| GENERAL LEGAL RULE | CITATION | SPECIFIC LEGAL RULE | CITATION | FACT | CITATION |
| A federal "agency"
can only put information about "US persons" in a "system of records" if it publishes an appropriate "System of Records Notice" |
5 USC § 552a(e)(4) |
||||
| A "System of Records Notice" is also called a SORN | |||||
| A SORN must
be published in the Federal Register |
5 USC § 552a(e)(4) | ||||
| A SORN has been published for a test of the Secure Flight program | FR Vol 70, No 119,
pp. 36319-24 |
||||
| An "Agency" is
part of the the Executive Branch and an Executive Department or the Military or the Department of Defense or a government corporation or a government controlled corporation or an independent regulatory agency |
5 USC § 552(a)(1) and
5 USC § 552(f)(1) |
||||
| An "Agency" is not Congress | 5 USC § 552(a)(1) and
5 USC § 552(f)(1) and 5 USC § 551(1)(A) |
||||
| An "Agency" is not any US court | 5 USC § 552(a)(1) and
5 USC § 552(f)(1) and 5 USC § 551(1)(B) |
||||
| An "Agency" is not a US territorial government | 5 USC § 552(a)(1) and
5 USC § 552(f)(1) and 5 USC § 551(1)(C) |
||||
| The Department of Homeland Security is an Executive Deparment | 6 USC § 111(a) |
||||
| The Transportation Security Administration is now part of the Department of Homeland Security | 6 USC § 203(2) | ||||
| A "US person" is a US citizen or a permanent legal resident | 5 USC § 552a(a)(2) | ||||
| The Secure Flight test involves
individuals traveling within the United States by passenger air transportation on certain domestic flights completed in June 2004 |
FR Vol 70, No 119,
pp. 36320, (a) |
||||
| A"system of records’ is
a group of any records and if information is retrieved by the name of an individual or if information is retrieved by an identifying number assigned to an individual or if information is retrieved by a symbol assigned to an individual or if information is retrieved by any other identifying "particular" assigned to an individual and the group of records is under the control of any "agency" |
5 USC § 552a(a)(5) | ||||
| Data in Secure Flight
is retrievable by the individual's name or other identifier and non-identifying information. |
FR Vol 70, No 119,
pp. 36321 |
||||
| A "system of records" may only contain
information about a person that is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute |
5 USC § 552a(e) | ||||
| DHS asserts three statutes state a purpose the agency must
accomplish:
49 USC § 114 49 USC § 44901 49 USC § 44903 |
FR Vol 70, No 119,
p. 36320 |
||||
| The Transportation Security Administration
is an administrator of The Department of Transportation |
49 USC § 114(a) | ||||
| The Transportation Security Administration
shall screen all passengers who will be traveling aboard a passenger aircraft |
49 USC § 44901(a) | ||||
| The Transportation Security Administration
is required to evaluate all passengers before they board an aircraft using CAPPS or a successor system. |
49 USC § 44903(j)(2)(A) | ||||
| [Need fact(s) to match against these stated authorized purposes. This is important because it is easy for a human evaluator to overlook] | |||||
| A SORN must be published
when a system is established or when a system is revised |
5 USC § 552a(e)(4) | ||||
| A SORN must state
that such a system exists |
5 USC § 552a(e)(4) | ||||
| A SORN must describe the character of the system | 5 USC § 552a(e)(4) | ||||
A SORN must describe the categories of sources of data |
5 USC § 552a(e)(4) |
||||
| The Secure Flight Test is permitted to include data
from Passenger Name Records (PNRs) provided by aircraft operators For certain flights completed in June 2004 |
FR Vol 70, No 119, p. 36320, (a) | ||||
| The Secure Flight Test is permitted to include data
from the Terrorist Screening Center about individuals known or resonably suspected to be related toTerrorism; |
FR Vol 70, No 119, p. 36320, (b) | ||||
| The Secure Flight Test is permitted to include
commercial data that was purchased for the purpose of comparison with June 2004 PNRs |
FR Vol 70, No 119, p. 36320, (e) | ||||
| TSA received a data transfer of
American Airlines PNRs for a flight number 723 that went from LGA to ORD on June 14, 2004 |
[from our hypothetical] | ||||
| TSA received a data transfer of
Terrorism Screening Database (TSDB) names |
[not sure our hypothetical yet shows when/how this data was received] | ||||
| TSA received a data transfer
from Lexis, which is a commercial data vendor, of data matching identities in the PNRs on Sept. 12, 2005 |
[from our hypothetical] | ||||