Controversy Over Sloppy Data Sharing - InformationWeek
06:26 PM

Controversy Over Sloppy Data Sharing

American Airlines the latest to admit improperly sharing passenger data with Feds

Renewed criticism is being heaped on a federal agency and the airlines for improperly sharing passenger data. And last week, after American Airlines admitted giving data in 2002 to the Transportation Security Administration, some began asking if the agency's controversial passenger prescreening program would ever be deployed. A Senate committee responded to American's admission by tartly demanding that TSA name all the airlines it has approached for data. And the Department of Homeland Security--the department that oversees the TSA--is investigating the agency's data-collection activities.

Nuala O'Connor Kelly, Homeland Security's chief privacy officer

O'Connor Kelly hopes to report on TSA's data-collection activities this summer.

Photo by David Dea
That investigation "will take into account all uses of passenger data that would have occurred outside of normal legal processes," says Nuala O'Connor Kelly, Homeland Security's chief privacy officer. O'Connor Kelly hopes to report on her findings this summer. TSA officials couldn't be reached for comment.

If the TSA's Computer Assisted Passenger Prescreening System II is scratched, many say its builders will have no one to blame but themselves. "Most political watchers are saying CAPPS II is dead," says Doug Wills, VP of external affairs for the Air Transport Association, the major airlines' trade group. "And it's dead precisely because of the way the development process has been managed." The agency has been criticized by privacy-advocacy groups, airline and travel trade groups, and federal legislators for not ensuring sufficient public debate of CAPPS II.

The Senate Governmental Affairs Committee recently sent a letter to Asa Hutchinson, undersecretary for border and transportation security, implying that TSA misled Congress about CAPPS II. Committee chairwoman Susan Collins, R-Maine, and ranking member Joseph Lieberman, D-Conn., said they'd been told that delays in tests of CAPPS II were because of a lack of real data, when it appears TSA had abundant data. "We are concerned by potential Privacy Act [violations] and other implications of this reported incident," the senators wrote.

TSA already has been accused of strong-arming JetBlue Airways into sharing data in 2002 with a contractor for a Defense Department data-mining experiment. (Additionally, Northwest Airlines admitted recently that it shared data with NASA for an airline-related study, unbeknownst to the airline's top execs.)

Despite the focus on TSA's actions, Larry Ponemon, chairman of privacy consulting firm the Ponemon Institute, says airlines should look hard at themselves. "The data sharing happened, yet key people, such as top executives and legal counsel, were not informed," Ponemon says of the American and Northwest cases. "The decisions were made way down in the organizational hierarchy." Airlines are far behind other industries in terms of their privacy practices, he says.

The airline's actions didn't violate the privacy policy in place at that time, an American spokeswoman says. Now the airline won't share data with agencies unless compelled to do so. Still, New York law firm Cauley Geller Bowmand & Rudman LLP filed a class-action suit against American for violating passenger privacy.

Kevin Mitchell, chairman of the Business Travel Coalition, an advocacy group for large buyers of travel services, admits airline privacy has holes but believes TSA has ultimate responsibility. Mitchell questions the need for CAPPS II, pointing out that lax physical security is a more pressing problem. "CAPPS II is on life support," he says, "and there's not a lot of time left before somebody pulls the plug."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll