Secure Flight increases privacy protections
TSA admits passenger screening program violated privacy regulations
- By Michael Arnone
- Aug 01, 2005
The Transportation Security Administration's passenger screening system, Secure Flight, violated the privacy of potentially millions of people, a Government Accountability Office audit found last month. In response, TSA has bolstered Secure Flight's privacy protections.
"Specifically, a TSA contractor, acting on behalf of the agency, collected more than 100 million commercial data records containing personal information, such as name, date of birth and telephone number, without informing the public," wrote Cathleen Berrick, GAO's director of homeland security and justice issues, in a July 22 letter to TSA.
TSA supplemented its passenger data with the commercial data to help reduce mistakes when comparing travelers' data to national terrorist watch lists, Berrick wrote.
In September and November 2004, TSA officials published privacy notices about the agency's use of Secure Flight data. They lack legally required details about how TSA and its contractors would collect, use and store commercial data, Berrick wrote. TSA also did not say what the full scope of the data collection would be, she added.
"It paints a very different picture from what they actually did," Berrick said in a phone interview. "Clearly, they violated the Privacy Act," because the public did not know about and could not comment on the use of personal information.
TSA did not intend to violate privacy rules, said Justin Oberman, assistant administrator for the Secure Flight and Registered Traveler programs. Between the time when TSA published the initial notices and finished Secure Flight's tests, program developers had a better idea of how to improve the system, Oberman said. It is common to update privacy notices and other documents to reflect such changes, he said.
After hearing GAO's concerns about the program in June, TSA officials agreed that they were valid and acted to correct the problems, wrote Steven Pecinovsky, director of DHS' GAO/Office of Inspector General Liaison, in a letter responding to GAO's letter.
TSA officials published
updated privacy notices to better describe how Secure Flight used commercial data, Pecinovsky wrote. They also vowed to ensure that TSA's chief privacy officer and general counsel would decide whether more changes in data use would warrant another update, he wrote. DHS' chief privacy officer, Nuala O'Connor Kelly, is reviewing Secure Flight's use of passenger data and may recommend additional privacy protections, he added.
TSA officials promised not to use commercial data in the start-up period for Secure Flight, scheduled to begin by early 2006, Pecinovsky wrote.