NEW YORK – The Transportation Security Administration is expanding its screening of passengers before they arrive at the airport by searching a wide array of government and private databases that can include records like car registrations and employment information.
While the agency says that the goal is to streamline the security procedures for millions of passengers who pose no risk, the new measures give the government greater authority to use travelers’ data for domestic airport screenings. Previously that level of scrutiny applied only to individuals entering the United States.
The prescreening, some of which is already taking place, is described in documents the TSA released to comply with government regulations about the collection and use of individuals’ data, but the details of the program have not been publicly announced.
It is unclear precisely what information the agency is relying upon to make these risk assessments, given the extensive range of records it can access, including tax identification number, past travel itineraries, property records, physical characteristics, and law enforcement or intelligence information.
The measures go beyond the background check the government has conducted for years, called Secure Flight, in which a passenger’s name, gender and date of birth are compared with terrorist watch lists. Now, the search includes using a traveler’s passport number, which is already used to screen people at the border, and other identifiers to access a system of databases maintained by the Department of Homeland Security.
Privacy groups contacted by the New York Times expressed concern over the security agency’s widening reach.
“I think the best way to look at it is as a pre-crime assessment every time you fly,” said Edward Hasbrouck, a consultant to the Identity Project, one of the groups that oppose the prescreening initiatives. “The default will be the highest, most intrusive level of search, and anything less will be conditioned on providing some additional information in some fashion.”
The TSA, which has been criticized for a one-size-fits-all approach to screening travelers, said the initiatives were needed to make the procedures more targeted.
“Secure Flight has successfully used information provided to airlines to identify and prevent known or suspected terrorists or other individuals on no-fly lists from gaining access to airplanes or secure areas of airports,” the security agency said in a statement. “Additional risk assessments are used for those higher-risk passengers.”
An agency official discussed some aspects of the initiative on the condition that she not be identified. She emphasized that the main goal of the program was to identify low-risk travelers for lighter screening at airport security checkpoints, adapting methods similar to those used to flag suspicious people entering the United States.
Anyone who has never traveled outside the United States would not have a passport number on file and would therefore not be subject to the rules that the agency uses to determine risk, she said, although documents indicate that the agency is prescreening all passengers in some fashion.
The official added that these rules consider things like an individual’s travel itinerary, length of stay abroad and type of travel document, like a passport. If an airline has a traveler’s passport number on file, it is required to share that information with the TSA, even for a domestic flight.
The agency also receives a code indicating a passenger is a member of the airline’s frequent-flier program and has access to details about past travel reservations, known as passenger name records. This official could not confirm if that information was being used to assess a passenger’s risk.
The effort comes as the agency is trying to increase participation in its trusted traveler program, called PreCheck, that allows frequent fliers to pass through security more quickly after submitting their fingerprints and undergoing a criminal-background check.
The TSA has emphasized its goal of giving 25 percent of all passengers lighter screening by the end of next year, meaning they can keep their shoes and jackets on, wait in separate lines and leave laptop computers in their bags. But travelers who find themselves in the higher-risk category can be subjected to repeated searches.
That has happened to Abdulla Darrat, an urban planner from Queens who said he was flagged for extra scrutiny all eight times he flew since June.
When he tries to check in online, a message tells him to check in at the airport, where he receives a boarding pass marked with “SSSS” indicating that he must undergo enhanced screening. His name has been handwritten on a card at the podium where an agent checks passengers’ identification, he said.
“They pat me down,” Darrat, 31, said. “Then they pull out every single article of clothing in my bag. They take out every shirt and every pair of pants.”
He said he assumed that the extra scrutiny was because he had flown to Libya to visit relatives.
The airline industry has supported the expansion of PreCheck and using data about travelers to decide who should receive more or less scrutiny at checkpoints, to reduce security bottlenecks and focus resources on higher-risk passengers.
At the heart of the expanded effort is a database called the Automated Targeting System, which is maintained by the Department of Homeland Security and screens travelers entering the United States.
Data in the Automated Targeting System is used to decide who is placed on the no-fly list – thousands of people the U.S. government has banned from flying – and the selectee list, an unknown number of travelers who are required to undergo more in-depth screening, like Darrat. The TSA also maintains a PreCheck disqualification list, tracking people accused of violating security regulations, including disputes with checkpoint or airline staff members.
Much of this personal data is widely shared within the Department of Homeland Security and with other government agencies. Privacy notices for these databases note that the information may be shared with federal, state and local authorities; foreign governments; law enforcement and intelligence agencies – and in some cases, private companies for purposes unrelated to security or travel.