The PreCheck program allows passengers to bypass long waits in airport security screening lines, for a fee of $85, provided they pass a background check, submit their fingerprints, and are determined to be a low-threat to security.
The TSA now wants expand the PreCheck program, and its recent proposal for how to do that is now open for bids.
“The Transportation Security Administration (TSA) is seeking vendors for TSA Pre√® Application Expansion initiative to develop, deliver, and deploy private sector application capabilities expanding the public’s enrollment opportunities for TSA Pre✓® through an Other Transactional Agreement (OTA) awarded by TSA. The Government plans toaward an OTA to multiple vendors.“
The premise of the proposal is simple enough: to expand reach, the TSA will use private sector contractors to rustle up new applicants and administer the eligibility evaluations determining who is a low-risk passenger:
“Contractors may use commercial data to conduct an eligibility evaluation (also known as pre-screening) of potential applicants. The eligibility evaluation shall include, at a minimum, validating identity and performing a criminal history records check to ensure that applicants do not have disqualifying convictions in conjunction with the TSA Pre✓ ® disqualifying offenses.”
Despite language prohibiting disqualification from PreCheck on the basis of certain protected categories like race or religion, the “commercial data” that these private contractors will be mining is broadly defined.
“For purposes of this private sector enrollment initiative for the TSA Pre√® Application Program, ‘commercial data’ includes: public record data, such as criminal history and real estate records produced by federal, state, and local governments; other publicly available information, such as directories, press reports, location data and information that individuals post on blogs and social media sites; and wide ranging data such as purchase information, customer lists from registration websites, and self-reported information provided by consumers that is obtained by commercial data sources such as data brokers.”
The TSA will sign off on final approvals and, according to the proposal, “Any algorithm used must receive DHS approval, which will be based upon a DHS evaluation requiring testing and review of commercial data inputs during that process.”
Together with the TSA’s disclaimers about eliminating commercial data inputs that could “potentially present disparate impacts to specific populations,” that sounds reassuring.
But the fact that all the algorithms have to be approved by DHS means the government will have access to that loosely defined “commercial data”:
“Contractors shall provide minimum required data elements (to include, but not be limited to, name, date of birth, gender, address, contact information, and country of birth, identity documents, and biometrics — at a minimum fingerprints) of the pre-screened applicants to TSA.”
Since the Precheck program was opened to the general public more than 800,000 travellers have been enrolled and as part of the push to boost enrollment the TSA has brought the number of its enrollment centers to over 300 locations.
What is “high risk”?
Previous government initiatives to identify “high-risk” individuals in the name of the War on Terror have come under intense criticism over what information is used and how. In fact the CAPPS-2 program, introduced in the wake of 9/11, was scrapped in 2004 over privacy concerns over the use of commercial data.
The Nationwide Suspicious Activity Reporting Initiative also came under fire. The ACLU condemned it for failing to set high standards in determining what qualifies as suspicious behavior, and a lack of oversight and transparency.
That initiative was part of former DHS chief Janet Napolitano’s “If you see something, say something” campaign which encouraged average American citizens to report suspicious activities. A Senate subcommittee report voiced concerns that many reports relied on racial profiling or reported activity like taking photos of buildings or being a community activist.
The Los Angeles Police Department said in a report that “suspicious” activity "flooded fusion centers, law enforcement, and other security entities with white noise."
Similarly, to implement the proposed PreCheck expansion, the sheer quantity of data generated by collecting social media posts or purchase histories may “tend to generate more noise than signal,” writes TechDirt blogger Tim Cushing.
— benhuh (@benhuh) January 27, 2015
