Transportation Security Administration's Office of Intelligence: 
Responses to Posthearing Questions Regarding Secure Flight	 
(04-AUG-06, GAO-06-1051R).					 
                                                                 
This letter responds to Congress's request for additional	 
information related to Congress's June 14, 2006, hearing on the  
progress and challenges of the Transportation Security		 
Administration's (TSA) Office of Intelligence. As discussed in	 
the statement at the hearing, for over 3 years, TSA has faced	 
numerous challenges in developing a federal passenger		 
prescreening program, known currently as Secure Flight, because  
TSA did not follow a disciplined life cycle development approach.
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-06-1051R					        
    ACCNO:   A58079						        
  TITLE:     Transportation Security Administration's Office of       
Intelligence: Responses to Posthearing Questions Regarding Secure
Flight								 
     DATE:   08/04/2006 
  SUBJECT:   Accountability					 
	     Data collection					 
	     Homeland security					 
	     Passenger screening				 
	     Passenger screening systems			 
	     Requirements definition				 
	     Program management 				 
	     TSA Secure Flight Program				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-06-1051R

August 4, 2006

The Honorable Rob Simmons

Chairman

Subcommittee on Intelligence, Information

Sharing and Terrorism Risk Assessment

Committee on Homeland Security

House of Representatives

Subject: Transportation Security Administration's Office of Intelligence:
Responses to Posthearing Questions Regarding Secure Flight

Dear Mr. Chairman:

This letter responds to your request for additional information related to
the subcommittee's June 14, 2006, hearing on the progress and challenges
of the Transportation Security Administration's (TSA) Office of
Intelligence. Enclosed are our responses to the supplemental questions you
submitted for the record. Our responses are based largely on information
contained in our report entitled Aviation Security: Secure Flight
Development and Testing Under Way, but Risks Should Be Managed as System
Is Further Developed (GAO-05-356, March 28, 2005), and our testimonies
entitled Aviation Security: Significant Management Challenges May
Adversely Affect Implementation of the Transportation Security
Administration's Secure Flight Program (GAO-06-374T, February 9, 2006),
and Aviation Security: Management Challenges Remain for the Transportation
Security Administration's Secure Flight Program (GAO-06-864T, June 14,
2006).

As discussed in my statement at the hearing, for over 3 years, TSA has
faced numerous challenges in developing a federal passenger precreeening
program, known currently as Secure Flight, because TSA did not follow a
disciplined life cycle development approach. Although TSA made some
progress, it suspended the program's development earlier this year to
reassess program direction, and it anticipates completing the reassessment
by the end of September 2006. Whatever direction Secure Flight takes, TSA
needs to follow a disciplined system development approach that fully
defines system requirements, schedule, and costs; coordinate with critical
stakeholders; ensure system effectiveness through assessing name-matching
technologies and policies to match passenger and terrorist watch list
data; conduct stress and end-to-end testing that verifies that the entire
system functions as intended; and establish privacy protocols and access
to a redress process.

If you have any further questions or would like to discuss any of the
issues in more detail, I can be reached at (202) 512-3404 or
[email protected] .

Sincerely yours,

Cathleen A. Berrick

Director

Homeland Security and Justice Issues

Enclosure-1

                       Response to Supplemental Questions

                                    for the

               Subcommittee on Intelligence, Information Sharing,

                         and Terrorism Risk Assessment,

                        Committee on Homeland Security,

                            House of Representatives

                                   Hearing on

                  The Transportation Security Administration's

                Office of Intelligence: Progress and Challenges

                                 June 14, 2006

           1. Ms. Berrick, what benefits will Secure Flight provide, once
           developed, over the current passenger prescreening process managed
           by air carriers?

