Remember CAPPS II, the program for screening airline passengers by using databases of personal information? This program was scrapped because the Transportation Security Administration (TSA) of the Department of Homeland Security (DHS) was concerned that it posed an increasing threat to privacy and civil liberties. Replacing CAPPS II was the nicely-monikered “Secure Flight.” (EPIC’s website has a good history and set of links about the history of the program.) After names like Carnivore and Total Information Awareness, government officials have learned to rename things with soothing happy titles. Secure Flight was to be a kindler, gentler version of CAPPS II, with more limited uses of information and with more limited information gathering and retention. Privacy advocates were skeptical of Secure Flight, but TSA insisted that Secure Flight was genuinely nicer, not just nicer in name. According to TSA’s final order on its testing of Secure Flight:
Secure Flight will involve the comparison of information in PNRs from domestic flights to names in the Terrorist Screening Database (TSDB) maintained by the Terrorist Screening Center (TSC), including the expanded TSA No-Fly and Selectee Lists, in order to identify individuals known or reasonably suspected to be engaged in terrorist activity. TSA anticipates that it will also apply, within the Secure Flight system, a streamlined version of the existing passenger prescreening process, known as the Computer Assisted Passenger Prescreening System (CAPPS), which evaluates information in PNRs that passengers otherwise provide to aircraft operators in the normal course of business.
Simple comparisons of PNR information against records maintained in the TSDB will not permit TSA to identify information provided by passengers that is incorrect or inaccurate, potentially rendering the comparisons less effective. Therefore, on a very limited basis, in addition to testing TSA’s ability to compare passenger information with data maintained by TSC, TSA will separately test the use of commercial data to determine if use of such data is effective in identifying passenger information that is incorrect or inaccurate and reducing the number of false positive matches of passenger information against TSDB records. This test will involve commercial data aggregators whose procedures will be governed by strict privacy and data security protections. TSA will not receive the commercially available data that would be used by commercial data aggregators.
According to this AP story [link no longer available], however, TSA has violated this promise:
The federal agency in charge of aviation security revealed that it bought and is storing commercial data about some passengers — even though officials said they wouldn’t do it and Congress told them not to.
The Transportation Security Administration is testing a terrorist screening program called Secure Flight that uses information about U.S. citizens who flew on commercial airlines in June 2004. . . .
According to documents obtained by The Associated Press, the TSA gave passenger name records to a contractor, Virginia-based EagleForce Associates. A passenger name record can include a variety of information, including name, address, phone number and credit card information.
EagleForce compared the passenger name records with more detailed data from three other contractors to find out if the records were accurate, according to the TSA.
EagleForce then produced CD-ROMs containing most of the information “and provided those CD-ROMs to TSA for use in watch list match testing,” the documents said. The TSA now stores that data.
According to previous official notices, TSA had said it would not store commercial data about airline passengers. . . .
Nuala O’Connor Kelly, DHS’s chief privacy officer, is investigating.
For some time, we have been consistently told by government officials to refrain from criticizing programs such as Secure Flight because privacy concerns are being addressed, because promises are being made about keeping these programs limited. We are told that such programs need to be developed in the darkness, as the sunlight of scrutiny will inhibit the testing. But why should we trust them? These revelations demonstrate that we cannot take TSA at its word.
Originally posted at PrawfsBlawg
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.