Airport Biometrics: A Primer (2021)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

156 Case Study: Seattle–Tacoma International Airport and Designated Aviation Channeling Summary Pursuant to the Aviation Transportation Security Act and implementing regulations,112 TSA requires all employees of airport authorities and airline carriers as well as other airport stake- holder employees who require unescorted access to secure areas of an airport to submit an appli- cation and be approved for a SIDA badge. The vetting process screens an applicant’s information against federal criminal and immigration databases to determine whether the applicant is a threat to transportation or national security. Starting in 2012, TSA authorized the use of DAC services by airport operators and aircraft carriers through which applicants submit their applications [which include both biographic and biometric data (i.e., fingerprint records)] to TSA (and the FBI) (Department of Homeland Security Inspector General 2013; Pilli 2020). Telos ID is one of two DAC service providers authorized by TSA and offers its DAC services at Seattle–Tacoma International Airport (SEA) (Airport Technology 2020). See Table D-1 for more information. Introduction In the case of an airport using DAC vendor services, the process for a SIDA badge begins when the airport employee submits the application, supported by authorized signers (or endorsers), to the DAC vendor. Telos, as a DAC service provider, takes and includes the applicant’s finger- prints in the application with, in some cases, additional documentation (e.g., I-9 document) (Telos ID 2020b). The DAC vendor makes sure that the application is complete and properly formatted and verifies the employment and education information provided. The application is accompanied by fingerprints (and sometimes a photo), which are electronically submitted to TSA for a security threat assessment, which TSA in turn transmits to the FBI for a CHRC (Badgley 2020). The background check compares the applicant’s information against federal criminal and immigration databases to determine whether the applicant is a threat to trans- portation or national security. If the application is approved by TSA, the results are provided to the airport operator, and a badge is issued, which not only authorizes access to secured areas of an airport but, depending on the biometric technology in use at the airport and by the employer, could be scanned to record reporting for duty for timekeeping purposes or to physically enter secured areas. How Does It Work? Before the Passenger Journey The DAC service consists of various programs and systems used to collect applicant infor- mation. SEA primarily uses the DAC interface, which is a secure, web-based application hosted on servers managed by Telos. The back-end system is a database used to house collected A P P E N D I X D

What? ● DAC services are used by airport operators nationwide. ● Telos ID is one of two competitive vendors of services to airport and aircraft operators and stakeholders of DAC services for vetting of employees seeking unescorted access to secured areas of the airport (TSA requirement) (Ayers and Lucini 2012). ● The application compiled by Telos includes fingerprints (straight or rolled) (matching is 1:1); if a facial image is provided the matching for facial image is 1:many. Fingerprints are required, and occasionally photos are provided to verify identity (e.g., in the case of a name change). Where? ● Telos DAC services are currently at 90 airports in the United States. Customer process steps ● At the request of airport stakeholder, applicant submits biographic and biometric data (fingerprints and sometimes a photo) to Telos (Telos ID 2020a). ● Telos verifies the application information (e.g., checking employment and education references), ensuring completeness and proper format. ● Application is electronically transmitted in an encrypted format to TSA. ● TSA conducts a review of various government databases as a security threat assessment, and the FBI runs the fingerprints for a criminal history check [otherwise known as a Next Generation Identification (NGI) check]. ● Results of approval or denial are provided to Telos, but more detailed information is only shared with airport operator or aircraft carrier. ● Badge pickup is by applicant (airport employee), but if negative results are returned, airport or aircraft operator manually adjudicates the case. Who? ● Telos, under contract with SEA, provides DAC services to airport staff (airlines, TSA, ground operations, airport management/operations, other airport stakeholders/suppliers) in accordance with airport security directive and pursuant to TSA requirements. ● In the near future, Telos DAC services will also be used for CBP e-badge applicants (Burriesci 2020; Hamilton 2020). Why? ● SIDA badge is required for all employees whose duties require unescorted access to secured areas of the airport. ● Use of DAC biographic and biometric process creates a more efficient and secure vetting procedure, saving airport stakeholders time and money and standardizing the TSA/FBI–mandated procedure and minimizing TSA’s administrative oversight to two DAC providers. How? Technology used? ● The main DAC service used by SEA is a secure web-based application that allows SEA to collect applicant information and package it according to TSA and FBI specifications. ● SEA uses the DAC services by integrating them with its identity management system (IdMS) software. SEA IdMS software is integrated with mobile/static fingerprint scanners, cameras, and software provided by Telos (Curtis 2020). ● Telos electronically transmits the application and the fingerprints in an encrypted format. No specific technology is required for transmission, but fingerprint quality must meet FBI specifications. Enrollment/digital Identity creation and verification? ● DAC services, while not mandatory, are provided in support of the SIDA badge application required by TSA. Verification of identity how? ● Applicant provides two forms of government-issued identification and additional government-issued authorization (e.g., immigration forms such as an I-9), if warranted. Telos conducts checks for application data pertaining to employment and education history. For? ● DAC processing is for issuance of SIDA badge for airport employees seeking unescorted access to secured areas within the airport. (Exceptions exist for federal, state, or local government employees and for certain other individuals, previously vetted through TSA/FAA and authorized by the airport operator due to continuous employment.) ● In the near future, applicants seeking unescorted access to CBP’s FIS area can apply for the e-badge using Telos DAC services. Table D-1. Key facts on designated aviation channeling at SEA.

158 Airport Biometrics: A Primer information for the purpose of transmitting to TSA for STA vetting and CHRC submissions to the FBI. SEA uses the DAC service by integrating it with its identity management system (IdMS). SEA IdMS software is integrated with mobile/static fingerprint scanners, cameras, and software provided by Telos. It is important to note that the DAC systems are subject to TSA MD 1400.3 IT Security, as well as Attachment 1: TSA Information Assurance Handbook (TSA 2018c). The DACs must also comply with DHS specifications regarding the safe handling of SSI, PII, and sensitive personally identifiable information (SPII). Given that the DAC system contains SPII, the information systems and devices on which they are installed must be approved and granted authority to operate by DHS and TSA. The Passenger Journey At request of the airport, the applicant submits the application form with biographic and biometric data (fingerprints and, if relevant, a photo) to Telos for electronic transmission to TSA for SIDA badge for access to secured areas. Telos performs the following functions: • Ensures biographic data within the application are complete and accurate and accompanied by FBI-required fingerprints. • Verifies biographic information for employment and education history (including identifying unexplained gaps) by contacting listed references, employers, educational institutes, and so forth. • Verifies identity, as part of the application, through a driver’s license or other identity document (e.g., passport). • Ensures data integrity by eliminating duplicate or erroneous data. • Automates fingerprint web capture at a designated badging office, airport operator human relations office, or a mobile location. Provides capture devices (fingerprint scanners, cameras). • Provides capability to attach documentation, such as copies of immigration records (e.g., Permanent Resident Card, employment authorization document, Form I-94). • Via software, allows all the information to be packaged into a format compliant with the FBI Electronic Biometric Transmission Specification. • Encrypts the transmission and sends to TSA for its STA and background check and to FBI for a criminal history record check via Next Generation Identification (NGI). Telos transmits the application via secure connections using the Secure Sockets Layer over the Simple Object Access Protocol or HTTPS (Hypertext Transfer Protocol Secure). • Transmits the fee to TSA. • TSA conducts a review of various government databases for the STA, and the FBI runs the fingerprints for an NGI check. The results of approval or denial are provided to Telos, but more detailed information is only shared with the airport operator or aircraft carrier. If approved, the employee picks up a SIDA badge, but if negative results returned, the airport operator manually adjudicates the case. Retention and Storage Telos saves biometric and biographic data in the application in accordance with TSA Privacy Act System of Records Notice (SORN) requirements for STA records. It is important to note that the DAC system stores this data in accordance with TSA MD 1400.3 IT Security, as well as Attachment 1: TSA Information Assurance Handbook. In addition, the DAC system must comply with other federal and DHS data retention policies.

Case Study: Seattle–Tacoma International Airport and Designated Aviation Channeling 159   The data storage process and database structure are Telos ID proprietary system designs. TSA only holds the DAC to its requirements for the input to and output from the DAC system. These requirements are embodied in the previously mentioned TSA/DHS handbooks and policies. Telos adheres to privacy requirements set by DHS/TSA for DAC service providers in support of TSA requirements of the Privacy Act of 1974 governing the collection, storage, and retention of TSA records. TSA has indicated that for SEA, state privacy laws may apply as well. With respect to TSA, it retains information (fingerprints and biographic information) for 1 year after an individual’s SIDA privilege is no longer valid. In addition, for those individuals who may originally have appeared to be a match to a government watch list but are subsequently cleared as not posing a threat to transportation or national security, information will be deleted or destroyed 7 years after completion of the STA or 1 year after any credential or access privi- lege granted based on the STA is no longer valid, whichever is longer. Information contained in the subject database on individuals who are actual matches to a government watch list or who otherwise pose a threat to transportation or national security will be deleted or destroyed 99 years after completion of the STA or 7 years after TSA learns that the individual is deceased, whichever is earlier. For airport operators, per TSA regulation 49 CFR 1540, each operator must retain the STA application and supporting documents (verifying identity and work authorization) for 180 days following the end of the applicant’s service to the operator. System Architecture Flow Diagram The flow diagram of this case study can be found in the Seattle–Tacoma International Airport and Designated Aviation Channeling case study in Chapter 2. System Specifications There are no specifications for the DAC system design for hardware, software, encryption, cameras, and so forth, but fingerprint quality must meet FBI requirements. Stakeholders Airport and aircraft operators are the main stakeholders, although TSA oversees the vetting process to ensure compliance with the law. In 2020, at some 78 airports nationwide, CBP began receiving from TSA those applications from applicants seeking unescorted access to the CBP FIS area, which CBP vetted through its UPAX system (a multi-record system with law enforcement information, including criminal, civil, and immigration data) (Calixte 2020). Case Study Review Benefits According to the Telos ID website, Telos ID’s DAC services improve data integrity, increase the efficiency of credentialing operations, and reduce costs (Telos ID n.d.). For background checks, DAC services enable submissions of workers’ biographic and biometric data, including subscriptions to the FBI Record of Arrest and Prosecution Background (Rap Back) program, for individuals working in secured areas of U.S. commercial airports (TSA 2018a). Stakeholders have experienced a reduced administrative burden associated with operating a badging office. Those stakeholders that sign up for the Rap Back subscription service achieve significant savings since they no longer are required to pay for and obtain an FBI criminal history check

