Department of Homeland Security


2IÀFH RI ,QVSHFWRU *HQHUDO

Use of Risk Assessment within 

Secure Flight 

(Redacted) 


OIG-14-153

July 2015


 05" 

OFFICE OF INSPECTOR GENERAL

Department of Homeland Security

 
?hr 50?

 

Washington, DC 20528 
July 6, 2015

MEMORANDUM FOR: The Honorable Peter Neffenger
Administrator
Transportation Security Administration

FROM: John Roth 


Inspector eral

SUBJECT: Use of Risk Assessment within Secure Flight 
Redacted, 14- 153
OSC File No. 

Attached for your information is the redacted version of our Sensitive
Security Information (881) final letter report: Use of Risk Assessment
within Secure Flight. We issued the 881 version of this report to the
Department on September 9, 2014, and closed Recommendation 2
because of the Transportation Security Administration?s (TSA) corrective
actions to address the intent of this recommendation.

After issuing the report, TSA has implemented additional plans and
taken corrective actions to address the remaining report
recommendations. Based on responses, Recommendations 1 and 3
are currently resolved and open.

We coordinated a sensitivity review of the 881 final letter report with TSA
and have reached agreement on the appropriate redactions. We are now
making the redacted report public and will publish it on our website.

Please call me with any questions, or your staff may contact
Anne L. Richards, Assistant Inspector General for Inspections, at
(202) 254?4100.

Attachment

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington. DC 20528 I www.oig.dhs.gov

SEP 0 9 2014
MEMORANDUM FOR:

The Honorable John S. Pistole
Administrator
Transportation Security Administration

FROM:

John Roth

��<\.o�

Inspector General
SUBJECT:

Use of Risk Assessment within Secure Flight - Sensitive
Security Information
OSC File No. Dl-14-2012

Attached for your information is our final letter report, Use of Risk Assessment within

Secure Flight - Sensitive Security Information. This report is in accordance with the
requirements of 5 U.S.C.

§ 1213(d).

We incorporated formal comments from the

Transportation Security Administration (TSA) in the final report.
The report contains three recommendations aimed at improving TSA Pre../™ Initiative
security. Your office concurred with one recommendation and did not concur with two.
Based on information provided in your response, we consider Recommendation 1
resolved and open, Recommendation 2 resolved and closed, and Recommendation 3
unresolved and open. No further reporting is necessary for Recommendation 2.
Within 90 days of the date of this memorandum, please provide our office with a
written response that includes your (1) corrective action plan and

(2)

target completion

date for each recommendation. Also, please include responsible parties and any other
supporting documentation necessary to inform us about the current status of the
recommendation.
We are providing a copy of this report to the Department of Homeland Security's
General Counsel. We are not releasing this report publicly because of its sensitivity.

SENSITIVESECUIUTYINFORMATION
A'ARNING:ThisrecorelcoAtaiA
1
SSensitiveSectirityIAformationthatiscontrellel
e tineler49CFR19arts15

and1S20. Nopartofthisrecordmay13eeliscleseeltopersonswithetita "neeeltoknow, " aselefinedin49
e
rmissionof
theAelministraterof
theTrans19ertatieA
CFR
parts15and1520, elEce19twiththewrittenp
Secu
r
ityAelm inistrationortheSecretar
t tion. Una1;1thorizeelreleasemayres1;1ltinci
vil
yofTranspora
penaltyoretheraction. ForUS
i elisclosureisgo\•erneel13y5USC.
anel
. .go'lernrnentagencies, puslc
. . 552
49CFR
parts15and1520.

 

 

OFFICE OF INSPECTOR GENERAL

{wasth Department of Homeland Security

 

Washington. DC 20523:? 

Major contributors to this report are Marcia Moxey Hodges, Chief Inspector;
Angela Garvin, Lead Inspector; Amy Tomlinson, Senior Inspector; LaDana Crowell, Senior
Inspector; and Rahne Jones, Inspector.

Please call me with any questions, or your staff may contact Deborah L. Gotten-Mills,

Acting Assistant Inspector General, Office of Inspections, at (202) 245-4015

cc: The Honorable Steven E. Bunnell
General Counsel

Attachment

 

SENSITIVESECURITYINFORMATION

a
,�,,o5'"

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 I www.oig.dhs.gov

Review Request
The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure concerning
the use of a risk-based rule by the Transportation Security Administration's (TSA) Secure
Flight program that may create a vulnerability in aviation security. The risk-based rule
The disclosure also stated the Secure Flight program
. On April 28, 2014, OSC referred
this allegation to the Secretary of Department of Homeland Security. The Department
subsequently requested our assistance with this allegation.

Conduct of Review and Summary of Evidence Obtained
We assigned our Office of Inspections team currently assessing Security Enhancements
to the TSA Pre�™ Initiative to review this allegation. We interviewed the whistleblower
and TSA senior officials involved in the risk-based rule decision-making process. We also
analyzed documentation regarding these rules to determine whether an aviation
security vulnerability exists.
We analyzed the following
documents:
•

Memoranda establishing the rule;

•

Memorandum suspending the rule;

•

TSA Office of Security Operations' evaluation of the rule; and

•

Secure Flight program documentation evidencing rule status.

Summary of Results
We determined that
using risk-based analysis by TSA's Secure Flight Program _
However, TSA mitigated the risk on
March 7, 2014, by suspending the rule's use in the Secure Flight program. We
recommend TSA discontinue using the rule until TSA

2
SENSITIVESEC
URITYINFORMATION
NG:Tl'lisreEordEeAtai
nsSensiti
veSernrityIAo
f rmationtl'latisEOAtrole
l d1:1nder49CFR13arts15
WARNI

and1520. No13artoftl'lisrecordmaybedisdosedto13ers
on s
witl'lo1:1ta "neeeltoknow," asel
e
fi
neel
in49
ci;Rparts15and1520, el<Eeptwitl'ltl'lewritteApermissioAoftl'leAdmiAistratoroftl'leTrans13ort
at ion
Sec1:1rityAdminstration
i
ortl'leSecretaryof
Trans13ortat ion. Una1:1tl'lori2eelre
leasernayrestil
tincivil
. . C.552anel
penaltyorotl'leractioA. ForUS
. .governmeAtagencies, ptiblicdisclostie
r isgovernedby5US
49CFRparts15anl
e 1520.

 SENSITIVESECURITYINFORMATION

�-·

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security

�#<.<No .tr:>.'t

Washington. DC 20528 / www.oig.dhs.gov

Secure Flight Screening
TSA's Secure Flight program screens individuals prior to granting them access to an
airport's sterile area. The program allows TSA to determine the level of security
screening passengers should receive at the airport checkpoint. The program compares
self-reported traveler information provided to TSA from air carrier reservations, such as
name, date of birth, and gender, to lists of low-risk travelers, the Terrorist Screening
Database No Fly and Selectee lists, as well as to other intelligence-based data systems
maintained by TSA and other Federal agencies.

Risk Assessment Rule

1 TSA

Pre..!™ screening generally involves the use of a walkthrough

metal detector. Passengers are not required to remove shoes, belts, laptops, liquids, or
gels. The equipment used to screen carry-on baggage contains threat-recognition
software that aids the Transportation Security Officer's review of this baggage. As a
result, the carry-on baggage belt runs continuously rather than stopping at each bag.
However, the Transportation Security Officer has the ability to stop the belt when
needed.

-

3
SENSITIVESECURITYINFORMATION

SensitiveSee1:1r
i
WARNING:nilsreeordeontains
tylnfermationtl=tatiseontrolled1:1nder49CFRparts15

anel1520. Nopartof
tl'fisreeorl
e maybeeliselosel
e toper
sonswitl'fowta "neeeltoknow," asel
e
fineelin49
CFR
parts15anel1520, el<ee
ptwitt
l= tl=tewritte
nperFAissionoftl=teAdFAinistratoroftl=teTransportation

SeewrityAelFAinistrationortheSeeretaryofTransportation. Unawthorizel
e releasemayreswltineivil
penaltyo
rotheraetion. ForUS.
. governmentageneies, pwblie
eliseloswreis
governeelbySU.S.C.SS2anel

49
CFRparts15anel1520.

 S
ENSITIVESECURITYINFORMATION

�g
�

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 / www.oig.dhs.gov

Source: OIG Analysis of TSA Data.
These passengers can then print boarding passes with the TSA Pre./™ indicator. •

..
TSA Leadership is Aware of

4
SENSITIVESECURITIINFORMATION
WARNING:
Thisrecerelrnntains
Sensiti•1eSec"'ritylnfermatienthati
scente
r llel
e "'neler
49CFR13arts15

thisr
anel1520. Ne13artef
ecerl
e A'taybeelisdeseelte13ersenswithe"'ta "neel
e teknew, " asel
finedin49
e
CFR13arts15anl
e 1520, eJEce13twiththewrite
t n13ermissienef
theAelministrateref
theTrans13ertatien

Sec"'rity
Aelministratienertf:1eSecretaryefTrans13ertatien. Una"'tl=terize
dreleas effiayres"'ltineivil
tyeretheraction. FerUS
sgovernedby
13enal
. .governmentagencies, J3'
" bli
celiseles"'rei
5usc.
. . 552and

49CFR13arts15anel1520.

 Washington, DC 20528 I www.oig.dhs.gov

TSA Suspend the Secure Flight Risk Assessment
Following rule implementation, TSA officials received complaints

Administrator for the TSA Office of Security Operations requested a 30-day suspension
of the Secure Flight risk assessment rule for these passengers to assess the effect on •
TSA leadership said they suspended the rule because of
operational efficiency challenges
On March 7, 2014, Secure Flight removed this rule from the risk

TSA is Developing Technology to Mitigate
To mitigate

TSA is

acquiring Credential Authentication Technology (CAT) that will be capable of verifying
passenger data. TSA plans to conduct CAT operational testing in the first and second
quarters of calendar year 2015. CAT deployment will be a phased approach. When first
released, CAT machines will have identity document authentication technology with the
automated ability to detect fraudulent identity documents. In the second phase, CAT
will have Secure Flight connectivity to verify that passenger identity documents match
the information vetted by Secure Flight during the flight reservation process.

While the recommended rule suspension timeframe has passed, we have not received
documentation that TSA reinstated the rule. Interviews with TSA senior leadership
5
SENSITIVESECURITYINFORMATION
WAR�
llNG:Tl'ls
i recordcoA
SecllrityI
Ao
f rmatioAtl'latiscoAtrollea1;1nder49
CFR13arts
15
t
ainsSensiti¥e

aml1520. No13artoftl'lisrecordmaybedisclosedto13ersonswitl'lo1;1ta "needtoknew, " asdefinedin49
cmparts15and1520, e)(ceptwitRtl'lewritteApermissi onoftl'leAdFAiAistratoref
tl'leTransportation
Sec1;1rity
AdmiAistratioAor
tl'leSecre
raAspertatieA . Una1;1tl'lerizedreleasemayres1;1ftineivi
l
taryofT

. C.552and
penaltyorotl'leractioA. ForUS
. . go¥erAmeAtage
Acies, p1;1blicaisclos1;1reisgovernedby5US.
49CFRparts15and1520.

 SENSITIVESECURITYINFOftMATlON

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 I www.oig.dhs.gov
provided varied perspectives on the rule's future use. On June 27, 2014, we received a
telephone call notifying us that TSA reinstated the rule. According to TSA officials, the
rule's activation from June 18 to 24, 2014, was a mistake resulting from Secure Flight
program updates. These officials also said upon discovery TSA corrected the mistake. In
addition, our last correspondence on July 14, 2014, with Secure Flight Program officials
indicates TSA has not instructed program officials to reinstate the rule.
We are making three recommendations to address this

Recommendations
We recommend that the TSA Assistant Administrator for the Office of Security
Capabilities:
Recommendation 1:
Explore the feasibility of encrypting commercial aircraft carrier boarding passes -

Recommendation 2:
Continue pursuing Credential Authentication Technology

We recommend that the TSA Chief Risk Officer:
Recommendation 3:
Ensure Credential Authentication Technology is fully functional

Management Comments and OIG Analysis

6
S
EN51TIVE5ECUftllYINfORMAf
' lON
W/\RNIMG:TJ:1isrecordcontainsSensiti'le
Secl;lrityInfo rmationthatiscontrolle€1l;ln€1er49CFRparts15
anEl1520. Nopartof
thisrecordmaybe€1isdose
€1toper
sonswithol;lta "nee€1toknow," asel
efine€1in49
CFR
parts15anEl1520, e>Eceptwiththewrite
t npermissionof
theAdministratorof
theTransportation
Secl;lrity
AelministrationortheSeeretaryofTransportation. Una1:1thorizeelrel
e
asemayres1:1ltineivil
penaltyorotheraction. ForUS
. . governmentagencies, pl;lblie
€1isclos1:1rei
sgoverneelby5USC.
. . 552anel
49
CFRparts15anel1520.

 ' fV'ESECUJU'fYINFORMATION
SENSIf

�#<-<"o

OFFICE OF INSPECTOR GENERAL

,��

Department of Homeland Security
Washington. DC 20528 I www.oig.dhs.gov

We evaluated TSA's written comments and made changes to the report where we
deemed appropriate. A summary of TSA's written response to the report
recommendations and our analysis of the response follows. A copy ofTSA's response, in
its entirety, is included as appendix A. In addition, we received technical comments from
TSA and incorporated these comments into the report where appropriate. TSA
concurred with one recommendation and did not concur with two. We appreciate TSA's
comments and contributions.
Management Response to Recommendation #1:TSA officials did not concur with
Recommendation 1. In its response, TSA said in 2012 it explored the cost and feasibility
of encrypting commercial aircraft carrier boarding passes

Im· After engaging industry stakeholders, TSA decided not to adopt this approach
because of limited data fields in some air carrier systems and encrypting boarding pass
barcodes is cost prohibitive. TSA said it decided to pursue a more practical and
affordable solution using a digital signature.
OIG Analysis: Although TSA did not concur with this recommendation, we consider
TSA's actions responsive to the intent of Recommendation 1, which is resolved and
open. We acknowledge TSA's previous efforts to encrypt boarding passes . This
recommendation will remain open pending our receipt of CAT Phase I and II timeframes,
milestones, and implementation dates.
Management Response to Recommendation #2: TSA officials concurred with
Recommendation 2. TSA said it is pursuing CAT and awarded a contract in April 2014 to
begin operational testing and evaluation of this technology.
OIG Analysis: We consider TSA's actions responsive to the intent of Recommendation 2,
which is resolved and closed. No further reporting fromTSA regarding this
recommendation is necessary.
Management Response to Recommendation #3: TSA officials did not concur with
Recommendation 3. TSA said it mitigates the current level of risk
by a range of security procedures and technologies currently
available and/or deployed by TSA.
7
SENST
I l'lrESECURl'fYINFORMATION
e coAtainsSeAsitiveSec1:1rit'(IAforrnatioAthatiscoAtrolleel1:1Aele
W
ARNING:Thisrecorl
r49CFRparts15
aAel1520. Nopartof
tl:iisr
e
corel rnaybeEliscloseel
topersoAs
witl:io1:1ta "neeEltoknow," asEl
efineElifl49
CFRpartslSaAEl1520, e>Eceptwithtl:lewritteflperrnissioAoftl:ieAElmiAistratoroftheT
raAsportatiofl
raAsportatiofl. UF1a1:1tt=iorizeElrele
f civil
Sec1:1ri
T
asemayr
e
sultil
tyAElrniAistrationortt=leSecret
aryof
. goveFArneAtageAcies,p1:1bi
l cEl
peAaltyorotheractiofl. ForUS.
isdos1:1reis
goveFAeelby5U.SC
. .552aF1El
49CFRparts15anEl1520.

 S:ENSl'fl"it:S:ECURI'fYINFOIUtlA'fION

<.i,..o s'C>"'
\

OFFICE OF INSPECTOR GENERAL
Department of Homeland Secw-ity
Washington. DC 20528 / www.oig.dhs.gov

OIG Analysis: We consider TSA's actions nonresponsive to the intent of
Recommendation 3, which is unresolved and open. Although TSA has developed tools
and processes as security layers, these measures are not available at all airports. For
example, as of June 2014
. In addition, TSA Pre/™
lanes use walkthrough metal detectors for passenger screening, but this technology
does not detect non-metallic items. Advanced Imaging Technology machines identify
and display metallic and non-metallic items and potential anomalies concealed on a
passenger, affording Transportation Security Officers enhanced capabilities to screen
passengers and identify threat items. Using walkthrough metal detectors in TSA
Pre"™lanes limits TSA's security threat detection capabilities.
Further,

-·
Recommendation 3 will remain unresolved and open pending our receipt of
documentation that
until CAT - Implementation.

8
S
ENSITltgf SECURITYINfOftMA'flON
WARNING:Tl'lis
reco relcontainsSensitiveSecl::l
rityIno
f rmationtl'latiscontrolle
elunder49CFRparts15
'
and1520. Nopartof
tl'lisrecordmayeedisclosedtopersonsNitl'lo1;1ta "needtol
mew , " asdefinedin49
CFR
parts15and1520, exceptwitRtl'lewritten13ermissionoftheAdministratoroftheTrans13ertatien
Sec1;1rity
Administrationor
the
Secretary
ofTrans13ertatien. Una1;1therizedrel
e
aseFAayr
e
s1;1ltiAeivi
l
. . 552aAd
13enaltyorotheraction. ForUS
. . governmentagencies , 131;1elicdisclosureisgovernedeySUSC.
49CFR13arts15and1520.

 Washington, DC 20528 I www.oig.dhs.gov

Appendix A
Management Comments to the Draft Report
SENSITIVE
SECt:JR:lTYINFOR:M:ATIONU.S.l><par1m<nt ofHomeland Semi!)'

•

AUG 2 7 �

�-

...

601Sdu1h12th Stred
Arlinglon. VA .!OS91<

Transportation
Security
""'� Administration

fNFORMATION
MEMORANDUM FOR:

John Roth
Inspector General
U.S. Department of Homeland Security (OHS)

FROM:

J ohn .S: Pistole
Admm1strator

SUBJECT:

rity Administration 's Response to
Transportation c u
OHS Office of the Inspector General(010) Draft Letter
Report,

u:

S,

P�

Sensitive Security lnformarfon (OSC FiJc No. DI- 14-

2012)

This memorandum constitutes the Transportation Security Administration's (TSA) response lo
the OHS Office of the Inspector General (OIG) draft letter report,
·Sensitive Security Information. dated July 2l, 2014.

Background
The U.S. Office of Special Counsel (OSC) received a whistleblower disclosure concerning the
of a risk-based rule by the Transportation Security Administration's (TSA) Secure Flight
program. On April 28, 2014, OSC referred this allegation to the Secretary of the U.S
Department of Homeland Security. The Department subsequently requested the assistance of
OHS 010 to review this allegation. 010 interviewed the whistleblower and TSA senior officials
involved in the risk-based rule decision-making process. 010 also analyzed documentation
regarding these rules to determine whether an aviation security gap exists.
use

ar
h
lt•ue rdu
11l•l
l'
1
Sc1
u
l1Ic
&
cc
ttrlt)l
a
fe
r111ttea1
h11
Hraa1:reUrd111du·
C9
CY
R
p
bi l61Ad
lU
O,.
1
1
p
1
e
r
1titt
H'7ltltHIN&. T
rt
1o
u
1d
m
•
)
\c
d:lt
l
ot<
c dt
o� "'
l
ho11t
1 l
a
"
needto�..
dt
A
fttdh
1
49
(
'Al
pant
15
11td1Si9
, �•
l
:h
1 11tc
,
rlttfa
pet
A
r
lstf
u
a
u
f
lhtAdm
i
ubu11
0
1
o
f
l
ltt TNt
1 pea
:rtf
le1t Sc
c
u
1il)A
dmi11
bt:1i
r oa01
I
lleStt
1
ctl1) ofi
't ildp6111
1*o
a:li
t:t:uthOi•ft
d
r 111cacitt;p
. €
. 55l
.
dcHt
1
ma)
1
Ulili
l
1
I
n
t
i
'1:
1
pcaa
t
l)
or
0
1
hcr1c�1
.
1For
U.S.
soc
r
Ht1
ttlJllcditd
e
Mrcii
g
e
cncdby 5
\lS
1
11:d
�P"rll
l
5a•d ll
5
.
G

9
SENSITIVESEC
URI
TYINFORMATION
WARNING:This
reEarEIwntains
r l
l eEI1:1nEler49CFRparts15
SensitiveSeE1:1ritylnfarmatianthatisEanta

anEI1520. NapartafthisreEarEImaybeElisclasedtap er
sanswitha1:1ta "nee
EItaknew," asdei
f nedin49
CFRparts15and1520, exECptwiththe'.Vrittenperrnissianafthe
Adrninistrataraf
theTranspartatian
fi 'frestJl
SeEtJrityAdministratianartheSeEretaryafTranspartatian. UnatJtharizedreleasefa
tineivil

penaltyare
th e ractian. FarUS
. .gavernmentagencies,pl:lbi
l EdisclastJreisgave
rnedbysusc.
. . 552and
49
CFRparts15and1520.

 S
ENSITIVESECUltt
'fY INFOltJ\llA'flON

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington. DC 20528 I www.oig.dhs.gov

SENSITIVE
SECURITYINFORMAi
iON
2

Discussjon
TSA takes whistleblower disclosures seriously and appreciates the work of the OIG during this
review. TSA will use the infonnation to assist in our ongoing efforts toward effective Risk­
1
Based Security.
TSA uses a variety of procedures and technologies to respond to the Agency's need to reduce
transportation security vulnerabilities. Our decisions on the use of these tools, and on calibrating
their rates, enable TSA to manage risk to achieve our security responsibilities while promoting
the freedom of legitimate moveme.nt for people and commerce. One of the tools that we use as
through which TSA assigns a level
part of a layered security approach
The current level of risk associated with
of risk

gi
••••••
···

is mitigated by a range of security procedures and technolo es currently
avai able and/or deployed by TSA. In addition, the underlying analysis supporting•
•
was independently assessed and deemed an effective means of evaluat
n
i g
a e
s ngers. Moreover, the determination about whether and how to employ ·
low-risk ps
as part of a risk-based security approach to screening lies within the broad statutory
authority granted the Administrator under49 U.S.C. § 114 to consider intelligence. assess risk,
and implement screening decisions consistent with the Agency's mission. Finally, in the 9/11
l ited resources to providing the best
Act, Congress made clear that TSA needed to direct im
security value and that the Agency had to establish risk-based priorities. The rule is consistent
with this statutory mandate.

••••••••
••••

- Sensitive Security Inormatlon.

(

•••••• RISK ASSESSMENTS
In 2011, TSA began using modified screening procedures for pass

'TSA has broad ranging authority under 49 U.S.C. § 114, among other sunnes, to consider intelligence, assess risk,
and implement screening decisions consistent with the Agency's mission. See, e.g,, 49 U.S.C. § I 14(d) (1) and (2)
(TSA is responsible for security in all modes oftransportation lhat arc exercised by th Department of
Transportation); and 49 U.S.C. § I 14(t) (I), (2) and (S) (TSA is mandated to distribute intelligence information
related to transportation security, assess threats to transportation, and serve as the primary liaison for transportation
securi to the intelli ence and law enforcement communities .
2

8c1
0 ld
IKU
!
,
Wl'rG1
l'h11
Reer
d
oeo•IM
1
e
s
..
wrl
i,l
0Ee1W1deo
11t11
lo
eeolre
ll
e11d"'
d
49
Cl'll
pol'll
.No
p1
rlof
llit
t
15
nd
15�8
15;8,"'"
ro
eord.,.
,
lte
dllr
l-d
le
pei
oo
M
••i
l
hewlo
•
..
rd Mlt•o11•
,,
. delio
ed
1
ad
'
'
"
l
lltlle
t Ml
it
u
lo
49
Cl'R
pol'll15
...
...
itoloo
erlho
'
diwlo
aO
h
e
l'fa
..peNdeo
Su�lj'
d11lol
s1
..
1
l
ao8P
l
he
s
..
m..,
a
fl'foto1po••d••
\loewllloMd
·-->
rot
ll
ll•
l ohU
penollj
••-aelioa.Fer
\l
.S.10'"'"''"'"*"""'""'"bHodlel let01eilc•
•• re
•db)
51l.S.C.5!hd
'9
CRI
,_ou
15
oad
IUO

illrater

IO
SENSITIVESECURITYINFORMATION
\Vl\Rf>llNG:This
recerEIcontainsSensiti·
«eSernrityInformationthatiscontrollcEIl:lnelcr49CFRparts15

EItopersonswithol:lta "Aceatel
mow ," asdcfiAcdiA49
anI
E 1520. Nopartof
thisrccorEImayecelisdosc
CFR
parts15an
El1520, e*ccptwiththewrittenpermissionofthelEl
\ min i
stra toref
theTranspera
t tieA

SecwrityAl
E ministrationor
theSecretaryofTransportation. UnawthorizcelreleaseA'tayrcsl:lltinei'
'
t il
. gov
ernme
ntageAcics,pl:leliediselesl:lrci
sgevcrricelb'f5U5
. .E.552
and
penaltyorotheraction. ForUS.
49CFRparts15anet1520.

 SENSl'fPlESECURl'PlINFO�IATION

��-

9

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 / www.oig.dhs.gov
SENSITIVE
SECtJlt
'i'
tT INFORMATION
3

In October 2013, TSA implemented
criteria for identifying
lower-risk passengers under the Secure Flight risk-based analysis initiative.3 This policy
oflower-cisk
decision followed significant analysis o
travelers. In addition to TSA's internal
was assessed
independently by Metron, Inc.4 Following
he Secure Flight prescreeniog system, additional independent analysis
conducted by the Civil
Aviation Threat Working Group (CATWG)5 and the Homeland Security Studies and Analysis
Institute (HSSAl)6 which
separately and in conjunction with the two other
risk assessment elements planned for implementation as part of Secure Fli ht risk-based
analysis. During their assessment, CATWG analysts determined
The HSSAI assessment concluded that the
approach TSA bad taken in developing and implementing. based risk assessments was
defensible.

Prior to implementing Secure Flight risk-based analysis, TSA used SFPD infonnation to conduct
automated checks against terrorist watch lists and as part of intelligence-based rules used to
l See TSA ·s discussion of this initiative in its Privacy Act system ofrecords notice (SORN). Privacy Act of1974;

Department ofHomeland Security Transportation Security Administration-DHSITSA·0/9 Secure Flight Records
. .SS270 (Sept. 10, 2013).
System ofRecords, 78 Fed. Reg
' Metron, Inc. is a scientific consulting company under contract to the OHS Office of Science and Technology that
develops and applies mathematical methods for solving challenging problems in national defense and homeland
security.
) The CATWG is comprised ofintelligence analysts from OHS and I 0 other Intelligence Community agencies with
expertise in civil aviation, and is chaired by a senior analyst from the National Counte:rterrorism Center (NCTC).
Directly contributing to the results of the analysis were analysts from lhe Cenb'al Intelligence Agency, Federal
Bureau of Investigation, NCTC, Federal Aviation Administration, and National Security Agency.
6 HSSA I is a Federally Funded Research and Development Cent.er (FFRDC) created to provide independent analysis
of homeland security issues for the U.S. Department ofHomeland Security, its components and agencies, and its
partner organizations, as authorized in the Homeland Security Act of2002 (Pub. Law 107·296, § 30.S as codified in
6 u.s.c. § 18.S).
1 Merit scores reflect 1he accuracy ofclassification on a scale from 0.0 to 1.0, where 1.0 refle<:IS perfect
classification, O.S reflects the expected results from random classification, and a value ofO.O indicating
misclassification of passengers by high or low risk.

S«••l
l)l
H
'>4
11/W'l6.
l'bb
ncord
<ootlt MS<••IH
•
•
n'6F111otlen1h11l1
co
n
r
t olled
o
nder.,GFR
P"'
II
15
••
d
I
SO �l
e
''"erthit
"
€
a11U
1 boot1
o«d wlttlow";u d<A•<dln
49
F8puut-5 H
d15l0,t1<opl
n
i
t
h
Iborlhto
1«0
1dm1)
bedloclootdtopc11o
pot
M
hlloo
oFlb
<
Ad
11ln1Jtr1
1
t
oror
t!tel'ron
1poftt�oa
Steo•i
i l
,,dodo lllN•ooer
lht
SK�
l
a.,o
fl'raA1per1a�on \Jo
aa
lll
ol'loed
1doax
111)
r
noll1
11
chil
pc•l
a l)
or
oth<r
a•do1t
Fol1!8
"''"u111u
dll<leoure
1t
so.,••
••by
5
lh8
.
€.
W
••d
. .1o"
t 1tl<1;pobllt
€FRporlt
49
15
ud
1
5
0.
2

11
SENSITIVESECURITYINFORMATION
WARNING:Tt:iisrecorl
e contains
Sensiti'1eSec1::1
ritylnfurffiation
thatiscontrollel
e uneler
49CFR13arts15

anel1520. Nopartofthi srecorelmaybeeliscloseeltopersonswithollta neeeltoknow,"aselefineelin49
"

orof
theTrans13ortati
on
CFRparts15anel1520, e
l<ce13twiththewrittenpermission oftheAelministrat
Secl
l rity
Aelml
n
l
strationor
theSecretaryofTransportation . Unallthorizeelrel
eas
eA'layrest.lit
incivil

. ge•
1ernment agencies, plblic
l
elisclesllreisgeverneelby5USC.
. . 552anel
penaltyeretheraction. FerUS.
49CFRparts15anel1520.

 SENSI'fIVESECURITYINFORMATION

i9
�

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 I www.oig.dhs.gov

SENSITIVESECURITYINFOltl'dATION
4

··· ····

identify potentially high-risk passengers. TSA now uses this information ·
to identify lower-risk travelers. These criteria, and the associated inclusion rates," must be
viewed within the context ofTSA's overall risk-based security approach and terrorist threats
targeting commercial aviation.

Five key points of context are important to consider with respect to TSA 's use ofll•••I

••••criteria to identify lower-risk travelers.

I . Intelligence. Since the 9/11 terrorist attacks, the intelligence community has transformed
its capability to collect, analyze, and share terrorist intelligence information. TSA has
direct access to aviation-related intelligence information that has fundamentally improved
our internal analytical capability.
2. Global Partners. TSA works globally with public and private partners, including
foreign governments, to improve the overall posture of aviation security.
3. Pre-Screening. Implementation of Secure Flight has automated matching against
terrorist watch lists, known traveler lists, and other security-related data; and improved
matching algorithms within Secure Flight has significantly reduced the percent of
travelers who are incorrectly· identified as being on a watch list. In addition, Secure
ruJes
Flight supports the application ofintelligence-based
capability to better identify travelers who either may pose a higher threat to aviation
security, or who may present a low risk to security. These capabilities provide TSA with
72-hour advance notice ofKnown or Suspected Terrorist (KST) travel and allow for
adjustments to security measures to mitigate this elevated threat.
4. Detection. Improved detection capabilities now include advanced technology dual-view
x-ray equipment, advanced imaging technology (Al1) equipment capable of detecting
improvised explosive devices bidden beneath clothing, passenger screening canine teams,
improved explosives trace detection equipment, and a behavior detection program.
5. Random and Covert. TSA provides random Playbook activities at checkpoints,
departure gates, and other areas ofthe airports. Our Federal Air Marshals (FAMs)
In addition, all travelers,
including known travelers, are subject to random screening to ensure unpredictable
results, e.g., a traveler who might otherwise be eligible for expedited screening is
provided standard screening.

••••••••••••••••••••• ·

At present, intelligence information continues to identify threats to commercial aviation
originating in foreign countries and involving attacks with improvised explosive devices hidden
either on the passenger or concealed in seemingly innocuous items commonly carried by
travelers.
Travelers eligible or expedited screening (eligibility

ll'AIM%'l6.'Ri
i
s
I
t<
O
i
d
coa11i111
s
...
u
;
••
Stt••
II)
larot'nlldOOI
doll
ls
.�
.
. olltd
.
...
..
49
a'R
"""'
15
Oftd
1
528 . Pio
pll'I
or
•
hi•
tt<ON1....,.11e d
ladoacd1
0
..
011
•
l
lll
o•I•
•
n
e
edl<I
k
a
o
1"
,
udeA
aedla
49t:FR
pl'U
o 15
ud
15:101
uee
pl-�
pe
tndoa
lht
pcru1
lsll
onor
1h
Adolloblal
l oro
r
lht
'1'
1
a
..
poo11
1
10
0
Sceiorl
l)
oltdotlol
o
or
S...
tit"
of'fraooporldo
..
l
11•dlo-d
l
rel.,.,
.
111•1
re
..
1
1
In
d11
'1 peaoll)
or
allier
Hdo
a.F&1
II
.&
e
•
"
"''
" "
''
"t
..
tl..,
p11
ble
l dlselo••
••ii
t•"
<Htdb
)511
.S.
G
59
oad
49
CFR
,..,1115
Hd
l!l;o
,

12
SENSITIVESECURITYINFORMATION
WARNING:TAiSreeorEI€OAtaiAS
SeAsitiveSee1:1rit'(IAfermatiOAtAatis
€0AtrolleEIl:IAE!er49CFRparts15

e tokAow," asElefiAeEIiA49
aAEI1520. No13artoftAisreEorEImayeeEliseloseEIto13ersonswitAol:lta "Aeel
CFR
parts15aAEI1520, e><ee13twitAtAewritteAperfAissioAoftAeAElmiAistratoroftAeTraAspor
tatioA
See1:1rit AElmiAistrationortheSeeretaryofTraAsportatioA. UAa1:1tAorizeEIre
leasema1·res1:1l
tiAeivi
l
. governmeAtageAeies, 131:1eliEEliselos1:1reisgoverneEIey5USC.
. . 552aAI
E
peAaltyorotAeraetioA. ForUS.
49CFR
parts15aAEI1520.

y

 SENSITIVESECURITYINFORMATION

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 / www.oig.dhs.gov

SENSITIVE
SECUltlTY
INFORMATION
5
printed on the traveler's boarding pass and embedded in the boarding pass barcode) have already
been checked against all high-risk criteria, including: the No-Fly list, Selectce, and e-Selectee
watch lists from the Terrorist Screening Center's (fSC's)Terrori st Screening Data Base
(TSDB); intelligence-based high-risk rules;
; and the
Do-Not-Board list maintained in conjunction with the Centers for Disease Control and
Prevention (CDC). Following verification of their biographic and travel infonnation against
these high risk populations, passengers are then checked against low-risk populations using a
known traveler number submitted with their airl ine reservation. Only travelers who have not
matched against these previous checks are then considered for designation as low-risk travelers
and only if they have not been disqualified for

••••••••••••••••••

participation in TSA Prev'™ stemming from a violation ofTSA security rules.

are still
Passengers designated as TSA Prev'TM eligible
subject to physical screening measures including a combination of randomly applied and
required measures. Required physical screening measures include inspection and verification of
r
rty,
travel documents (identification and boardi ng pass), x-ray inspection of all accessible pro
and individual screening, in most cases through a walk-through metal detector (WTMD).
Travelers designated for expedited screening may be subjected to random security measures that
include Behavior Detection Observation, explosives trace detection, explosives detection canine
teams, and AIT at checkpoints where available. Additional random security measures are also
employed at departure gates and other areas of the airport. As noted in the August 8, 2013,
Action Memorandum (attached), the technologies and screening procedures for passengers
designated for expedited screening far exceed international standards used for general aviation
security.

that warrants immediate action.

9

for use al some TSA Pre"'™ screening checkpoints and is requested as a prefened
WT'MD 10 alann.
10
ACTION MBMORANDUM: from Victoria Newhouse and Kelly Hoggan, to John S. Pistole, T.SA Pre,l'N•
••••••• 8,2013, pp. 3-4
AIT equipment is

available

physical screening method by some passengers with surgical implants that would cause the

ll
l
t
R
nWG .Thl
i ·
···"'
..
.
..
1
..
sulllht
S
e
e.
..
.
11
•
•
l1
ll llo
•••ll'
o
lltd..
.
..19
G
ftll
plFll
11
..
.
1520Nop�
ofdlla
Alyi.re.
��1
0
p<I
..
.,
.
-111,.,.1
.
.
.
..
.
to
...
..
..
...
••God
t ta
.
,
GFR
1'1
1'11
15
..
.
.
•1
111
lh•
'Al�•
IRd
1sao,...
....
p
1111
...
,
,
...
A
dMl•l•lrllor
o
tdlo
T
....
,
..
.
. do•
s
..
..i�
"d•l•latNdo•
••
•
h•
s
..
..
.
.,.
. offF
'H
lpoA.ldOR1
l
o
1
u
1
ho.U1d
l
l Go
deHt"'">
r
re••ll
l
o
th
ii
p<n1111
or
otbtr
••II••Fer
ll.S.19'•..,
.
..
,
•
&t•detipablle
dloelt
e u
R
ta
ao"•A•d
b
y
5
.S
Hl
n
d

nd
IRO
49
GFR
por
ll
15

13
SENSITIVESECURITYINFORMATION
l el:lneer49CFRparts15
WARNl�
JG:Tl'lisFeeere
eentainsSensitiveSeel:lrit·1•lnferfl'latientl'latiseentrele
ane1520.Ne13art
ef
tl'lisreeereFl'l3'feeeiscleseete13ersenswitl'lel:lta "neeeteknew, " ase
efineein49
CFR
paFts15ane1520, e
>weptwitl'lthewrite
t np
e
rfl'lissienef
theAefl'linistrateref
theTranspertatien

See1:Jrit;·Aefl'linistratiener
theSeeretaryefTrans13era
tt
ien. Una1:JtherizeereleaseFl'layresl:lltineivil
13enal
tyeretheraetien. FerUS.
. gevernfl'lentageneies, 131::1
elieeisclesl:lreisge•1erneeby5US
. C
. 552
.
ane
49
CFR13arts15and1520.

 SENSl'fP.IESECURI'fYINFORMATION

'�:1J�:.1t"'

a
't:...
��
�
·�
q,,.DS�c;

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 I www.oig.dhs.gov

SENSITIVE
SECURITY
INFORMATION
6
Through the development and application of risk-based security principles, TSA has focused on
developing effective and sustainable risk mitigation and risk management solutions to ensure our
security measures are effective, flexible, sustainable, and focused o n preventing catastrophic
terrorist acts. Prior one-size-fits-all security measures concentrating on identifying certain high­
risk passengers, finding dangerous objects, and otherwise attempting to eliminate risk are simply
not sustainable and fail to provide the best security value to the American people.
An important part of providing the best security value to the American people is to identify low­
risk airline passengers so that TSA may better focus its limited security resources on passengers
who are more Likely to pose a threat to civil aviation.11 The notion of identifying low-risk
aviation passengers so that screening resources can be directed to higher-risk passengers pre­
dates the creation of the TSA. In 1997, the White House Commission on Aviation Safety and
Security recommended that the Federal Aviation Administration (FAA) work with airlines to
support the development and implementation of nascent automated passenger screening systems
that separate passengers "into a very large majority who present little or no risk, and a small
minority who merit additional attention."12

After creation of TSA, Congress and others have continued the theme of directing the Agency to
allocate scarce resources to provide the best security value. For example, in its final report, the
National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission)
recommended that:
"Hard choices must be made in allocating limited resources. The U.S.
Government should identify and evaluate the transportation assets that need to be
protected. set risk-based priorities for defending them, select the most practical
and cost-effective ways of doing so, and then develop a plan, budget, and funding
to implement the effort .... In measuring effectiveness, perfection is unattainable.
But terrorist should perceive that potential targets are defended. They may be
deterred by a significant chance of failure.13"

As directed by the 9-1 l Commission and the Congress, TSA in fact is making hard choices to
provide the most transportation security using the resources available. These choices include
identifying low-risk passengers so more effort can be directed to high-risk passen gers or those
11

See the corresponding discussion in the SORN that aMounced the TSA Pre.I™ Application Program,
Privacy Act of1974; Deportment ofHomelandSeClll'ity/Tronsportotfon Security Administrotion-DHS/TSA-021
TSA Pre./TMApplication Program System ofRecOl'ds, 78 Fed. Reg. 55274 (Sept. I0, 2013). Under that
program, individuals submit person al data to TSA, which conducts a security threat assessment.
Applicants who meet the standards of the assessment are issued a Known Traveler Number for use when
traveling. Passengers with KTNs typically receive expedited screening at airports with TSA Pre.ITM

expedited scree ning lanes.
12 White House Commission on Aviation Safety and Security, Final Report to President Clinton, SC(:. 3. 9 (Feb. 12,

1

.
2fin-l.htmll.
1997), found at www.fasoWicp!lhrea!/21
13 See Final Repon oflhe National Commission on Terrorist Attacks Upon the United States," page 391 (July 22,
2004).
1l
le
A rtll 1
H<ll�"!NG.nll
;eee.d
tuo
..Stooltl
•
tSeurir,lafer11111l
a
111i
a1II
t
""lrelled
••dtl'
49
GRl
p.,.111
15
ud
IDO.�
·
·
pt
re
l
ro
ec
rd
m)be
dlld
...d ptr1001
..
11o
1t •
I
•
"
10•d
1
0
lato
..•,••
d
eftM<lI•
19
GFR
pom
IS
Hd
1
5i8,cuepl"1th
Ill<
u
llt"'
0l
r l
ll e
o lH
l •l
ptrmlnlo•
el
th
Ad•l•ll
l rater
e
rt�•
l'No1port11ioo
SU•rli,�d1tllh'
1
lloe
or
llli
c
S.ere11.,
8'1
rtn
'
1pol
.
h8'1
..
d
rtltMe
FllJ
FtMll
l
o
eM
I
peaaller
j' elh•
••lie
•F
e
r
II.&
1e•�•
•
•
..
l
11t1HoiH,
p•b
ll
•lll
Sflet•F<II
1•
•
troedb
f
5
\l
..s.G
H2
11d
49
Gl'll
po
Fl
I
S
l ad
1!99

to

14
SENSITIVESECURITYINFORMATION
1NA
f rmationthatiscontrol
RNING:Thisrecorelcontai
nsSensitiveSec1:1ri
tyIno
mel er49CFRparts15
l eel1::

anel1520.Nopartof
thisrecordmaybeeli sdosedtope
rson s
witho1:1ta "needtoknow, " aseleflneelin49

CFRparts15and1520,eiEceptwiththewrittenpermissionoftheAelministratoroftheTransportation
Sect1ri
ryof
Transportation. Unat1thorizedre
le
aseffiayrest1ltiAcivil
tyAdministrationortheSecreta
. . 552and
peAal
tyorotheraction. ForU.Sgovernme
.
ntagencies, p1:1blicelisclost1reisgovernedbySUSC.
49CFRparts15anel1520.

 SENSITIVESECURITYINFORl\ilATION

�'�"" �
s"

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington. DC 20528 I www.oig.dhs.gov

SENSmVE
SECtlltlTY
INFORMATO
I
N
7
for whom risk is Wlknown. As noted by the 9-l l Commission, perfection
however, a broad-based, sustained effort may deter terrorists.

is

unattainable;

Congress has solidly supported TSA's efforts to identify low-risk travelers for expedited
scree ning in annual appropriations bills and in its oversight ofTSA efforts in this regard. For
example, in its report on the proposed fiscal year (FY) 2015 appropriations for the Department of
Homeland Security, the Senate Appropriations Committee stated that:
"TSA should be commended for streamlining screening procedures forTSA
Pre,;'TM travelers, children under 12, senior citizens, flight attendants, and active
duty military personnel. These expedited screening measures are beginning to
yield security, budgetary, and economic benefits to both the agency and the
flying public.14"
Similarly, in its report on the proposed
Appropriations Committee stated that:

FY 2015 appropriations for DHS, the House

"The Committee is encouraged to see that TSA is actively pursuing efforts to
better focus its resources and improve the passenger experience by applying risk­
based security measures to its screening procedures."
"While TSA Pre""™ offers great promise; a critical mass of participan.ts is
required for the program to achieve its objectives of enhanced security and
efficiency. Therefore, the Committee directs TSA to continue to accelerate TSA
Pre""™ enrollment.1s..
TSA was well aware of the concerns about automating risk-based pre-screening
prior to implementing this policy decision.
Viewing this matter in context with the numerous other improvements made to aviation security,
current intelligence infor mation, our counterterrorism mission, and other layers of security, the
decision to automate designation for expedited screening or to
- is a determination of the operational efficiencies gained or operational iinpact imposed.
That decision falls within the category of establishing aviation security standards and regulations
that is statutorily the responsibility of the TSA Adrninistrator.16

·····

••••••••••••••••

···········

•••••• demonstrates our continuing assessment of potential low-risk populations.
Assessing risk supports increasing the efficiency and effectiveness o fl••••••

passenger screening system by allowing TSA to focus limited resources on those passengers

about whom we know less, while providing expedited screening for those we know more about

" U.S. Senate, Committee on Appropriations, Department
Committee Report, S. Rcpt. 113·I98, p. 71.

ofHomeland Security Appropriations Bill, 20IS

u U.S. !:louse, Committee on Appropriations, Dcpartmcm of Homeland Securti y Appropriations Bill, 20 IS

Committee Report, H. Rept. 113-481, p. 69.
16

See 49 U.S.C. § I 14(d).

HollRfl.WG.Thlo
rt•erd
uotal11S.01ldesr
..
rll)lnfer..,1
1
h11
lo
eool
r
olhdHd
<
r
49
Cl'R
pe•1l
*5
o
p1e 1
ohhlo
1lao
aod
1528. N
t'ttOl'd-wtaf bt dltd..,d
to
ptrtn
ot
•llhoot
1"8et4 to
kll
o• "..
d•�ned
ln49
€FR
p11b
15
and
15i9,uet
•llb
the
••ilt
pt
l u
P
•
•
•
loolon
er
l
ht...
.
..
1.
1
1
1roto
r
or
lhe
Tr1n1port1don
S.•••ll...
) dmlnlalrd
o oa
Of
the
s.
...
..
..,
0FT
1
111po1
'*lloo
.llon1ho1
bed
rl'I••Y
reauh
la
el
II
e
l
h•
•
Hde
a
,Fer
ll
li
,
&••tr11
• •ll
1 •t<•d•i.
pobll
r
dii<leu"
I
'
&01<rn<d
b
}5II
.Ii
.
€.552
aad
P<••ll)'
er
'9
€F
pa
r to
15
Hd
1528
.
R

.

15
SENSITIVESECURITYINFORMATION
NARNl
1
�IG:This
reeoreleontainsSensitiveSee1:1ritylnf:ormationU=iatiseontrolleel1:1nele
r49CFR13arts15

anel1520. Nopartof
thisreeorelma•
;eeeliseloseeltopersonswitho1:1ta "neeeltoknow," asdefinedin49
CFR
theAdminis
tratoroftheTransportat ion
partslSanel1520, eJ<ceptwiththewrittenpermissionof

See1:1r
ityAdministrationor
theSecretaryofTransportation. Una1:1thorizedreleasemayres1:1ltineivil
. governmentagencie
penal
s, p1:1eliediselos1:1reisgovernedeysUSC.
. . 552
and
tyorotheraction. ForUS.
49CFR
parts15and1520.

 Washington, DC 20528 I www.oig,dhs.gov

SENSITIVESECUitt
T
J'INFORMATO
I
N
8
either as identified members of a trusted traveler population, or as members of groups for which
there is little evidence of threats to transportation security.

ENCRYPTING COMMERCIAL AIRCRAFT CARRI ER BOARDING PASSES-

TSA explored encrypting boarding pass barcodes and incorporating········
Following discussions with Airlines for America (A4A) and the Internai
t onal Air

•·

Transportation Association (IATA), TSA decided not to adopt this approach for two primary
reasons. First, implementation is not feasible for some airline operators due to a limited number
of available boarding pass fields in their systems. These fields are currently used to encode other
information, and requiring airlines
would be disruptive to
conunercial business operations. Second, encrypting boarding pass barcodes is cost prohibitive.
Airline stakeholders estimated the cost of compliance with a TSA security directive requiring
barcode encryption was over $500 million.17
Due to these considerations, TSA decided not to require encryption and adopted a more cost­
effective digital signature approach to address the concerns associated with····

CREDENTIAL AUTHENTICATION TECHNOLOGY
Since 2009, TSA has pursued CAT, a system that would provide passenger prescreening

information via a network connection to Secure Flight. The decision to leverage exist
n
i g
investments in Secure Flight and TSA's network infrastructure will significantly reduce industry
cost and technical development while increasing the security of boarding pass data. TSA is
moving forward with a phased implementation of CAT.

TSA's Office of Security Capabilities made a CAT award in April 2014. This award was for up
to 12 systems that TSA will test against both functional and operationally requirements to assess
suitability and effectiveness. Testing is scheduled to begin in fall 2014 and, pending success,

11 INFORMATION MEMO from TSA Administrator John Pistole to OHS Secretary Janet Napolitano, Printed
Airline Board/Ilg Pass Vulnerability, October 25, 2012.
FR
pol'19
15
ud
15�8
11'
1
IRi'IM¥; .Thlo
1
co
e 1
d
coolllns
S
..
ti
doc
Seturllldor.,.tloo
)
th
1
1
It
<n
rduodrr
49
G
.l\'o
p11'
of
!h
it
0 tro
l
l
.....,.._ �dltrlooed
10
lh1
' rlHcn
p
.,..on.,,ltho
•
U"
o
ud1ele
lll�·
,11dtll
udI•
'9CFRpll'IS
ISud
1519,uorp
l�11>
pr,.
lts
iuof
•he
�d•l•ltl'H!e
r
af
•h
T•
H
lade•S••••llY
•d•inlth
1dan
or
,
..
Se.,
el•'YcrfT•H1par"'Uaolluu1hF11ed
spu
rll
rdrw
••>
r<Hl
t
le
r
lIt
pn1llor
) otl>rr
oo . For
ll
.&
N
111<nt
1seoelco,
•Wirdltd
e
,.r<lt
g
otrnrd
.
•
p
b) �ll.S.G.55lud
4
9CFR pol'ISlhod
1
518,

16
SENSITIVESECURITYINFORMATION
WARNING:Tl=tis
eentrelled1:1nder
49CFRparts15
reeerdeentainsSensitiveSee1:1ritylnf.erffiatientl=tatis

aAd1520. Neparteftl=tisreeerelffiayeedisee
l sel
e tepersenswitl=te1:1ta "Aeeelteknew," asdefinedin49
C
FRparts15aAel1520, e)(eeptwitl=ttl=tewritte
nperffiissienef
tl=teAdministrateref
tl=teTranspertatien

See1:1rityAelministratiener
tl=teSecretaryefTranspertatien. Una1:1theri
zedreleaseffiayres1:1ltineivil
penaltyeretheractien. FerU.S.gevernmentagencie
s, p1:1elic
diseles1:1reis
geverneelby5USC.
. . 552and
49Cr;RpartslSans1520.

