AP: Feds collect data on air travelers

WASHINGTON (AP) - A federal agency collected extensive personal information about airline passengers although Congress told it not to and it said it wouldn't, according to documents obtained Monday by The Associated Press.

A Transportation Security Administration contractor used three data brokers to collect detailed information about U.S. citizens who flew on commercial airlines in June 2004 in order to test a terrorist screening program called Secure Flight, according to documents that will be published in the Federal Register this week.

The TSA had ordered the airlines to turn over data on those passengers, called passenger name records, in November.

The contractor, EagleForce Associates, then combined the passenger name records with commercial data from three contractors that included first, last and middle names, home address and phone number, birthdate, name suffix, second surname, spouse first name, gender, second address, third address, ZIP code and latitude and longitude of address.

EagleForce then produced CD-ROMS containing the information "and provided those CD-ROMS to TSA for use in watch list match testing," the documents said.

According to previous official notices, TSA had said it would not store commercial data about airline passengers.

The Privacy Act of 1974 prohibits the government from keeping a secret database.

"I'm just floored," said Tim Sparapani, a privacy lawyer with the American Civil Liberties Union. "This is like creating an FBI file, not just some simple check, and then they're storing the data."

TSA spokesman Mark Hatfield said the program was being developed with a commitment to privacy, and that it was routine to change the official definition of a system of records during a test phase.

Same Article...more details:

Government Collected Personal Data on Airline Passengers

By Leslie Miller Associated Press Writer
Published: Jun 21, 2005 WASHINGTON (AP) - Air travelers who have been concerned about the government collecting their personal information from airlines now have a second source to worry about: commercial data brokers.

The federal agency in charge of aviation security revealed that it bought and is storing commercial data about some passengers - even though officials said they wouldn't do it and Congress told them not to.

The Transportation Security Administration is testing a terrorist screening program called Secure Flight that uses information about U.S. citizens who flew on commercial airlines in June 2004.

"This is like a secret file that's been compiled," said Tim Sparapani, a privacy lawyer with the American Civil Liberties Union.

The TSA hopes that successful testing of Secure Flight will allow it to take over from the airlines the responsibility for checking passenger names against terrorist watch lists.

But Secure Flight and its predecessor, CAPPS II, have been criticized for secretly obtaining personal information about airline passengers, not doing enough to protect it and then misleading the public about its role in acquiring the data.

The TSA and several airlines were embarrassed last year when it was revealed that the airlines gave personal information about 12 million passengers to the government without their permission or knowledge.

Class-action lawsuits have been brought against airlines and government contractors for sharing passengers' information. Airlines agreed to turn over passenger data for testing only after they were ordered to do so by the government in November.

According to documents obtained by The Associated Press, the TSA gave passenger name records to a contractor, Virginia-based EagleForce Associates. A passenger name record can include a variety of information, including name, address, phone number and credit card information.

EagleForce compared the passenger name records with more detailed data from three other contractors to find out if the records were accurate, according to the TSA.

EagleForce then produced CD-ROMs containing most of the information "and provided those CD-ROMs to TSA for use in watch list match testing," the documents said. The TSA now stores that data.

According to previous official notices, TSA had said it would not store commercial data about airline passengers.

The Privacy Act of 1974 prohibits the government from keeping secret databases. It also requires agencies to make official statements on the impact of their record-keeping on privacy.

The TSA revealed its use of commercial data in a revised Privacy Act statement to be published in the Federal Register on Wednesday.

TSA spokesman Mark Hatfield said the program was being developed with a commitment to privacy, and that it was routine to change Privacy Act statements during testing.

"Secure Flight is built on an airtight privacy platform, and the GAO (Government Accountability Office) and Congress are providing close oversight every step of the way," he said. "The purpose of the testing is to define what the program will ultimately look like."

The TSA said it is protecting the data from theft and carefully restricting access.

Congress said no money could be spent to test such an identity verification system "until TSA has developed measures to determine the impact of such verification on aviation security and the Government Accountability Office has reported on its evaluation of the measures." That language was part of the Homeland Security Department spending bill, which became law on Oct. 18.

The GAO issued its report on Secure Flight testing on March 28.

Hatfield said appropriate congressional committees were briefed on the contract - awarded to EagleForce on Feb. 22 - in December.

But Bruce Schneier, a security expert who serves on the TSA-appointed oversight panel for Secure Flight, said the agency was explicitly told not to try to verify passengers' identity with commercial data.

"They're doing what they want and they're working around any rules that exist," Schneier said.

Last week, the Homeland Security Department's chief privacy officer, Nuala O'Connor Kelly, announced that she's conducting an investigation into the TSA's use of commercial data for Secure Flight testing.

---

On the Net:

Transportation Security Administration: http://www.tsa.gov

Homeland Security Department: http://www.dhs.gov

AP-ES-06-21-05 0210EDT

"How about we begin by searching anybody with a Muslim surname or a passport from the Middle East?"

These guys really aren't that dumb. How fast do you think Mohammed Al-Killemall would change his name to John Smith to avoid such a list? Let's secure the airplanes and then secure our borders and coasts.

"This TSA "watch list" system is a joke."

The fact that it's a mysterious list generated from who knows what, and that it's nearly impossible to even find out if you're on it, let alone how to get off it, makes it far more dangerous than a joke. It's ineffective against terrorists (who often times have multiple aliases), and it's dangerous to liberty-loving Americans. Again, instead of poking around at names and telephone numbers, how about we secure the airplanes?

I understand we can't do everything El-Al does, as they're a small airline that operates its security with the help of the Israeli military, but surely there are lessons to be learned from them. Search every person and every item being brought on board, run background checks on every employee who gets within throwing distance of an airplane, secure the cockpit door, and sit trained, armed air marshals on EVERY flight. That'd be a massive and real step forward in airplane security, as opposed to the mystical let's-see-how-complex-we-can-make-this "solutions" being thrown at the problem now.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.