TSA requests proposals for "Registered Traveller" program

The USA Transportation Security Administration has published a Request For Proposals (MS-Word format) for a “Registered Traveller” pilot program to be conducted for 90 days beginning in June 2004, involving 5,000-10,0000 “voluntarily” registered travellers and domestic USA flights from 3-5 airports.

Participants would have their biometric information (fingerprints and/or iris scans — images of the unique patttern of blood vessels in the eye) recorded in a privately-run but government-controlled database, undergo a security check by the government, and be issued a “token or credential” in or on which their biometric information is stored in machine-readable form.

The technology of the “token or credential” isn’t specified, but would most likely be a remotely and secretly readable radio-frequency identification (RFID) chip.

RFID chips are being pushed as an interoperable standard by the USA Government Smart Card Interoperability Specification (GSCIS) and by all those (except, of course, travellers themselves) with an interest in tracking and logging travellers’ movements, including the proposed worldwide ICAO biometric/RFID passport standard and the worldwide airline/airport joint Simplifying Passenger Travel initiative, the goal of which is for travellers all to have a single credit-card sized integrated RFID/biometric registered traveller/trusted traveller/frequent traveller/e-ticket/boarding pass/baggage check/electronic payment card. For more on these, see the biometric and RFID references from ICAO’s Machine Readable Travel Documents working group, which meets next in Montréal on 17-21 May 2004, and thoe documents for the meeting of IATA’s Passenger Reservations Committee (RESCOM), which is likely to be attended by some of the same delegates when it meets the following week, 25-26 May 2004 in Washington, DC.

The program was originally conceived of (mainly as a way to appease business travellers complaining about security delays, and airlines concerned that those delays might lead them to drive or take Amtrak instead of flying) as a “trusted traveller” program — which makes sense only if one abandons the presumption of innocence and treats all travellers as presumably untrusted and “suspect”.

The name was changed (although not the essentials of the concept) to avoid the implication that registered travellers would be “trusted” and thus would automatically bypass security screening. That wouldn’t do: the TSA thinks no one can be trusted. Registered travellers will stilll be treated with suspicion — they just won’t be treated quite as supiciously as unregistered travellers.

The program will be “voluntary”, but once travellers have the “choice” of registering and having all their movements logged, in exchange for avoiding the longer, slower, and more immediately intrusive “unregistered traveller” screening lanes, the treatment of the unregistered will likely be made sufficiently unpleasant, or at least sufficiently slow, that few who qualify for registration won’t “choose” it. And if you don’t want to register, you’ll still be able to travel (for now, at least), as long as you show up at the airport three or four hours before your flight.

The “Registered Traveller” RFP states that, “information pertaining to individuals gathered under any resulting contract shall only be disclosed in accordance with the terms of the Privacy Act”.

No Privacy Act notice has yet been issued for the “Registered Traveler Pilot Database” (RTPD) required as part of the pilot project, so we can expect one to be published sometime between now and the start of personal data collection in June 2004. As with CAPPS-II, the critical element may not be what the government is or isn’t allowed to do with the data, but how long it can be retained, and what airlines and other private companies are allowed to do with data collected from the same system.

If airlines can install their own readers alongside those of the government, read the same RFID chips, correlate them with reservations (as they almost certainly will be required to do for passenger-bag matching and checks of no-fly and selectee lists), keep the data indefinitely, and provide it to the government in response to a “national security letter” under the Patriot Act, , secretly and without a court order, restrictions on the government’s own retention of registered traveller tracking data will have little effect.

But you’ll doubtless be reassured to learn that, “Volunteers for this summer’s pilot program will not be charged for participating.”