los Angeles, California; Miami, Florida; Newark, New
Jersey; New York, New York; San Francisco, California; Washington, D. C.;
Vancouver and Toronto, Canada

Purpose To decrease immigration inspection for low- risk travelers
entering the U. S. via international flights.

Eligibility/ enrollment Employed at seven airports in the United States
(Detroit, Los Angeles, Miami, Newark, New York (JFK), San Francisco,
Washington- Dulles) and at U. S. pre- clearance sites in Canada, in
Vancouver and Toronto. INSPASS enrollment is open to all citizens of the
United States, Canada, Bermuda, and visa- waiver countries who travel to
the United States on business three or more times a year for short visits
(90 days or less). INSPASS is not available to anyone with a criminal
record or to aliens who are not otherwise eligible to enter the United
States. The enrollment process involves capturing biographical
information, hand geometry biometric data and facial picture and digital
fingerprint information. A background check is done automatically for the
inspector and, if approved, a machine- readable card is created for the
traveler. The entire enrollment process typically takes 30* 40 minutes.
Over 98, 000 enrollments have been performed in INSPASS, of which 37,000
are active as of September 2001. Biometric technology Hand geometry

Process Once enrolled, the traveler is able to use an automated kiosk at
passport control. A traveler is required to swipe the INSPASS card, enter
flight information on a touchscreen, verify hand geometry, and complete a
security check. Upon successful inspection, a receipt is printed that
allows the traveler to proceed to U. S. Customs.

User fees Presently, there are no system cost fees or filing fees
associated with INSPASS. Status The CANPASS Airport program has been
suspended since September 11, 2001, and will be replaced by the Expedited
Passenger Processing System in 2003. INSPASS is being

reworked and plans for a new version are under way. a Please see appendix
III for an explanation of hand geometry verification technology. Two-
finger geometry is a variation on hand geometry. b The passport reader
used in the IP@ SS pilot program was being tested for the ability to read
ink and

proper passport dimensions only. Source: GAO*s analysis of program
information.

Appendi x V

GAO Contacts and Staff Acknowledgments GAO Contacts Gerald L. Dillingham
(202) 512- 3650 Bonnie A. Beckett (202) 512- 6525 Acknowledgments Key
contributors to this assignment were Jean Brady, David Dornisch,

David Goldstein, David Hooper, Bob Kolasky, Heather Krause, David
Lichtenfeld, and Cory Roman.

(540039)

GAO*s Mission The General Accounting Office, the investigative arm of
Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability of
the federal government for the American people. GAO examines the use of
public funds; evaluates federal programs and

policies; and provides analyses, recommendations, and other assistance to
help Congress make informed oversight, policy, and funding decisions.
GAO*s commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of The fastest and easiest way to obtain copies of GAO
documents at no cost is through the Internet. GAO*s Web site (www. gao.
gov) contains abstracts and fulltext GAO Reports and

files of current reports and testimony and an expanding archive of older
Testimony

products. The Web site features a search engine to help you locate
documents using key words and phrases. You can print these documents in
their entirety, including charts and other graphics.

Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as *Today*s Reports,* on its
Web site daily. The list contains links to the full- text document files.
To have GAO e- mail this list to you every afternoon, go to www. gao. gov
and select *Subscribe to daily E- mail alert for newly released products*
under the GAO Reports heading.

Order by Mail or Phone The first copy of each printed report is free.
Additional copies are $2 each. A check or money order should be made out
to the Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are discounted 25
percent. Orders should be sent to:

U. S. General Accounting Office 441 G Street NW, Room LM Washington, D. C.
20548

To order by Phone: Voice: (202) 512- 6000 TDD: (202) 512- 2537 Fax: (202)
512- 6061

To Report Fraud, Contact: Waste, and Abuse in

Web site: www. gao. gov/ fraudnet/ fraudnet. htm E- mail: fraudnet@ gao.
gov

Federal Programs Automated answering system: (800) 424- 5454 or (202) 512-
7470

Public Affairs Jeff Nelligan, managing director, NelliganJ@ gao. gov (202)
512- 4800 U. S. General Accounting Office, 441 G Street NW, Room 7149

Washington, D. C. 20548

a

GAO United States General Accounting Office

Under a variety of approaches related to the concept of a registered
traveler program proposed by industry stakeholders, individuals who
voluntarily provide personal background information and who clear
background checks would be enrolled as registered travelers. Because these
individuals would have been pre- screened through the program enrollment
process, they would be entitled to expedited security screening procedures
at the airport.

Through a detailed literature review and interviews with stakeholders, GAO
found that a registered traveler program is intended to reduce the
inconvenience many travelers have experienced since September 11 and
improve the quality and efficiency of airport security screening. Although
GAO found support for this program among many stakeholders, GAO also found
concerns that such a program could create new aviation security
vulnerabilities.

GAO also identified a series of key policy and program implementation
issues that affect the program, including

Criteria for program eligibility;

Level of background check required for participation;

Security- screening procedures for registered travelers;

Technology options, including the use of biometrics to verify
participants;

Program scope, including the numbers of participants and airports; and

Program cost and financing options. Stakeholders offered many different
options on how best to resolve these issues.

Finally, GAO identified several best practices that Congress and TSA may
wish to consider in designing and implementing a registered traveler
program.

GAO concluded that a registered traveler program is one possible approach
for managing some of the security vulnerabilities in our nation*s aviation
systems. However, decisions concerning key issues are needed before
developing and implementing such a program.

TSA felt that GAO*s report offered a good overview of the potential and
the challenges of a registered traveler program. The agency affirmed that
there are no easy answers to some of the issues that GAO raised and that
these issues need more study.

AVIATION SECURITY Registered Traveler Program Policy and Implementation
Issues

www. gao. gov/ cgi- bin/ getrpt? GAO- 03- 253. To view the full report,
including the scope and methodology, click on the link above. For more
information, contact Gerald Dillingham (202- 512- 3650). Highlights of
GAO- 03- 253, a report to the

Honorable Kay Bailey Hutchison, U. S. Senate

November 2002

The aviation industry and business traveler groups have proposed the
registered traveler concept as a way to reduce long waits in airport
security lines caused by heightened security screening measures
implemented after the September 11 terrorist attacks. In addition,
aviation security experts have advocated this concept as a way to better
target security resources to those travelers who might pose greater
security risks. The Aviation and Transportation Security Act of November
2001 allows the Transportation Security Administration (TSA) to consider
developing a registered traveler program as a way to address these two
issues.

GAO completed this review to inform Congress and TSA of policy and
implementation issues related to the concept of a registered traveler
program.

Page i GAO- 03- 253 Registered Traveler Program

Contents Letter 1

Results in Brief 2 Background 4 A Registered Traveler Program Is Intended
to Improve Airport Security While Reducing the Inconvenience of Security

Screening 6 Key Policy and Implementation Issues Associated with a
Registered Traveler Program 10

Key Principles to Guide Program Implementation 20 Concluding Observations
24 Agency Comments 24

Appendixes

Appendix I: Scope and Methodology 26

Appendix II: Interviews Conducted 28

Appendix III: Testing Results on Leading Biometrics 29 Types of Biometric
Technologies 29

Appendix IV: Information about Existing Programs for Registered Travelers
31

Appendix V: GAO Contacts and Staff Acknowledgments 36 GAO Contacts 36
Acknowledgments 36

Table Table 1: Important Features of Biometric Technologies 30

Abbreviations

ATA Air Transport Association DOT Department of Transportation FAA Federal
Aviation Administration FBI Federal Bureau of Investigation INS
Immigration and Naturalization Service SENTRI Secure Electronic Network
for Travelers* Rapid Inspection TSA Transportation Security Administration
TWIC Transportation Worker Identity Credential

Page 1 GAO- 03- 253 Registered Traveler Program United States General
Accounting Office

Washington, D. C. 20548 Page 1 GAO- 03- 253 Registered Traveler Program

A

Page 2 GAO- 03- 253 Registered Traveler Program

Page 3 GAO- 03- 253 Registered Traveler Program

Page 4 GAO- 03- 253 Registered Traveler Program

Page 5 GAO- 03- 253 Registered Traveler Program

Page 6 GAO- 03- 253 Registered Traveler Program

Page 7 GAO- 03- 253 Registered Traveler Program

Page 8 GAO- 03- 253 Registered Traveler Program

Page 9 GAO- 03- 253 Registered Traveler Program

Page 10 GAO- 03- 253 Registered Traveler Program

Page 11 GAO- 03- 253 Registered Traveler Program

Page 12 GAO- 03- 253 Registered Traveler Program

Page 13 GAO- 03- 253 Registered Traveler Program

Page 14 GAO- 03- 253 Registered Traveler Program

Page 15 GAO- 03- 253 Registered Traveler Program

Page 16 GAO- 03- 253 Registered Traveler Program

Page 17 GAO- 03- 253 Registered Traveler Program

Page 18 GAO- 03- 253 Registered Traveler Program

Page 19 GAO- 03- 253 Registered Traveler Program

Page 20 GAO- 03- 253 Registered Traveler Program

Page 21 GAO- 03- 253 Registered Traveler Program

Page 22 GAO- 03- 253 Registered Traveler Program

Page 23 GAO- 03- 253 Registered Traveler Program

Page 24 GAO- 03- 253 Registered Traveler Program

Page 25 GAO- 03- 253 Registered Traveler Program

Page 26 GAO- 03- 253 Registered Traveler Program

Appendix I

Appendix I Scope and Methodology

Page 27 GAO- 03- 253 Registered Traveler Program

Page 28 GAO- 03- 253 Registered Traveler Program

Appendix II

Page 29 GAO- 03- 253 Registered Traveler Program

Appendix III

Appendix III Testing Results on Leading Biometrics

Page 30 GAO- 03- 253 Registered Traveler Program

Page 31 GAO- 03- 253 Registered Traveler Program

Appendix IV

Appendix IV Information about Existing Programs for Registered Travelers

Page 32 GAO- 03- 253 Registered Traveler Program

Appendix IV Information about Existing Programs for Registered Travelers

Page 33 GAO- 03- 253 Registered Traveler Program

Appendix IV Information about Existing Programs for Registered Travelers

Page 34 GAO- 03- 253 Registered Traveler Program

Appendix IV Information about Existing Programs for Registered Travelers

Page 35 GAO- 03- 253 Registered Traveler Program

Page 36 GAO- 03- 253 Registered Traveler Program

Appendix V

United States General Accounting Office Washington, D. C. 20548- 0001

Official Business Penalty for Private Use $300

Address Service Requested Presorted Standard

Postage & Fees Paid GAO Permit No. GI00
*** End of document. ***