TSA Violated Privacy Laws
Don’t you feel safer?
Secure Flight, the U.S. government’s stalled program to screen domestic air passengers against terrorism watch lists, violated federal law during a crucial test phase, according to a report to be issued today by the Homeland Security Department’s privacy office.
The agency found that by gathering passenger data from commercial brokers in 2004 without notifying the passengers, the program violated a 1974 Privacy Act requirement that the public be made aware of any changes in a federal program that affects the privacy of U.S. citizens. “As ultimately implemented, the commercial data test conducted in connection with the Secure Flight program testing did not match [the Transportation Security Administration’s] public announcements,” the report states.
The story hinges not about whether it’s correct for our TSA to create enormous databases on all air travel passengers in order to increase security, which is something that I doubt they could effectively do anyway. Nor does it hinge on the fact that quite a few people never knew about these databases, and never consented to having their travel habits monitored by the government.
No, in a truly anti-climactic sense, nothing in this story has to do with whether the database should even exist. It has to do with the source of the data for the database.
In 2004, the TSA published a Federal Register notice on a data-test phase of the program, saying that “strict firewalls” would prevent any commercial data from mixing with government data. However, this was based on the notion that the Secure Flight contractor, EagleForce Associates Inc. of McLean, would ensure that no commercial data were used, the report said.
But by the time the EagleForce contract was finalized, “it was clear that TSA would receive commercial data,” the report says. If, for instance, TSA data for an individual passenger lacked an address or date of birth, EagleForce would obtain the missing information from commercial data brokers.
“The fact that EagleForce had access to the commercial data did not create a firewall,” the report says, because under the Privacy Act, in effect, “EagleForce stands in the shoes of TSA.”
It was going to be a “strict firewall”, and if I know our government, maybe the data would have ended up in a “lockbox”. But think about the implications of this. I’m sure the TSA has been less than forthcoming about what exactly goes into this database. But the government, as far as I’m aware, only has certain information about each of us*. With the help of EagleForce, of course, they have access to just about anything. I’m sure that probably includes bank records, credit scores, and a host of other things that have become part of our “targeted-advertising” world. I’m sure if they got a hold of my Amazon.com purchasing history, they’d probably keep a closer eye on me.
This comes on the heels of other fun revelations about the TSA’s privacy-protection philosophy:
Moreover, commercial databases provided Eagle Force with data for some individuals who were not air passengers. These people were never notified — a violation of the privacy act, the report says.
A 2004 probe found that the TSA improperly stored 100 million commercial data records containing personal information on passengers after the agency said no data storage would occur.
Commercial data information on people who don’t fly, that’s saved into a database that’s not supposed to exist. I’m sure this does wonders for improving air safety. Especially after Flight 93, which was a signal to every terrorist in the world that they’ll be unsuccessful due not to air marshals or the TSA, but due to actions of ordinary passengers.
Of course, much like my post on the War on Sudafed, there’s always some sort of government apologist to explain how this is nothing to worry about, and all is moving forward as planned. And this time, they went straight to the top:
TSA Administrator Kip Hawley said that he supports the use of Secure Flight and that his agency is working closely with other government officials to ensure it protects privacy. “We are working in a transparent way,” Hawley said, adding that the agency’s “challenging” goal is to roll out the program in 2008.
Yep, move along, nothing to see here. We promise we’ll fix this by rollout.
*In fact, I’ve long thought of doing an FOIA search on myself just to see what they’ve got, but I know that people actually doing these searches is probably cause for the government to start monitoring, if they’re not already. Better if they have no reason to think I even exist.