DHS, HHS make secret pact to share airline passenger info

CDC propsoed passenger tracking regulation

The departments of Health and Human Services and Homeland Security have a secret agreement to exchange airline passenger information as part of a Centers for Disease Control and Prevention plan to help combat pandemic flu, the Air Transport Association (ATA) said in a filing with the CDC.

Barry Steinhardt, director of the Technology and Liberty Program at the American Civil Liberties Union said that such an agreement raises serious privacy concerns and appears to violate an agreement between the United States and the European Union. That agreement limits the exchange of foreign carrier passenger information to help combat terrorism and crime.

Steinhardt added that the secret agreement between DHS and HHS also raises concerns hat the highly detailed passenger information CDC wants to collect could ultimately be shared with DHS. “I’m very concerned this is a two-way data sharing agreement,” Steinhardt said.

The existence of the secret agreement between DHS and HHS surfaced in a filing the ATA made last month with its comments on proposed CDC regulations that would electronically track more than 600 million passengers a year traveling on more than 7 million flights through 67 hub airports.

Katherine Andrus, assistant general counsel at the ATA, said in her filing with CDC last month that DHS and HHS recently executed a memorandum of understanding (MOU) that “though not publicly available…reportedly includes provisions for data sharing, including allowing CDC access to passenger information, including passenger name records, through” Customs and Border Protection.

Steinhardt said passenger name record files include a large amount of data besides personal identifiers, such as meal preferences, which could help determine a passenger’s religion.

The sharing of information between DHS and CBP appears to violate a passenger data sharing agreement between the European Union and the United States executed in May 2004, Steinhardt said. That agreement limits DHS to using data it obtains from EU airline reservation and departure control system databases to prevent and combat terrorism and other serious crimes, including organized crime, that are transnational .

Steinhardt said this agreement does not cover the exchange of passenger name record data to help combat pandemic flu.

The ACLU is concerned that the MOU between DHS and HHS will allow CDC to share data with DHS once its system is operating. The information that CDC wants to collect regarding airline passengers vastly exceeds DHS’ passenger data collection efforts, Steinhardt said in the ACLU filing with CDC.

Steinhardt said he is concerned that the MOU between DHS and HHS has not been made public, and he filed a Freedom of Information Act request for it today.

Public affairs officers at DHS and HHS did not return calls from Federal Computer Week by the requested deadline. A CDC spokeswoman responded, but said HHS must answer any queries.


  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected