Privacy Swapped for Convenience in TSA Frequent Flier Program

Becoming a trusted flier through the Transportation Security Administration's new "Registered Traveler" program may get fliers through a shorter line at the airport, but they better be prepared to submit fingerprints, pay a fee and go through a criminal background check first.

And according to government officials, unless the private vendor operating the program decides to check financial and other commercial records, fliers won't necessarily get out of taking off their shoes, opening laptops, baring their jackets or following other time-consuming screening measures.

"The requirements are pretty onerous," said Charles Pena, homeland security expert for the Coalition for a Realistic Foreign Policy, who wondered aloud if it is worth the price.

However, "if getting through security at an airport is so important to people that they would voluntarily give up that much information to the government, then I guess that is a trade-off decision they have to make, no one is forcing them to do it," he said.

TSA operated a six-month, five-airport pilot program that ended Sept. 30 amid reports of great success. A sixth program, dubbed "Clear," is still being run by a private vendor in Orlando, and is expected to continue until mid-2006.

In all, 23,000 travelers have participated in the pilots. TSA is now accepting prospective business models from other private vendors who want to run Registered Traveler at interested airports nationwide.

“Right now it looks like a great program,” said TSA spokeswoman Lauren Stover. “The aviation industry has widely accepted this.”

The program works like this: fliers who want to qualify for a Registered Traveler pass must submit all 10 fingerprints, which will be stored with the TSA, submit to a criminal background check and pay a fee to the vendor of anywhere from $80 and $100.

In exchange, travelers will receive a “smart card” that contains their personal information and will be maintained by the private vendor. Travelers will swipe the card each time they go through airport security.

TSA officials and private companies facilitating the program say Registered Traveler is a great way to separate out fliers they know from possible terror threats they haven't found yet.

“It’s a big positive for security. Not only can it benefit easier access for frequent travelers, but it can allow TSA to focus on travelers who pose an unknown risk,” said Tom Blank, spokesman for the Voluntary Credentialing Industry Coalition, a group of nine biometric and access-control companies seeking to run the new program.

On Thursday, the Senate Commerce, Science and Transportation Committee held a hearing on delays in the launch of the "Registered Traveler" program as well as the "Secure Flight" program, which would subject all travelers to some level of background checks before they fly. TSA officials announced they were suspending Secure Flight as the information technology office conducted a "comprehensive audit."

Among the questions still to be answered about the Registered Traveler program is whether fliers will be able to use one vendor's smart card at an airport run by another vendor. Also unanswered so far is what benefits, if any, are available to registered travelers who pass through an airport without a Registered Traveler program.

TSA announced last month that fliers might be able to get extra screening benefits if the vendors choose to add a layer of checks using commercial data. Any such information, the agency said, would have to be maintained by the vendor and comply with federal privacy laws. But privacy advocates are balking at the suggestion, and some question the program in its entirety.

"No, no and no," answered James Harper, a privacy policy expert with the libertarian Cato Institute, when asked if commercial data should be used in any airport screening program. He said he doesn't recommend Registered Traveler at all, "because I don't think Americans should undergo background checks in order to travel."

He added that as with any government bureaucracy, "you never know where your information is going to go."

TSA has had several well-publicized problems with privacy, particularly with inappropriately obtaining and sharing passenger information protected by federal law. In July 2004, the Senate Governmental Affairs Committee found that at least eight airlines and airline reservation services had provided passenger data to contractors working for the TSA without alerting passengers. The data was used to design the prototype for the TSA’s Computer Assisted Passenger Pre-Screening Program (CAPPS II), which was eventually scrapped due to growing privacy concerns.

The shutdown was ordered after it was reported that Northwest Airlines and JetBlue Airlines had passed along millions of passenger records to government agencies for security projects after the Sept. 11, 2001, terror attacks.

Critics say the administration can’t be trusted with securing private information. Matt Zimmerman, staff attorney for the Electronic Frontier Foundation in California, said his group is concerned that Registered Traveler is just a "backdoor way to re-introduce" CAPPS II, which would have been mandatory for all passengers. He said the past privacy violations should give pause, even if this program is purely voluntary.

"Basically, TSA's track record itself should raise concerns," said Zimmerman.

Blank said private companies have not yet come to a consensus over using commercial records.

“The use of commercial data is pretty widely known and accepted these days,” said Blank, noting that challenges have emerged over how use of such data would comply with the Privacy Act, how the data would be stored and for how long it would be stored as well as which data is going to be used.

“There are a number of questions that have been raised,” said Blank. “I don’t want to lead you to believe these [questions] are insurmountable … if commercial data can help us, why not use it?”

Carter Morris, vice president of the Airport Executives Association, which represents officials from 70 major airports across the country and supports Registered Traveler, said the use of commercial data is certainly on the table. His association has yet to weigh in, however.

"There are a number of folks we are talking to, about the pros and the cons," he said. "It's too early to tell."

Stover said TSA is being very careful in balancing privacy and security, and will be working with vendors to ensure that any program instituted will adhere to the law.

"We look at these issues very carefully. We want to keep travelers secure without infringing on anyone's privacy," she said.

Cato's Harper said that he thinks passengers should be concerned that Registered Traveler may eventually become involuntary because the government will try to making it more and more inconvenient not to join.

"It's very likely," said Harper. "They probably won’t just announce its required for all fliers, but they will make it harder and harder to be a non-registered flier, and degrade and degrade the non-registered travelers. They may even start to treat the non-registered fliers as suspect."

TSA officials and private supporters balk at such a suggestion.

"I really don’t think that could happen, for a couple of reasons," said Blank. One is cost, and two: "I think that would be heading towards a national ID program," which everyone agrees is not on the table.

Pena said the integrity of the system should also be challenged. While law-abiding citizens might be lining up to register, terrorists could be plotting how to steal identities from the program and work the new system to their advantage.

"Once you tell the bad guys that you have a created a program in which people can get around security, then you have created an incentive for them to tap into that system," Pena suggested. "Do you really want that?"