1••

 S
ENSITIVES:ECU:Rl'f"iINFORJ\ifA'fION

��<.1,,.0 s��

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 I www.oig.dhs.gov

SENSITIVE
SECURm'
INFORMATO
I
N
9
should be completed in early 2015. At that time, TSA expects to award full rate production and
begin deploying CAT systems at all federalized airports.

.'RIM
W.
IRIHll
6
rceo
o
d
•••••i
u
ScaliU••
Se<>•r.,
l lno
f rm1lloelll
a
1
b
re
n
1reHe
d
•
•d er
49
CFR
p1
rl11
5
Hd
11
§ ,
0H
o
e
r
tlls
porl
�be dloe...
l d
to
p
c
n
o
o
u
1111l>0el
1
"
•ed
t lo""°''\••
dellaedl•49
€FR
15
1od
I
R
G1e1<epl
•
llUhe
,.
•l
l le
n
iw
rtt
ptr11
11
•
o
1io l
th
Ad
11lnltl•a1or
1
erle
b Tn1t1N1l
r l
•lUSu•ri,
l
1
!0lrd
r
the
s.
...
..
. o
r
ttea1,eFlld enlloaalherlle4
l Ad111
a ue
.,.
1 tote.
tl
..
,
1t1ah
h1
d
o
ll
Oi
o
ilieraed••
·Forti& 1••
••nt
11<••l<
t
q
M1bWr
di,.lo1•re
I
t
10
"
'"di�l�551-H6
a ee1
ptldl)
49
ERl
r
ll
15
Hd
15
2
1.
po

17
SENSITIVESECUIU'f'
fINf"ORMAllON
WARNING:Tf:tis
reeerEIeeAtainsSensit
iveSee1:1ritylnferrnatieA
tf:tatiseentrelleEIl:lAEler49CFRparts15

aAEI152
0. Nepartofthisrecordmayeedisclosedtopersonswitho1:1ta "AeedtokAow," asdei
f nedin49
CFR
parts15and1520, e
)(ce13twitf:ttf:tewrite
t n13ermissienef
the
Adrninistrateref
tt
f: eTraAspertatieA
Sec1:1rity
AdministrationortReSecretaryofTrans13ortatien. Una1:1tl'lerizedreleasemayres1:1lt
1i1
inci·
13enaltyorotl'leraction. ForU.S.governmentagencies, 131:1el
icdisclos1:1r
eisgovernedbysU.S.C.SS2anEI
49CFR13arts15anEI1520.

 SENSJ'flVESECURITYINFORMATION

�

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington. DC 20528 / www.oig.dhs.gov

SENSITIVE
SECURffYINFOltMJ\TO
I
N

U.S. Department of Homeland Security
Transportation Security Administrati.on (fSA)

�
�

••

Response to OIG Draft Letter Report, Alleged Use of the Risk-Based Rule
1
1 SecureFllght
- Sensitive Security Information

Recommendation#1: Explore the feasibility of encrypting commercial aircraft carrier

boarding passes
TSA does not concur. Cost and feasibility were explored with stakeholders in 2012. TSA

decided to pursue a more practical and affordable solution utilizing a digital signature.

Recommendation #2: Continue pursuing Credential Authentication Technology TSA Concurs. TSA is pursuing Credential Authentication Technology and recently awarded a
contract to begin operational test and evaluation of this technology. Based on this contract
award, TSA believes the recommendation has been implemented and requests closure.

Recommendatio#3:
g
Ensure Credential Authentication Technology is fully functional -

TSA doea not concur. The current level of risk associated with

is

mitigated by a range of security procedures and technologies currently available and/or deployed
byTSA.

Attachment

1
6cc•rll)
ll'
i
llf/lhtffi .'Alt
rc<01
d
coelllH
Scot1
1
..
l
nler•tll o
n
lhal
11
•
•
•lrelled•ode
r
49
Gl'R
par1t
15
a
nd15i8.No
. 11
o
f
t
his
pa
", udcfi
11cdl
1cto1d
MW)
btdlscloocd
l
o
11l1bou11"
weed 1
0
k
n
o
11
o
•
9
GFRP"
•
'"15
ud
I
Slt ,u
ccp l•
llb1b
o
11ll1
tu
pc1
1 a
ot
dea
Setorl
pcrm
llll
e
a
eflbr
A.dmloltN
l IO r
eflh•
Tru1per1
1
nltlflliener
llte
Secrc•.,
efTrHtpe¥111ion.ll1
1 111ho
1
l!oed
l)Adml
l Fer
1
...
1eu..
.
,
•eo
llh
l
a
t
i•"pe
•
1herutieh
1
.S.aa
••••••
•1•••1
..,publl•dltol
eou,.ltg"""'db)'Sll.S.G.551oad
oll)"0
•9
GAi
parU
15
.,.4
1519
.

.

18
SENSITIVESECURITYINFORMATION
WARNI
NG:TRiSrecorelCOAtaiAS
SensitiveSeclirityIAformatioAtRatis
COAtrolleel1;1neler49CFRparts15
aAel1S20. Nopartoftl'lisrecorl
c ow," aselefi
e maybeeliscloseeltopersoAswitROlita "neeeltoln
neelin49
CFRpartslSaAel1520, exceptwitRtl'lewrittenpermissionoftl'leAelministratorof
tl'leTransportati
on
i
v
il
Sec1;1rityAelministrationor
tl'leSecretaryof
Transportation. Una1;1tl'lorizel
e releasemayres1;1ltinc
tyor
otl'leractiOA. F
orUS
. .governmentageAci
es, p1;1blic
elisclosureisgovernedbysusc.
. . 552
ana
penal
49CFRparts15ana1S20.

 SENSITIVESECURITYINFORMATION

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 I www.oig.dhs.gov

•
.. ...
.
:
�

AOO- 8 200

l .S. O.pemnt11t •fll-lood l>c<vrltr
Offietof....,11ri1,1 Opcral601 !>ouch 121/t su.c.
Arh11J1on. VII l05�B

Transportation

Security

AdminiStration

ACTION
MEMORANDUM FOR:

John S. Pistole
Administrator, Transportation Security Administration

FROM:

Victoria Newhouse /st
Assistant Administrator. Office of Risk Based Security
Chair, Executive Risk Steering Comminee
Kelly Hoggan /s/
Assistant Administrator, Otlice of Security Operations
Co-Chair. Executive Risk Steering Committee

THROUGH:

cdl.
�� tor

John Halinslci
Deputy Ad

••••••

SUBJECT:

TSA Pre.I' TM Risk Assessment Rules

AITACHMENT:

I. TSA Pre .1"r:11 Ri�k A.,�essment Rule., ••••••
••••. RBS Principals Meeting, August I. 2013
PowerPoint Presentation, Version 6 -

Background
In January 2013. the RBS Executive Risk Steering Comminee (ERSC) recommended
implementing

WAR�R�
Q
' ·T
h"dee•111�1
eeA18
l
n
$
i1y
lofaFA1a
1
1
e
A
111
111"'
e
oAr
i e
lled••de
r
19
CTR
paftS � 11
d
15
2
9.�
.
o plft
S
<A>ill •
S
••••
e
f
llli
s
da•
•
FAA
•I
m
a
. be ;ele.,;ed
le
�
·�•l
"
i
l
a
hw1 a
•eed1e
Jlaew.as
defieed
IA
19
(
FR
'
p��
lj
t11
d
IUO,.,
,
,.
,
, ilh
Ill
•

if
iffc!ft
p
cfft'lissi
enefthe
Acfn
11n
s
!
�loref
Ml>e
T
r
t
1: t
See
tt
A
l-)
.
Y
m
i
nbt
tatien
er
UteSce
t"etil:I>eF1
t'lflspertlit on.
c
d
i
sclu Juicil
5
. "'
"
"""
''
" aµ11C1cs;
pdbh
ochoa
F
tiil;J
tc
sul
t
m
cnil
pc
11
u
lt
7molh<1
p
�lil&Lt1!101uA1 ...i.._ """
ncmc
d
h1

5-��

19
SENSITIVESECURITYINFORMATION
WARNI
NG:H1is
reeerl
e eeAtaiASSeAsiti't'eSee1:1rityIAfermatieAU�at
iseeAtrelleell:!Aeler49CFRparts15
anel1S20. NopartofthisrecorEimaybeEi
iscloseEitopersonswitho1:1ta "neeeltolmew, " asEiefA
i el
e iA49
e ministratorof
CFRpartslSanel1S20, mcce
ptwiththewrittenpermissionoftheAl
theTransportation
See1:1rity
AEimiAi
stratioAer
theSecretaryofTraAsportatioA.UAa1:1theri2ei
E releasemayres1:1ltiAe
i
't'
il
. go't'ernmentagencie
. . 552aAel
penaltyorotheraction.ForUS.
s, Pl:lblic
.
elisclos1:1reisge't'eFAeelbysusc.
49CFRparts15aAel1520.

;penat:in
e

 S
ENSI'ff\i'ESECURITYINFORMATION

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 / www.oig.dhs.gov
S
ENS liIVESECU
RllYINFUR
M
AlU
l N
2

As that concept moved forward to OHS for

raised concern about using

concurrence,

Acting Deputy Secretary Beers

and asked for an independent evaluation of the

before moving forward with that component piece. As a result. the decision was

Adopting the expanded

is a reflection of our continuing

assessments of potential low risk populations in support of our goal to expand the number of

airports currently panicipattng in TSA Pre-'™ and to achieve our goal ofpro,·iding expedited

i.crecning to 25% of the tm-eling population by the end of calendar year 2013. 1bis goal is
further highlighted in the Senate Appropriations Committee FY20l4 Report Language that
requires you to certify no later than December 31, 2013, to the House and Senate

Appropriation Commiuees that".. . one in four air passengers that require security by the

is eligible for expedited screening withoUl lowering
Transportation Security Administraion
t

I-

risk

low
passengers was
security standards." Using
independently validated by Mctron Jnc., and provided to TSA'iiiici OHS in the DHS S&T Rule

Learning and Evaluolionfor TSA Set.:ure Flighl: Preliminary Rt!sults Repori published on
October 5, 2012.
Discussion
It is important to remember that all passengers undergoing expedited screening arc subject to
physical security screening measures commensurate with

or greater

standards. The TSA Pre./™ Risk Assessment Rules do not

than international security

use race, ethnicity,

or national

origin infonnation. The approach taken to defining and implementing these risk assessmen t

rules aligns with Secretary Napolitano's memorandum of April 26, 2013 regarding the

nondiscrimfoatory use of race and ethnicity in screening and law enforcement activities.

for calendar year 2012, and the No Fly
List contained in the Terrorist Screening Data Base (TSDB from December 2012), a baseline
level of relative risk for the entire passen ger pulation was established. As noted in the
Metron report. statistical evaluation
indicates that
••
do correlate with risk with respect to 8ClS of terrorism with an ove
rall merit score1 of

Using

po

•

•••

�,

merit in identifying both high and low risk sen rs). Using
to classIfy passengers as low-risk has a merit :icore o
, while the
have very low utility for classifying high-risk as retlec:ted in a merit scores ofjust

1 Merk sc:ore reflecu lhc accuracy ofclassi fication on a scale from 0.0 to 1.0, wbcfc 1.0 reflecU perfect
classifica1ion. 0.5 eJIPCCled from random cltisif'ication. and a value ofO.O indicauna misclassiftcalion ofpasengcn
by h.i&h or low risk.

....

..

\
W.Rn!tl0 .l'hi'
doeo 11
1eo1111ti11S
S..
1Sih
•
e
S..uril)l11fo1
1
& th8I
1
i
a
<Oiltn•lcd
l
o<1cr
t9
€f'R """5 1-! aae � '*'
erlhis
deewA
I
11\li)
be
1
e
l
....,i topeoena
*'lh
eo1
1
a
need I0""8o.at
ole!Jfted
I
n
C9€1'!\ ,..., � tlld- 1
529 .-pt
nilllIll
e
....polffl
•
..,.. U
ff
l
llll
eflhe
1
dmiftsu101
i
of1
be lr-i
111
ioi 1«>nSc
•
"""
I>
Mlmint1tr1.11
&11or
tllt
Secn:
111
1
oF'fran<Jpcun
iou.
lllh
orir<drd
._
m&)
1&ilt
I
n
e
h
ii�orelllef- For
ll
S
•
ftt ._ p
�
blledllel-K
IS&
<
n
m
..i l!y
. .80
!lJ!>E
. .!52

20
Sf
NSITIVESECURITYINFORMATION
WARNING:ThisrecordcoAtainsSensitiveSec1;1rityIno
f rmationttl
' atiscontrolled1;1nder49CFRparts15

e toknow," asd
e
finedin49
and1520. No13artofthisreEOrelmayaeelisclosedto13ersonswitho1;1ta "neel
cmi:iarts15anel1520, excei:it
withthewrite
t npermi
ssionof
theAdministratoroftheTransportation
l
e
ase rna'
fres1;1ltiAcivi
l
Sec1;1rity
AelministrationortheSecretay
r of
Transportation. Una1;1tl=10rizeelre
. .governmeAtagencies, p1;1alicdisdos1;1re
. 552
.
penaltyorotheractioA. ForUS
isgoverneaby5U.SC
aAd
49CFRpat
r s15ana1520.

 SENSIIlVESECURITYINFORMATION
m�
,
:71-

�

\G1n1��

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington. DC 20528 I www.oig.dhs.gov

<
S
f!NSlTl'V£SECUIUfY
INFORMAilOlI
3
in t
Add g he llllllllllllllllllllllllllllllllllllllllllll
classification element of a Secure Flight rule s
e
t in
creases the ment scoe
r for low-risk
travelers to-.
The TSA ERSC established an Integrated Project Team (lPT) consisting of representatives
from Security Opera.lions. Intelligence and Anal sis. Securi Caabilities and Risk Based
from a volume and systems
Security offices to: I) evaluate proposed
risk perspective: 2) evaluate the relative risk o
; and. 3) provide
l"C(:Ommendations to the ERSC regarding rules �tting, risks, and potential mitigation actions.
The IPT analysis shows several marked resullS useful in e11tablishing•
llll .
llll •
low risk traveler rules as follows:

The two secondary areas ofconsideration raised by !PT members were potential impact on
TSA credibilit and the im ' l on TSA Prew'TM Trusted Traveler ro ram enrol lment if the

i tlw i
l!!AJU lll>I
C
;
'Rit...,
t ..,,,.
•
•
,
-i.1,..
Senoi
t1 e
Seltml)1
.
r.
.,
111
,. on
•
e
onll'till
ed
wnder
49
S
FR � 1-S Md
1528.Uo
pM
ef
lll
i
•
oleOUffleallNl)'llUel
llOlod IOplfleBS.�llwlul.--.l t&� d
di1"!di
ft49GFR ,..i. *!1114 �......wlt!Hhe
....,_ P
•"'"""'""e
F
lll
eAdm1•1-ror
v..
i:.w,�o•
i Seowil)
hdminittl'il!a
ft
er
!he�ofT-tpet-.loo•
IJ
1111
1hafiiled
1
re
l-RIA
)
-i1
IB
e
;ti
jMMl
l)91
Miler
..
.Feitt:9: 8
8...,
,.,
.,,
,
11
0
ui
..
.
'llillle
dke
l
....
15
.,. iPICiiled
bj
Hl:S.€;�.

21
SENSITIVESECURITYINFORMATION
WARNING:Tl=tisreeereleeA
tan
i s
SeAsiti
v
eSee1:1ritylno
f r
matieAtl=tatiseentrelleel1:1Aeler
49CFR13arts15

aAel1520. Neparteftl=tisreeerelmayeeeliscleseeltepersoAswitt
l= ot,Jta "Aeeeltelmew, " asel
e
fiA eeliA49
tl=teAl
e A
F iAistrateref
tl=teTraAspertatieA
CFRparts
15aAel1520, e>EEe
ptwitl=ttl=tewrite
t AperFAissio
nef
leasemayres1:1l
Seet,JrityAelmiAistratieAertl=teSeeretaryefTraAspertatieA. UAat,Jtl=torizel
e re
ti
Aeivil
peAaltyerotl=teraetioA . ForUS.
. ge•
JernmeAtageAcies, pt,Jelicelisclest,Jr
eisgo
verneel eySUSC.
. . 552aAel
49
CFRparts15aAel1520.

 SENSITIVESECURITYINFORMAl'ION

�9
�

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 / www.oig.dhs.gov
S
fl<ISJTIVeSeCURff
YH<iPORMAFI
ON
4

international security standards. The ERSC also considered the negative aspects ofeach
i oii
i den
b yth
fiedilil
t f the expected introduction of
ion lil
t
s li
n il
tli
o pii
t· Jfijti
lll iile iIPTwithinligho
iltiiilli
iolif iiihe liirru i··
the next 6 months.
in

•

1

1

During ERSC deliberations, several general principles were agreed upon to guide this policy
recommendation. first, the ERSC concurred that we should establish as the baseline level of
acce table risk

WhRNll'
I
G°RHJ
·
doe•"'
c
111
eo1
1111i
m
Sceliti
l e
Sce
111
i
t"anMtt
eallll
is
l eo1111o
ll
49
CFR
U
i)
hl
.,..
_, » 111d
i8 .No1*t
cdllllClor
i
efdtisdo
., !-! a
""
""
'"'
"' "l
be f'llffle4 IO
4
9
id
�
t
d
i
e
€FRpll
9;eM:cpcwid
pcl'IOM
.,ifbot1U<MN��in
� p-�io11
of
Ille
Adrnm
ls"'orof
Ille 'FNn
Oll
)
o\
d
mln l<ilnlioft
oi
the�of1'1•.,.,...ta11or1
...,.
I
. !iecif,t
I
U
11
111
th-.lN
iffoe
ll
Ch
ii
ll
e Oll
i .fOf
11
.S
.IO•Cl'l
l
llllCll
"""'
·
d
tdb)
pcMll)
or
OU.Cl
p•blie
ditd-�
&o•t111
m.,"'9>111
*
511
S:
. C.552:

22
SENSITIVESECURITYINFORMATION
WARNING:ThisrecorelcoAtai
AsSeAsiti1JeSec11rityIAforFAatioAthatiscoAtrolleetl:IAeler49CFR13arts15

anel1520. Nofa
:} rtof
thisrecordFAaybeel
i
scloseeltopersonswitho�ta "neeeltoknow," aseefiAeetiR49
CFR
parts15aRe1520, e
xceptwiththewritten13ermissioAof
theAelFAiRstrator
i
of
theTraRsportatioR
nistrat ionortheSecretaryofTransportatioA. Unal:lthori:z:eereleaseFAayresl:lltinci·
«il
Secl:lrity
AelFAi
e ey5us
13enaltyorotheractioR. ForUS
. .go1JeFAFA
CAtage
Acies, J3l:IBlicelisclosl:lreisgo1Jernet
. .c.552aRet

49CFRparts15aRet1520.

 SENSITIVESECURITYINFORMATION

£\�&\st'G1'��
�q""°

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 I www.oig.dhs.gov

SEl�SfAVESECURITYfNFORMATlOtJ
5

.

..

.,

...

W
t,.�
IP<:i
' 'Rl
i
5
deflffN!l
t
eeo!IMs
S
l!Mili"
•!i
eE
eoth•
15e
•
nlrelled""d•
49
G
Fll pil'IS 15
•
•dI529. No p1tt
wfli,lee
f Ml•l
l>e
efllli5
deeutfte•
t
..,1.-d
le
n• •
l
lh8dh need
le
Bl••>,e1ftf!ftc611t49-€ffipim U
lll<l1529.ex<q>t
w
hlldiC
fM)
pene
u
,.j
a.
1>p
eAni.55
1••ef!M
Aemit!1
s
T
-••FIAlieft
fll
i
Ai<lr•U8fter
lhe �ef'frenspel'ltitOft
1A1er eflhe
SeatA�All

. g
'
YAOl
lll
l lM'NedNl--ir-1tlfl
elll
e""""
"
'
"
i
ed15elestJfei
1
co•tt"11edb)
peMl'7ereW-�FerlJS
�l'iHbl
"81M

5
Y
S
. G
. .551.

23
SENSITIVESECURITYINFORMATION
WARNI
NG:This
rceoreleoAtaiAsScAsiti·1cSce1;1rityInformationthatiseoAtrellcel1;1Aelc
r49CFR13arts15

aAel1520. Nopartofthisr
c
eerelmayeceliselosceltoper
sonswitho1;1ta "nceeltoknow,"asel
cfA
i celiA49

CFR13a

15aAEI1520,C
><ecptwiththewrittc
ApcrmissioAoftheAelminis
tratorof
theTrans13ora
t tion

Sce1;1ri AElrninistratioAer
theScerctaryofTraAsportatien. UAa1:1theriwEIreleas
ernayres1:1ltiAeivi
l
pcAaltyorotheractioA. ForUSge•1cmrncnt
. .
agencies, p1:1elicElisclos1:1rcisgovcmceley5US
. C
. .552aAEI

49CFRparts15anEI1520.

rts
ty

 SENSITIVESECURITYINFORMATION

�

ak

�
��
(�1'D stc;

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 / www.oig.dhs.gov
SE?<ISff!Vl:S
E
CURiT't'fNFORMATiot�
6

"JA;.�J
ll'IG 'Rl
i
5
d-lfl<ftf-Yi11$ s.a.- �
lfA
I)
.
IArm-oe
fl
....
i5
lfll
ll
C
d
und
er
C9
GFI\pcU l$ ill!& � NoJIM
e
flll"deNlfte..
I
ffl_,
lie
ffleled
le
11-•
i>e•ll1
....
ie
.i """'
'· * �
e
O..
edla49
eFR,.u 15 olld1520.""
eept
�
Ill
e
lh
)
of
T
c
'ftat
pol'bt!UloScet#11)
1
Wl
1101101
ft lnut1 1
Ad
11l:1t1110r
l
oF'*i
l
•
c
S<ciebof
..,.,
tlctt
pen1...
1
1 ion
oFll
c
l ftl
oaupal<l!illft
l:!
,,.,;.'>oril!<dr<:lcaic
�
MUii
ill""' �•CIU'ocr
eetia
F«
l:!5
•
J
C11
e
1
es;
public
dl:te�c
is
goocmed
h)
. 111cmft1Cnl
5
l:!SG
. .Sil

24
SENSITIVESECURITYINFORMATION
WARNING:Tl;isreeorl
e eoAtaiAsSeAsitiveSce1;Jrit·;IAforFAatioAtl;atiseoAtroll el
e 1;JAeler49CFRparts15
aAel1520. Nopartoftl;isrecorl
.vitl;o1;Jta "neeeltoknow," aselefiAeelin49
e FAa'IBe
eliscloseeltopersons·
CFR
parts15anl
e 1520, e
>Ece
AperFiA ss
ionof
theAelFAinistratorof
theTransportation
ptwitl;thewritte
Sect1rityAelFAinistrationorHieSecretaryofTransportation. Una1;Jthoriz
el
e releaseFAayres1;Jltineivil
penaltyorotheraction. ForU.S. governFAentagencies,p1;JBl
icelisclos1;J
reis
governeelBySUS.C.
552
anel
.
49
CFRparts15anel1520.

'

 SENSITII
' ES
E
CURITYINFORMATION

�'i�
-

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security

'-iivo Sf-c;

Washington, DC 20528 I www.oig.dhs.gov
s
r
....
•;1
fl'IFc;rnRITY
'
l'\l'C
l
RMP:llON
7

In conjunction with existing TSA Pre.t'TM eligibility. other expedited screening initiatives. and
Managed Inclusion volume projections. the ERSC conservatively estimates that about 30% of
the traveling public could receive expedited screening by the end of calendar year 2013 using
the recommended baseline

NextSteps;
Following approval or either recommendation 1 or 2 below. there remains a number of additional
actions requiring completion prior to implementing TSA Pre.t'TM Risk Assessment Rules

•

Finalize outreach and communications plan to include:
o

House and Senate authorizing and appropriations committees.

o

TSA and OHS advisory committees

o
o

Privacy and Civil Liberties groups
Other government stakeholders (e.g.. National Security Staff. Department of

o

TSA field leadership and workforce

State, Deparunent ofTransportation)
o

Industry and trade associations

o

General public

•

Approval of 1he TSA Pre"'™ Risk Assessment Rules review procedure by OHS.

•

OHS Privacy Otlice to transmit the updated Secure Flight Systems of Record Notice
(SORN) to incorporate TSA Pre.t'TM Risk Ass1:Ssmcnt to the Office of lnfonnation and
Regulatory Affairs (OlRA) within the Office of Management and Budget (OMB). and to
Congressional oversight committees for 10 day review period. and the Privacy Impact
Assessment (PIA) on the OHS website.

•

Publication of the SORN in the Fedc:ral Register for a period of 30 days.

Recommendation I :

W
...
1
U
lll
l6 . I
hi
s
dl!Comon
l
CO
illain
s
!;t11,li
t it
!iecot
i
l)
l11b
im
1atlonthat
I
J
C>C>1l
11
1
1 led
l w
i
der1
9�
:Fii;11Gn s15
llild
1528tlo
. pan
oft
h
i
s
dooe menl
m
o
)
be
rel•-d
1
0
pcrsoM
•
h
heo
1
a
nc•d
IO""""·.,
dcllned
in19CFR
p-+5 111
d
1529•
.�
ecpt•ilh
the
in
•
"
ll<npermt�>ie n
n
ft
c
hA
dm
in
i
Jtrot
srs
f
th<
l',.,
1
51>onat e
in
Se••fil)
,.,
dmin
m
r11
1o
sr
lh
e
Seerellll)
s
f'Fn1n
•p-1i
o"'
l:Jna•lh6
r
ir.cd,,. ,i!Se
Pit')re
••ltIn
m
i
l� o
r
s
h
l c eete
i nFerIJS
. .g
o1.,,,
mcn1
•1
cn e1••·pobhe
d
t
oeles
u
r
e
;
,
&e
•
cmcdb)
!
ll.!l
.
C!!2

25
SENSITIVESECURITYINFORMATION
WARNING:Tf:iisre
eorl
e EOAtaiAS
SeASiti
veSec1;1rityIAo
f rmatiOAthatisCOAtr
olle
el1;1Aeler49CFRparts15

onswitho1:1ta "needtoknow," aselei
aA el1520. No
partof
thisrecorelmayeeeliscloseeltopers
f nel
e in4
9
the
AelmiAistratorof
theTraAsportatioA
xee
ptwiththewr
itt eApermissioAof
CFR
parts15aAel1520, e
Sec1;1rity
AelmiAistratioAortheSecretaryof
Tra
nspo rtation. Una1:1thori2eelrele
asemayres1;1ltiAch•il
penaltyorothera
ct ion. ForUS
. . governmentagencies,p1:1elicElisclos1:1reis
governedey5US
. C
. . 552anel
49
CFRparts15anel1520.

r

 S:ENSITl"v'ESECURITYINFORMATION

;,,Q�
\'gl
l=
..
llNo ,�61'

OFFICE OF INSPECTOR GENERAL
Department of Homeland Security
Washington, DC 20528 I www.oig.dhs.gov
SENSITI
v
ESF.CtlUT
If.<lfOltMATI
O
'tli
8

APf'o"'

ff'- ,f, p�

DI""""" ------Needs More Discussion

Modify

------

Recomme!!da1ion2
:

. As part of that effort, the ERSC will review and validate the current update to the
Current Airport Threat Assessment (CATA) document.

Approve
Modify

-------

_______

Disapprove

-------

Needs More Discussion

_______
_

ll>
,,_
,.
R}
l
IQ +
Msde-•A
I
oeAlliM� hc
w
•
AfePJ&ate
i A lhllttt •
&!Welledlla
d
8'
•9
GFR,_ uMd
1529�1.,,...
.
eI
9."'l!CP'
ef
lh
�
dee
'"p-M
•
11!\e�u MO<i-IOW-ck11Ac4 '"49
C
l'll
U
•
Ml
1!
2
"'II>
lie'"'""""
pw!lh
the
wrillClt � efilte AllMIAi
'ilFlll
r
e
ll hhe1AIA
B-i<lft
...
I
A•-•
A
er Ille ,,.__,
e
t
ion
ft...,.
t
bl
!l
ll
� ',d
.;
tiM•ll>•fifo<I '"
'IO!l\IY� peMlli.
,
"'�er......,. Hr-\:1£� ..,..
.,.
. uedifE
IM
NM . seeftle<Ib)
,
1111
!Ml'

!&.&:€:-�

26
SENSITIVESECURITYINFORMATION
WARNING:Tl'lisreeoraeontainsSensitiveSee1:1rityInformationtl'latiseontrollea1:1naer49CFR13arts15

ana1520. No13artofthisreeoramaybeaiscloseato13er
s
ons
witl'lo1:1ta "neeatoknow," asaei
f neelin49
theTrans13ortation
CFR13artslSand1520, e>Ece13t
witl'ltl'lewritten13ermissionoftheAdministratorof
rans13ortation. Unai,ithorizedrel
easemay
resi,il
tineivil
See1:1rit't'
Administrationor
the
SeeretaryofT
13enalt·
;orotl=teraetion. ForUS.
. governmentagcneies, 131:1bliedisclos1:1reis
governedbySUSC.
. . 552and

49CFR13at
r sHiand1520.

 ADDITIONAL INFORMATION
To view this and any of our other reports, please visit our website at: www.oig.dhs.gov.
For further information or questions, please contact Office of Inspector General (OIG)
Office of Public Affairs at: DHS-OIG.OfficePublicAffairs@oig.dhs.gov, or follow us on
Twitter at: @dhsoig.
OIG HOTLINE
To expedite the reporting of alleged fraud, waste, abuse or mismanagement, or any
other kinds of criminal or noncriminal misconduct relative to Department of Homeland
Security (DHS) programs and operations, please visit our website at www.oig.dhs.gov
and click on the red tab titled "Hotline" to report. You will be directed to complete and
submit an automated DHS OIG Investigative Referral Submission Form. Submission
through our website ensures that your complaint will be promptly received and
reviewed by DHS OIG.
Should you be unable to access our website, you may submit your complaint in writing
to:
Department of Homeland Security 

Office of Inspector General, Mail Stop 0305 

Attention: Office of Investigations Hotline 

245 Murray Drive, SW 

Washington, DC 20528-0305 

You may also call 1(800) 323-8603 or fax the complaint directly to us at
(202) 254-4297.
The OIG seeks to protect the identity of each writer and caller.