TSA Tweaks Registered Traveler Program
by David Jonas

August 13, 2008 - The Transportation Security Administration on July 24 moved to advance the Registered Traveler airport security program beyond the pilot phase by lifting the initial 20-airport cap. In doing so, TSA changed RT's security role: The program no longer includes special government prescreening, but its membership cards soon will be accepted at airports as official federal identification. Two days after TSA's announcement, a laptop owned by Verified Identity Pass--operator of RT program provider Clear--with pre-enrollment information on 33,000 new customers, went missing.

TSA temporarily suspended Clear enrollments, but no active customers were affected. Verified has recovered the laptop and said there had been no unauthorized access, and TSA this week reinstated enrollments, saying Verified "has met program encryption standards for enrollment computers and may resume Registered Traveler enrollment immediately." The federal agency now is conducting "a broad review of all Registered Traveler providers' information systems and data security processes to ensure compliance with security regulations."

The eventful week in RT's development closely followed Verified's third anniversary of launching the nation's first RT system in Orlando. Since then, the company has claimed 190,000 nationwide enrollees.

Despite the lost laptop episode, TSA said it "remains committed to partnerships with private sector entities that enhance the safety and convenience of the flying public." To that end, TSA last month opted to bring RT--a largely private-sector operation--out of the long-running pilot and open it to more interested airports and airline sponsors. The program already has 135,000 "active" participants at 19 airports, according to TSA, and should progress with "very limited government involvement going forward."

For example, TSA no longer will conduct prescreening threat assessments of applicants because such an exercise "largely duplicates the watch list matching that is conducted on all travelers every time they fly." As a result, new enrollees won't pay a $28 fee to cover TSA's prescreening threat assessment that had been levied as part of overall membership dues.

In a notice published in the Federal Register on July 30, TSA wrote that "current technology is insufficient to allow anyone, even travelers who provide biographic and biometric information and undergo a TSA security threat assessment, to bypass the minimum screening procedures at airport security checkpoints." It also concluded that "an individual's successful completion of a TSA threat assessment did not eliminate the possibility that the individual might initiate an action that threatens the lives of other passengers. Therefore, screening of these individuals should remain the same as screening of other passengers."

That determination counters some earlier interpretations of the program's intended security role.

The security aspect of RT "is not as great as it once was," acknowledged Luke Thomas, executive vice president of RT provider Flo Corp., which previously advertised the TSA-sponsored program as a means to "identify air passengers who pose a minimal security risk." Instead, Thomas said RT "has evolved into a service-oriented program." In addition to bypassing the regular security lanes, travelers participating in Flo Corp.'s rtGo gain access to hotel and car rental discounts and various personal services.

"The future of RT programs, as they exist today, has been put in doubt by" TSA's decisions, according to a statement from Jeff Minushkin, chairman of Priva Technologies, which in February was approved by TSA to operate a registered traveler program. "In essence, the TSA is saying that there is little, if any, security value to RT programs." Priva plans to focus on airport employees rather than passengers.

But Verified said its own threat assessments and passenger identification processes make for a very secure and beneficial program, and a company official said that TSA's decision to allow RT membership cards to serve as official federal identification at airports provides validation.

"The new step for RT recognizes the security benefits it has in the ID area," said TSA Administrator Kip Hawley, testifying last month during a U.S. House of Representatives subcommittee hearing. "We've worked with the industry, and they have stepped up and are making changes to the [registered traveler ID cards] so they will be acceptable as federal ID. We are accepting it as a private-sector equivalent to a Real ID once the photograph is put on it. That is a very valuable piece of security improvement."

Real ID is a U.S. Department of Homeland Security rule requiring "minimum security standards" for state-issued driver licenses and identification cards.

Verified's Clear program is "literally at the printer" with modified cards including photographs and other biographical information that meet TSA's requirements, a Clear spokeswoman said last month.
Other TSA News

• Hawley in July said the Secure Flight airline security program would be "operational sometime next year." According to Federal Computer Week, Hawley said the program's final rule would be published "by January 2009," before the end of the Bush administration. TSA has not formally advanced the rulemaking process on the controversial program since a public comment period ended last November. A TSA official told Management.travel that "we are working with carriers on testing." Under the proposed rules first published in August 2007, TSA would collect data from airlines (which would be required to collect data from such third parties as travel agencies) on passengers booked on all flights operated within, to, from and over the United States. TSA then would check that data against terrorist watch lists and inform airlines of which passengers should and should not be issued boarding passes.

• TSA said 40 manufacturers submitted for testing prototypes of laptop computer bags that could undergo X-ray airport screening, allowing laptops to remain in bags at security checkpoints. TSA said it would implement "a policy change across all airports in fall 2008, allowing laptops to remain in 'checkpoint friendly' bags." But even after any such bags are OK'd by TSA, the agency said it "reserves the right to rescreen any bag or laptop regardless of the design of the bag."

• After false starts, TSA this summer is finally testing shoe scanner technology that would allow passengers to keep their shoes on at airport security checkpoints. L3 Communications provided two shoe scanner devices, which TSA is evaluating at Los Angeles International Airport.

http://www.management.travel/news.php?c ... .Aug-08.13