           Answer:

           Until the Transportation Security Administration (TSA) completes
           its Secure Flight rebaselining efforts1 and decisions are made
           regarding the future direction of the program, the specific goals
           or benefits expected from Secure Flight over the current air
           carrier prescreening are uncertain. However, TSA officials have
           stated in the past that Secure Flight would

                        o  transfer the passenger name-matching process from
                        the air carriers to the federal government,
                        o  provide a uniform and consistent prescreening
                        name-matching process by using the same name-matching
                        technology,
                        o  utilize more exhaustive watch list information
                        than is currently provided to the air carriers, and
                        o  maintain a tighter control over sensitive security
                        terrorist watch list information by eliminating the
                        need to distribute it outside of the federal
                        government.

           As we stated in our February 2006 testimony, over the last 3 years
           TSA has faced a number of challenges in developing and
           implementing Secure Flight to ensure the program operates
           effectively. Key factors that could influence the effectiveness of
           Secure Flight remain to be finalized or resolved. More
           specifically, we stated that the program's effectiveness would be
           dependent on TSA:

                        o  assessing name-matching technologies that would be
                        used to vet passenger names against names in the
                        Terrorist Screening Database (TSDB) to learn more
                        about how these technologies would perform in an
                        operational environment,
                        o  performing stress testing to determine the
                        system's capabilities to handle peak data loads to
                        identify the relative volume of passengers who can be
                        identified as potential matches against the database,
                        and
                        o  undertaking a comprehensive end-to-end testing to
                        verify that the entire system would function as
                        intended.

           2. Ms. Berrick, your February 2006 Senate testimony made clear
           that the success of Secure Flight depends a great deal on the
           accuracy and completeness of records contained within the
           Terrorist Screening Center's "master" terrorist watch list-the
           Terrorist Screening Database (TSDB). As you know, the Department
           of Justice Inspector General found significant problems with the
           accuracy and completeness of the TSDB last June. To your
           knowledge, what progress has the Terrorist Screening Center (TSC)
           made in this area, and what is TSA doing to help ensure the
           accuracy of name matches against the TSDB?

           Answer:

           In June 2005, the Department of Justice's Office of the Inspector
           General reported that TSC could not ensure the completeness and
           accuracy of the data in the TSDB. Since that time, TSC officials
           stated that they have established processes to help ensure that
           the records within the TSDB, which may be required for Secure
           Flight, are as accurate and complete as possible. These processes
           include

                        o  conducting a record-by-record review that should
                        improve the quality of the TSDB records,
                        o  updating procedures for daily review of each new
                        or modified record, and
                        o  using automated rules to check the completeness of
                        records received from other agencies.

           As of June 2006, this record-by-record review was still ongoing.

           In addition, GAO currently has ongoing reviews of screening
           agencies' use of TSDB data that will provide additional
           information on TSC efforts to improve the quality of its records
           and how these efforts could possibly affect the end users of these
           data.

           3. In your view, Ms Berrick, how central is TSA's Office of
           Intelligence to the success of the Secure Flight program, and why?

           Answer:

           Currently, TSA's Office of Intelligence serves as a liaison
           between the intelligence community and the air carriers who use
           the terrorist watch list information in their prescreening of
           passengers. Specifically, the Office of Intelligence receives
           watch list data from the Terrorist Screening Center, prepares it
           for distribution to the air carriers, and sends it to the
           Transportation Security Operations Center, which in turn posts it
           to a secure Web site that is accessed by the air carriers for use
           in their name-matching processes. When an air carrier cannot
           resolve a potential match during its prescreening process, the air
           carrier contacts an Office of Intelligence analyst for assistance
           in resolving the potential match. If needed, the Office of
           Intelligence also contacts Terrorist Screening Center analysts who
           can access additional information to try to resolve the potential
           match. As a result, the Office of Intelligence plays a key role in
           current program operations.

           Until TSA completes its Secure Flight rebaselining efforts and
           decisions are made regarding the future direction of the program,
           the role of the Office of Intelligence and its relationship with
           Secure Flight is uncertain. However, Secure Flight's draft June
           2005 concept of operations stated that the program would employ
           its own analysts to conduct the manual reviews of passenger names
           that were potential matches against the watch lists as a result of
           the Secure Flight automated matching process. If assistance was
           needed in adjudicating a match, these analysts would notify the
           Terrorist Screening Center. These analysts would also notify the
           Office of Intelligence of potential passenger matches so it could
           conduct situational awareness with the air carrier, and when any
           inhibited boarding pass was released to a no-fly passenger who had
           been cleared through the process.

           4. Ms. Berrick, you testified in February that in addition to
           TSA's Secure Flight program, Customs and Border Protection (CBP)
           was developing a passenger prescreening program to match the names
           of international travelers bound for the U.S. against terrorist
           watch lists before their flight departs for the U.S. How are TSA
           and CBP working together, if at all, to coordinate these programs?

           Answer:

           As part of its ongoing rebaselining of the Secure Flight program,
           TSA has stated that it is collaborating with CBP to provide "one
           face" to air carriers for domestic and international passenger
           prescreening, that is, a strategic alignment that will allow for
           the collection and transmission of passenger data in a unified
           manner and at a uniform contact point to address issues that arise
           during either domestic or international prescreening processes. In
           July 2006, TSA officials stated that they had been meeting weekly
           with CBP to discuss their coordination efforts, but did not
           provide information on the actions being discussed.

           Further, in announcing CBP's Notice of Proposed Rulemaking for its
           Advance Passenger Information System (APIS), CBP reaffirmed the
           Department of Homeland Security's commitment to a common reporting
           process for the airline industry through APIS and TSA's Secure
           Flight program. CBP and TSA plan to continue their coordination of
           Pre-Departure APIS for international flights and Secure Flight for
           domestic flights by leveraging information gained during the
           Pre-Departure APIS Notice of Proposed Rulemaking. It is
           anticipated that TSA and CBP's joint efforts will allow for the
           prescreening function to occur through coordinated information
           connections and avoid duplication of communications, programming,
           and information requirements. Nevertheless, until TSA completes
           its rebaselining, how and when TSA and CBP's passenger
           prescreening programs will be coordinated remains uncertain.

           5. Ms. Berrick, your February testimony before the Senate mentions
           that TSA and TSC should conduct joint exercises to further
           understand "the effectiveness of using intelligence analysts to
           clear misidentified passengers during Secure Flight operations."
           What additional joint exercises are you aware of since this past
           February, and what kinds of exercises-in your view-would assist
           TSA's Office of Intelligence as it gears up to support Secure
           Flight? What basic questions should TSA and the TSC be striving to
           answer at this point?

           Answer:

           When TSA began rebaselining Secure Flight in February 2006, it
           suspended development and testing of the program. However, prior
           to rebaselining, TSA had conducted development and testing
           activities with key stakeholders, including the joint exercises
           with TSC analysts. Although we encourage TSA to continue its
           coordination with major stakeholders-including TSC-in order to
           develop an effective and efficient passenger prescreening program,
           it would be premature to speculate about the nature of testing
           needed until TSA announces its rebaselined program. As TSA
           continues its rebaselining and before it resumes development and
           testing, TSA, in collaboration with stakeholders including TSC,
           should address several questions that are fundamental to Secure
           Flight's effectiveness, including:

                        o  What passenger data should Secure Flight collect
                        to provide the best possible results when matched
                        against data contained in the no-fly and selectee
                        lists, which are derived from the TSDB?

                        o  What TSDB data attributes will be provided by the
                        TSC and what name matching technologies will Secure
                        Flight use to compare the passenger data with the
                        TSDB no-fly and selectee watch lists?

                        o  What manual review policies and procedures will be
                        established by TSA and TSC to determine whether a
                        potential match returned from Secure Flight's
                        automated matching process is a false positive or an
                        actual match against the watch list?

           6. Ms. Berrick, to your knowledge, is TSA's Secure Flight
           development team planning to increase the number of TSA analysts
           on staff to help administer the Secure Flight program? What sense
           do you have about TSA's capacity to handle the name matching
           process that will be required under Secure Flight if a passenger
           name cannot be differentiated from a terrorist included on the
           watch list?

           Answer:

           TSA's Secure Flight draft June 2005 concept of operations
           describes TSA's plans at that time for resolving potential
           passenger name matches to the terrorist watch list. While the
           concept of operations did not identify the number of analysts
           required, TSA officials had stated that they planned to use their
           own intelligence analysts who were currently involved in other
           people screening programs, such as the crew vetting program. As
           envisioned in 2005, Secure Flight operational testing was to begin
           with two air carriers, which TSA thought they could service with
           their current analyst staff or contractors and also provide the
           experience needed to more accurately determine the number of
           analysts needed for full operations. Until TSA completes its
           rebaselining of Secure Flight and establishes specific system
           requirements, TSA cannot determine the workload and number of
           analysts that will be required for the program. Further, without
           established system requirements and more concrete results from
           TSA's testing of the automated matching system, we can not assess
           TSA's capacity to manually review the potential passenger name
           matches for air carrier operations in a timely manner.

           7. Ms. Berrick, you reported to the Senate Commerce Committee in
           February that TSA had not yet clearly identified the privacy
           impacts of Secure Flight "or the full actions it plans to take to
           mitigate them." What should this Committee be looking at to ensure
           that if Secure Flight moves forward, that privacy is properly
           taken into account?

           Answer:

           In our previous reports and testimonies on Secure Flight, we
           recommended that TSA integrate privacy and other passenger rights
           protections into all aspects of Secure Flight operations. Such
           protections include statutory requirements, such as the Privacy
           Act, and the Fair Information Practices, a set of internationally
           recognized privacy principles that limit the collection, use, and
           disclosure of personal information by federal agencies. In
           monitoring this aspect of Secure Flight's development, the
           committee could review TSA's system of records notice and the
           privacy impact assessment that TSA plans to complete as part of
           Secure Flight's rebaselining and continued system development.
           These documents will describe how TSA considered privacy in the
           development of the system, and how it will protect passenger data
           once the system becomes operational.

           In addition, the committee could review TSA's plans for redress
           for passengers affected by Secure Flight. As we stated in our
           February and June 2006 testimonies, TSA currently provides
           individuals with an opportunity to seek redress, including a
           process for passengers who experience delays under the current
           name matching conducted by the air carriers. However, it is not
           clear if this current system will be used for Secure Flight or be
           able to accommodate redress related specifically to the operation
           of Secure Flight.

           In July 2006, TSA officials reiterated that they plan to address
           privacy and redress concerns as they rebaseline and further
           develop Secure Flight. Their system of records notice, privacy
           impact assessment, and plans for redress will be put forth along
           with their announcement of the rebaselined program or a rulemaking
           that is supposed to, among other things, describe the passenger
           data to be provided by air carriers.

           8. Ms. Berrick, you note in your prepared statement today that
           Secure Flight "was neither intended nor designed to address" the
           situation where a person has assumed another person's identity
           through identity theft. In recent weeks, we have learned that
           millions of veterans may have had their names and Social Security
           numbers stolen from the home of a Department of Veterans Affairs'
           contractor. Given this development, should TSA be exploring some
           sort of identity theft safeguards as part of the Secure Flight
           rebaselining effort? What recommendations, if any, do you have in
           this regard?

           Answer:

           Secure Flight was designed to take over the passenger prescreening
           responsibility, or the matching of passenger data against
           terrorist watch lists prior to a passenger receiving a boarding
           pass from the air carriers. TSA officials have stated that Secure
           Flight represents only one layer of security within the aviation
           infrastructure and is not designed or intended to protect against
           all vulnerabilities, such as identity theft. While TSA has
           recognized that identity theft is a vulnerability for Secure
           Flight, the extent to which it will be addressed under the
           rebaselined program remains unknown. However, we believe that this
           important issue, which will affect Secure Flight's effectiveness,
           will also affect other Department of Homeland Security programs
           and, therefore, should be addressed by TSA. We do not have any
           specific recommendations on how TSA should address this
           vulnerability at this time.

