Download:
pdf |
pdfSecurity Threat Assessment for SIDA and Sterile Area Workers
Privacy Impact Assessment
June 15, 2004
Contact Point:
Lisa S. Dean
Privacy Officer
Transportation Security Administration
571.227.3947
Reviewing Official:
Nuala O’Connor Kelly
Chief Privacy Officer
U.S. Department of Homeland Security
202.772.9848
�I.
Introduction
The Transportation Security Administration has the statutory responsibility for requiring by regulation
“employment investigation[s], including a criminal history record check and a review of available law
enforcement data bases and records of other governmental and international agencies” for individuals
who have “unescorted access” to the secure areas of airports and aircraft.
TSA implemented the criminal history record check in regulations codified at 49 CFR parts 1542, 1544,
and Security Directives by requiring a fingerprint-based criminal history records check for individuals with
unescorted access authority to Security Identification Display Areas (SIDA), workers who perform duties
in airport sterile areas1, [and individuals who are applying for these positions (referred to collectively as
SIDA and Sterile Area Workers throughout this document). In order to facilitate the required “review of
available law enforcement data bases and records of other governmental and international agencies,”
TSA has decided to conduct a name-based security threat assessment under the authority vested in the
Under Secretary of Transportation for Security found at 49 U.S.C. § 114(f).
The TSA Credentialing Program Office (CPO) is the office within TSA that is responsible for conducting
name-based and fingerprint based checks on SIDA and Sterile Area Workers. Additionally, the CPO
develops and implements policies associated with airport secure areas; provides guidance on policy
issues, and provides support to the airport and airline security officers who adjudicate the results of the
criminal history checks. Consequently, the CPO interfaces regularly with the American Association of
Airport Executives (AAAE), airport and airline industry personnel, the FBI, and other federal, state, and
local law enforcement entities in carrying out these responsibilities.
This Privacy Impact Assessment (PIA), conducted pursuant to the E-Government Act of 2002, P.L. 107347, and the accompanying guidelines issued by the Office of Management and Budget (OMB) on
September 26, 2003, is based on the current design of the program and the Privacy Act system of
records notice, Transportation Workers Employment Investigation System (DHS/TSA 002), that was
published in the Federal Register on August 18, 2003. This PIA provides further detail about the
collection of personally identifiable information for the purpose of conducting the security threat
assessments described above.
III.
System Overview
•
What information will be collected and used for this security threat
assessment?
The following information is collected for SIDA and Sterile Area Worker security threat assessments: full
name, aliases, date of birth, citizenship, gender, race, height, weight, eye color, hair color, fingerprints,
place of birth, social security number, address, employer’s name, and employer’s address.
•
Why is the information being collected and who is affected by the
collection of this data?
The information is being collected in order to carry out TSA’s statutory mandate to perform security threat
assessments on transportation workers. All SIDA and Sterile Area Workers holders will be affected by this
security threat assessment.
1
The Security Identification Display Area (SIDA) refers to portions of an airport, specified in the airport security program, in which
security measures required by regulation must be carried out. This area includes the security area and may include other areas of
the airport. The “Sterile Area” refers to portions of an airport defined in the airport security program that provides passengers
access to boarding aircraft and to which the access generally is controlled by TSA, an aircraft operator, or a foreign air carrier.
2
�•
What information technology system(s) will be used for this program and
how will they be integrated?
Fingerprint-based check
Currently, each SIDA and Sterile Area Worker must complete a fingerprint application and submit
fingerprints. The sponsoring airport or aircraft operator employer currently collects and maintains this
information in either paper or electronic form. Once the information is collected, the employer sends it to
the AAAE, an association that currently completes quality control procedures on the information and
facilitates the transfer of it between TSA and airline and airport employers. This is a service AAAE
provides airports, air carriers, and their members. Using AAAE provides one point of contact instead of
multiple contacts, and facilitates formatting all data received into one workable format for TSA.
Additionally, AAAE converts paper fingerprint submissions into an electronic format if the employer does
not have the capacity to do so. This diminishes the number of unreadable prints and facilitates a better
turn-around time. AAAE sends this information to TSA via secured email. TSA then transmits the
information, including the fingerprint, to the FBI for a criminal history records check. The FBI returns the
results to TSA’s secure Fingerprint Results Distribution (FPRD) website, where the air carrier and airport
employer security representatives can access the information and adjudicate the results.
Name-based Check
The information currently being transmitted to the AAAE by the employers will now be used to conduct a
name-based security threat assessment. AAAE will forward a portion of the information being collected
for the fingerprint-based checks via secured email to TSA. The information forwarded is as follows:
name, aliases, social security number, address information, place of birth, date of birth, gender,
citizenship, employer’s name, and employer’s address. TSA will run this information through terroristrelated databases it maintains or uses. Any application that meets the minimum criteria established by
TSA as a possible match, will undergo further analysis. After TSA’s review, the name of any SIDA and
Sterile Area Worker that poses or is suspected of posing a security threat will be forwarded to appropriate
intelligence and/or law enforcement agency(ies). The law enforcement or intelligence agency will analyze
the information, determine whether the individual’s identity can be verified and whether he or she
continues to pose a threat or is suspected of posing a threat. If so, the law enforcement or intelligence
agency will notify TSA of the determination so TSA can inform the airport or air carrier employer that the
workers access should be rescinded. The law enforcement or intelligence agency will take appropriate
action concerning the individual, depending on what information connects the individual to terrorist
activity. Individuals will be given an opportunity to correct any underlying identification or court records.
TSA will continue this procedure to ensure that any resulting information suggesting a connection
between a SIDA and Sterile Area Worker and terrorist activities is as narrowly drawn as possible. TSA
plans to continue conducting these security threat assessments indefinitely.
•
What notice or opportunities for consent are provided to individuals
regarding what information is collected, and how that information is
shared?
SIDA and Sterile Area Workers are provided with a Privacy Act notice describing the authority to collect
the data, the purpose for collecting the data, and the routine uses for the collection of biographic and
biometric (fingerprint) data. TSA’s system of records notice DHS/TSA 002, which was published in the
Federal Register, and is discussed below, also provides public notice of the collection, use, and
disclosure of this information.
•
Does this program create a new system of records under the Privacy Act?
No. This program is covered under a Privacy Act system of records that was established in 2003 called
the “Transportation Workers Employment Investigation System,” or DHS/TSA 002. The purpose of this
3
�system of records is to facilitate the performance of background investigations of transportation workers
to ensure transportation security. The system of records notice was published in the Federal Register on
August 18, 2003, and can be found at 68 Fed. Reg. 49496, 49498.
•
What is the intended use of the information collected?
Information will be used for performing security threat assessments of SIDA and Sterile Area Workers.
•
With whom will the collected information be shared?
The information will be shared with the appropriate DHS personnel and contractors with a “need to know,”
who, by law and contract are subject to the Privacy Act and who are involved in processing the security
threat assessments. If persons pose or are suspected of posing a security threat, then TSA will notify the
appropriate law enforcement and/or intelligence agency. The collection, maintenance, and disclosure of
information will be conducted in compliance with the Privacy Act and the published system of records
notice.
•
How will the information be secured against unauthorized use? (What
technological mechanism will be used to ensure security against hackers
or malicious intent?)
TSA will secure personal information against unauthorized use through the use of a layered security
approach involving procedural and information security safeguards. Specific privacy safeguards can be
categorized by the following means, which are described in greater detail elsewhere in this document:
o
Technical limitations on, and tracking of, data access and use;
o
Use of secure telecommunications techniques; and
o
Limitation of physical access to system databases and workstations.
This approach protects the information in accordance with the following requirements:
The Privacy Act of 1974, as amended, (5 USC 552a) which requires Federal agencies to establish
appropriate administrative, technical and physical safeguards to insure the security and confidentiality of
information protected by the Act.