160 Airport Biometrics: A Primer every 2 years. DAC services also assist in managing insider threats with FBI’s Rap Back program, which provides employers with notice of an employee’s criminal and arrest records by sending alerts in real time if there are any additions to an employee’s FBI records. Some benefits of using the DAC services are: • DAC can also integrate with other users’ workforce systems to meet additional badging, physical security, and personnel administrative needs. • DAC Rap Back subscription service allows stakeholders to manage insider threats and provides employers with notice of an employee’s criminal and arrest records by sending alerts in real time from the FBI if there are any additions to an employee’s FBI records. • DAC services can expedite employee on-boarding with real-time and combined CHRC and STA submissions. • DAC eliminates spreadsheets that can expose PII. • DAC frees up federal agency staff from data entry and accelerates processing of applications. Responses from Airport Operators, Airlines, and Stakeholders In an interview conducted on October 5, 2020, with a SEA representative, benefits include more efficient processing of some 12,000 applications annually and greater protections for PII. System Specifications Review (Third Party or Other) Telos provides capture devices (fingerprint scanners, cameras) and transmits application via a secure web portal. The fingerprints must meet FBI specifications for quality. If approved, the applicant picks up the SIDA badge, but if there are negative results, the airport operator receives the details from TSA and manually adjudicates the case. Fall-Back Options Applications may be submitted as a hard copy, either manually or by mail. Concerns With respect to privacy protections extended to Telos’ processing of airport employee applications and related data, Telos maintains biometric and biographic data and yes/no results of vetting but does not receive the actual rap sheets or details regarding a finding that employees may have disqualifying events/offenses in their background. According to Telos, all information is stored in compliance with TSA requirements. Lessons Learned According to TSA sources, expanding the use of DAC services to multiple categories of air- ports has facilitated TSA’s oversight role and benefited larger and smaller airports with greater efficiencies. Findings and Trends Findings The DAC system promotes greater efficiency for pre-processing of SIDA badge applications for a large volume of workers.

Case Study: Seattle–Tacoma International Airport and Designated Aviation Channeling 161   “As an encrypted, web-based solution, Telos ID’s DAC services . . . [and] [i]ts modular design supports each airport’s and air carrier’s needs, and users can perform multiple functions on one platform” (Aviation Pros 2020). TSA and CBP acknowledge the increased efficiencies and improved speed of application processing through the use of DAC services. During Phase 1, CBP realized additional efficiencies in the airport employee vetting process for e-badges by piggybacking on the DAC services in cooperation with TSA. In the future, CBP intends to collect biometrics by requesting and receiving the set of fingerprints included in the application transmitted to TSA and the FBI. Future Situation and Broader Implementation Telos has indicated that its services could extend to Secure Flight vetting of passengers (but since Secure Flight is an assessment based on biographic data, it would not likely involve biometric data collection). In the future, CBP intends to collect biometrics by requesting and receiving the set of fingerprints included in the application transmitted to TSA and the FBI. Trends Identified One emerging trend is the consolidation of the many types of background checks required by the U.S. government into a single application and process. The result is greater efficiencies in the vetting process for airport employees requiring access to secured areas at commercial, federal, and joint-use facilities. According to Telos sources, it is exploring and implementing quality-integrated solutions, such as integrating customers’ workforce systems to meet additional badging, physical security, and personnel administrative needs. As of the time of writing, TSA PreCheck enrollment was conducted by IDEMIA. Starting in late 2020, Alclear, LLC, and Telos will also conduct TSA PreCheck enrollments for travelers. One of the challenges to expanded use of DAC services to airport-related functions is that most of the programs where vetting is a part use an established enrollment entity. Endnote 112. Aviation Transportation Security Act, 49 U.S.C. §§ 44936 et. seq. (Pub. L. 107-71); 49 CFR part 1542; TSA Directive 1542-04-08G. See also, 49 U.S.C. §106(l)(6), stating “the Administrator is authorized to enter into and perform such contracts, leases, cooperative agreements, or other transactions as may be necessary to carry out the functions of the Administrator and the Administration.”