The Office of Inspector General (OIG) has reviewed the Transportation Security Administration’s (TSA) management of the Quiet Skies program, to see if it is meeting its mission. In July 2018, various news media reported on TSA’s Quiet Skies, identifying it as a new domestic surveillance program that targeted passengers not included in any terrorist database. These articles raised concerns regarding the program’s legality, impact on privacy and civil liberties, and extensive collection of passenger data.
The program uses enhanced screening procedures on higher risk passengers, and Federal Air Marshal Service (FAMS) officers observe these individuals at airports and during flights. TSA conducts enhanced screening of Quiet Skies passengers at checkpoints to better ensure they are not carrying prohibited items on board aircraft and to mitigate the threats they potentially pose. Enhanced screening is more thorough than standard screening and requires two or more TSA officers to conduct the screening. In March 2018, in addition to enhanced checkpoint screening, TSA began surveillance (observation and collection of data) of Quiet Skies passengers beyond security checkpoints, as part of its FAMS Special Mission Coverage flights. Until FY 2018, Quiet Skies program costs totaled about $1.2 million for Intelligence and Analysis activities for about six years.
OIG’s review found that TSA did not properly plan, implement, and manage the Quiet Skies program to meet the program’s mission of mitigating the threat to commercial aviation posed by higher risk passengers. According to OIG’s report, “TSA did not develop performance goals and measures to demonstrate program effectiveness, or always adhere to its own Quiet Skies guidance”. OIG said this occurred because TSA lacked sufficient oversight to ensure the Quiet Skies program operated as intended. The watchdog found that TSA did not have a centralized office or entity to ensure the various TSA offices properly managed Quiet Skies passenger data.
When DHS and TSA initially planned and implemented the Quiet Skies program in April 2012, TSA did not establish outcome-oriented goals that explained how it would achieve its mission of identifying unknown or partially known passengers who might pose risks to aviation security. TSA created program implementation conditions to direct program activities, including information sharing, need for transparency, quarterly reviews of intelligence justifications for Quiet Skies rules, removing passengers from the Quiet Skies List, and limiting the number of enhanced screening encounters. Although these conditions may direct program activities, OIG said they are not outcome-oriented goals and do not provide TSA with a means to measure how the program contributes to accomplishing its mission.
OIG also found that FAMS’ use of Quiet Skies passenger data was not entirely consistent with TSA’s privacy protection guidance. TSA officials told OIG that they were aware FAMS was using Quiet Skies passenger data to conduct surveillance, even though the guidance specifically identified prohibiting the use of such information to guide operations beyond enhanced screening at checkpoints as mitigation of the privacy risk. However, TSA did not update its guidance to include FAMS surveillance of Quiet Skies passengers and use of collected data until April 2019.
It also transpired that in 2017 and 2018 TSA identified software algorithm and system malfunctions that resulted in passengers not being removed from the Quiet Skies List.
On program oversight, OIG reported that “TSA did not ensure oversight meetings were documented, as required, or update its policies and procedures to reflect program operations.” Without a centralized office or entity to ensure the various offices properly managed Quiet Skies passenger data, TSA relied on multiple internal offices to operate the program with minimal coordination.
OIG has made two recommendations to TSA, with which it concurs. First, establish and ensure a centralized Quiet Skies oversight program to monitor and ensure the program is operationally effective and using the information to protect travelers from emerging threats. This oversight should include development and codification of policies and procedures, development of performance measures, and establishment of goals for all program offices involved in the program.
TSA responded that it will create a Quiet Skies oversight council and develop a charter for this council. The council will consist of all TSA program offices participating in the Quiet Skies program. The council will also hold regular meetings to discuss Quiet Skies program changes, operational uses, and performance. Further, the Threat Analysis Division will finalize Standard Operating Procedures (SOPs) for its management of Quiet Skies rules and all other oversight processes. A copy of the SOPs will be provided upon completion. The estimated completion date is September 30, 2021.
Second, OIG recommended that, after ensuring operational effectiveness, the TSA Assistant Administrator, Intelligence and Analysis, in coordination with other TSA offices mandates that quarterly Quiet Skies oversight meetings with Department of Homeland Security are formally and consistently documented by, at a minimum, meeting minutes, records of key decisions made, and lists of meeting attendees. In addition, OIG calls for a formal quality assurance process and to be established that TSA can use for compliance and performance checks to validate that individuals identified by Quiet Skies rules have been designated by the Secure Flight system as Quiet Skies passengers and receive enhanced screening at checkpoints. Alongside this, OIG wants TSA to develop and codify procedures to ensure Quiet Skies data is reliable and passengers are cleared appropriately.
According to TSA, its Threat Analysis Division captured changes to the oversight process through formal adoption of SOPs related to DHS oversight of Quiet Skies in July 2020. In addition, through the Quiet Skies Oversight Council TSA will create a formal process documenting the component’s quality assurance process for ensuring rule-based selectees receive enhanced screening and correctly coded boarding passes. The estimated completion date to meet this recommendation is December 31, 2021.