oversight

TSA Needs to Improve Management of the Quiet Skies Program (REDACTED)

Published by the Department of Homeland Security, Office of Inspector General on 2020-11-25.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

      6(16,7,9(6(&85,7<,1)250$7,21




TSA Needs to Improve
Management of the
Quiet Skies Program
(REDACTED)




:$51,1*7KLVGRFXPHQWFRQWDLQV6HQVLWLYH6HFXULW\,QIRUPDWLRQWKDWLVFRQWUROOHG
XQGHU&)53DUWVDQG'RQRWGLVFORVHDQ\SDUWRIWKLVUHSRUWWRSHUVRQV
ZLWKRXWD´QHHGWRNQRZµDVGHILQHGLQ&)53DUWVDQGZLWKRXWWKH
H[SUHVVHGZULWWHQSHUPLVVLRQRIWKH$GPLQLVWUDWRURIWKH7UDQVSRUWDWLRQ6HFXULW\
$GPLQLVWUDWLRQRUWKH6HFUHWDU\RIWKH'HSDUWPHQWRI+RPHODQG6HFXULW\



                      6(16,7,9(                     November 25, 2020
                      6(&85,7<
                                                            OIG-21-11
                    ,1)250$7,21
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security
                                     Washington, DC 20528 / www.oig.dhs.gov


                                               November 25, 2020

MEMORANDUM FOR:                       The Honorable David Pekoske
                                      Administrator
                                      Transportation Security Administration

FROM:                                 Joseph V. Cuffari, Ph.D.                                       Digitally signed by JOSEPH
                                      Inspector General        JOSEPH V                              V CUFFARI
                                                                                                     Date: 2020.11.25 15:17:15
                                                                               CUFFARI               -05'00'

SUBJECT:                              TSA Needs to Improve Management of the Quiet Skies
                                      Program – Sensitive Security Information

Attached for your action is our final report, TSA Needs to Improve Management
of the Quiet Skies Program – Sensitive Security Information. We incorporated the
formal comments provided by your office in the final report.

The report contains two recommendations aimed at improving the overall
effectiveness of TSA’s Quiet Skies program. Your office concurred with both
recommendations. Based on information provided in your response to the
draft report, we consider recommendations 1 and 2 open and resolved. Once
your office has fully implemented the recommendations, please submit a formal
closeout letter to us within 30 days so that we may close the recommendations.
The memorandum should be accompanied by evidence of completion of agreed-
upon corrective actions and of the disposition of any monetary amounts.
Please send your response or closure to OIGAuditsFollowup@oig.dhs.gov.

Consistent with our responsibility under the Inspector General Act, we will
provide copies of our report to congressional committees with oversight and
appropriation responsibility over the Department of Homeland Security. We
will post a redacted version of the report on our website.

Please call me with any questions, or your staff may contact Sondra McCauley,
Assistant Inspector General for Audits, at (202) 981-6000.


cc:      Executive Assistant Administrator, Operations Support, TSA
         Executive Assistant Administrator, Law Enforcement/FAMS, TSA




www.oig.dhs.gov
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                                          SENSITIVE SECURITY INFORMATION

                                          DHS OIG HIGHLIGHTS
                              TSA Needs to Improve Management of
                                   the Quiet Skies Program

November 25, 2020                                  What We Found
Why We Did                                         TSA did not properly plan, implement, and manage
                                                   the Quiet Skies program to meet the program’s
This Audit                                         mission of mitigating the threat to commercial
                                                   aviation posed by higher risk passengers.
We conducted this audit to                         Specifically, TSA did not:
determine whether the
Transportation Security                            • develop performance goals and measures to
Administration (TSA)                                 demonstrate program effectiveness, or
planned, implemented, and                          • always adhere to its own Quiet Skies guidance.
managed its Quiet Skies
program to accomplish its                          This occurred because TSA lacked sufficient
mission as intended. The                           oversight to ensure the Quiet Skies program
program uses enhanced                              operated as intended. For example, TSA did not
screening procedures on                            have a centralized office or entity to ensure the
higher risk passengers, and                        various TSA offices properly managed Quiet Skies
Federal Air Marshal Service                        passenger data.
(FAMS) officers observe these
individuals at airports and                        Without sufficient metrics, analysis, and controls,
during flights.                                    TSA cannot be assured the Quiet Skies program
                                                   enhances aviation security through FAMS as
What We                                            intended.
Recommend
We made two                                        TSA’s Response
recommendations that, when
implemented, may help TSA                          TSA concurred with both recommendations and has
better measure the                                 begun implementing corrective action plans.
effectiveness of its Quiet
Skies program.


