TSA exempts systems from Privacy Act

Transportation Security Administration officials are changing the Code of Federal Regulations so that eight information systems could be exempt from one or more provisions of the Privacy Act.

The move allows the agency to withhold records in response to questions about active investigations.

"As a government agency, TSA has the responsibility to make available public information," said Andrea Fuentes, spokeswoman for the Homeland Security Department, which contains TSA. The agency "also has a responsibility to protect sensitive security information that, if released, would put the public in jeopardy or compromise investigations."

Although the Electronic Privacy Information Center (EPIC) doesn't view the rule change as a clear violation of the Privacy Act, privacy advocates consider it part of a trend by DHS officials to claim more latitude in classifying information. The agency did not receive any comments on the proposal when it was announced last fall.

The eight systems cited by TSA include ones that detail inspection systems for all transportation modes within TSA. They also include systems that handle background checks of TSA applicants, employees and contractors. But other systems -- such as the General Legal Records System, which has data on many matters filed in the Office of the Chief Counsel -- seem to imply a broader exemption.

System accuracy may also be at stake, according to EPIC general counsel David Sobel, who argued that people with information contained by the system "won't have the ability to even know that basic fact or to correct any inaccuracies," because the agency exempts itself from correction requirements.

"This ultimately means it becomes a question of agency efficiency," Sobel said. "If there are no mechanics to ensure that there is good information in a system, then there are obvious questions about the effectiveness of that system."

EPIC filed comments about the Computer Assisted Passenger Prescreening System (CAPPS) II contract and plans to do the same for the Trusted Traveler program.

Sobel also questioned the necessity and relevancy of withholding certain information. "There are certainly reasons to ask why the maintenance of inaccurate records without a public right of access is deemed necessary for the operation of these systems," he said.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected