Documents Show Errors in TSA's "No Fly" and "Selectee" Watch Lists
Background
The Transportation Security Administration (TSA), which is now part of the Department of Homeland Security, is authorized by law to maintain watch lists of names of individuals suspected of posing "a risk of air piracy or terrorism or a threat to airline or passenger safety." While initially denying to the media that such a list existed, the TSA finally acknowledged its existence in October 2002.
EPIC submitted a Freedom of Information Act request in October 2002 to learn more about the operation of the watch lists, which reportedly had been used to interfere with the travel of political activists. When the TSA failed to respond to EPIC's request, EPIC filed suit in December 2002. (EPIC v. TSA). The lawsuit sought, among other things, TSA's criteria for putting people on the lists that bar some passengers from flying and subject others to extensive scrutiny, and complaints from passengers who felt they had been mistakenly placed on the lists. See TSA FOIA response (pdf) for more information.
TSA released documents in response to EPIC's request April 2003. The documents, while heavily redacted, provide give an insight into how the TSA operates the watch lists, and raises several questions for further public and Congressional oversight.
In recent months, EPIC has continued to pursue FOIA requests to learn more about the operation of the watch lists.
The Documents
- Memo From Acting Associate Under Secretary, Transportation Security Intelligence to Associate Under Secretary, Security Regulation and Policy, Re: TSA "Watchlists", Oct. 16, 2002
- Memo From Acting Associate Under Secretary, Transportation Security Intelligence to Director Central Intelligence, Re: Guidelines for Addition of Names, June 11, 2002
- Briefing slides from Transportation Security Intelligence Service, Dec. 2002
- Contract for the TSA Contact Center, Oct. 9, 2002-Jan. 21, 2004 (1.1 MB pdf)
- Guidance for TSA Contact Center representatives handling watch list complaints (undated) (1.2 MB pdf)
Passenger Complaints
- Complaints forwarded by Members of Congress to TSA part 1 (592kb pdf), part 2 (600kb pdf), part 3 (493kb pdf)
- Complaints sent to TSA Inquiry Management System (496kb pdf)
- Emails sent to TSA (1.1mb pdf)
- Complaint letters sent to TSA part 1 (524kb pdf), part 2 (624kb pdf)
- TSA Contact Center complaint log, Nov. 2003-Dec. 2004
November 2003-January 2004 (248 kb pdf)
February 2004-April 2004 (636 kb pdf)
May 2004 (1.4 mb pdf)
June 2004-July 2004 (2.5 mb pdf)
July 2004-September 2004 (3.6 mb pdf)
September 2004-October 2004 (4 mb pdf)
October 2004-December 2004 (5.7 mb pdf)The documents establish that the TSA administers two lists: a "no fly" list and a "selectee" list, which requires the passenger to go through additional security measures. The names are provided to air carriers through Security Directives or Emergency Amendments and are stored in their computer systems so that an individual with a name that matches the list can be flagged when getting a boarding pass. A "no fly" match requires the agent to call a law enforcement officer to detain and question the passenger. In the case of a Selectee, an "S" or special mark is printed on their boarding pass and the person receives additional screening at security. The TSA has withheld the number of names on each of the lists.
The watch list was created in 1990, with a list of individuals who have been "determined to pose a direct threat to U.S. civil aviation." This list was administered by the FBI before the Federal Aviation Administration and the TSA assumed full administrative responsibility in November 2001. The Transportation Security Intelligence Service (TSIS) currently serves as the clearinghouse for the addition of names to the lists. Since the TSA took over, the watch list "has expanded almost daily as Intelligence Community agencies and the Office of Homeland Security continue to request the addition of individuals to the No-Fly and Selectee lists." (TSA Watchlists memo) The names are approved for inclusion on the basis of a secret criteria. The Watchlists memo notes that "all individuals have been added or removed ... based on the request of and information provided, almost exclusively by [redacted]."
There are two primary principles that guide the placement on the lists, but these principles have been withheld. The documents do not show whether there is a formal approval process where an independent third party entity is charged with verifying that the names are selected appropriately and that the information is accurate. Furthermore there is no reference to compliance with the Privacy Act of 1974, which imposes certain record keeping obligations on the agency.
It appears from the 2002 FOIA documents obtained by EPIC that TSA directed individuals to their local FBI offices to clear their names. More recent documents obtained in 2005 show that an ombudspersom within TSA is responsible for handling requests to be removed from the lists.
EPIC has also obtained more than a hundred complaints filed by irate passengers who felt they had been incorrectly identified for additional security or were denied boarding. The complaints describe the bureaucratic maze passengers find themselves in if they happen to be mistaken for individuals on the lists. In one case the TSA notified a passenger that airlines are responsible for administering the first generation Computer Assisted Passenger Pre-Screening System that flagged the individual as a risk for additional screening and directed the passenger to contact the airline. In an another case an airline said that the CAPPS program is run by the government, and complaints should be directed to the TSA. A local FBI office in New Jersey, at the behest of Congressman Bill Pascrell, wrote (pdf) to the TSA in August 2002 to ask it to take a woman off the list who was being flagged because of her name's similarity to a wanted Australian man. In an email dated July 2002, an FBI counter-terrorism officer acknowledged that different airlines have different procedures when the passenger's name is a similar to one on the list. The litany of problems is long, but all point to a lack of transparency and due process in the operation of the watch lists.
Policy Implications
As the TSA contemplates ever more intrusive passenger profiling schemes, the agency documents uncovered through EPIC's FOIA work raise important questions about how the TSA currently operates. The concerns surrounding the agency's administration of the watch lists preview several potential problems with the proposed roll out of passenger prescreening systems such as Secure Flight. The TSA should provide answers to the following questions:
- How many people are on the "no fly" and "selectee" lists? How many are American citizens or legal permanent residents?
- Who is responsible for oversight of the list? Who verifies that the names are selected appropriately and whether the information accurate?
- How does the operation of the watch lists comply with the Privacy Act of 1974?
- How effective have the watch lists been?
- How can individuals who have been misidentified as watch list matches clear their names?
- Why is there a need for a new passenger prescreening program if intelligence agencies are already coordinating to ensure that certain high risk individuals on government watch lists do not board planes?
- How will Secure Flight respect individuals' due process rights?
For more information, see EPIC's Web pages on Air Travel Privacy, Passenger Profiling, Secure Flight, and Surveillance of European Air Travelers.
Last Updated: March 23, 2006
Page URL: http://www.epic.org/privacy/airtravel/foia/watchlist_loia_analysis.html