Tuesday, March 29, 2005In a report from the Department of Homeland Security released on Friday, March 25, they allege the US Transportation Security Administration “made inaccurate statements” about its management of personal data belonging to passengers. The report claims, “TSA did not ensure that privacy protections were in place” as it handled data transfers to private contractors for use in the development of a computerized passenger screening application, called CAPPS II. While the report criticizes TSA for its inaccurate statements, it notes the “misstatements were apparently not meant to mischaracterize known facts,” but were instead “premised on an incomplete understanding” of the truth.
According to the report, the data at issue described passengers flying on the following airlines: America West Airlines, American Airlines, Continental Airlines, Delta Air Lines, Frontier Airlines, and JetBlue Airways. In most of the problematic transfers, the privacy violation occurred by allowing third parties to access passenger data that was not anonymized. In one case, passenger information was made public on the internet through a presentation prepared by Torch Concepts. According to the report, “Torch Concepts’ subsequent efforts to remove the presentation from the internet have failed.”
In an AP report, Yahoo! News notes that TSA announced the launch of its “Secure Flight” system, saying, “Congress has said the agency can’t proceed with Secure Flight unless the Government Accountability Office reports that the technology ensures privacy and that the data are protected.” The report from the GAO was to be released Monday, March 27, 2005.