« Signs of the Apocalypse | Main | Libraries, Privacy, and Law Enforcement »

Tuesday, June 21, 2005

TSA's Broken Promise About Secure Flight

Dhs2_1Remember CAPPS II, the program for screening airline passengers by using databases of personal information?  This program was scrapped because the Transportation Security Administration (TSA) of the Department of Homeland Security (DHS) was concerned that it posed an increasing threat to privacy and civil liberties.  Replacing CAPPS II was the nicely-monikered "Secure Flight."  (EPIC's website has a good history and set of links about the history of the program.)  After names like Carnivore and Total Information Awareness, government officials have learned to rename things with soothing happy titles.   Secure Flight was to be a kindler, gentler version of CAPPS II, with more limited uses of information and with more limited information gathering and retention.  Privacy advocates were skeptical of Secure Flight, but TSA insisted that Secure Flight was genuinely nicer, not just nicer in name.  According to TSA's final order on its testing of Secure Flight:

Secure Flight will involve the comparison of information in PNRs from domestic flights to names in the Terrorist Screening Database (TSDB) maintained by the Terrorist Screening Center (TSC), including the expanded TSA No-Fly and Selectee Lists, in order to identify individuals known or reasonably suspected to be engaged in terrorist activity. TSA anticipates that it will also apply, within the Secure Flight system, a streamlined version of the existing passenger prescreening process, known as the Computer Assisted Passenger Prescreening System (CAPPS), which evaluates information in PNRs that passengers otherwise provide to aircraft operators in the normal course of business.

Simple comparisons of PNR information against records maintained in the TSDB will not permit TSA to identify information provided by passengers that is incorrect or inaccurate, potentially rendering the comparisons less effective. Therefore, on a very limited basis, in addition to testing TSA's ability to compare passenger information with data maintained by TSC, TSA will separately test the use of commercial data to determine if use of such data is effective in identifying passenger information that is incorrect or inaccurate and reducing the number of false positive matches of passenger information against TSDB records. This test will involve commercial data aggregators whose procedures will be governed by strict privacy and data security protections. TSA will not receive the commercially available data that would be used by commercial data aggregators.

According to this AP story, however, TSA has violated this promise:

The federal agency in charge of aviation security revealed that it bought and is storing commercial data about some passengers -- even though officials said they wouldn't do it and Congress told them not to.

The Transportation Security Administration is testing a terrorist screening program called Secure Flight that uses information about U.S. citizens who flew on commercial airlines in June 2004. . . .

According to documents obtained by The Associated Press, the TSA gave passenger name records to a contractor, Virginia-based EagleForce Associates. A passenger name record can include a variety of information, including name, address, phone number and credit card information.

EagleForce compared the passenger name records with more detailed data from three other contractors to find out if the records were accurate, according to the TSA.

EagleForce then produced CD-ROMs containing most of the information "and provided those CD-ROMs to TSA for use in watch list match testing," the documents said. The TSA now stores that data.

According to previous official notices, TSA had said it would not store commercial data about airline passengers. . . .

Nuala O'Connor Kelly, DHS's chief privacy officer, is investigating. 

For some time, we have been consistently told by government officials to refrain from criticizing programs such as Secure Flight because privacy concerns are being addressed, because promises are being made about keeping these programs limited.  We are told that such programs need to be developed in the darkness, as the sunlight of scrutiny will inhibit the testing.  But why should we trust them?  These revelations demonstrate that we cannot take TSA at its word. 

Posted by Daniel Solove on June 21, 2005 at 08:46 PM in Daniel Solove, Information and Technology | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c6a7953ef00d8354849bb69e2

Listed below are links to weblogs that reference TSA's Broken Promise About Secure Flight:

Comments

I think there's probably a WHOLE lot more 'data sharing' than we would all like to think! Even down to simple things, such as giving your cell phone number at a club so that they can sms you 'promotions.' Sure, that's what they'll do, but they'll also sell your info to the highest bidder!

Even retail companies are 'pairing' with car sales companies in a promotion... only so they can share information and be able to promote stuff to each other's clients. Information sharing is rampant since communication is so much easier now. I often get phone calls from companies who tell me that my bank gave them the information. To get around the problem, they'll say 'we are in partnership with such and such bank' but the truth is that they are not the same company. They are only in 'partnership' in the sense that my BANK sold them my details.

What's going on here is no surprise, really.

Posted by: Mobile Phones | May 30, 2007 8:18:35 AM

Post a comment