TSA exempts systems from Privacy Act

Transportation Security Administration officials are changing the Code of Federal Regulations so that eight information systems could be exempt from one or more provisions of the Privacy Act.

The move allows the agency to withhold records in response to questions about active investigations.

"As a government agency, TSA has the responsibility to make available public information," said Andrea Fuentes, spokeswoman for the Homeland Security Department, which contains TSA. The agency "also has a responsibility to protect sensitive security information that, if released, would put the public in jeopardy or compromise investigations."

Although the Electronic Privacy Information Center (EPIC) doesn't view the rule change as a clear violation of the Privacy Act, privacy advocates consider it part of a trend by DHS officials to claim more latitude in classifying information. The agency did not receive any comments on the proposal when it was announced last fall.

The eight systems cited by TSA include ones that detail inspection systems for all transportation modes within TSA. They also include systems that handle background checks of TSA applicants, employees and contractors. But other systems -- such as the General Legal Records System, which has data on many matters filed in the Office of the Chief Counsel -- seem to imply a broader exemption.

System accuracy may also be at stake, according to EPIC general counsel David Sobel, who argued that people with information contained by the system "won't have the ability to even know that basic fact or to correct any inaccuracies," because the agency exempts itself from correction requirements.

"This ultimately means it becomes a question of agency efficiency," Sobel said. "If there are no mechanics to ensure that there is good information in a system, then there are obvious questions about the effectiveness of that system."

EPIC filed comments about the Computer Assisted Passenger Prescreening System (CAPPS) II contract and plans to do the same for the Trusted Traveler program.

Sobel also questioned the necessity and relevancy of withholding certain information. "There are certainly reasons to ask why the maintenance of inaccurate records without a public right of access is deemed necessary for the operation of these systems," he said.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.