Security check now starts long before you fly
The Transportation Security Administration is expanding its screening of passengers before they arrive at the airport by searching a wide array of government and private databases that can include records like car registrations and employment information.
While the agency says that the goal is to streamline the security procedures for millions of passengers who pose no risk, the new measures give the government greater authority to use travelers' data for domestic airport screenings. Previously that level of scrutiny applied only to individuals entering the United States.
The prescreening, some of which is already taking place, is described in documents the T.S.A. released to comply with government regulations about the collection and use of individuals' data, but the details of the program have not been publicly announced.
It is unclear precisely what information the agency is relying upon to make these risk assessments, given the extensive range of records it can access, including tax identification number, past travel itineraries, property records, physical characteristics, and law enforcement or intelligence information.
The measures go beyond the background check the government has conducted for years, called Secure Flight, in which a passenger's name, gender and date of birth are compared with terrorist watch lists. Now, the search includes using a traveler's passport number, which is already used to screen people at the border, and other identifiers to access a system of databases maintained by the Department of Homeland Security.
Privacy groups contacted by The New York Times expressed concern over the security agency's widening reach.
"I think the best way to look at it is as a pre-crime assessment every time you fly," said Edward Hasbrouck, a consultant to the Identity Project, one of the groups that oppose the prescreening initiatives. "The default will be the highest, most intrusive level of search, and anything less will be conditioned on providing some additional information in some fashion."
The T.S.A., which has been criticized for a one-size-fits-all approach to screening travelers, said the initiatives were needed to make the procedures more targeted.
"Secure Flight has successfully used information provided to airlines to identify and prevent known or suspected terrorists or other individuals on no-fly lists from gaining access to airplanes or secure areas of airports," the security agency said in a statement. "Additional risk assessments are used for those higher-risk passengers."
An agency official discussed some aspects of the initiative on the condition that she not be identified. She emphasized that the main goal of the program was to identify low-risk travelers for lighter screening at airport security checkpoints, adapting methods similar to those used to flag suspicious people entering the United States.
Anyone who has never traveled outside the United States would not have a passport number on file and would therefore not be subject to the rules that the agency uses to determine risk, she said, although documents indicate that the agency is prescreening all passengers in some fashion.
The official added that these rules consider things like an individual's travel itinerary, length of stay abroad and type of travel document, like a passport. If an airline has a traveler's passport number on file, it is required to share that information with the T.S.A., even for a domestic flight.
The agency also receives a code indicating a passenger is a member of the airline's frequent-flier program and has access to details about past travel reservations, known as passenger name records. This official could not confirm if that information was being used to assess a passenger's risk.
The effort comes as the agency is trying to increase participation in its trusted traveler program, called PreCheck, that allows frequent fliers to pass through security more quickly after submitting their fingerprints and undergoing a criminal-background check.
The T.S.A. has emphasized its goal of giving 25 percent of all passengers lighter screening by the end of next year, meaning they can keep their shoes and jackets on, wait in separate lines and leave laptop computers in their bags. But travelers who find themselves in the higher-risk category can be subjected to repeated searches.
That has happened to Abdulla Darrat, an urban planner from Queens who said he was flagged for extra scrutiny all eight times he flew since June. When he tries to check in online, a message tells him to check in at the airport, where he receives a boarding pass marked with "SSSS" indicating that he must undergo enhanced screening. His name has been handwritten on a card at the podium where an agent checks passengers' identification, he said.
"They pat me down," Mr. Darrat, 31, said. "Then they pull out every single article of clothing in my bag. They take out every shirt and every pair of pants."
After the checkpoint search, which includes swabbing his luggage to check for explosive residue, he said he was often stopped at the gate before being allowed to fly. He said he assumed that the extra scrutiny was because he had flown to Libya to visit relatives. He also expressed support for protests against Muammar el-Qaddafi in 2011, but the extra scrutiny did not happen until this summer.
"It adds this whole air of suspicion about me to everybody on the plane," he said.
Critics argue that the problem with what the agency calls an "intelligence-driven, risk-based analysis" of passenger data is that secret computer rules, not humans, make these determinations. Civil liberties groups have questioned whether the agency has the legal authority to make these assessments, which the T.S.A. has claimed in Federal Register notices and privacy disclosures about the initiative. Privacy advocates have also disputed whether computer algorithms can accurately predict terrorist intent.
The airline industry has supported the expansion of PreCheck and using data about travelers to decide who should receive more or less scrutiny at checkpoints, to reduce security bottlenecks and focus resources on higher-risk passengers.
At the heart of the expanded effort is a database called the Automated Targeting System, which is maintained by the Department of Homeland Security and screens travelers entering the United States.
Data in the Automated Targeting System is used to decide who is placed on the no-fly list — thousands of people the United States government has banned from flying — and the selectee list, an unknown number of travelers who are required to undergo more in-depth screening, like Mr. Darrat. The T.S.A. also maintains a PreCheck disqualification list, tracking people accused of violating security regulations, including disputes with checkpoint or airline staff members.
(Read more: These stocks should weather DC's next storm: Pros)
Much of this personal data is widely shared within the Department of Homeland Security and with other government agencies. Privacy notices for these databases note that the information may be shared with federal, state and local authorities; foreign governments; law enforcement and intelligence agencies — and in some cases, private companies for purposes unrelated to security or travel.
For instance, an update about the T.S.A.'s Transportation Security Enforcement Record System, which contains information about travelers accused of "violations or potential violations" of security regulations, warns that the records may be shared with "a debt collection agency for the purpose of debt collection."
A recent privacy notice about PreCheck notes that fingerprints submitted by people who apply for the program will be used by the F.B.I. to check its unsolved crimes database.
"The average person doesn't understand how much intelligence-driven matching is going on and how this could be accessed for other purposes," said Khaliah Barnes, a lawyer with the Electronic Privacy Information Center, which has fought to block these initiatives. "There's no meaningful oversight, transparency or accountability."
For travelers who feel they have been wrongly placed on some type of watch list or experienced security screening problems, the Department of Homeland Security has established a Traveler Redress Inquiry Program. According to a review by the department's Privacy Office, there were at least 13,000 inquiries to the redress program in the nine months ending March 31, but civil liberties groups and some travelers described the redress process as a black hole.
"A lot of people I know have tried it," Mr. Darrat said. "And it just doesn't really make a difference."
—By Susan Stellin of The New York Times