For Further Information:
Contact our Office of Public Affairs at
(202) 981-6000, or email us at
DHS-OIG.OfficePublicAffairs@oig.dhs.gov




         www.oig.dhs.gov                                                                                                 OIG-21-11
         WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
         this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
         written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
         Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
         by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

Table of Contents

Background .................................................................................................... 1

Results of Audit .............................................................................................. 2

         TSA Did Not Properly Plan, Implement, and Manage Its Quiet Skies
         Program ................................................................................................ 3

Recommendations ......................................................................................... 11

Management Comments and OIG Analysis……………………………………………11

Appendixes

         Appendix A: Objective, Scope, and Methodology .................................. 14
         Appendix B: TSA’s Comments to the Draft Report ................................ 16
         Appendix C: Quiet Skies Responsibilities by TSA and DHS Office ......... 25
         Appendix D: Quiet Skies Process Flowchart ......................................... 26
         Appendix E: Comparison of Enhanced and Standard Screening
                     Procedures at the Airport Screening Checkpoint .............. 27
         Appendix F: FAMS Involvement in the Quiet Skies Program................. 28
         Appendix G: Encounters and Surveillance Effectiveness for Quiet Skies
                     Program, FY 2015 - February 2019 .................................. 30
         Appendix H: Report Distribution .......................................................... 31

Abbreviations

         ETD                  Explosive Trace Detection
         FAMS                 Federal Air Marshal Service
         GAO                  U.S. Government Accountability Office
         I&A                  Intelligence and Analysis office
         PIA                  Privacy Impact Assessment
         SOP                  Standard Operating Procedures
         TIDE                 Terrorist Identities Datamart Environment
         TSA                  Transportation Security Administration
         TSDB                 Terrorist Screening Database




www.oig.dhs.gov                                                                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

TSA conducts enhanced screening of Quiet Skies passengers at checkpoints to
better ensure they are not carrying prohibited items on board aircraft and to
mitigate the threats they potentially pose. Enhanced screening is more
thorough than standard screening and requires two or more Transportation
Security Officers to conduct the screening. (See comparison in Appendix E.) In
March 2018, in addition to enhanced checkpoint screening, TSA began
surveillance (observation and collection of data) of Quiet Skies passengers
beyond security checkpoints, as part of its Federal Air Marshal Service’s
(FAMS) Special Mission Coverage flights as described in Appendix F. Until FY
2018, Quiet Skies program costs totaled about $1.2 million for Intelligence and
Analysis (I&A) activities for about six years.

DHS’ Privacy Office, Office for Civil Rights and Civil Liberties, and Office of the
General Counsel 3 (DHS’ Reviewing Offices) examine Quiet Skies rules every
quarter to ensure the rules:

    •    are based on current intelligence identifying specific potential threats to
         aviation security within the United States;
    •    are deactivated when no longer necessary to address a particular threat;
    •    are tailored appropriately to minimize the impact on passengers’ civil
         rights, civil liberties, and privacy; and
    •    comply with relevant legal authorities, regulations, and DHS policies.

In July 2018, various news media reported on TSA’s Quiet Skies, identifying it
as a new domestic surveillance program that targeted passengers not included
in any terrorist database. These articles raised concerns regarding the
program’s legality, impact on privacy and civil liberties, and extensive collection
of passenger data. We conducted this audit due to congressional interest and
the media reports about the Quiet Skies program.

                                               Results of Audit

TSA did not properly plan, implement, and manage the Quiet Skies program to
meet the program’s mission of mitigating the threat to commercial aviation
posed by higher risk passengers. Specifically, TSA did not:



3 Under the FAA Reauthorization Act of 2018, Pub. L. No. 115-254, § 1949(c)(3), 132 Stat 3186
(2018), TSA counterparts — TSA Privacy; Civil Rights and Liberties, Ombudsman, and Traveler
Engagement; and Chief Counsel’s office — also review screening rules established by I&A.


www.oig.dhs.gov                                               2                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

      •   develop performance goals and measures to demonstrate program
          effectiveness, or
      •   always adhere to its own Quiet Skies guidance.

This occurred because TSA lacked sufficient oversight to ensure the Quiet
Skies program operated as intended. For example, TSA did not have a
centralized office or entity to ensure the various TSA offices properly managed
Quiet Skies passenger data.

Without sufficient metrics, analysis, and controls, TSA cannot be assured the
Quiet Skies program enhances aviation security through FAMS as intended.

TSA Did Not Properly Plan, Implement, and Manage Its Quiet
Skies Program

TSA did not properly plan, implement, and manage the Quiet Skies program to
meet the program’s mission of mitigating the threat to commercial aviation
posed by unknown higher risk passengers. Agencies should develop and
implement sufficient internal controls to facilitate mission fulfillment and
ensure programs operate as intended to achieve specified goals. TSA did not
have sufficient internal controls to ensure the Quiet Skies program operates
efficiently and effectively. For example, TSA did not develop outcome-based
performance goals and measures to demonstrate program effectiveness, or
always adhere to its own Quiet Skies guidance. This occurred because TSA
lacked sufficient, centralized oversight to ensure the Quiet Skies program
operated as intended. Without sufficient metrics, analysis, and controls, TSA
cannot be assured the Quiet Skies program enhances aviation security as
intended.

TSA Did Not Develop Performance Goals and Measures to Demonstrate
Program Effectiveness

TSA did not adequately plan its Quiet Skies program to include outcome-based
performance goals and measures. The GPRA Modernization Act of 2010 4
requires Federal agencies to develop performance goals expressed in objective,
quantifiable, and measureable terms. This includes developing outcome-
oriented goals and describing how they will be achieved, and how they will
contribute to meeting the Federal Government’s priority goals. Output


4   GPRA Modernization Act of 2010, Pub. L. No. 111-352, § 1115, 124 Stat 3869 (2011).

www.oig.dhs.gov                                               3                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

measures allow agencies to calculate or record program activities
quantitatively, while outcome measures assess the results of a program activity
compared to its intended purpose.

TSA Did Not Have Performance Measures and Goals to Demonstrate
Effectiveness of Enhanced Screening of Quiet Skies Passengers

When DHS and TSA initially planned and implemented the Quiet Skies
program in April 2012, TSA did not establish outcome-oriented goals that
explained how it would achieve its mission of identifying unknown or partially
known passengers who might pose risks to aviation security. TSA created
program implementation conditions to direct program activities, including:

     •    information sharing,
     •    need for transparency,
     •    quarterly reviews of intelligence justifications for Quiet Skies rules,
     •    removing passengers from the Quiet Skies List, 5 and
     •    limiting the number of enhanced screening encounters.

Although these conditions may direct program activities, they are not outcome-
oriented goals and do not provide TSA with a means to measure how the
program contributes to accomplishing its mission. TSA’s I&A established some
output-based measures for Quiet Skies but did not develop outcome-based
performance measures or goals that demonstrated the program’s effectiveness.
For example, I&A tracked quantitative and qualitative measures of an activity,
including the number and names of passengers that matched Quiet Skies rules
to the number of times those passengers traveled. However, I&A did not have
outcome-based measures, such as those for ensuring enhanced screening at
checkpoints, to demonstrate its Quiet Skies rules mitigated risks to aviation
security. According to an I&A official, I&A is not aware of potential threat
incidents unless TSA’s Security Operations office provides notification about a
security event at a checkpoint.

TSA Did Not Develop Performance Measures and Goals to Demonstrate FAMS’
Value in Using Quiet Skies Passenger Data

TSA incorporated FAMS surveillance in the Quiet Skies program in 2018, but
did not develop outcome-based performance measures or goals to demonstrate


5A list of higher risk passengers as identified by other TSA programs who also meet the Quiet
Skies rules.

www.oig.dhs.gov                                               4                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

how FAMS surveillance activities would benefit the Quiet Skies program. After
almost two years of flight coverage, FAMS could not provide outcome-based
performance measures to show that its surveillance of Quiet Skies passengers
who had already received enhanced screening at checkpoints was the most
efficient use of its limited resources. (See Appendix G for details.) According to
FAMS officials, metrics they developed were being analyzed for suitability to
provide indicators of FAMS mission deployment effectiveness. However, in
February 2019, these same officials informed us that their goal was to achieve
100 percent flight coverage of all Quiet Skies flights, which, at the time, was
about      percent. Without adequate metrics and analysis, TSA cannot ensure
that use of FAMS is effectively accomplishing the Quiet Skies program mission
of helping mitigate potential aviation system threats to protect the traveling
public.

TSA Did Not Always Adhere to Its Own Quiet Skies Guidance

TSA did not adequately manage its Quiet Skies program to ensure that all
relevant TSA offices adhered to Quiet Skies guidance. According to GAO’s
Standards for Internal Control in the Federal Government, management
documents – in policies such as Standard Operating Procedures (SOP) – each
unit’s responsibilities for operational processes to identify risks, design control
activities, assist in implementation and operate effectively, and monitor the
control activities to ensure programs operate as intended.

