Private Companies May Search Records to Find Terrorists At Airports

Airline passengers who buy a preapproved security pass could have their credit histories and property records examined as part of the government's plan to turn over the Registered Traveler program to private companies.

In announcing the new plan Friday, the Transportation Security Administration said the Registered Traveler card would let frequent fliers go through airport security lines more quickly if they pay a fee, pass a government background check and submit 10 fingerprints. The program will begin June 20.

The agency announced that it would require companies to conduct more in-depth security background checks, for example, "by using commercial data specifically authorized by customers, or by other voluntary means."

TSA spokeswoman Amy von Walter said the agency wanted to be able to identify a terrorist who wasn't already known to law enforcement or intelligence agencies.

Companies interested in the business of Registered Traveler were surprised by the requirement for additional kinds of background checks.

"This would have to be measured against the commitment to privacy," said Tom Blank, president of the newly formed Verified Credentialing Industry Coalition. "We will carefully analyze the TSA requirement and proceed appropriately to maintain the commitment to privacy and to make sure the Registered Traveler program stays on track."

"Until we see a little more, I don't want to say there's concerns or a stumbling block," said Blank, who was formerly acting deputy director of the TSA.

Carter Morris, who heads a group of 60 airports advocating the Registered Traveler program, said it remains to be seen whether the requirement will hamper it.

"It's a little early to say whether the whole program hangs in the balance," Morris said. "The vendors are worried that it adds cost to their business model."

TSA chief Kip Hawley has said the program's benefits could include passengers not having to take their shoes or coats off or removing their laptops from their cases.

The program is intended to let frequent air passengers avoid delays and to free up security screeners to focus on other travelers.

The TSA already has tested Registered Traveler at five airports beginning in the summer of 2004 through September 2005. Now it wants private companies to run the program, which was popular with frequent travelers.

Before the companies are allowed to sell Registered Traveler cards, they have to demonstrate that they can somehow figure out whether applicants are members of terrorist sleeper cells by plowing through bank records, insurance data and other personal information available commercially — or by some other method.

James Dempsey, executive director of the Center for Democracy and Technology, said the idea that commercial data can somehow be used to find a sleeper cell is highly speculative.

"I'm not sure that Registered Traveler should be a research program," Dempsey said.

Marcia Hofmann, an attorney with the privacy group Electronic Privacy Information Center, said it wasn't clear whether federal privacy laws would apply to the program.

"It sounds like they want private companies to be in the business of law enforcement and intelligence gathering," Hofmann said.

Privacy advocates have criticized the TSA in the past for obtaining airline passengers' personal data without their permission or knowledge, and for secretly collecting personal information on at least 250,000 people.

The agency was using the information to develop a program called Secure Flight that would check airline passengers' names against terrorist watch lists every time they boarded a plane.

Congress has kept a close eye on the use of commercial data in Secure Flight because of concerns that commercial data is often inaccurate and could unfairly tag an innocent person as a terrorist.

Last year, a security breach at the data broker ChoicePoint Inc. resulted in scores of identities being stolen and, separately, there was a data loss that affected some 1.2 million federal employees with Bank of America charge cards. That prompted an outcry for more regulation of the commercial data brokering business, which buys and sells sensitive information about nearly every adult American.

But unlike Secure Flight, people would be able to participate in Registered Traveler voluntarily.

There's already a private company running a Registered Traveler test program at the Orlando (Fla.) Airport. Verified Identity Pass, which was started by media entrepreneur Steven Brill, charges $79.95 for the card.

Earlier this month, the company told the TSA that it tested whether commercial data services could authenticate that a person is who he says he is.

The results: "We dropped the idea after fully testing it and finding that it had no security benefits and significant, almost show-stopping negatives," the company said in a document responding to the TSA's request for information.

Other private companies such as General Electric, ARINC and Iridian Technologies, along with airports, think there's money to be made in the business of verifying people's identity at airports.

"Travelers want it," said Steve van Beek, spokesman for the airport group Airports Council International. "We can accommodate their desire for customer service and provide better security."