American Airlines the latest to admit improperly sharing passenger data with Feds
Renewed criticism is being heaped on a federal agency and the airlines for improperly sharing passenger data. And last week, after American Airlines admitted giving data in 2002 to the Transportation Security Administration, some began asking if the agency's controversial passenger prescreening program would ever be deployed. A Senate committee responded to American's admission by tartly demanding that TSA name all the airlines it has approached for data. And the Department of Homeland Security--the department that oversees the TSA--is investigating the agency's data-collection activities.
O'Connor Kelly hopes to report on TSA's data-collection activities this summer.
Photo by David Dea
That investigation "will take into account all uses of passenger data that would have occurred outside of normal legal processes," says Nuala O'Connor Kelly, Homeland Security's chief privacy officer. O'Connor Kelly hopes to report on her findings this summer. TSA officials couldn't be reached for comment.
If the TSA's Computer Assisted Passenger Prescreening System II is scratched, many say its builders will have no one to blame but themselves. "Most political watchers are saying CAPPS II is dead," says Doug Wills, VP of external affairs for the Air Transport Association, the major airlines' trade group. "And it's dead precisely because of the way the development process has been managed." The agency has been criticized by privacy-advocacy groups, airline and travel trade groups, and federal legislators for not ensuring sufficient public debate of CAPPS II.
The Senate Governmental Affairs Committee recently sent a letter to Asa Hutchinson, undersecretary for border and transportation security, implying that TSA misled Congress about CAPPS II. Committee chairwoman Susan Collins, R-Maine, and ranking member Joseph Lieberman, D-Conn., said they'd been told that delays in tests of CAPPS II were because of a lack of real data, when it appears TSA had abundant data. "We are concerned by potential Privacy Act [violations] and other implications of this reported incident," the senators wrote.
TSA already has been accused of strong-arming JetBlue Airways into sharing data in 2002 with a contractor for a Defense Department data-mining experiment. (Additionally, Northwest Airlines admitted recently that it shared data with NASA for an airline-related study, unbeknownst to the airline's top execs.)
Despite the focus on TSA's actions, Larry Ponemon, chairman of privacy consulting firm the Ponemon Institute, says airlines should look hard at themselves. "The data sharing happened, yet key people, such as top executives and legal counsel, were not informed," Ponemon says of the American and Northwest cases. "The decisions were made way down in the organizational hierarchy." Airlines are far behind other industries in terms of their privacy practices, he says.
Kevin Mitchell, chairman of the Business Travel Coalition, an advocacy group for large buyers of travel services, admits airline privacy has holes but believes TSA has ultimate responsibility. Mitchell questions the need for CAPPS II, pointing out that lax physical security is a more pressing problem. "CAPPS II is on life support," he says, "and there's not a lot of time left before somebody pulls the plug."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.