TSA Did Not Coordinate FAMS’ Use of Quiet Skies Data to Ensure Compliance
with Privacy Protection Guidance

When conducting aviation security and collecting passenger data, TSA should
ensure passenger privacy is protected. The Privacy Act of 1974 prohibits the
disclosure of a record about an individual from a system of records absent the
written consent of the individual, unless the disclosure is pursuant to one of
twelve statutory exceptions. 6 In addition, the E-Government Act of 2002
requires agencies to conduct Privacy Impact Assessments (PIA) to make
publicly available what information is collected, why it is being collected, the
intended use of the information, and how it will be secured. 7 The DHS Privacy
Office’s official guidance on PIAs further explains PIA as “one of the most


6   Privacy Act of 1974, as amended, 5 U.S.C. § 552a(b).
7   E-Government Act of 2002, Pub. L. No. 107-347 § 208(b)(1)(B)(iii), 116 Stat 2899 (2002).




www.oig.dhs.gov                                               5                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

important instruments through which the Department creates transparency
and establishes public trust in its operations,” and “a vital tool that evaluates
possible privacy risks and the mitigation of those risks at the beginning of and
throughout the development life cycle of a program or system.” 8

In April 2012, TSA developed a Quiet Skies PIA to address privacy concerns
regarding the collection of passenger data. The 2012 PIA identified the privacy
risk of expanding the Quiet Skies List beyond its intended purpose of
passenger screening, and specifically provided prohibition of other uses within
the Concept of Operations as mitigation of such risk.

FAMS’ use of Quiet Skies passenger data is likely permitted under one of the
twelve statutory exceptions to the Privacy Act’s prohibition against disclosure of
any individual’s record from a system of records without the individual’s
written consent. 9 Nonetheless, FAMS’ use of Quiet Skies passenger data was
not entirely consistent with TSA’s privacy protection guidance provided in the
2012 PIA. According to TSA officials, they were aware FAMS was using Quiet
Skies passenger data to conduct surveillance, even though the 2012 PIA
specifically identified prohibiting the use of such information to guide
operations beyond enhanced screening at checkpoints as mitigation of the
privacy risk. However, TSA did not update its PIA to include FAMS surveillance
of Quiet Skies passengers and use of collected data until more than a year
later, in April 2019.

Moreover, TSA informed us the DHS Reviewing Offices may not have become
fully aware of FAMS’ surveillance of Quiet Skies passengers until nearly five
months after FAMS began those operations. According to a TSA Privacy Office
official, the Privacy Office did not immediately inform DHS offices of FAMS
involvement with Quiet Skies because of internal opposition to the program


8 DHS Privacy Office, Privacy Impact Assessments: The Privacy Office Official Guidance (June
2010).
9 See 5 U.S.C. § 552a(b)(1) (“No agency shall disclose any record which is contained in a system

of records by any means of communication to any person, or to another agency, except
pursuant to a written request by, or with the prior written consent of, the individual to whom
the record pertains, unless disclosure of the record would be to…those officers and employees
of the agency which maintains the record who have a need for the record in the performance of
their duties…”) FAMS and I&A are part of the same agency, and it is reasonable to conclude
FAMS had a need to know the Quiet Skies passenger data in the performance of its duties to
protect airline passengers and crew against the risk of criminal and terrorist violence.




www.oig.dhs.gov                                               6                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

due, in part, to the release of a Quiet Skies media article and pending an
updated FAMS Concept of Operations. 10 Subsequently, the Office for Civil
Rights and Civil Liberties’ Programs Branch Director emailed TSA’s Executive
Assistant Administrator for Law Enforcement/FAMS, expressing concerns
about FAMS’ involvement in Quiet Skies operations. In the email, the Director
noted that FAMS’ Quiet Skies surveillance “…falls outside the intelligence
activity documented in the Implementation Memo and subsequently beyond
the scope of the [DHS] Oversight offices’ quarterly review process.”

The five-month delay in providing an updated FAMS Concept of Operations for
DHS Reviewing Offices’ review and a year delay in updating the PIA may have
affected the Department’s effort to build transparency and public trust in its
operations and evaluate possible privacy risks and the mitigation of those risks
throughout the development life cycle of a program or system. 11

TSA May Not Have Always Removed Passengers After                                                                 , as
Required

TSA may not have always removed passengers from the Quiet Skies List as
required by its Implementation of an Intelligence-Driven, Risk-Based Domestic
Aviation Security Screening Program (Implementation Plan). TSA created the
Implementation Plan in April 2012 to:

     •    document the Quiet Skies rule approval process;
     •    define DHS oversight responsibilities;
     •    establish processes to minimize the effect on the traveling public’s
          privacy and civil rights and civil liberties; and
     •    establish Secure Flight system settings to create the Quiet Skies List to
          designate passengers for enhanced screening.

