Sunday, 18 June 2006
GAO auditors still grade Secure Flight "incomplete"
In testimony this week to Congress, USA government auditors from the Government Accountability Office (GAO) reiterated their earlier testimony to another Congressional hearing in February 2006: the Transportation Security Administration (TSA) still hasn't met any of the prerequisites set by Congress before the airline passenger "screening" and tracking scheme could be deployed, and the TSA still doesn't have a sufficiently clear idea of the goals of the program, or how it will work, for the GAO to be able to give any opinion as to whether it will accomplish any of those yet-to-be-defined goals. The GAO assessment was scathingly dismissive of the TSA's lack of progress:
For example, program officials declared the design phase complete before requirements for designing Secure Flight had been detailed....
TSA has ... undertaken efforts to rebaseline the program.... When we reported on Secure Flight in March 2005, TSA had committed to take action on our recommendations to manage the risks associated with developing and implementing Secure Flight, including finalizing the concept of operations, system requirements, and test plans; completing formal agreements with CBP and air carriers to obtain passenger data; developing life cycle cost estimates and a comprehensive set of critical performance measures; issuing new privacy notices; and putting a redress process in place.
When we testified in February 2006, ... TSA had not completed any of the actions it had scheduled to accomplish. In particular, TSA had not developed complete system requirements or conducted important system testing, made key decisions that would impact system effectiveness, or developed a program management plan and a schedule for accomplishing program goals....
We ... believe that proceeding with operational testing and completing other key program activities should not be pursued until TSA demonstrates that it has put in place a more disciplined life cycle process as part of its rebaselining effort.
What more can I say? Actually, quite a bit.
The most important thing to understand about the GAO evaluation is its extremely narrow focus on whether Secure Flight would satisfy certain Congressionally mandated criteria. It was not, and was not intended to be, a comprehensive evaluation of the merits, desirability, or legality of the scheme.
In particular, the GAO testimony mentions concerns about the privacy of travellers only in terms of whether Secure Flight would comply with the Privacy Act. The GAO didn't investigate the formal complaints that Secure Flight testing has already violated the Privacy Act. The GAO made no attempt to evaluate Secure Flight against the Constitution or any statutes other than the Privacy Act, in spite of complaints that it violates provisions of the Constitution (especially the assembly clause of the First Amendment) and of multiple statutes (especially the common carrier and "public right of transit" clauses of the Airline Deregulation Act). And the GAO didn't consider whether Secure Flight would be consistent with the privacy laws and CRS regulations in Canada, the European Union, and other jurisdictions where data in airline reservations is collected (especially since, as I've recently pointed out in relation to Expedia's breach of customer privacy , it's still impossible, and will remain so unless and until fundamental changes are made in database and messaging formats such as the AIRIMP , to determine from a PNR where and under what countries' legal jurisdictions any of the data in the PNR was collected).
Even within the limited scope of its review, the GAO still seems not to have had sufficient technical expertise on airline reservation data and operational procedures to see through the TSA's erroneous assumptions. The GAO's diagram of the Secure Flight system architecture (page 9 of the PDF file, labeled as page 7 of the testimony) still shows the same fundamental misconception as the first conceptual diagrams of CAPPS-II that the TSA made public in 2003: a single direct arrow from the airline passenger to the PNR in the airline's reservation system -- despite three years of criticism from privacy advocates and the travel industry that it doesn't work that way, and is much more complicated .
A single PNR can include flights on multiple airlines; a single reservation can be represented in multiple PNR's in different CRS's and airline host systems. It's not true, in most cases, that -- as claimed on the GAO diagram --the "passenger makes or changes [a] reservation" (usually a reservation is made by and/or through multiple intermediaries, often in multiple transactions) or that an "air carrier's reservation system stores [a] Passenger Name Record" (usually that's outsourced to a CRS or other third-party database hosting service).
The GAO says the TSA has begun to talk with airlines about Secure Flight. But but there's still no evidence that either the GAO or the TSA understands the role in processing reservation data, or the implications of Secure Flight, for travel agents, tour operators, CRS's/GDS's, reservation software companies, travel Web site developers, or any of the other third parties who interact with reservation data or operate, build, or maintain systems that do so.Link | Posted by Edward on Sunday, 18 June 2006, 20:17 ( 8:17 PM)