           9. Ms. Berrick, you state in your prepared remarks that GAO is
           supportive of the rebaselining of the Secure Flight program. In
           your view, what principles should guide TSA's efforts to get the
           program right, and what role does TSA's Office of Intelligence
           have in this regard?

           Answer:

           There are several interrelated principles that should guide TSA in
           its development and implementation of the passenger prescreening
           program. These principles are

                        1. development of a program using the sound
                        management principles in TSA's System Development
                        Life Cycle, including development of program goals
                        and requirements, a schedule and the associated costs
                        for attaining those goals, and an effective program
                        for securing the system and its data;
                        2. development of a system that maximizes the
                        accuracy and completeness of the data used and the
                        effectiveness of the automated tools and manual
                        processes used for name matching;
                        3. coordination with stakeholders, including CBP,
                        TSC, and air carriers; and
                        4. establishment of privacy protocols, protection of
                        passenger rights, and access to redress for
                        passengers impacted by Secure Flight.

           TSA has not made clear the role and relationship of the Office of
           Intelligence in its efforts to rebaseline the Secure Flight
           program.

           10. Ms. Berrick, over the last three years, GAO's numerous reports
           and testimonies on Secure Flight have highlighted significant
           challenges. What do you believe are the most formidable challenges
           facing TSA's efforts with Secure Flight, and what do you believe
           TSA must do to overcome these challenges? How central is the role
           for TSA's Office of Intelligence in getting Secure Flight "right"
           and how should it be coordinating its efforts with the Terrorist
           Screening Center and other entities in this regard?

           Answer:

           Based on our Secure Flight work over the last three years, four
           key challenges have been identified that are directly related to
           principles discussed in our response to the previous question.
           These challenges are

                        1. developing, managing, and overseeing the program
                        through a comprehensive System Development Life Cycle
                        plan that would include establishing program goals
                        and systems requirements, developing cost and
                        schedule estimates that reflect all aspects of the
                        program, and designing a security program that
                        protects the system and the data it uses;
                        2. addressing key factors that will affect the
                        effectiveness of Secure Flight in identifying
                        individuals on the no-fly and selectee lists that
                        include (1) assessing passenger name-matching
                        technologies and policies that will be used to match
                        passenger names against terrorist watch list data,
                        (2) conducting stress testing to determine how Secure
                        Flight would handle peak data volumes, and (3)
                        performing comprehensive end-to-end operational
                        testing to determine that the system performs as
                        intended;
                        3. coordinating with federal and private sector
                        stakeholders, such as CBP, TSC, and air carriers,
                        that play a critical role in collecting,
                        transmitting, and analyzing the data needed for
                        Secure Flight operations; and
                        4. minimizing program impacts on passenger privacy,
                        protecting passenger rights, and providing access to
                        redress for passengers affected by Secure Flight.

           Until TSA completes rebaselining Secure Flight and establishes
           specific system requirements, it is difficult to determine the
           exact roles that TSA's Office of Intelligence, TSC, and other
           stakeholders will fulfill. However, no matter what the outcome of
           TSA's rebaselining is, the Office of Intelligence and TSC will
           likely play an important role in determining whether passengers'
           names that have been matched to a name contained in the TSDB are
           actual matches. For the Office of Intelligence and TSC to function
           as part of Secure Flight, TSA will need to determine the level of
           staff support that it will require for each entity so that vetting
           outcomes can be handled in a timely manner.

1 In early 2006, TSA suspended development of Secure Flight and initiated
a reassessment, or rebaselining, of the program. As of July 2006, TSA was
continuing with its rebaselining efforts, which it expects to complete
before the end of September 2006.

(440536)

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts newly
released reports, testimony, and correspondence on its Web site. To have
GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: [email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548

Public Affairs

Paul Anderson, Managing Director, [email protected] (202) 512-4800 U.S.
Government Accountability Office, 441 G Street NW, Room 7149 Washington,
D.C. 20548

*** End of document. ***