Federal Information Security Management Act of 2002, (Public Law 107-347), which establishes minimum
acceptable security practices for Federal computer systems.
•
Will the information be retained and if so, for what period of time?
TSA is in the process of developing a records retention schedule that would permit it to destroy these
records after a determined period of time. Until NARA approves this records schedule, however, TSA
does not have legal authority to dispose of these records. TSA has requested a short retention period for
these records from NARA. TSA intends to retain the information related to the criminal history records
check for up to sixty days. Once TSA receives authority to dispose of these records, TSA will purge
results from individuals who no longer possess a credential. TSA will update the other records
periodically consistent with regulations that will require SIDA and Sterile Area Workers to submit to
periodic security threat assessments including the criminal history records check. The criminal history
records check results (rap sheet information) is maintained by TSA on the Fingerprint Results Distribution
website. TSA will need to keep this information because it formed the basis for the final adjudication
decision. The individual record may be used to determine if the granting of the credential was made
correctly. These records may also be used for auditing airports/airlines.
4
�TSA will maintain the data for the name-based security threat assessments that will begin in the summer
of 2004. TSA also intends to retain these records for a sufficient period of time to permit affected
individuals an opportunity to pursue redress or appeal measures, as well as for program auditing
purposes.
• Will the information collected be used for any purpose other than the one
intended?
Information collected will be used to conduct security threat assessments for SIDA and Sterile Area
Workers. TSA ensures this is accomplished through legal agreements with its contractors and in
compliance with the Privacy Act and the published system of records notice.
•
How will the SIDA and Sterile Area Workers be able to seek redress?
In the case of criminal history records checks (CHRC), adjudicated by employers, if an individual applying
for a credential disputes the results of a CHRC (i.e., disposition of a charge (s) is incorrect), the applicant
can provide court documentation to his or her employer’s security office. If the applicant can show that the
disposition (or charge) does not falls under the disqualifying offense category; he or she will be granted a
credential. If the applicant can show that corrected disposition or charge no longer falls under the
disqualifying offense category; he or she will be granted a credential. NOTE: The employer’s security
office will need to contact TSA (The CHRC requestor) to verify with the Federal Bureau of Investigation
that the court record has been changed in favor of the applicant.
Individuals who believe that they have been wrongly identified as a security threat will be given the
opportunity to contact the Credentialing Program Office of TSA to address their concerns. Redress
based on the security threat assessment (STA) will be handled on a case-by-case basis due to the
classified and/or security sensitive information that may be involved. TSA will provide information on
which the determination was based to the applicant to the extent permitted by law. There may be items
that are classified or sensitive security information that TSA cannot release. For the name based security
threat assessment, TSA will be the final adjudicator for security threat assessments.
•
What is the step-by-step process of how the systems will work once the
data has been input and what is the process for generating a response?
There are two similar step-by-step processes for the security threat assessments based the type of check
being conducted. These processes are as follows:
The process for the fingerprint-based criminal history records checks is as follows. AAAE consolidates
information from the airlines/airports and provides it to TSA’s Credentialing Program Office (CPO). CPO
forwards the information to the FBI who runs the information in their Criminal Justice Information System
(CJIS). Results from the run (rap sheet information) are provided back to TSA, and TSA posts the results
on a secure, password protected website. Airport and airline personnel security officers review and
adjudicate the results based on a list of disqualifying criminal offenses and decide to either grant or deny
Access to the SIDA and Sterile Area Worker.
