Secure Flight Mothballed

Ed Felton at Freedom to Tinker reports that Secure Flight, the government program for screening airline passengers, has been mothballed by the Transportation Security Administration. The AP story cites security concerns; apparently Congress & the agency weren’t confident that the system could be fully protected from hackers. Here is Ed’s take:

The sad part of this is that Secure Flight seems to have started out as a simpler program that would have made sense to deploy. Today, airlines are given a no-fly list and a watch-list, which they are asked to check against their passenger lists. There are obvious security drawbacks to distributing the lists this way – a malicious airline employee with access to the lists could leak part or all of the list to the bad guys. The 9/11 Commission recommended moving the list-checking into the government, to prevent such leaks.

A program designed to do just that would have been a good idea. There would still be design issues to work out. For example, false matches are now handled by airline ticket agents, but that function would probably have to moved into the government too. There would be privacy worries, but they could be handled with good design and oversight.

Instead of sticking to this more modest plan, Secure Flight became a vehicle for pie-in-the-sky plans about data mining and automatic identification of terrorists from consumer databases. As the program’s goals grew more ambitious and collided with practical design and deployment challenges, the program lost focus and seemed to have a different rationale and plan from one month to the next.

What happens now is predictable. The program will officially die but will actually be reincarnated with a new name. Congress has directed TSA to implement a program of this general type, so TSA really has no choice but to try again. Let’s hope that this time they make the hard choices they avoided last time, and end up with a simpler program that solves the easier problems first.