Wyatt Kash | TSA: Lessons ignored
Connecting state and local government leaders
Editor's Desk'commentary: TSA needs a new path to its passenger-screening system.
IF THERE'S ONE LESSON from deploying new information technology systems that government agencies should have learned by now, it's this: Don't reinvent the wheel. Unfortunately, lessons learned don't always translate into lessons applied.
That would seem to be the case at the Transportation Security Administration for its Secure Flight project, TSA's answer to matching airline passengers against government watch lists.
TSA's method for matching names needs overhauling. Cobbled together hurriedly in 2002, it involves little more than converting terrorist watch list data to Microsoft Excel files and posting the data daily to a TSA Web board. Airlines use the spreadsheets manually or download the data into their systems. It was a temporary fix that, sadly, remains in place.
TSA's first proposal for replacing it, called Computer Assisted Passenger Prescreening System II, quickly ran afoul of privacy concerns. Secure Flight addresses many of those concerns.
It also puts the onus on TSA rather than airlines to identify passengers who may pose a risk.
But as the story on TSA in this issue notes (Page 20), the airlines argue that new rules issued last August place significant new IT burdens on them and duplicate systems already in place. The Advance Passenger Information System, for instance, which uses verifiable passport data and passenger- supplied name records that airlines use for manifest data, already offer most of the information TSA needs.
The crux of the problem, as is so often the case, lies in how best to gather and share data. The technical and political challenges of sharing information across agencies are well-known ' perhaps nowhere better than at the Homeland Security Department, TSA's parent. But increasingly, government agencies also need to tap private-sector data wells to fulfill their missions ' and that demands more flexible approaches.
To be fair, TSA's mission to protect the nation's security will always be at odds with the mission of private enterprise to protect shareholder interests and serve its customers. TSA also deserves more credit than it gets for its progress in building a vast IT operation in the face of extraordinary circumstances.
However, creating another monolithic government information pipeline that private industry must help fill is a step in the wrong direction and ignores the lessons many agencies have learned the hard way.
That would seem to be the case at the Transportation Security Administration for its Secure Flight project, TSA's answer to matching airline passengers against government watch lists.
TSA's method for matching names needs overhauling. Cobbled together hurriedly in 2002, it involves little more than converting terrorist watch list data to Microsoft Excel files and posting the data daily to a TSA Web board. Airlines use the spreadsheets manually or download the data into their systems. It was a temporary fix that, sadly, remains in place.
TSA's first proposal for replacing it, called Computer Assisted Passenger Prescreening System II, quickly ran afoul of privacy concerns. Secure Flight addresses many of those concerns.
It also puts the onus on TSA rather than airlines to identify passengers who may pose a risk.
But as the story on TSA in this issue notes (Page 20), the airlines argue that new rules issued last August place significant new IT burdens on them and duplicate systems already in place. The Advance Passenger Information System, for instance, which uses verifiable passport data and passenger- supplied name records that airlines use for manifest data, already offer most of the information TSA needs.
The crux of the problem, as is so often the case, lies in how best to gather and share data. The technical and political challenges of sharing information across agencies are well-known ' perhaps nowhere better than at the Homeland Security Department, TSA's parent. But increasingly, government agencies also need to tap private-sector data wells to fulfill their missions ' and that demands more flexible approaches.
To be fair, TSA's mission to protect the nation's security will always be at odds with the mission of private enterprise to protect shareholder interests and serve its customers. TSA also deserves more credit than it gets for its progress in building a vast IT operation in the face of extraordinary circumstances.
However, creating another monolithic government information pipeline that private industry must help fill is a step in the wrong direction and ignores the lessons many agencies have learned the hard way.
NEXT STORY: Cyberadvice awaits the next president