Secure flight gets test flight

Poor watch lists and a centralized architecture are still issues.

This week, the Transportation Security Administration acknowledged that it had requested and received all passenger data from the month of June for the United States' 72 domestic airlines. The data will be used to test the technological successor to the CAPPS II system, known as Secure Flight.

The system still has to get Congressional approval before it can go live, and that approval is hinged on an investigation by the General Accounting Office.

However, two key architectural issues continue to be problems. The government's tendency to centralize systems has led to an information system that is also centralized. While this could lead to some security and performance benefits, it also becomes harder for airlines to guarantee privacy for their customers. A distributed information architecture--as advocated by the Markle Foundation, a nonprofit committee of technology and policy experts--better guards constitutional rights from abuse.

A second problem is almost a dozen different terrorist watch lists exist, all prone to error. While policy experts have called for the integration of the watch lists into a single list, or at most a few lists categorized by sensitivity of the information, little headway has been made.

Until the two issues are resolved, it would be best not to give Secure Flight its license to fly.

About the author

    Robert Lemos
    covers viruses, worms and other security threats.
     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments