More on Secure Flight

[Federal Register: August 23, 2007 (Volume 72, Number 163)]
[Proposed Rules]
[Page 48355-48391]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr23au07-27]


[[Page 48355]]

-----------------------------------------------------------------------

Part III





Department of Homeland Security





-----------------------------------------------------------------------



Transportation Security Administration



-----------------------------------------------------------------------



49 CFR Parts 1507, 1540, 1544, and 1560



Secure Flight Plan; Proposed Rule



Privacy Act of 1974: System of Records; Secure Flight Plans; Notice



Privacy Act of 1974: Implementation of Exemptions; Secure Flight
Records; Proposed Rule


[[Page 48356]]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

49 CFR Parts 1540, 1544, and 1560

[Docket No. TSA-2007-28572]
RIN 1652-AA45


Secure Flight Program

AGENCY: Transportation Security Administration, DHS.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Intelligence Reform and Terrorism Prevention Act (IRTPA)
requires the Department of Homeland Security (DHS) to assume from
aircraft operators the function of conducting pre-flight comparisons of
airline passenger information to Federal Government watch lists for
international and domestic flights. The Transportation Security
Administration (TSA) is currently developing the Secure Flight program
and issuing this rulemaking to implement this congressional mandate.
This rule proposes to allow TSA to begin implementation of the
Secure Flight program, under which TSA would receive passenger and
certain non-traveler information, conduct watch list matching against
the No Fly and Selectee portions of the Federal Government's
consolidated terrorist watch list, and transmit boarding pass printing
instructions back to aircraft operators. TSA would do so in a
consistent and accurate manner while minimizing false matches and
protecting privacy information.
Also in this volume of the Federal Register, U.S. Customs and
Border Protection (CBP) is publishing a final rule to implement pre-
departure advance passenger and crew manifest requirements for
international flights and voyages departing from or arriving into the
United States, using CBP's Advance Passenger Information System (APIS).
These rules are related. We propose that, when the Secure Flight rule
becomes final, aircraft operators would submit passenger information to
DHS through a single DHS portal for both the Secure Flight and APIS
programs. This would allow DHS to integrate the watch list matching
component of APIS into Secure Flight, resulting in one DHS system
responsible for watch list matching for all aviation passengers.

DATES: Submit comments by October 22, 2007.

ADDRESSES: You may submit comments, identified by the TSA docket number
to this rulemaking, using any one of the following methods:
Comments Filed Electronically: You may submit comments through the
docket Web site at http://dms.dot.gov You also may submit comments through the Federal eRulemaking portal at http://www.regulations.gov.

Comments Submitted by Mail, Fax, or In Person: Address or deliver
your written, signed comments to the Docket Management System at: U.S.
Department of Transportation, Docket Operations, M-30, West Building
Ground Floor, Room W12-140, 1200 New Jersey Ave., SE., Washington, DC
20590; Fax: 202-493-2251.
See SUPPLEMENTARY INFORMATION for format and other information
about comment submissions.

FOR FURTHER INFORMATION CONTACT: Kevin Knott, Policy Manager, Secure
Flight, Office of Transportation Threat Assessment and Credentialing,
TSA-19, Transportation Security Administration, 601 South 12th Street,
Arlington, VA 22202-4220, telephone (240) 568-5611.

SUPPLEMENTARY INFORMATION:

Comments Invited

TSA invites comments relating to the appropriateness,
effectiveness, and any economic, environmental, energy, or federalism
impacts resulting from the required provisions of this rulemaking.
Interested persons may do this by submitting written comments, data, or
views. See ADDRESSES above for information on where to submit comments.
With each comment, please include your name and address, identify
the docket number at the beginning of your comments, and give the
reason for each comment. The most helpful comments reference a specific
portion of the rulemaking, explain the reason for any recommended
change, and include supporting data. You may submit comments and
material electronically, in person, by mail, or fax as provided under
ADDRESSES, but please submit your comments and material by only one
means. If you submit comments by mail or delivery, submit them in two
copies, in an unbound format, no larger than 8.5 by 11 inches, suitable
for copying and electronic filing.
If you want TSA to acknowledge receipt of comments submitted by
mail, include with your comments a self-addressed, stamped postcard on
which the docket number appears. We will stamp the date your comments
were received on the postcard and mail it to you.
TSA will file in the public docket all comments received by TSA,
except for comments containing confidential information and sensitive
security information (SSI).\1\ TSA will consider all comments received
on or before the closing date for comments and will consider comments
filed late to the extent practicable. The docket is available for
public inspection before and after the comment closing date.
---------------------------------------------------------------------------

\1\ ``Sensitive Security Information'' or ``SSI'' is information
obtained or developed in the conduct of security activities, the
disclosure of which would constitute an unwarranted invasion of
privacy, reveal trade secrets or privileged or confidential
information, or be detrimental to the security of transportation.
The protection of SSI is governed by 49 CFR part 1520.
---------------------------------------------------------------------------

Handling of Confidential or Proprietary Information and Sensitive
Security Information (SSI) Submitted in Public Comments

Do not submit comments that include trade secrets, confidential
commercial or financial information, or SSI to the public regulatory
docket. Please submit such comments separately from other comments on
the rulemaking. Comments containing this type of information should be
appropriately marked as containing such information and submitted by
mail to the address listed in FOR FURTHER INFORMATION CONTACT section.
Upon receipt of such comments, TSA will not place the comments in
the public docket and will handle them in accordance with applicable
safeguards and restrictions on access. TSA will hold them in a separate
file to which the public does not have access, and place a note in the
public docket that TSA has received such materials from the commenter.
If TSA receives a request to examine or copy this information, TSA will
treat it as any other request under the Freedom of Information Act
(FOIA) (5 U.S.C. 552) and the Department of Homeland Security's (DHS)
FOIA regulation found in 6 CFR part 5.

Reviewing Comments in the Docket

Please be aware that anyone is able to search the electronic form
of all comments received into any of our dockets by the name of the
individual submitting the comment (or signing the comment, if submitted
on behalf of an association, business, labor union, etc.). You may
review the applicable Privacy Act Statement published in the Federal
Register on April 11, 2000 (65 FR 19477), or you may visit http://dms.dot.gov
.

You may review the comments in the public docket by visiting the
Dockets Office between 9 a.m. and 5 p.m., Monday through Friday, except
Federal holidays. The Dockets Office is located

[[Page 48357]]

in the West Building Ground Floor, Room W12-140, at the Department of
Transportation address, previously provided under ADDRESSES. Also, you
may review public dockets on the Internet at http://dms.dot.gov.


Availability of Rulemaking Document

You can get an electronic copy using the Internet by--
(1) Searching the Department of Transportation's electronic Docket
Management System (DMS) Web page (http://dms.dot.gov/search); (2) Accessing the Government Printing Office's Web page at http://

http://www.gpoaccess.gov/fr/index.html; or

(3) Visiting TSA's Security Regulations Web page at http://www.tsa.gov
and accessing the link for ``Research Center'' at the top

of the page.
In addition, copies are available by writing or calling the
individual in the FOR FURTHER INFORMATION CONTACT section. Make sure to
identify the docket number of this rulemaking.

Abbreviations and Terms Used in This Document

APIS--Advance Passenger Information System
ATSA--Aviation and Transportation Security Act
AOIP--Aircraft Operator Implementation Plan
CBP--U.S. Customs and Border Protection
DHS--Department of Homeland Security 2005 DHS Appropriations Act--
Department of Homeland Security Appropriations Act, 2005
2007 DHS Appropriations Act--Department of Homeland Security
Appropriations Act, 2007
DHS TRIP--Department of Homeland Security Traveler Redress Inquiry
Program
FBI--Federal Bureau of Investigation
FOIA--Freedom of Information Act
GAO--Government Accountability Office
HSPD--Homeland Security Presidential Directive
IATA--International Air Transport Association
IRTPA--Intelligence Reform and Terrorism Prevention Act of 2004
PNR--Passenger Name Record
PRI--Passenger Resolution Information
PIA--Privacy Impact Assessment
SFPD--Secure Flight Passenger Data
SSI--Sensitive Security Information
SORN--System of Records Notice
TSA--Transportation Security Administration
TSC--Terrorist Screening Center
TSDB--Terrorist Screening Database

Outline of Notice of Proposed Rulemaking

I. Background
A. Current Watch List Matching
1. Watch List Matching for Domestic Flights
2. Watch List Matching for International Flights
B. Secure Flight Program Summary
C. Implementation Stages of Secure Flight
1. Implementation of Secure Flight for Domestic Flights
2. Implementation of Secure Flight for International Flights
D. Privacy Documents
E. Secure Flight Testing and Information Collection Requirements
1. Secure Flight Testing
2. Information Collection Requirements
F. The Watch List Matching Process Under Secure Flight
G. Operational Testing of Secure Flight
H. Proposed Compliance Schedule
I. Additional Issues Under Consideration and Open to Public
Comment
1. Data Elements
2. Identification Requirements
J. Department of Homeland Security Appropriations Act
II. Section-by-Section Analysis
III. Regulatory Analyses
A. Paperwork Reduction Act
B. Regulatory Impact Analyses
1. Regulatory Evaluation Summary
2. Executive Order 12866 Assessment
3. Regulatory Flexibility Act Assessment
4. International Trade Impact Assessment
5. Unfunded Mandates Assessment
C. Executive Order 13132, Federalism
D. Environmental Analysis
E. Energy Impact Analysis
List of Subjects
The Proposed Amendments

I. Background

TSA performs passenger and baggage screening at the Nation's
commercial airports.\2\ Aircraft operators currently supplement this
security screening by performing passenger watch list matching using
the Federal No Fly and Selectee Lists, as required under security
directives that TSA issued following the terrorist attacks of September
11, 2001. Aircraft operators also conduct this watch list matching
process for non-traveling individuals authorized to enter the sterile
area \3\ of an airport in order to escort a passenger or for some other
purpose approved by TSA.
---------------------------------------------------------------------------

\2\ See the Aviation and Transportation Security Act (ATSA)
(Pub. L. 107-71, 115 Stat. 597, Nov. 19, 2001).
\3\ ``Non-traveling individual'' would be defined in this Notice
of Proposed Rulemaking as an individual to whom a covered aircraft
operator or covered airport operator seeks to issue an authorization
to enter the sterile area of an airport in order to escort a minor
or a passenger with disabilities or for some other purpose permitted
by TSA. It would not include employees or agents of airport or
aircraft operators or other individuals whose access to a sterile
area is governed by another TSA regulation or security directive.
Proposed 49 CFR 1560.3.
``Sterile area'' is defined as a portion of airport defined in
the airport security program that provides passengers access to
boarding aircraft and to which the access generally is controlled by
TSA, or by an aircraft operator under part 1544 of this chapter or a
foreign air carrier under part 1546 of this chapter, through the
screening of persons and property. 49 CFR 1540.5.
---------------------------------------------------------------------------

The Intelligence Reform and Terrorism Prevention Act of 2004
(IRTPA) requires TSA to assume from air carriers the comparison of
passenger information to the automatic Selectee and No Fly Lists and to
utilize all appropriate records in the consolidated and integrated
watch list that the federal government maintains.\4\ The final report
of the National Commission on Terrorist Attacks Upon the United States
(9/11 Commission Report) recommends that the watch list matching
function ``should be performed by TSA and it should utilize the larger
set of watch lists maintained by the Federal Government.'' See 9/11
Commission Report at 393.
---------------------------------------------------------------------------

\4\ Pub. L. 108-458, 118 Stat. 3638, Dec. 17, 2004.
---------------------------------------------------------------------------

Consequently, pursuant to Sec. 4012(a) of the IRTPA, TSA is
issuing this NPRM to propose implementation of the Secure Flight
program. Under the program, TSA would receive passenger and certain
non-traveler information from aircraft operators, conduct watch list
matching, and transmit watch list matching results back to aircraft
operators.
The purpose of the Secure Flight program is to assume the watch
list matching function from aircraft operators and to more effectively
and consistently prevent certain known or suspected terrorists from
boarding aircraft where they may jeopardize the lives of passengers and
others. The program is designed to better focus enhanced passenger
screening efforts on individuals likely to pose a threat to civil
aviation, and to facilitate the secure and efficient travel of the vast
majority of the traveling public by distinguishing them from
individuals on the watch list.
In general, the Secure Flight program would compare passenger
information only to the No Fly and Selectee List components of the
Terrorist Screening Database (TSDB), which contains the Federal
Government's consolidated terrorist watch list, maintained by the
Terrorist Screening Center (TSC).\5\ However, as recommended by the 9/
11

[[Page 48358]]

Commission, TSA may use ``the larger set of watch lists maintained by
the Federal Government,'' when warranted by security considerations.
For example, TSA may learn that flights on a particular route may be
subject to increased security risk. If this happens, TSA may decide to
compare passenger information on some or all of the flights on that
route against the full TSDB or other government databases, such as
intelligence or law enforcement databases.
---------------------------------------------------------------------------

\5\ The TSC was established by the Attorney General in
coordination with the Secretary of State, the Secretary of Homeland
Security, the Director of the Central Intelligence Agency, the
Secretary of the Treasury, and the Secretary of Defense. The
Attorney General, acting through the Director of the Federal Bureau
of Investigation (FBI), established the TSC in support of Homeland
Security Presidential Directive 6 (HSPD-6), dated September 16,
2003, which required the Attorney General to establish an
organization to consolidate the Federal Government's approach to
terrorism screening and provide for the appropriate and lawful use
of terrorist information in screening processes.
---------------------------------------------------------------------------

This proposed rule would affect covered flights operated by U.S.
aircraft operators that are required to have a full program under 49
CFR 1544.101(a), and covered flights operated by foreign air carriers
that are required to have a security program under 49 CFR 1546.101(a)
or (b). These aircraft operators generally are the passenger airlines
that offer scheduled and public charter flights from commercial
airports. This proposed rule refers to them as ``covered U.S. aircraft
operators'' and ``covered foreign air carriers'' respectively, and
``covered aircraft operators'' collectively.
The proposed rule would cover all flights conducted by covered U.S.
aircraft operators, as well as all flights conducted by a covered
foreign air carrier arriving in or departing from the United States or
overflying the continental United States (referred to as ``covered
international flights''). TSA is proposing to conduct watch list
matching for overflights in order to protect the United States from
terrorist activity that could occur in its airspace. The proposed rule
collectively refers to the flights conducted by U.S. carriers and
covered international flights that would be regulated under this
proposed rule as ``covered flights.''
IRTPA also requires DHS to assume from air carriers the task of
comparing passenger information for international flights to or from
the United States against the Federal Government's consolidated and
integrated terrorist watch list before departure of such flights.
Initially, CBP will implement this requirement and conduct pre-
departure watch list matching for international flights, through its
Advance Passenger Information System (APIS). APIS is a widely-utilized
electronic data interchange system that international commercial air
and vessel carriers use to electronically transmit to CBP certain data
on passengers and crew members. The former U.S. Customs Service, in
cooperation with the former Immigration and Naturalization Service
(INS) and the airline industry, developed APIS in 1988. On July 14,
2006, CBP published a notice of proposed rulemaking to require air and
vessel carriers to submit to CBP passenger manifest information before
departure of an international flight to or from the United States and
for voyages from the United States to enable CBP to conduct watch list
matching on passengers before they board an international flight or
depart on certain voyages.\6\
---------------------------------------------------------------------------

\6\ 71 FR 40035.
---------------------------------------------------------------------------

In response to a substantial number of comments from the aviation
industry, DHS is proposing a unified approach to watch list matching
for international and domestic passenger flights, to avoid unnecessary
duplication of watch list matching efforts and resources and reduce the
burden on aircraft operators. CBP's APIS Pre-Departure Final Rule
published elsewhere in this issue of the Federal Register and this
notice of proposed rulemaking (NPRM) are being published jointly to
explain DHS's proposed unified approach. Beginning on the effective
date of the APIS Pre-Departure final rule, CBP will perform the watch
list matching function for international flights to or from the United
States as part of its overall screening of travelers. However, DHS
proposes to ultimately transfer the watch list matching function to the
Secure Flight program. If this approach is adopted, TSA would assume
the aviation passenger watch list matching function for domestic and
international passengers covered by this proposed rule, and CBP would
continue to conduct border enforcement functions under the APIS
program. DHS is establishing one portal through which aircraft
operators will send their passenger information for both programs, with
the goal of streamlining the transmission of passenger information, if
the unified approach is adopted.

A. Current Watch List Matching

1. Watch List Matching for Domestic Flights
Under security directives issued by TSA, covered U.S. aircraft
operators currently conduct pre-flight watch list matching for
passengers on domestic flights using the Federal No Fly and Selectee
Lists. Aircraft operators also apply this process to non-traveling
individuals authorized to enter the sterile area beyond the screening
checkpoint in order to escort a minor or a passenger with disabilities,
or for another purpose authorized by TSA.
Under the current watch list matching process, when an aircraft
operator has a reservation from a passenger with a name that is the
same as, or similar to, a name on the No Fly List, TSA requires the
aircraft operator to notify law enforcement personnel and TSA in order
to determine whether that passenger is in fact the individual whose
name is on the No Fly List. If the passenger is verified as an
individual on the No Fly List, the aircraft operator is prohibited from
transporting the passenger. When an aircraft operator has a reservation
from a passenger with a name that is the same as, or similar to, a name
on the Selectee List, TSA requires the aircraft operator to identify
the individual to TSA for enhanced screening at security screening
checkpoints.\7\
---------------------------------------------------------------------------

\7\ Individuals may undergo enhanced screening at security
screening checkpoints for a variety of other reasons, such as random
selection or as a result of triggering a metal detector alarm.
---------------------------------------------------------------------------

2. Watch List Matching for International Flights
Covered aircraft operators also currently conduct watch list
matching for passengers on international flights in the same manner
described above for domestic flights as required in TSA security
directives and emergency amendments to a security program.
Additionally, CBP conducts various activities, including watch list
matching, to screen passengers on commercial international flights
arriving in and departing from the United States through the Advance
Passenger Information System (APIS). CBP conducts such activities in
order to protect the United States from threats of terrorism and to
carry out CBP's border enforcement mission.
Under CBP's APIS regulations (19 CFR part 122), air carriers
departing foreign ports destined for the United States are required to
electronically submit passenger information to CBP no later than
fifteen minutes after the departure of aircraft destined for the United
States and 15 minutes prior to departure of aircraft from the United
States. ``Departure'' currently is defined to be the moment the
aircraft's wheels leave the tarmac. See 19 CFR 122.49. The current
system allows CBP to supplement the watch list matching currently
completed by air carriers prior to boarding. If CBP's screening
identifies that a person on a no-fly list is on an aircraft bound for,
or departing from, the United States, that aircraft will be diverted
from its intended destination.
In this volume of the Federal Register, CBP is publishing a final
rule entitled ``Advance Electronic Submission of Passenger and Crew
Member Manifests for Commercial

[[Page 48359]]

Aircraft and Vessels'' (APIS Pre-Departure Final Rule). This rule,
which becomes effective 180 days after publication, will require air
carriers to provide the passenger information it currently provides to
CBP, but requires air carriers to provide it no later than the time the
flight crew secure the aircraft doors for takeoff.
When commercial air carriers are certified to transmit APIS data
under the pre-departure APIS requirements of the new APIS Pre-Departure
Final Rule, CBP will assume from those carriers the responsibility of
conducting pre-departure watch list matching for international flights
to or from the United States. Once CBP receives the information, it
will complete the watch list matching process and return instructions
concerning each passenger to the covered aircraft operators. Covered
aircraft operators will be required to follow the instructions when
issuing boarding passes to passengers, identifying passengers for
enhanced screening, and allowing passengers to board the aircraft or
preventing them from doing so. If the Secure Flight program is
finalized as envisioned in this proposed rule, it will take over this
watch list matching function for aircraft operators covered under this
proposed rule from CBP.

B. Secure Flight Program Summary

1. Secure Flight Passenger Data
Under the Secure Flight program proposed under this rule, TSA would
require covered aircraft operators to collect information from
passengers, transmit passenger information to TSA for watch list
matching purposes, and process passengers in accordance with TSA
instructions regarding watch list matching results. Under this proposed
rule, TSA would collect Secure Flight Passenger Data (SFPD), consisting
of the information summarized below (and discussed in greater detail in
section I.E.2 ``information collection requirements'' infra).
For passengers on covered flights, TSA is proposing to require
covered aircraft operators to request a passenger's full name, gender,
date of birth, and Redress Number \8\ (if available) or known traveler
number \9\ (if available once the known traveler program is
implemented). Even though covered aircraft operators would be required
to request all of the above data elements from passengers, passengers
would only be required to provide their full name at the time of
reservation to allow TSA to perform watch list matching. They would not
be required by TSA to provide the other data elements to aircraft
operators at the time of reservation. Covered aircraft operators would
be required to transmit to TSA the information provided by the
passenger in response to the request described above.
---------------------------------------------------------------------------

\8\ A Redress Number is a unique number that DHS currently
assigns to individuals who use the DHS Traveler Redress Inquiry
Program (TRIP). Under the proposed rule, individuals would use the
Redress Number in future correspondence with DHS and when making
future travel reservations. The Redress Number is further discussed
in the Secure Flight Information Collection Requirements section
below.
\9\ A known traveler number would be a unique number assigned to
``known travelers'' for whom the Federal Government has already
conducted a threat assessment and has determined do not pose a
security threat. The known traveler number is further discussed in
the Secure Flight Information Collection Requirements section.
---------------------------------------------------------------------------

Covered aircraft operators also would be required to transmit to
TSA passport information, if available. Although not required to be
requested by TSA under this proposed rule, passport information may be
provided by passengers either voluntarily or under other travel
requirements such as CBP APIS requirements if a passenger is traveling
abroad. Additionally, covered aircraft operators would be required to
transmit to TSA certain non-personally identifiable information such as
itinerary information, record locator numbers etc. to allow TSA to
effectively prioritize watch list matching efforts, communicate with
the covered aircraft operator, and facilitate an operational response,
if necessary, to an individual who is on the watch list.
When a non-traveling individual seeks authorization from a covered
aircraft operator to enter an airport sterile area (such as to escort a
minor or assist a passenger with a disability), TSA also is proposing
to require covered aircraft operators to request from the non-traveler
and transmit to TSA, the same information requested from passengers (to
the extent available), as well as certain non-personally identifiable
information, including the airport code for the sterile area to which
the non-traveler seeks access.
The following chart details the information that TSA would require
covered aircraft operators to request from passengers and certain non-
traveling individuals, the information that those individuals would be
required to provide, and the information covered aircraft operators
would be required to transmit to TSA if available:

Proposed Information Collection Requirements for Secure Flight
----------------------------------------------------------------------------------------------------------------
Covered aircraft
operators must Passengers and Covered aircraft
request from certain non- operators must
Data elements passengers and travelers must transmit to TSA,
certain non- provide if available
travelers
----------------------------------------------------------------------------------------------------------------
Full Name.............................................. X X X
Date of Birth.......................................... X ................. X
Gender................................................. X ................. X
Redress Number or Known Traveler Number................ X ................. X
Passport Information \10\.............................. ................. ................. X
Itinerary Information \11\............................. ................. ................. X
Reservation Control Number............................. ................. ................. X
Record Sequence Number................................. ................. ................. X
Record Type............................................ ................. ................. X
Passenger Update Indicator............................. ................. ................. X
Traveler Reference Number.............................. ................. ................. X
----------------------------------------------------------------------------------------------------------------

This proposed rule would not compel the passenger or non-traveler
to provide the majority of the information that covered aircraft
operators request. However, if that individual elected not to provide
the requested information,

[[Page 48360]]

TSA may have insufficient information to distinguish him or her from a
person on the watch list. Accordingly, the individual may be more
likely to experience delays, be subject to additional screening, be
denied transport, or be denied authorization to enter a sterile area.
Without a full name, watch list matching is incredibly unreliable;
therefore the proposed rule would require an individual seeking to
travel on a covered flight or authorization to enter a sterile area to
provide his or her full name, as it appears on the individual's
verifying identity document. The proposed rule would also prohibit
covered aircraft operators from accepting a reservation, or accepting a
request for authorization to enter a sterile area, from an individual
who does not provide a full name.
---------------------------------------------------------------------------

\10\ Passport information is the following information from a
passenger's passport: (1) Passport number; (2) country of issuance;
(3) expiration date; (4) gender; (5) full name.
\11\ Itinerary information is the following information about a
covered flight: (1) Departure airport code; (2) aircraft operator;
(3) departure date; (4) departure time; (5) arrival date; (6)
scheduled arrival time; (7) arrival airport code; (8) flight number;
(9) operating carrier (if available). For non-traveling individuals,
the itinerary information is the airport code for the sterile area
to which the non-traveling individual seeks access.
---------------------------------------------------------------------------

2. 72-Hour Requirement
Under the Secure Flight proposed rule, covered aircraft operators
would be required to transmit Secure Flight Passenger Data to TSA
approximately 72 hours prior to the scheduled flight departure
time.\12\ Requiring SFPD approximately 72 hours prior to scheduled
flight departure time would support the security mission of the Secure
Flight program and facilitate a streamlined watch list matching process
for aircraft operators and passengers in at least the following ways.
---------------------------------------------------------------------------

\12\ In the APIS Pre-Departure Final Rule, CBP also encourages,
but does not mandate, all carriers to submit the information up to
72 hours in advance when available, to facilitate clearance.
---------------------------------------------------------------------------

TSA considered a number of factors in determining that aircraft
operators should submit SFPD to TSA approximately 72 hours before
scheduled flight departure time. TSA reviewed reservation trend
analyses which indicates that, on average, an estimated 90-93% of
travel reservations are finalized and become stable (e.g. not subject
to cancellation or timing changes) 72 hours before the scheduled flight
departure time. Accordingly, TSA determined that it would not be
practicable to require aircraft operators to submit information earlier
than 72 hours prior to flight departure time, as such information would
still be subject to change and would not provide sufficiently reliable
information for TSA to begin watch list matching or engage in any
necessary coordination with law enforcement.
During a standard travel day, TSA estimates that over 2.4 million
passengers use covered aircraft operators for domestic and
international travel (either destined for or departing from the United
States). Although approximately 99% of passenger travel reservations
would be finalized within 24 hours of the departure of any flight, 24
hours would not provide TSA with sufficient time to adequately screen
2.4 million passengers and, when necessary, coordinate operational
responses in the event of identification of a terrorist suspect or as
needed to identify and disrupt a suspected terrorist plot potentially
involving a variety of flights or aircraft operators, foreign or
domestic.
It is important to note that, in any one day, TSA would be
conducting watch list matching on not only the 2.4 million travelers
for one designated travel day, but TSA also would continue to conduct
watch list matching for the 2.4 million travelers for each of the two
days before the date of departure of the flight. In total, over a 72-
hour period, TSA could be conducting watch list matching for up to 7.2
million travelers traveling within a 72-hour period.
Accordingly, TSA is proposing that covered aircraft operators
submit SFPD approximately 72 hours in advance.
Security benefits. A 72-hour period would provide the significant
security benefit of allowing the U.S. government to coordinate an
operational response to a match on a watch list--not only before the
flight departs, but even in advance of the individual's arrival at the
airport. Also, TSA could provide a single watch list matching solution
for both domestic and international flights, because TSA would have the
time to prioritize the domestic and international watch list matching
workload and accommodate last-minute reservations and changes.
Benefits to covered aircraft operators and passengers. The 72-hour
period would also allow TSA to complete watch list matching in time to
allow covered aircraft operators to begin issuing boarding passes to
passengers 24 hours prior to departure. Watch list matching that takes
place immediately prior to the flight's departure, such as that allowed
by CBP's APIS rule, would not allow TSA to communicate with covered
aircraft operators regarding the issuance of boarding passes 24 hours
prior to departure. Additionally, passengers' travel experiences would
be enhanced because TSA would use that time to adjudicate potential
watch list matches and coordinate with other government agencies as
necessary, to resolve as many false positives as possible before such
individuals arrive at the airport or experience delay or inconvenience.
TSA welcomes public comment on this timeframe, as well as on
alternate timeframes, and will consider these comments in the
development of the final rule. As always, comments that include an
analytical justification are most useful.
3. Instructions to Covered Aircraft Operators
TSA would match the SFPD provided by covered aircraft operators
against the watch list. Based on the watch list matching results, TSA
would instruct an aircraft operator to process the individual in the
normal manner, to identify the individual for enhanced screening at a
security checkpoint, or to deny the individual transport or
authorization to enter the airport sterile area. To ensure the
integrity of the boarding pass instructions and to prevent use of
fraudulent boarding passes, TSA would also provide instructions on
placing codes on the boarding passes. Covered aircraft operators would
be required to comply with the TSA instructions.
4. Summary of Requirements
A brief summary of the requirements proposed in this NPRM is
presented below. A detailed explanation of these requirements is
provided in the Section-by-Section Analysis.
Requirements of Covered Aircraft Operators. This proposed
rule would require aircraft operators that conduct certain scheduled
and public charter flights to:
Submit an Aircraft Operator Implementation Plan (AOIP) to
TSA for approval.
Conduct operational testing with TSA.
Request full name, date of birth, gender, and Redress
Number (if available) or known traveler number (if implemented and
available) from passengers and non-traveling individuals.
Transmit Secure Flight Passenger Data for passengers and
non-traveling individuals, in accordance with the aircraft operator's
AOIP, approximately 72 hours prior to the scheduled flight departure
time.
Make a privacy notice available on public Web sites and
self-service kiosks before collecting any personally identifiable
information from passengers or non-traveling individuals.

