recommended reading

TSA Halts Testing on Technology to Screen Passengers' Online Data

Erik S. Lesser/AP file photo

The Transportation Security Administration has called off -- for now -- live tests of technology that would expand background checks on airplane passengers to include analyses of their online presences.

The idea was to have contractors analyze consumer data -- potentially including dating profiles and shopping histories -- on fliers who apply for the voluntary "Pre✓” program. Pre✓, open to all U.S. citizens, lets passengers breeze through dedicated checkpoints without removing shoes, belts, laptops or TSA-compliant liquids after paying an $85 fee and proving their identities.

The agency got as far as watching "prototype implementations" but decided against trying a system out on actual passengers, according to a March 4 notice published in a government acquisition database.

Before issuing a contract, TSA had wanted to evaluate paper proposals, examine models and test the systems in real-world situations, according to a January 2013 market survey.

The behind-the-scenes implementations ended Jan. 31.

Now TSA intends to go back to the lab. 

"Following a detailed review of the results, the government has determined that Phase III – live prototyping - will not take place," agency officials said. "Instead, the government will continue to explore proposed solutions in a non-operational environment to perform analysis and information gathering."

Big brother won't be parsing Web surfing habits of fast lane candidates until at least mid-summer, according to the notice. The Homeland Security Department will conduct more analysis and research "to define standards for future third party solution applications,” TSA officials said.

But officials added they have not made up their minds whether to acquire such a tool in the future. 

Under the Pre✓ data mining strategy, private screeners would aggregate biographic and biometric “non-governmental data elements to generate an assessment of the risk to the aviation transportation system that may be posed by a specific individual,” last year's announcement stated. The vendor would have to provide a “reliable method that effectively identifies known travelers, based on a sound analysis and the application of an algorithm that produces dependable results.”

A TSA spokesman on Friday afternoon said no decision has been made about hiring a company to vet Pre✓ applicants, but the agency would like to do so.
The idea is to provide other options for passengers who want to participate in the so-called trusted traveler programs without applying directly through TSA.

Some privacy advocates expressed disappointment that TSA is still contemplating the practice. 

"I think they are making adjustments to how they proceed because they worry that the live prototyping might raise a lot of issues," said Jay Stanley, a senior policy analyst with the American Civil Liberties Union. "My interpretation is they are bent on proceeding with this avenue of exploration.”

The concern is that conclusions drawn by splicing commercial data might not be accurate or fair. 

"We know that there is a large advertising business involved in creating metrics and scores around people’s interests, enthusiasms, and hobbies," Stanley said. "We wouldn't want to see the government use these scores as a factor used in threat assessments.”

There is speculation that the technique could amount to discriminatory profiling of, for instance, gun rights advocates or researchers studying Muslim culture.

"We don't want to go down the road of being scored and measured, and have to worry that every step we take or every click we make will have some sort of effect on us down the road,” Stanley said.

The fiscal 2015 budget the Obama administration sent Congress on Tuesday describes Pre✓ as a cost-cutting measure. "By moving away from a 'one-size-fits all' approach to passenger screening, TSA will improve the customer experience while enhancing the efficiency and effectiveness of its screening operations," Obama's funding request states. “In 2015, risk-based security will yield over $100 million in staffing efficiencies for TSA. The budget reinvests a portion of this savings to fund the tools and technology needed to support and expand these programs."

As of January, more than 30 million passengers had used TSA Pre✓ at more 100 airports across the country, according to agency statistics.

This story has been updated with TSA comment and  ACLU reaction.

Get the Nextgov iPhone app to keep up with government technology news.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.