According to the Implementation Plan, TSA automatically removes passengers
from the Quiet Skies List after                    12 resulting in enhanced

screening or         , whichever comes first. The removal guidelines are
intended to preserve travelers’ privacy, civil rights, and civil liberties and limit


10 In 'Quiet Skies' Program, TSA is Tracking Regular Travelers Like Terrorists in Secret
Surveillance, The Boston Globe, July 28, 2018.
11 DHS Privacy Office, Privacy Impact Assessment: The Privacy Office Official Guidance (June

2010).
12 An encounter is defined as a Quiet Skies passenger making a flight reservation, being vetted

by Secure Flight, and the passenger flying the flight segments.

www.oig.dhs.gov                                               7                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

the enhanced screening Quiet Skies passengers receive at security checkpoints.
The Implementation Plan requires TSA and DHS to conduct quarterly oversight
reviews of Quiet Skies’ risk-based, intelligence-driven rules created and
updated by I&A. However, in 2017 and 2018 TSA identified software algorithm
and system malfunctions that resulted in passengers not being removed from
the Quiet Skies List after                   . The agency corrected the
problems.

Without effective processes to ensure passengers are removed from the Quiet
Skies List after                           , as required by the Implementation
Plan, TSA may be subjecting passengers to more enhanced screenings and
FAMS surveillance than needed.

Quiet Skies Passengers May Not Have Always Received Enhanced Screening as
Required at Security Checkpoints

As currently designed, TSA cannot ensure all Quiet Skies passengers receive
enhanced screening at checkpoints in accordance with its Implementation
Plan. According to Federal regulations, aircraft operators must submit
passenger data to TSA to ensure Secure Flight identifies individuals requiring
enhanced checkpoint screening prior to boarding aircraft. 13 After an aircraft
operator submits passenger data to TSA, Secure Flight returns a Boarding Pass
Printing Result 14 to the aircraft operator indicating whether a passenger should
receive the enhanced checkpoint screening code “SSSS” on his or her boarding
pass. If so, the aircraft operator must place this code on the boarding pass,
which alerts Transportation Security Officers to conduct enhanced screening of
the passenger. Once completed, the Transportation Security Officer applies a
distinctive marking to the boarding pass, indicating enhanced screening has
occurred. However, due to improperly marked boarding passes, TSA may not
have always conducted enhanced screening as required. This occurred
because the Secure Flight system is automated and because the aircraft
operators did not always correctly code boarding passes to indicate that
Transportation Security Officers needed to conduct enhanced screening at
checkpoints.

We reviewed results from TSA inspections conducted from October 2015
through February 2019, in which inspectors found incidents related to the
Boarding Pass Printing Result requirement. From our review of 16 incident


13   Code of Federal Regulations Title 49, § 1560.101(b), 105(b)(2).
14   49 CFR § 1560.105(b).

www.oig.dhs.gov                                               8                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

reports, we identified                        in which the boarding passes
either were not designated as needing enhanced screening or the aircraft
operator did not ensure the passenger received enhanced screening at the
checkpoint.

Without an effective quality assurance process to ensure aircraft operators
mark all Quiet Skies passengers’ boarding passes with the enhanced screening
code, TSA cannot ensure its risk mitigation strategy of enhanced screening of
these passengers is effective and is always conducted.

TSA Did Not Provide Adequate Oversight to Ensure the Quiet Skies
Program Operated as Intended

TSA did not adequately oversee the Quiet Skies program to ensure it operated
as intended. Specifically, TSA did not have a centralized office or entity to
ensure the various TSA offices properly managed Quiet Skies passenger data.
Instead, TSA relied on multiple internal offices to operate its Quiet Skies
program with minimal coordination. As such, TSA did not ensure oversight
meetings were documented, as required, or update its policies and procedures
to reflect program operations.

TSA did not ensure its quarterly oversight meetings with the DHS Reviewing
Offices were documented. According to the DHS Standard Operating
Procedures for Automated Rules Review, dated September 2011, DHS Reviewing
Offices are required to oversee the Quiet Skies rules at quarterly meetings and
compile an unclassified summary of key points with any follow-up items. The
unclassified summary should include any concerns or questions the DHS
Reviewing Offices would like addressed or answered before the next quarterly
meeting, or any non-concurrence objections to a rule.

TSA was unable to provide meeting minutes or a briefing slide presentation in
response to our sample selection of 13 quarterly review oversight meetings from
FY 2010 through FY 2018 addressing four Quiet Skies rules. According to I&A
officials, the DHS Reviewing Offices were responsible for fulfilling the
requirement to document quarterly review meetings by preparing unclassified
summaries. However, the DHS Standard Operating Procedures for Automated
Rules Review requires I&A to provide edits or corrections to the summary of
key points prepared by the DHS Reviewing Offices from each previous quarterly
Quiet Skies review meeting.




www.oig.dhs.gov                                               9                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

We interviewed officials from each of the DHS Reviewing Offices to determine
the extent to which results of quarterly Quiet Skies meetings were documented.
One official was unaware that meeting minutes were taken or that supervisors
were required to approve the information discussed in the meetings. Other
officials said they relied on TSA to maintain records and there was no need to
“memorialize” the meetings because the information would be the subject of
subsequent quarterly meetings.

TSA did not ensure its program offices updated Quiet Skies policies and
procedures to reflect program operations. According to GAO’s Standards for
Internal Control in the Federal Government, management documents – in
policies such as SOPs – each unit’s responsibilities for operational processes to
identify risks, design control activities, assist in implementation and operate
effectively, and monitor the control activities to ensure the program operates as
intended.

Within TSA, the I&A’s Transportation Analysis Division that developed and
modified Quiet Skies rules only maintained draft policies and procedures.
These Quiet Skies policies and procedures, which had not been finalized as of
March 2020, explain how Quiet Skies rules are developed, regular reviews of
Quiet Skies Lists are conducted, and passenger reports should be analyzed.

According to I&A’s Secure Flight program officials, the office did not develop an
SOP because its system for identifying Quiet Skies passengers from aircraft
operator data is entirely automated. Secure Flight transmits passenger
information electronically, so it can be shared with transportation security
stakeholders, such as I&A and FAMS. Secure Flight also creates the Quiet
Skies List and then notifies the aircraft operator to place a code on the
boarding pass, so the traveler receives enhanced screening at the security
checkpoint. (Appendix D provides a flowchart of this automated process.)

Finally, according to TSA, FAMS uses its Special Mission Coverage guidance for
the Quiet Skies program. However, this guidance applies to high-risk travelers
on active Federal Government watchlists and is not designed for Quiet Skies
passengers who are unknown risks. According to FAMS officials, they
requested that TSA develop a Quiet Skies SOP about a year prior to our
February 2019 interview with them. They believed that responsibility for the
delay creating an SOP rested with TSA’s Office of Chief Counsel. Without
formal documentation from the quarterly Quiet Skies rule meetings, including
key points, concerns, questions, and comments, TSA and DHS Reviewing
Offices may not be able to make informed decisions or capture critical meeting


www.oig.dhs.gov                                              10                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

information potentially impacting Quiet Skies performance. Furthermore,
without approved policies and procedures for the TSA program offices involved
in the Quiet Skies program, TSA cannot ensure all processes are documented
and the program operates consistently or as intended.

                                            Recommendations

Recommendation 1: We recommend the Transportation Security
Administration Administrator, establish and ensure a centralized Quiet Skies
oversight program to monitor and ensure the program is operationally effective
and using the information to protect travelers from emerging threats. This
oversight should include:

    •    development and codification of policies and procedures,
    •    development of performance measures, and
    •    establishment of goals for all program offices involved in the program.

Recommendation 2: We recommend that, after ensuring operational
effectiveness, the Transportation Security Administration Assistant
Administrator, Intelligence and Analysis, in coordination with other TSA offices:

         a. Mandate that quarterly Quiet Skies oversight meetings with
            Department of Homeland Security are formally and consistently
            documented by, at a minimum, meeting minutes, records of key
            decisions made, and lists of meeting attendees.

         b. Establish a formal quality assurance process and capability that TSA
            can use for compliance and performance checks to validate
            individuals identified by Quiet Skies rules have been designated by
            the Secure Flight system as Quiet Skies passengers and receive
            enhanced screening at checkpoints.

         c. Develop and codify procedures to ensure Quiet Skies data is reliable
            and passengers are cleared after                             as
            outlined in the Implementation Plan and as approved by the
            Department of Homeland Security.

                     Management Comments and OIG Analysis

The TSA Administrator provided written comments on a draft of this report,
which are included in Appendix B. TSA concurred with our two

www.oig.dhs.gov                                              11                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

recommendations and agreed that additional measures are necessary to
enhance the effectiveness of the Quiet Skies program. TSA officials indicated
that some of these measures are already underway or complete. However, they
disagreed with our report conclusion and provided information explaining the
program and some of the decisions made as the program evolved. We received
technical comments separately, which we incorporated in the report as
appropriate. The following is a summary of the response to each
recommendation and our analysis.

