EPIC logo

Spotlight on Surveillance

November 2006:
Problem-Filled Traveler Redress Program Won’t Fly

EPIC’s “Spotlight on Surveillance” project scrutinizes federal government programs that affect individual privacy and civil liberties. For more information, see previous Spotlights on Surveillance. This month, Spotlight shines on the proposed Traveler Redress Inquiry Program (“TRIP”) under the Department of Homeland Security (“DHS”).[1] For Fiscal Year 2007, Homeland Security’s Transportation Security Administration requested $6.3 billion in funding, part of which will finance TRIP.[2]

The Department of Homeland Security recently announced that it will launch the Traveler Redress Inquiry Program on February 20, 2007. DHS described TRIP as “a central gateway to address watch list misidentification issues, situations where individuals believe they have faced screening problems at immigration points of entry, or have been unfairly or incorrectly delayed, denied boarding or identified for additional screening at our nation’s transportation hubs.”[3] There are significant problems with the current redress process for travelers mistakenly matched to watch lists, but TRIP does not solve them.

Source: Department of Homeland Security

When a passenger checks in for a flight, he may be labeled a threat if his name matches an entry on one of the watch lists, even if he is not the person actually on the list. A match to the “no fly” list requires the airline to notify TSA and call a law enforcement officer to detain and question the passenger. In the case of a Selectee, an “S” or special mark is printed on the individual’s boarding pass and the person receives additional security screening.

 

Under the Aviation and Transportation Security Act of 2002, the Transportation Security Administration (“TSA”) was authorized to maintain watch lists of names of individuals suspected of posing “a risk of air piracy or terrorism or a threat to airline or passenger safety.”[4] Documents obtained in 2002 by EPIC from TSA under the Freedom of Information Act established that the agency administers two lists: a “no fly” list and a “selectee” list.[5] The lists are sent to the airlines, which run passenger names against the lists. When a passenger checks in for a flight, he may be labeled a threat if his name matches an entry on one of the watch lists, even if he is not the person actually on the list. A match to the “no fly” list requires the airline to notify TSA and call a law enforcement officer to detain and question the passenger. In the case of a Selectee, an “S” or special mark is printed on the individual’s boarding pass and the person receives additional security screening. Customs and Border Protection also uses the lists to screen travelers.

The U.S. Supreme Court has long recognized that citizens enjoy a constitutional right to travel. In Saenz v. Roe, the Court noted that the “‘constitutional right to travel from one State to another’ is firmly embedded in our jurisprudence.”[6] For that reason, any government initiative that conditions the ability to travel upon the surrender of privacy rights requires particular scrutiny. This concern is particularly relevant in the case of watch lists, which have a potential impact on the lives of millions of citizens. In Fiscal Year 2005, Customs and Border Protection alone “processed 431 million pedestrians and passengers, 121 million privately owned vehicles, and processed and cleared 25.3 million sea, rail, and truck containers.”[7]

In 2003, Homeland Security Presidential Directive No. 6 consolidated administration of the no-fly, selectee and other security watch lists under the jurisdiction of the Terrorist Screening Center.[8] When the Department of Justice Inspector General issued a report on the Terrorist Screening Center in June 2005, he found major concerns about, among other things, data accuracy and completeness.[9] The Inspector General “determined that the TSC could not ensure that the information in that database was complete and accurate.”[10] He said, “Our review of the consolidated watch list identified a variety of issues that contribute to weaknesses in the completeness and accuracy of the data, including variances in the record counts between [two versions of the Terrorist Screening Database], duplicate records, missing or inappropriate handling instructions or categories, missing records, and inconsistencies in identifying information between TSDB and source records.”[11]

Source: Government Accountability Office

In September, the GAO reviewed the watch list system and found “about half of the tens of thousands of potential matches sent to the center between December 2003 and January 2006 for further research turned out to be misidentifications.”

 

Government officials claim that passenger prescreening program Secure Flight will help solve these problems.[12] Under Secure Flight, the responsibility for checking airline passenger names against expanded the watch lists be removed from the airlines and handed over to the federal government. However, a Government Accountability Office (“GAO”) report and testimony found that TSA approved Secure Flight to become operational last September despite inconclusive risk assessments and 144 known security vulnerabilities.[13] In addition to criticizing Secure Flight’s lack of privacy safeguards and security problems, the Government Accountability Office also noted that the documents underlying the program “contained contradictory and missing information.”[14] On February 9, the head of the Transportation Security Administration told a congressional committee that Secure Flight was suspended for a comprehensive review of the program’s information security measures after the GAO report showed the program was riddled with problems.[15] Secure Flight has not been reintroduced.

There have been myriad stories about mistakes associated with the watch lists, with sometimes chilling results. An April 2006 report by the Department of Homeland Security’s Privacy Office on the impact of the watch lists explained that “individuals who are mistakenly put on watch lists or who are misidentified as being on these lists can potentially face consequences ranging from inconvenience and delay to loss of liberty.”[16] The report described complaints “alleg[ing] misconduct or disrespect by airline, law enforcement, TSA or CBP officials” toward people mistakenly matched.[17] According to the Privacy Office, “reported experiences of individuals whose names appear to match names on the No-fly and Selectee lists can be trying and unpleasant. Complaints filed with CRCL have alleged that individuals have experienced long delays, have been separated from members of their family and given no explanation or conflicting explanations about what is going on. Some complaints alleged that officers have asked […] whether one traveler knew anyone at his mosque who hates Americans or disagrees with current policies, targeted a traveler for additional screening because she wore traditional Muslim attire and told another traveler that he and his wife and children were subjected to body searches because he was born in Iraq, is Arab, and Muslim.”[18]

Source: Department of Homeland Security (obtained by EPIC under the Freedom of Information Act)

Documents recently obtained by EPIC under the Freedom of Information Act show nearly a hundred complaints from passengers between November 2003 and May 2004 about the government’s traveler screening security measures.

 

Also, documents recently obtained by EPIC under the Freedom of Information Act show nearly a hundred complaints from airline passengers between November 2003 and May 2004 about the government’s traveler screening security measures.[19] The complaints describe the bureaucratic maze passengers encounter if they happen to be mistaken for individuals on the list, as well as the difficulty they encounter trying to exonerate themselves through the redress process. One person named in the documents, Sister Glenn Anne McPhee, U.S. Conference of Catholic Bishops’ secretary for education, spent nine months attempting to clear her name from a TSA watch list. The process was so difficult, Sister McPhee told a reporter, “Those nine months were the closest thing to hell I hope I will ever experience.”[20]

In January 2007, at a hearing of the Senate Commerce Committee, Sen. Ted Stevens complained that his wife, Catherine, is frequently mismatched to the watch-listed name “Cat Stevens.”[21] Senators Ted Kennedy and Don Young are among those who have been improperly flagged by watch lists.[22] Sen. Kennedy was able to resolve the situation only by enlisting the help of then-Homeland Security Secretary Tom Ridge.

Removal from the watch lists is not a simple matter. The vast majority of people affected by watch list errors face an opaque and arbitrary bureaucratic process. They are never told the reasons for their being placed on the lists.

In 2005, Congress ordered the Government Accountability Office to investigate the Transportation Security Administration’s airline passenger screening programs. The GAO found significant problems with handling of personal information and violations of privacy laws.[23] In September, the GAO reviewed the watch list system and found “about half of the tens of thousands of potential matches sent to the center between December 2003 and January 2006 for further research turned out to be misidentifications.”[24] According to the GAO, these misidentifications are a significant problem, and they “highlight the importance of having a process -- often referred to as redress -- for affected persons to express their concerns, seek correction of any inaccurate data, and request other actions to reduce or eliminate future inconveniences. Similarly, such a process would apply to other persons affected by the maintenance of watch list data, including persons whose names are actually on the watch list but should not be (“mistakenly listed persons”) as well as persons who are properly listed.”[25]

The current redress process requires individuals to contact the screening agency that processed them.[26] TSA has the Traveler Identity Verification Program; CBP asks individuals to contact its Customer Satisfaction Unit; and the State Department sends inquiries to the director of Information Management Liaison. The processes are all similar to the TSA process. Under TSA’s program, the affected individual fills out a Traveler Identity Verification form and submits identity documents to the agency: either “a copy of your U.S. passport OR copies of three of the following: Driver’s License; Birth Certificate; Voter Registration; Military ID Card; Visa; Naturalization Card; Government ID Card.”[27]

After submitting this additional information, then TSA “will use this information in deciding whether the person’s name should be put on a cleared list -- which airlines are to use for distinguishing the individual from persons who are in fact on the No Fly or Selectee lists,” according to the GAO.[28] However, according to the director of TSA’s redress office, “some customers (air passengers) call and complain about having problems even though they have taken the necessary steps to be placed on the cleared list.”[29] Complaints about the failure of these TSA safeguards are numerous. For example, at a House subcommittee hearing on March 2, 2005, Rep. Loretta Sanchez reported that many of her constituents continue to face lengthy delays, questioning, and at times are prohibited from boarding flights because they are misidentified as people sought on watch lists. Her constituents continue to face these roadblocks even after they apply for, receive and then display to screener personnel the official federal government letters that establish their innocence.[30]

To address growing concerns about the problems associated with the management of government watch lists, the Department of Homeland Security recently announced a new procedure to address watch list errors.[31] The Traveler Redress Inquiry Program seeks to simplify the redress process for those mistakenly matched to the watch lists.[32] TRIP seeks to solve the problems that have occurred with previous redress programs; however, it does not. TRIP is not different from previous redress processes; it merely puts the responsibility in one office, rather than three. Under TRIP, individuals who “believe they have been denied entry, refused boarding for transportation, or identified for additional screening by DHS components or programs” can fill out a Traveler Inquiry Form for redress and the request will be processed throughout DHS.[33] It is not known how long an individual would have to wait, as there is no timeline for a response from DHS.

The watch lists are rife with mistakes and “false positives.” In February 2006, there were 325,000 names on the watch lists, according to the National Counterterrorism Center.[34] In December 2005, the director of the Transportation Security Administration’s redress office revealed that more than 30,000 people who are not terrorists have asked the Transportation Security Administration to remove their names from the lists since September 11, 2001.[35] Earlier this month, the head of TSA said that the watch lists were being reviewed, and he expected to cut the list of names in half.[36] However, he has not disclosed details, such as what the criteria would be for removing a name or when the review would be complete.

The watch list errors and “false positive” problems arise currently not because there are three agencies processing redress requests, but because the records themselves are not subject to the Privacy Act. The lack of enforcement of Privacy Act obligations means that individuals are not given the opportunity to inspect, correct or limit the dissemination of inaccurate information. Greater transparency in the watch list process would lead to greater accuracy of the lists themselves. This lack of individual access to and correction of files does not change under TRIP. However, if DHS truly wants TRIP to minimize the misidentification of innocent Americans, it should have a redress procedure that imposes full Privacy Act obligations on all government watch lists.

The Department of Homeland Security proposes to exempt the program from Privacy Act of 1974 requirements that an individual be permitted access to personal information, that an individual be permitted to correct and amend personal information, and that an agency assure the reliability of personal information for its intended use.[37] DHS will allow individuals the right to access “information submitted by and collected from individuals or their representatives in the course of any redress procedure associated with [TRIP].”[38] This is small consolation, considering individuals already would have access to this data, as they submitted it themselves.

When announcing the Traveler Redress Inquiry Program, Homeland Security Secretary Michael Chertoff said, “Ensuring that personal information is accurate and complete allows us to focus fewer resources on legitimate travelers and more resources on national security and law enforcement issues.”[39] The only way to ensure that the personal data is accurate and complete is to apply all Privacy Act obligations to government record-keeping systems, including the no-fly and selectee lists. If a person is placed on one of these watch lists, he should know why and be able to challenge the determination. Denying citizens the right to ensure that the system contains accurate, relevant, timely and complete records will increase the probability that the watch lists will be an error-prone, ineffective means of targeting individuals as they seek to exercise a variety of rights and privileges.



[1] EPIC has been focusing on traveler privacy issues for years, including testifying in Congress and commenting on government proposals. See EPIC’s pages on Passenger Profiling, http://www.epic.org/privacy/airtravel/profiling.html, and Secure Flight, http://www.epic.org/privacy/airtravel/secureflight.html.

[2] Department of Homeland Security, Budget-in-Brief Fiscal Year 2007 (Feb. 6, 2006), available at http://www.dhs.gov/interweb/assetlibrary/Budget_BIB-FY2007.pdf and http://www.epic.org/privacy/surveillance/spotlight/0806/dhsb07.pdf.

[3] Department of Homeland Security, Press Release, DHS to Launch Traveler Redress Inquiry Program, Jan. 17, 2007 [hereinafter “DHS Press Release about TRIP”], available at http://www.dhs.gov/xnews/releases/pr_1169062569230.shtm.

[4] Pub. L. No. 107-71, 115 Stat. 597 (2002).

[5] EPIC, Documents Show Errors in TSA’s “No-Fly” Watchlist, http://www.epic.org/privacy/airtravel/foia/watchlist_foia_analysis.html.

[6] 526 U.S. 489 (1999), quoting United States v. Guest, 383 U.S. 745 (1966).

[7] W. Ralph Basham, Commissioner, Customs and Border Protection, Department of Homeland Security, Statement at a Hearing on Customs Budget Authorizations & Other Customs Issues Before the Subcom. on Trade of the H. Comm. on Ways & Means, 109th Cong. (July 25, 2006), available at http://waysandmeans.house.gov/hearings.asp?formmode=view&id=5160.

[8] Homeland Security Presidential Directive/HSPD-6, Subject: Integration and Use of Screening Information (Sept. 16, 2003), available at http://www.whitehouse.gov/news/releases/2003/09/20030916-5.html.

[9] Department of Justice, Inspector General, Audit Division, Audit Report No. 05-27, Review of the Terrorist Screening Center 66-67 (June 2005), available at http://www.usdoj.gov/oig/reports/FBI/a0527/final.pdf.

[10] Id. at xi.

[11] Id. at 66.

[12] Department of Homeland Security, Privacy Office, Report Assessing the Impact of the Automatic Selectee and No Fly Lists on Privacy and Civil Liberties as Required Under Section 4012(b) of the Intelligence Reform and Terrorism Prevention Act of 2004 4-5 (Apr. 27, 2006) [hereinafter “Privacy Office Report on Watch Lists”], available at http://www.dhs.gov/xlibrary/assets/privacy/privacy_rpt_nofly.pdf.

[13] Cathleen Berrick, Director, Homeland Security and Justice, Government Accountability Office, Statement at a Hearing on TSA’s Secure Flight and Registered Travelers Programs Before the S. Comm. on Commerce, Science & Transportation, 109th Cong. (Feb. 9, 2006), available at http://www.gao.gov/new.items/d06374t.pdf.

[14] Id.

[15] Edmund S. “Kip” Hawley, Nominee for Assistant Secretary of Homeland Security, Transportation Security Administration, Department of Homeland Security, Testimony at Hearing on TSA’s Secure Flight and Registered Travelers Programs Before the S. Comm. on Commerce, Science & Transportation, 109th Cong. (Feb. 9, 2006).

[16] Privacy Office Report on Watch Lists at i, supra note 12.

[17] Id. at 18.

[18] Id.

[19] Department of Homeland Security, Transportation Security Administration, Complaint Log, Nov. 2003 to May 2004, obtained by EPIC through FOIA litigation, available at http://www.epic.org/privacy/airtravel/foia/complaint_log.pdf.

[20] Ryan Singel, Nun Terrorized by Terror Watch, Wired News, Sept. 26, 2005.

[21] Beverley Lumpkin, Aviation Security Chief Says No-Fly List is Being Reduced by Half, Associated Press, Jan. 18, 2007.

[22] See, e.g., Sara Kehaulani Goo, Committee Chairman Runs Into Watch-List Problem, Wash. Post, Sept. 30, 3004; Leslie Miller, House Transportation Panel Chairman Latest to be Stuck on No-Fly List, Associated Press, Sept. 29, 2004; Shaun Waterman,Senator Gets a Taste of No-Fly List Problems, United Press Int’l, Aug. 20, 2004.

[23] Government Accountability Office, Aviation Security: Transportation Security Administration Did Not Fully Disclose Uses of Personal Information during Secure Flight Program Testing in Initial Privacy Notices, but Has Recently Taken Steps to More Fully Inform the Public, GAO-05-864R (July 22, 2005), available at http://www.gao.gov/new.items/d05864r.pdf.

[24] Government Accountability Office, Terrorist Watch List Screening: Efforts to Help Reduce Adverse Effects on the Public, GAO-06-1031 (Sept. 2006), available at http://www.gao.gov/new.items/d061031.pdf.

[25] Id. at 2.

[26] Id. at 55-56.

[27] Id. at 62.

[28] Id. at 34.

[29] Id.

[30] Shaun Waterman, No Redress Mechanism in New DHS Terrorist Screening Office, United Press Int’l, Mar. 2, 2005.

[31] DHS Press Release about TRIP, supra note 3.

[32] Department of Homeland Security, Notice of proposed rulemaking, 72 Fed. Reg. 2209 (Jan. 18, 2007).

[33] Id.

[34] Walter Pincus & Dan Eggen, 325,000 Names on Terrorism List, Wash. Post. Feb. 15, 2006.

[35] Anne Broache, Tens of thousands mistakenly matched to terrorist watch lists, CNet News.com, Dec. 6, 2005.

[36] Edmund S. “Kip” Hawley, Assistant Secretary, Transportation Security Administration, Department of Homeland Security, Testimony at Hearing on Aviation Security: Reviewing the Recommendations of the 9/11 Commission Before the S. Comm. on Commerce, Science & Transportation, 110th Cong. (Jan. 17, 2007), available at http://commerce.senate.gov/public/_files/TestimonyofMrHawley.pdf.

[37] Id.

[38] Id.

[39] DHS Press Release about TRIP, supra note 3.


EPIC Spotlight on Surveillance Page | EPIC Privacy Page | EPIC Home Page