Report: TSA Bent Privacy Rules By Asking For JetBlue Records
The agency's chief privacy officer says the TSA didn't break the 1974 Privacy Act when it asked for passenger records to test a data-mining project but recommends clearer rules for data sharing.
The Transportation Security Administration bent but didn't break the 1974 Privacy Act in 2002 when one or more TSA employees requested that JetBlue Airways provide passenger records to be used in testing an experimental Defense Department data-mining project. This was one of the key findings in a preliminary report issued by Homeland Security Department chief privacy officer Nuala Kelly.
But Kelly's report, which explains the circumstances of the project and JetBlue's involvement, also acknowledges that government agencies, private-sector businesses, and contractors are all entering uncharted territory with regard to data sharing between the private sector and the federal government for security purposes.
While the TSA's actions "may have been well intentioned and without malice, the employees arguably misused the oversight capacity of the TSA to encourage this data sharing," Kelly says in her report, issued Friday.
To help put businesses and government agencies on firmer footing when dealing with private data, Homeland Security's Privacy Office will establish clear rules for voluntary and compulsory data sharing with private-sector businesses. Such rules are designed to ensure that senior officials in Homeland Security agencies keep a watchful eye over data sharing, that agencies review the privacy policies and applicable laws of their private-sector partners, and that they document compliance with the Privacy Act.
"The report includes the troubling finding that certain TSA employees acted without appropriate regard for individual privacy interests," Sen. Susan Collins, R-Maine, said Friday in a prepared statement. "In this case, the TSA employees involved compromised the privacy interests of individuals without adequate justification." Collins, who also chairs the Governmental Affairs Committee, had co-signed a letter with committee member Sen. Joseph Lieberman, D-Conn., pressing Kelly to issue her report.
The controversy was set in motion shortly after the Sept. 11, 2001, terrorist attacks when Huntsville, Ala., government contractor Torch Concepts approached the Defense Department with the idea for a data-mining tool that would be able to analyze the personal characteristics of people seeking access to military installations. The proposal found support in the Pentagon, which had seen the terrorist attacks firsthand.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.