Sunday, 10 October 2004
TSA revives dormant air transport industry advisory panel
The largely-dormant Transportation Security Advisory Committee to the USA Transportation Security Administration (TSA), which was originally established by the TSA's predecessor, the Federal Aviation Administration (FAA) of the Department of Transportation (DOT), met on 30 September 2004 for the first time in 10 months.
The interval was pretty typical, although the all-day meeting was not: the ASAC usually has met for an hour or two, once or twice or year. You might expect that meetings of an advisory committee would consist mostly of discussions among the members, or their questioning of and reports to the agency they are supposed to advise. But it usually works the other way around: the agenda for the latest ASAC meeting consisted mainly of a series of prepared presentations to the "advisors" by TSA staff.
Topics of those presentations included TSA-industry collaboration in international initiatives for surveillance and tracking of travellers , the TSA's vision for building security and surveillance systems into the infrastructure of the Airport of the Future , and proposals by the TSA for two new ASAC working groups: one to assess the operational and economic impacts to the entire US Commercial Aviation System resulting from proposed security improvements , and a Secure Flight Privacy/IT Working Group (see slide 9) whose goals would be to:
- Provide secure forum for the exchange of ideas and discussion within the framework of existing rules and policies
- Provide TSA/DHS officials access to persons with key knowledge and expertise on a continuing basis
- Provide an objective and independent assessment of the technical and privacy oriented parameters that are the basis for Secure Flight design and present findings
- Build public understanding, trust, and confidence in the new system and its implementation.
Establishment of a joint TSA-industry impact assessment group is an important and positive, if long overdue, step by the TSA. In public testimony to Congress and in interviews with me, on and off the record, representatives from all three major segments of the industry -- airlines, CRS's , and travel agencies -- have described increasing frustration at the TSA's insistence, despite its ignorance of airline reservation procedures, in spurning the industry's standing offers to work with the TSA, rather than be forced to oppose proposals made in ignorance of their feasibility, cost, or other implications. Industry dialogue and consultation isn't a substitute for public dialogue and consultation, but in the case of an agency as clueless about its real-world area of authority as the TSA and especially the TSA Office of National Risk Assessment (ONRA), it would be a positive step.
The so-called "privacy" working group would be a different story. According to the presentation to the ASAC by TSA Privacy Officer Lisa Dean and ONRA Director Justin Oberman, the real purpose of the working group would be to "meet" several externally imposed (and, past TSA behavior makes clear, internally opposed and resisted or ignored) obligations:
TSA PROPOSAL TO ASAC
Establishment of ASAC Secure Flight Privacy/IT Working Group meets:
- Congressional statutory requirement for Privacy & IT Oversight
- TSA internal planning, and
- GAO report standards as defined in, "Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges" (GAO-04-385, February 2004).
In reality, such a working group of the ASAC would meet none of these goals.
First, the ASAC is not a privacy organization , and has no privacy expertise. All but two of the 27 ASAC members represent government or industry organizations, none of which have a focus on privacy or civil liberties. The only two passenger representatives on the ASAC are the "Victims of Pan Am Flight 103" (a legitimate but obviously special-interest organization, which has never mentioned privacy) and the International Airline Passengers Association (IAPA), which defines itself as an organization of "frequent business travelers" offering "privileges and benefits" such as negotiated discounts. It doesn't claim to represent ordinary air travelers, and its Web page on passenger advocacy mentions neither privacy nor civil liberties.
Second, the ASAC has no oversight authority. By definition, as a Federal advisory committee, the ASAC can only make recommendations to the TSA, and only on such topics, and to such an extent, as its input is solicited by the TSA. It cannot take any action -- not even to issue a report on a particular issue of concern -- on its own initiative, and it has no "enforcement" power.
The attempt in the presentation to the ASAC by Justin Oberman (ONRA) and Lisa Dean (TSA) to represent the TSAC, or a sub-group of its membership, as something that could "meet" any statutory or other requirement for oversight or input on privacy or civil liberties is clearly an attempt to defraud whomever is their intended audience for these claims.
The proposal for a working group of the ASAC to address privacy and civil liberties also suggests that the TSA and its parent the Department of Homeland Security (DHS) have backed away from, or at least postponed, their plans to create a new advisory committee specifically to address these issues.
When DHS Chief Privacy Office Nuala O'Connor Kelly announced the plan for a DHS Data Integrity, Privacy, and Interoperability Advisory Committee in her address to the Computers Freedom and Privacy conference in April 2004, the deadline for applications was to be 30 April 2004, with the committee to be appointed shortly thereafter. Applications closed 15 May 2004, after an extension of the deadline, but there's been no word about the creation of this committee since a 28 July 2004 letter I made public when I received it which informed applicants that, "We anticipate that recommendations for consideration will be submitted to the Office of the Secretary [of Homeland Security] in August 2004. Appointments are expected soon thereafter." To date, no appointments have been announced.
It appears that, instead of creating even a captive and toothless advisory committee of people with any expertise in privacy or civil liberties, or at any rate without waiting for the formation of that long-overdue body, the TSA and DHS have assigned that task to a group of industry representatives with no relevant expertise or record of concern. And they are claiming that this "meets" demands that they give serious consideration to privacy and civil liberties, and provide an independent mechanism for oversight of their performance and compliance on these issues.
Sorry, folks. A powerless advisory committee drawn from the air travel industry is neither the appropriate nor a competent guarantor of the consumer interests, privacy, or civil liberties of travellers, nor will travellers or genuine privacy and civil liberties advocates allow the TSA to claim that it is.
Given the TSA's (and especially the ONRA's) obsession with secrecy, it will be interesting to see whether the new working groups of the ASAC comply with the statutory requirement that the public be given notice of, and the opportunity to attend and observe, their meetings.
Minutes and (sometimes) transcripts of ASAC meetings have typically been made public only many months after the fact. Minutes of the October and November 2003 meetings weren't posted on the DHS or TSA Web site until just a few weeks ago, almost a full year later. Neither the TSA nor the DHS issued any public statement about the 30 September 2004 ASAC meeting, and I don't know if any journalists were in attendance. So I don't know if the "Secure Flight Privacy/IT Working Group" of the ASAC was appointed, or if so, who its members are or whether they include either or both of the ASAC's two members from passenger organizations (neither of which are consumer, privacy, or civil liberties advocates).
Privacy and civil liberties watchdogs -- such as those who might have been included on the DHS Privacy Advisory Committee, had it been created by now -- should keep a close watch on the ASAC , and on who else is told these lies about its (lack of) privacy and civil liberties representation and its (lack of) oversight authority.Link | Posted by Edward on Sunday, 10 October 2004, 21:34 ( 9:34 PM) | TrackBack (0)