American Airlines the latest to admit improperly sharing passenger data with Feds
Renewed criticism is being heaped on a federal agency and the airlines for improperly sharing passenger data. And last week, after American Airlines admitted giving data in 2002 to the Transportation Security Administration, some began asking if the agency's controversial passenger prescreening program would ever be deployed. A Senate committee responded to American's admission by tartly demanding that TSA name all the airlines it has approached for data. And the Department of Homeland Security--the department that oversees the TSA--is investigating the agency's data-collection activities.
O'Connor Kelly hopes to report on TSA's data-collection activities this summer.
Photo by David Dea
That investigation "will take into account all uses of passenger data that would have occurred outside of normal legal processes," says Nuala O'Connor Kelly, Homeland Security's chief privacy officer. O'Connor Kelly hopes to report on her findings this summer. TSA officials couldn't be reached for comment.
If the TSA's Computer Assisted Passenger Prescreening System II is scratched, many say its builders will have no one to blame but themselves. "Most political watchers are saying CAPPS II is dead," says Doug Wills, VP of external affairs for the Air Transport Association, the major airlines' trade group. "And it's dead precisely because of the way the development process has been managed." The agency has been criticized by privacy-advocacy groups, airline and travel trade groups, and federal legislators for not ensuring sufficient public debate of CAPPS II.
The Senate Governmental Affairs Committee recently sent a letter to Asa Hutchinson, undersecretary for border and transportation security, implying that TSA misled Congress about CAPPS II. Committee chairwoman Susan Collins, R-Maine, and ranking member Joseph Lieberman, D-Conn., said they'd been told that delays in tests of CAPPS II were because of a lack of real data, when it appears TSA had abundant data. "We are concerned by potential Privacy Act [violations] and other implications of this reported incident," the senators wrote.
TSA already has been accused of strong-arming JetBlue Airways into sharing data in 2002 with a contractor for a Defense Department data-mining experiment. (Additionally, Northwest Airlines admitted recently that it shared data with NASA for an airline-related study, unbeknownst to the airline's top execs.)
Despite the focus on TSA's actions, Larry Ponemon, chairman of privacy consulting firm the Ponemon Institute, says airlines should look hard at themselves. "The data sharing happened, yet key people, such as top executives and legal counsel, were not informed," Ponemon says of the American and Northwest cases. "The decisions were made way down in the organizational hierarchy." Airlines are far behind other industries in terms of their privacy practices, he says.
Kevin Mitchell, chairman of the Business Travel Coalition, an advocacy group for large buyers of travel services, admits airline privacy has holes but believes TSA has ultimate responsibility. Mitchell questions the need for CAPPS II, pointing out that lax physical security is a more pressing problem. "CAPPS II is on life support," he says, "and there's not a lot of time left before somebody pulls the plug."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.