TSA’s Response to Recommendation 1: TSA officials concurred and noted
that I&A will create a Quiet Skies oversight council and develop a charter for
this council. The council will consist of all TSA program offices participating in
the Quiet Skies program. The council will also hold regular meetings to
discuss Quiet Skies program changes, operational uses, and performance.
Further, the Threat Analysis Division will finalize SOPs for its management of
Quiet Skies rules and all other oversight processes. A copy of the SOPs will be
provided upon completion. The estimated completion date is September 30,
2021.

OIG Analysis: TSA’s response and planned corrective actions meet the intent
of the recommendation. This recommendation is resolved and open. We will
close the recommendation when TSA provides sufficient evidence that the
agency has established a council and the members are following a well-
developed charter to address our reported concerns. Additionally, TSA will
need to provide documentation supporting discussions at quarterly oversight
meetings, as well as the program’s finalized SOP for management and
oversight.

TSA’s Response to Recommendation 2: Recommendation 2a: TSA officials
concurred and noted that, in December 2018, I&A’s Threat Analysis Division
assumed responsibility for documenting the substance of the quarterly
oversight meetings, including meeting minutes, records of key decisions made,
and lists of meeting participants. According to TSA, the Threat Analysis
Division captured changes to the oversight process through formal adoption of
SOPs related to DHS oversight of Quiet Skies in July 2020.

Recommendation 2b: TSA officials concurred and noted that through the Quiet
Skies Oversight Council they will create a formal process documenting the
component’s quality assurance process for ensuring rule-based selectees
receive enhanced screening and correctly coded boarding passes. The
estimated completion date is December 31, 2021.


www.oig.dhs.gov                                              12                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security


Recommendation 2c: TSA officials concurred and noted that I&A’s Threat
Analysis Division, in conjunction with the National Transportation Vetting
Center and the Secure Flight program, have taken steps to augment existing
processes to discover errors in the automated processing of Boarding Pass
Printing Results for Quiet Skies Selectees. These processes will be codified in
the Threat Analysis Division’s SOPs for management of Quiet Skies rules and
oversight processes. The estimated completion date is September 30, 2021.

OIG Analysis: This recommendation is resolved and open. TSA’s planned
corrective actions meet the intent of the recommendation. We will close the
recommendation when TSA provides sufficient evidence that it has
implemented each part of the recommendation as follows.

Recommendation 2a: Relevant SOP extract and notes documenting quarterly
Quiet Skies oversight meetings with DHS that contain, at a minimum, meeting
minutes, records of key decisions made, and lists of meeting attendees.

Recommendation 2b: Documentation supporting establishment of a formal
quality assurance process to ensure individuals identified by Quiet Skies rules
receive properly coded (“SSSS”) boarding passes as required, as well as
enhanced screening at checkpoints.

Recommendation 2c: Documented and approved procedures to ensure Quiet
Skies data is reliable and passengers are removed from the Quiet Skies List
                                  as outlined in the Implementation Plan and
as approved by DHS.




www.oig.dhs.gov                                              13                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

Appendix A
Objective, Scope, and Methodology

Department of Homeland Security Office of Inspector General was established
by the Homeland Security Act of 2002 (Pub. L. No. 107−296) by amendment to
the Inspector General Act of 1978.

The objective of our audit was to determine whether TSA planned,
implemented, and managed its Quiet Skies program to accomplish the mission
as intended. We conducted this audit due to congressional interest and
concerns reported by the media.

To answer our objective, we reviewed relevant TSA policies and procedures,
Federal regulations, TSA’s Quiet Skies Privacy Impact Assessments, legal
analysis and opinion, FAMS’ Concept of Operations, prior OIG and GAO audit
reports, congressional testimony, media articles, and budget information.
Additionally, we interviewed TSA Headquarters officials from the following
offices:

     •    I&A (including the Transportation Analysis Division, Secure Flight,
          Intelligence Analysis Branch, and Vetting Analysis Division)
     •    Law Enforcement/Federal Air Marshal Service
     •    Civil Rights & Liberties, Ombudsman and Traveler Engagement
     •    Privacy
     •    Chief Counsel

To fully understand DHS’ oversight role in TSA’s Quiet Skies program, we
interviewed officials from the following DHS offices:

     •    Office for Civil Rights and Civil Liberties
     •    Privacy Office
     •    Office of the General Counsel

We selected two different judgmental samples to determine if TSA supported its
Quiet Skies rules with reviews and documentation, and whether Federal air
marshals documented their surveillance of Quiet Skies passengers.
Specifically, we selected a sample of        Quiet Skies rules to ensure that
the rules were supported by current intelligence, reviewed and approved by
TSA and DHS officials, and documented in Quarterly Review meeting minutes
and presentations. We selected a second sample of 48 FAMS After Action

www.oig.dhs.gov                                              14                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

Reports to determine if TSA adequately documented the surveillance of Quiet
Skies Passengers.

