The technologies being deployed by government agencies such as the US Transportation Security Administration (TSA) to keep us safe in the air continue to advance year-over-year. Throughout many airports in the US, the TSA has deployed millimeter wave scanners; explosive detection systems and threat image protection software. There are now specialized types of computer cases that can pass through security checkpoints without having to remove the laptop. There is even a Cast-Ray system being deployed to screen passengers with casts, braces and heavy bandages. Perhaps, the biggest improvement I am looking forward to in the next twelve months is avoiding the need to pack my toiletries in a clear 3-3-3 plastic bag. However, one of the most important technologies being utilized to support advanced passenger screening against terrorist watch lists receives little publicity at all – EDI.
In January of this year, the TSA began the first phase of implementation for its Secure Flight program. Secure Flight is one of the many homeland security recommendations put forth by the 9/11 Commission. The program calls for airline operators to transfer responsibility for watch list monitoring and passenger screening to the US Federal government, specifically TSA. Through government ownership, the risk of security breaches is minimized and a higher level of consistency can be enforced across airlines. In the first phase of the program, TSA will perform screening of only US domestic flights. In future versions of the program, monitoring will expand to include international flights as well.
Secure Flight Powered by EDI
The process starts by airline operators submitting a file for each scheduled flight that includes the names of all passengers as well as their date of birth, gender and full itinerary. TSA performs a matching process against its No Fly List, which contains approximately 2500 known terrorists restricted from boarding any commercial aircraft in or out of the US. A Secondary Security Screening Selection process is then performed to identify passengers requiring additional inspections. While the criteria for this Selectee List are not published, a few known triggers exist such as one-way fliers; tickets purchased in cash; and tickets purchased on the day of travel.
Source: TSA
In 2002, UN/EDIFACT created two new EDI documents specifically designed for passenger screening by border control authorities – PAXLST and CUSRES. The two documents were adopted by the International Air Transport Association (IATA) and the World Customs Organization (WCO) shortly thereafter for commercial and government use. Selected nations such as the US Department of Homeland Security have extended or customized the documents to satisfy country-specific regulatory requirements.
PAXLST and CUSRES
PAXLST is a message created by an airline operator containing detailed information about the passengers and crewmembers on-board the plane. It is required to be submitted to TSA for advanced approval prior to passenger boarding. PAXLST includes a number of data elements for each flight such as origin; destination; time of departure; and scheduled time of arrival. Extensive detail on each individual passenger is included such as the full name, gender, date-of-birth, citizenship, home address, e-mail address. PAXLST can include passport data such as country of issuance, expiration date and document number. If a travel agency was used then PAXLST should include the name of the specific agent who ticketed the reservation. Even flight-time data such as the passenger’s seat assignment and baggage tag are included. Perhaps, most interesting is that the payment details are listed in PAXLST. For the credit or debit card used for the reservation, the cardholder’s name and account number are included along with the total charges, the currency and date of booking. I wonder if TSA is PCI-compliant?
CUSRES is the message returned from a border control authority to the airline operator, which either acknowledges the receipt of a PAXLST or, if appropriate, provides actions to be taken. CUSRES includes reference data about specific flights and passengers as instructions to for additional inspection or the need to deny boarding approval.
TSA supports both synchronous and asynchronous transmission of PAXLST and CUSRES messages with airline operators. Messages can be submitted via one of the two primary airline EDI networks, SITA (Societe Internationale de Telecommunications Aeronautique) and ARINC (Aeronautical Radio Inc). Alternatively, transmissions can occur over an encrypted Internet channel (VPN) using web services or the IBM Websphere MQ protocol.
If you are interested in reading more about the TSA’s implementation of these messages, there is a 270-page guide available online.
One Response to “PAXLST and CUSRES – How EDI keeps our planes safe from Terrorists”
IDO Security develops a solution called the MagShoe for shoes-on weapons metal detection – filling a critical void in the market by extending security screening to the lower body and feet. (OTCBB: IDOI)