We were surprised last week to see that the GAO has issued a report certifying that, “As of April 2009, TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program and had conditionally achieved 1 condition (TSA had defined plans, but had not completed all activities for this condition).”
Surprised, that is, until we we saw how the GAO had defined (re-defined?) those statutory conditions in ways very different from what we thought they meant, or what we think Congress thought they meant:
Before Secure Flight can be deployed (except for testing), the GAO must certify that, “(1) a system of due process exists whereby aviation passengers determined to pose a threat who are either delayed or prohibited from boarding their scheduled flights by the TSA may appeal such decision”. But the GAO defines “due process” as “redress”, and then in a footnote says that, “In general, the term “redress” refers to an agency complaint resolution process whereby individuals may seek resolution of their concerns about an agency action.” Having thus redefined “redress” as requiring only a “process whereby individuals may seek resolution of their concerns”, the GAO made no attempt to investigate or report on whether that process actually succeeds in resolving those concerns, does so fairly, or meets the standards of “due process”. But “due process” has specific legal meaning, which Congress cannot possibly have been unaware of when they used this term in the law. Congress’s intent was clear, and the GAO needs to go back to the TSA and evaluate whether the redress scheme (in which decisions are made in secret, based on secret evidence, by unnamed non-judges, according to unspecified procedures, with no decision ever communicated to the complainant), satisfies the legal meaning of the term “due process”.
The GAO must certify that, “(2) the underlying error rate of the government and private data bases that will be used both to establish identity and assign a risk level to a passenger will not produce a large number of false positives that will result in a significant number of passengers being treated mistakenly or security resources being diverted.” A “false positive” in this context is an identification of a passenger by Secure Flight as a risk or threat, when in fact they do not pose such a risk or threat. False positives could occur in several ways, but the GAO only considered false positives resulting from erroneous matches of names on passenger lists to names on watchlists. That excludes the equally serious category of false positive identifications of passengers as dangerous resulting from watchlistings of people who are not, in fact, dangerous. Matching names on lists of passengers to names on watchlists is the easy part. But that’s useless if the names on the watchlists aren’t matched to dangerousness, and (because of identity theft) names of passengers, especially the dangerous ones, aren’t likely to be matched to the names on passenger lists. The GAO was supposed to, but didn’t, look at all the types of false positives.
The GAO must certify that, “(3) the TSA has … demonstrated the efficacy and accuracy of all search tools in CAPPS II or Secure Flight or other follow on/successor programs and has demonstrated that CAPPS II or Secure Flight or other follow on/successor programs can make an accurate predictive assessment of those passengers who may constitute a threat to aviation.” The GAO dismisses this clause of the statue with the following bizarre footnote: “Condition 3 also requires that TSA demonstrate that Secure Flight can make an accurate predictive assessment of those passengers who may constitute a threat to aviation. As TSA did not design Secure Flight with this capability, this element of the condition is not applicable to the Secure Flight program.” We’re not sure why the GAO says Secure Flight wasn’t designed to be capable of predicting threats to aviation. We don’t think it would succeed in that, but that’s always been what the TSA claimed it was intended for. It really doesn’t matter, though, what the GAO thinks about the TSA’s intent. This condition is applicable to the Secure Flight program because Congress said it was so, in the plain language of the statute. We have no idea why the GAO thought it was empowered to declare the plain language of the law “inapplicable”.
The GAO must certify that, “(8) there are no specific privacy concerns with the technological architecture of the system.” The principal (and almost the only) privacy concerns related specifically to the technological architecture of the system are those we raised in our comments and testimony to the TSA, and result from the fact that passengers will be required to provide personal information not to the government but to third parties (airlines, travel agencies, and other travel companies) who will be under no restrictions whatsoever with respect to their use of this data. The GAO makes no mention of these concerns, nor of anything that the TSA might have done to address them.
Whatever the reasons the GAO chose to reframe its task this way, the latest report makes clear that Congress can’t evade responsibility for a clear-cut decision on Secure Flight by handing it off to the GAO. Congress and the Obama Administration need to give the TSA an unambiguous and unconditional directive, by executive order and/or statute, to abandon the Secure Flight scheme and to subject no-fly decisions to the rule of law.
[Update: In October 2009, Congress enacted and President Obama signed into law P.L. 111-83, the Department of Homeland Security Appropriations Act, 2010, which provided funding for deployment and operation of "Secure Flight", without any of the the conditions placed on "Secure Flight" spending under previous appropriations.]