We assessed the reliability of the FAMS Law Enforcement Information
Coordination Section system during the audit. Data obtained from FAMS Law
Enforcement Information Coordination Section system included subject
profiles 15 of Quiet Skies passengers and After Action Reports completed after
surveillance activities. We also interviewed officials within the Secure Flight
division to understand how the system tracks encounters at the security
checkpoint, creates the Quiet Skies List, and sends notification to the aircraft
operator for enhanced screening designation. We reviewed the Quiet Skies List
daily reports that I&A and FAMS obtained from Secure Flight. Although TSA
did not have Quiet Skies policies and procedures for Secure Flight, we believe
the data we received to be sufficiently reliable to support our audit conclusions.
We observed user demonstrations of the FAMS’ Law Enforcement Information
Coordination Section system and traced and verified the After Action Report
data provided back to the system for passengers in our sample. We determined
the information provided was sufficiently reliable to support our audit
conclusions.

We conducted this performance audit between August 2018 and March 2020
pursuant to the Inspector General Act of 1978, as amended, and according to
generally accepted government auditing standards. Those standards require
we plan and perform the audit to obtain sufficient, appropriate evidence to
provide a reasonable basis for our findings and conclusions based upon our
audit objectives. We believe the evidence obtained provides a reasonable basis
for our findings and conclusions based upon our audit objectives.




15FAMS creates a Special Mission Coverage Subject Information Profile, which may include a
photo of the passenger, flight information, and other demographic information that Federal air
marshals need to identify the passengers they surveil based on data from Customs and Border
Protection’s Automated Targeting System and Secure Flight passenger data provided by I&A.

www.oig.dhs.gov                                              15                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

Appendix B
TSA Comments to the Draft Report




www.oig.dhs.gov                                              16                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security
                                                               




www.oig.dhs.gov                                              17                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security




www.oig.dhs.gov                                              18                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security




www.oig.dhs.gov                                              19                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security




www.oig.dhs.gov                                              20                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security




www.oig.dhs.gov                                              21                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security




www.oig.dhs.gov                                              22                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security




www.oig.dhs.gov                                              23                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security




www.oig.dhs.gov                                              24                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

Appendix D
Process Flowchart of the Quiet Skies Program




Source: OIG review of TSA’s SOPs for the Quiet Skies Program and Standardized Passenger
Checkpoint Screening




www.oig.dhs.gov                                              26                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
                               SENSITIVE SECURITY INFORMATION
                             OFFICE OF INSPECTOR GENERAL
                                    Department of Homeland Security

Appendix H
Report Distribution

Department of Homeland Security

Secretary
Deputy Secretary
Chief of Staff
Deputy Chiefs of Staff
General Counsel
Executive Secretary
Director, GAO/OIG Liaison Office
Under Secretary for Office of Strategy, Policy, and Plans
Assistant Secretary for Office of Public Affairs
Assistant Secretary for Office of Legislative Affairs
TSA Audit Liaison

Office of Management and Budget

Chief, Homeland Security Branch
DHS OIG Budget Examiner

Congress

Congressional Oversight and Appropriations Committees




www.oig.dhs.gov                                              31                                                 OIG-21-11
WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of
this record may be disclosed to persons without a "need to know", as defined in 49 CFR parts 15 and 1520, except with the
written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation.
Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed
by 5 U.S.C. 522 and 49 CFR parts 15 and 1520.
          SENSITIVE SECURITY INFORMATION




               ADDITIONAL INFORMATION AND COPIES

To view this and any of our other reports, please visit our website at:
www.oig.dhs.gov.

For further information or questions, please contact Office of Inspector General
Public Affairs at: DHS-OIG.OfficePublicAffairs@oig.dhs.gov.
Follow us on Twitter at: @dhsoig.




                                 OIG HOTLINE

To report fraud, waste, or abuse, visit our website at www.oig.dhs.gov and click
on the red "Hotline" tab. If you cannot access our website, call our hotline at
(800) 323-8603, fax our hotline at (202) 254-4297, or write to us at:

                         Department of Homeland Security
                         Office of Inspector General, Mail Stop 0305
                         Attention: Hotline
                         245 Murray Drive, SW
                         Washington, DC 20528-0305




           SENSITIVE SECURITY INFORMATION