The process for the name-based security threat assessment is as follows. AAAE consolidates
information from the airlines/airports and provides it to TSA. TSA runs the information provided through
terrorist-related databases it maintains or uses. TSA will analyze the record of any individual that
appears to be a possible match. After TSA’s review, the name of any individual that poses or is
suspected of posing a security threat will be forwarded to appropriate law enforcement and/or intelligence
agency. The law enforcement or intelligence agency will analyze the information, determine whether the
individuals identity can be verified and whether he or she continues to pose a threat or is suspected of
posing a threat. If so, the law enforcement or intelligence agency will notify TSA of the determination so
TSA can inform the airport or air carrier employer that the workers access should be rescinded. The law
5
�enforcement or intelligence agency will take appropriate action concerning the individual, depending on
what information connects the individual to terrorist activity. Individuals will be given the opportunity to
correct any underlying identification or court records. TSA will continue this procedure to ensure that any
resulting information suggesting a connection between a SIDA and Sterile Area Worker and terrorist
activities is as narrowly drawn as possible.
•
What technical safeguards are in place to secure the data?
DHS employs the following technical safeguards to secure data:
o Use of advanced encryption technology to prevent internal and external tampering of TSA data
and transmissions.
o Secure data transmission, including the use of password-protected e-mail for sending files among
the participants listed above, to prevent unauthorized internal and external access.
o Password protection for files containing personal or security threat assessment data to prevent
unauthorized internal and external access.
o Network firewalls to prevent intrusion into DHS network and TSA databases.
o User identification and password authentication to prevent access to security threat assessment
systems by unauthorized users.
o Security auditing tools to identify the source of failed TSA system access attempts by
unauthorized users and the improper use of data by authorized operators.
•
Will the staff working with the data have appropriate training and security
clearances to handle the sensitivity of the information?
All TSA and contractor staff receives TSA-mandated privacy training on the use and disclosure of
personal data. Additionally, training will be conducted that relates to the handling of personal data
specifically related to the SIDA and Sterile Area Workers security threat assessment. Staff assigned to
handle classified threat assessment information will be required to obtain appropriate security clearances.
Additionally, all staff must hold appropriate credentials for physical access to the sites housing the
security threat assessment databases and management applications. Physical access safeguards include
the use of armed or unarmed security guards at sites; hard-bolting or fastening of databases, servers,
and workstations; and credential readers for internal and external site access. The DHS contractors also
hold appropriate facility security clearances.
For questions or comments, please contact:
Lisa S. Dean, Privacy Officer, Transportation Security Administration, 571-227-3947
Nuala O'Connor Kelly, Chief Privacy Officer, Department of Homeland Security, 202-772-9848
6
�TSA SIDA and Sterile Area Workers Criminal History Records Check
U.S. Federal Government
FBI/CJIS
AAAE
Criminal History
Records Check
TSA/CPO
Airport/Airline
Derived Data
Results of Criminal
History Record Review
Identification of
Secure Area/SIDA
Holders/Applicants
TSA
F.P.R.D.
Website
Airports/Airlines
Applicants
Security officers
notify applicants
of results
Start
Airport/Airline
Personnel
Security
officers
Airport/Airline Personnel Security
officers review criminal histories via
a secured website and adjudicate
individuals applying for sterile area/SIDA
credentials. Decision made to either grant
or deny credential.
End
TSA SIDA and Sterile Area Workers Security Threat Assessment
Department of Homeland Security
AAAE
TSA
Airport/Airline
Derived Data
Threat
Assessment *
Identification of
Secure Area/SIDA
Holders/Applicants
TSA/CPO
Results of
Assessment
CPO Provides final results
to security officers
Records with
Possible Hits
DHS
Personnel
Airports/Airlines
End
Results of
Investigation
Sent to CPO
Security officers
notify applicants
of results
Applicants
Start
Program Mgt.
Law
Enforcement
& Intelligence
Agencies
Notification of those
who pose or are
suspected of posing a
security threat
* Includes Federal and Non-Federal government data sources
7
�
| File Type | application/pdf |
| File Title | Microsoft Word - PIA -- Aviation Workers SIDA FINAL1.doc |
| Author | gwynne.kostin |
| File Modified | 2004-07-01 |
| File Created | 2004-07-01 |