[[Page 48361]]

Request a verifying identity document at the airport
ticket counter if TSA has not informed the covered aircraft operator of
the results of watch list matching for an individual by the time the
individual attempts to check-in, or informs the covered aircraft
operator that an individual must be placed on inhibited status and may
not be issued a boarding pass or authorization to enter a sterile area.
A verifying identity document is one that has been issued by a Federal,
State, local, or tribal government that contains the individual's full
name, photo, and date of birth, and is non-expired; though a non-
expired passport issued by a foreign government will also be considered
a verifying identity document. This requirement would be in addition to
the current requirement that aircraft operators request all passengers
and non-traveling individuals to provide identification at the time of
check-in or at a screening checkpoint.
When necessary, submit information from the verifying
identity document to TSA to resolve potential watch list matches. In
some cases, TSA may also request that the covered aircraft operator
communicate a physical description of the individual.
Not issue to an individual a boarding pass or
authorization to enter a sterile area or permit an individual to board
an aircraft or enter a sterile area if the individual does not provide
a verifying identity document when requested under circumstances
described above, unless otherwise authorized by TSA.
Prohibit issuance of boarding passes or authorizations to
enter a sterile area to individuals whom TSA has placed on inhibited
status. Prohibit these individuals from boarding an aircraft.
Comply with instructions from TSA to designate identified
individuals for enhanced screening before boarding a flight or
accessing a sterile area.
Place separate codes on boarding passes in accordance with
TSA instructions.
Requirements of Individuals. Individuals who wish to make
a reservation on a covered flight or to access a sterile area must
provide their full names to the covered aircraft operators. This
proposed rule would require those passengers and non-traveling
individuals for whom TSA has not provided watch list matching results
or has provided inhibited status to present a verifying identity
document, in order to board an aircraft or to enter a sterile area.
Individuals also would continue to be subject to the current
requirement that aircraft operators request all passengers and non-
traveling individuals to provide identification at the time of check-in
or at a screening checkpoint.
Government Redress Procedures Available to Individuals.
This proposed rule explains the redress procedures for individuals who
believe they have been improperly or unfairly delayed or prohibited
from boarding a flight as a result of the Secure Flight program. These
individuals may seek assistance through the redress process by
submitting certain personal information, as well as copies of certain
identification documents, to the existing DHS Traveler Redress Inquiry
Program (DHS TRIP). The proposed rule explains the process the Federal
Government will use to review the information submitted and to provide
a timely written response.

C. Implementation Stages of Secure Flight

TSA proposes to implement this rule in two stages. The first stage
would include covered flights between two domestic points in the United
States, and the second stage would include covered flights to or from
the United States, flights that overfly the continental United States,
and all other flights (such as international point-to-point flights)
operated by covered U.S. aircraft operators not covered in the first
stage.
1. Implementation of Secure Flight for Domestic Flights
During the first stage of implementation, TSA would assume the
watch list matching function for domestic flights conducted by covered
U.S. aircraft operators. TSA would conduct operational testing with
each covered U.S. aircraft operator to ensure that the aircraft
operator's system is compatible with TSA's system. After successful
operational testing with a covered U.S. aircraft operator, TSA would
assume the watch list matching function for domestic flights from that
aircraft operator.
2. Implementation of Secure Flight for International Flights
Until TSA implements the Secure Flight program for international
flights by covered aircraft operators, DHS plans for CBP to conduct
pre-departure watch list matching for international flights under the
APIS Pre-Departure Final Rule. This interim approach will allow DHS to
more quickly address the threat of terrorism on flights arriving in and
departing from the United States.
During the second stage of Secure Flight implementation, TSA will
assume the watch list matching function for covered international
flights from CBP. There are a few differences between the two
processes. First, covered aircraft operators would need to request
passenger information at the time of reservation, as required under
this proposed rule. Second, as described below, TSA would utilize
Secure Flight Passenger Data, which requires collection of different
data elements than under the APIS regulations. For its non-watch list
matching functions, which CBP will continue to perform under the APIS
rule, CBP would continue to collect APIS data. Given this, and to
provide a single point of contact, covered aircraft operators can
transmit both APIS data and Secure Flight Passenger Data in a single
transmission to the DHS portal, which will route information to TSA and
CBP as appropriate.
The following tables list the data elements that CBP will collect
under its APIS regulations, and that TSA will collect under the Secure
Flight program.

------------------------------------------------------------------------
APIS regulations
Data elements (international Secure flight
flights) \13\ NPRM \14\
------------------------------------------------------------------------
Full Name......................... X X
Date of Birth..................... X X
Gender............................ X X
Redress Number or Known Traveler ................. X
Number...........................
Passport Number*.................. X X
Passport Country of Issuance*..... X X
Passport Expiration Date*......... X X
Passenger Name Record Locator..... X .................
International Air Transport X X
Association (IATA) Foreign
Airport Code--place of
origination......................

[[Page 48362]]


IATA Code--Port of First Arrival.. X X
IATA Code of Final Foreign Port X .................
for In-transit Passengers........
Airline Carrier Code.............. X X
Flight Number..................... X X
Date of Aircraft Departure........ X X
Time of Aircraft Departure........ X X
Date of Aircraft Arrival.......... X X
Scheduled Time of Aircraft Arrival X X
Citizenship....................... X .................
Country of Residence.............. X .................
Status on Board Aircraft.......... X .................
Travel Document Type.............. X .................
Alien Registration Number**....... X
Address While in U.S.--(except for X .................
outbound flights, U.S. citizens,
lawful permanent residents, crew
and intransit passengers)........
Reservation Control Number........ ................. X
Record Sequence Number............ ................. X
Record Type....................... ................. X
Passenger update indicator........ ................. X
Traveler Reference Number......... ................. X
------------------------------------------------------------------------
*If required.
**If applicable.

TSA would require covered aircraft operators to transmit to TSA the
available passenger information required under this proposed rule that
resides in covered aircraft operators' systems. Covered aircraft
operators must submit this information, through the same DHS portal
used for APIS submissions, approximately 72 hours before departure of a
covered flight. Those that elect to transmit all manifest information
required under the Pre-Departure APIS rule at the same time would be
able to send a single transmission to DHS for the Secure Flight and
Pre-Departure APIS programs and would receive a single boarding pass
printing instruction in return. Under the APIS regulations, such
aircraft operators would then be required to validate the information
submitted against the individual's passport or other travel document
and transmit passenger information to DHS only if it is different from
the information previously submitted, no later than 30 minutes prior to
or up to the securing of the doors of an aircraft under CBP's APIS Pre-
Departure rule.
---------------------------------------------------------------------------

\13\ All APIS data elements are required.
\14\ Covered aircraft operators must provide data elements
listed for Secure Flight, to the extent they are available.
---------------------------------------------------------------------------

Covered aircraft operators that do not elect to transmit all
manifest information required under the Pre-Departure APIS rule
approximately 72 hours in advance would submit validated APIS
information no later than 30 minutes prior to or up to the securing of
the doors of an aircraft under CBP's Pre-Departure APIS rule. The
aircraft operator would only receive a boarding pass printing
instruction from DHS after the APIS transmission if the transmitted
APIS data differs from the SFPD that was transmitted 72 hours prior to
departure.
Additionally, for reservations made within 72 hours of scheduled
flight departure time, covered aircraft operators would be required to
transmit Secure Flight Passenger Data as soon as possible. If the
covered aircraft operator is also ready to transmit APIS information at
that time, the covered aircraft operator would be able to send one
transmission for both Secure Flight and Pre-Departure APIS and would
receive one boarding pass printing instruction. If the covered aircraft
operator is not ready to transmit passenger under Pre-Departure APIS at
the same time, the covered aircraft operator would be required to
transmit the passenger information separately for Secure Flight and
APIS.
Covered aircraft operators would use the same portal to transmit
Secure Flight Passenger Data to TSA as they will to transmit APIS data
to CBP. Covered U.S. aircraft operators would not need to undergo
additional operational testing during. . .

[maybe this document is just too big for this frame. . .I'm going to link you to the federal register source and hope you can find the rest of it if you are so inclined:

Rest of it.