TSA and Global PreCheck: A Legal Memorandum

/in /by

I recently appeared as a guest on Victory News, where I was asked to comment on a post I made on X (https://x.com/RealKahall/status/1926287781279506713) and Instagram (https://www.instagram.com/reel/DKCmTUiOyUk/?utm_source=ig_web_copy_link) concerning the serious privacy and fundamental rights implications that arise when individuals sign up for TSA PreCheck or Global Entry.

These videos quickly went viral—prompting SNOPES to contact me directly to verify the accuracy of my statements.

In response, I provided SNOPES with a detailed legal memorandum, thoroughly substantiating every claim I made.

I am sharing that memorandum with you now, in the event SNOPES does not update their current post labeling my statements as “not verified.”

They are, in fact, verified.
And the memorandum I submitted proves it.

If you signed up for TSA or Global PreCheck and you want to try to withdraw your consent, please go to my letter posted to send to DHS putting them on notice you no longer consent to their access to your records: https://www.krisannehall.com/2024/10/01/tsa-precheck/

If you want to listen to the podcast I did on this subject: https://www.krisannehall.com/episode/how-tsa-precheck-violates-rights/

Legal Memorandum

To: Laerke Christensen, Snopes.com
From: KrisAnne Hall, JD
Date: June 17, 2025
Re: Legal Analysis of the Department of Homeland Security’s Discretionary Authority in Security Threat Assessments (STAs) and their application to Trusted Traveler Programs

  1. Introduction

This memorandum provides a legal analysis of the Department of Homeland Security’s (DHS) and Transportation Security Administration’s (TSA) Security Threat Assessment (STA) procedures, with a focus on the scope of discretionary authority, standards used to determine “national security concerns,” and the due process implications for affected individuals. This memorandum concludes that the statutory and regulatory framework governing STAs confers broad, subjective, and arguably arbitrary power to federal agencies, often without meaningful oversight or remedy.

The cornerstone of DHS and TSA’s authority to conduct Security Threat Assessments lies in the applicant’s consent: by applying, the individual expressly authorizes DHS, TSA, and any affiliated agency to access any record—public or private—that they may deem relevant under the broad and discretionary banner of national security.  Although DHS or TSA may claim they do not routinely review private records or digital activity, they do not deny that they possess the legal authority to do so at any time, for any reason they deem “reasonable” or “necessary” once consent is given…and there is no oversight to prevent absolute arbitrary application of their authority.

  1. Background and Statutory Authority

TSA and DHS conduct Security Threat Assessments as required by various credentialing and access programs, including:

  • Transportation Worker Identification Credential (TWIC)
  • Hazardous Materials Endorsement (HME)
  • Aviation Security Identification Display Area (SIDA) credentials
  • TSA PreCheck
  • Global Entry (via U.S. Customs and Border Protection)

Primary statutory authorities include:

  • 49 U.S.C. § 114(f): Grants TSA authority to assess threats to transportation security.
  • Homeland Security Act of 2002 (6 U.S.C. § 101 et seq.): Establishes DHS and its broad powers over national security functions.
  • 49 CFR Part 1572: Details the regulations for conducting STAs.

Each recipient of the above listed credentials is required to submit an application that includes giving TSA through DHS consent for broad and discretionary authority to conduct a STA to determine if applicant qualifies for said credentials.

TSA may determine that an applicant poses a security threat based on the analyses outlined in 49 CFR § 1572.107. Furthermore, TSA may deny, revoke, or invalidate credentials if it determines the applicant poses a “threat to transportation security, national security, or terrorism.” (See 49 CFR § 1572.5(b))

This standard is not based on the legal doctrine of ‘reasonable suspicion’ as understood in criminal law, but instead reflects a highly discretionary and subjective judgment by DHS or TSA individual personnel. Credential denials may be based on arrests, indictments, associations, unverified intelligence, or even completely arbitrary and fully discretionary judgement of DHS or TSA personnel—and is not limited to criminal convictions.

III. Breadth of Discretionary Authority

The DHS and TSA are not required to seek additional consent beyond the initial application once a national security interest is asserted. This is based on:

  • Initial consent agreements embedded in STA applications, which permit broad investigative access.
  • Privacy Act of 1974 exceptions, particularly for:
    • Law enforcement purposes (5 U.S.C. § 552a(b)(7))
    • National security uses (routine use exemptions)

Although DHS or TSA may publicly state that they do not routinely access individuals’ banking records, medical files, online activity, or any other privately held information the agencies retain broad discretionary authority to do so at any time. If DHS or TSA decides that such access is “reasonable” for a national security concern, they may proceed without any further notice to the individual and without judicial or independent oversight. This authority extends to:

  • Financial and banking data
  • Medical and psychological records
  • Social media and internet activity
  1. The Subjectivity of “National Security Concern”

The definition of a “national security concern” is not statutorily fixed and is often interpreted through:

  • Internal agency policy
  • Interagency intelligence assessments
  • Discretionary judgment by TSA adjudicators

Terms like “may pose a threat” and “suspicion” are inherently vague and fall below traditional legal standards such as “preponderance of the evidence” or “probable cause.”

Because of this:

  • TSA may deny credentials based on classified or undisclosed evidence.
  • Affected individuals cannot confront or challenge the full scope of the allegations.

Courts have shown extreme deference to agency determinations involving national security (see Department of the Navy v. Egan, 484 U.S. 518 (1988)), leaving little opportunity for judicial remedy.

  1. Extension to TSA PreCheck and Global Entry Programs

TSA PreCheck and Global Entry are DHS Trusted Traveler Programs that also require a Security Threat Assessment.

TSA PreCheck:

  • Administered by TSA directly.
  • Requires identity verification, criminal background check, immigration status verification, and terrorist watchlist screening.
  • Authorized under 49 U.S.C. § 114(f) and implemented through TSA vetting policies.

Global Entry:

  • Administered by U.S. Customs and Border Protection (CBP).
  • Includes checks for criminal history, immigration violations, customs offenses, travel patterns, and public source information.
  • Governed by the Intelligence Reform and Terrorism Prevention Act of 2004 and CBP’s internal vetting procedures.

In both programs, DHS may deny access based on vague or discretionary criteria such as:

  • Arrests without convictions
  • Travel history
  • Online or social media behavior
  • Association with individuals under suspicion
  • Agency’s undefined determination of potential threat

Individuals denied participation may receive limited explanation and may not be entitled to full review if the denial is based on classified or sensitive security information.

  1. Patriot Act-Based Surveillance and Notice Exemptions

Although DHS or TSA is not required to seek a warrant once consent is given as part of the STA process, even if they do seek a warrant to obtain records related to medical care, financial transactions, phone or internet use, or other sensitive information, these warrants do not require notice to the subject. Under the USA PATRIOT Act.

  • Federal warrants under the Patriot Act, (called “Sneak and Peak” warrants) are granted in secret and their content is sealed and disclosure of the warrant to the subject “delayed” if it is a matter of national security.
  • National Security Letters: issued by the FBI (or other authorized agencies) without prior judicial approval, typically under:
    • 18 U.S.C. 2709 (for electronic communications and subscriber info)
    • 12 U.S.C. 3414 (for financial institutions)
    • 15 U.S.C. 1681u, 1681v (for credit reports)
  • Rule 41 of the Federal Rules of Criminal Procedure, a judge can order a warrant and its supporting materials to be sealed if disclosure would:
    • Jeopardize an ongoing investigation, or
    • Compromise national security
  • The subject of the investigation is not notified, and no adversarial hearing is conducted.
  • Warrants are served on third-party record holders (e.g., banks, ISPs, telecom providers), not the individual.
  • These third parties are typically bound by gag orders that prohibit them from informing the subject of the search.

This process allows DHS or its components to access highly personal data without any opportunity for the individual to challenge or even be aware of the surveillance.

VII. Real-World Consequences

  • Employment Loss: Individuals denied STAs are often terminated from jobs in transportation, aviation, or logistics sectors.
  • No Meaningful Appeal: TSA appeals or waiver procedures are limited and often rely on secret evidence.
  • Stigmatization: The label of “security risk” can damage professional and personal reputations.
  • Chilling Effect: Individuals may self-censor or avoid constitutionally protected activities (such as political speech) for fear of appearing suspicious.

VIII. Bottom Line

The current STA framework grants DHS and TSA expansive, largely unchecked power to define and act upon “national security concerns” with little transparency, no clear standards, and minimal accountability. The initial consent given by applicants opens the door to continuous and intrusive investigation, often without the individual knowing the full extent of the review.

Although DHS or TSA may claim they do not routinely review private records or digital activity, they do not deny that they possess the legal authority to do so at any time, for any reason they deem “reasonable” once consent is given.  This power may be exercised through internal procedures or through PATRIOT Act-based warrants, both of which are shielded from public oversight and judicial challenge.

The combination of vague standards, reliance on discretionary interpretation, and the cloak of national security has led to a system that can border on arbitrary enforcement, with limited constitutional safeguards.

 

  1. Sources
  • TSA STA Regulations
  • TSA TWIC Privacy Impact Assessment
  • 49 U.S.C. 114
  • Department of the Navy v. Egan, 484 U.S. 518 (1988)
  • Privacy Act of 1974
  • 50 U.S.C. 1805
  • 50 U.S.C. 1861
  • ODNI FISA Summary
  • USA FREEDOM Act
  • USA PATRIOT Act
  • 8 U.S.C. 2709
  • 12 U.S.C. 3414
  • 15 U.S.C. 1681u, 1681v
  • Federal Rules of Criminal Procedure, Rule 41