DHS Privacy Office Says Secure Flight Violated Privacy Act - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:57 PM

DHS Privacy Office Says Secure Flight Violated Privacy Act

Reportedly, authorities failed to publicize changes to the program, which included the collection of commercial data in 2004 and 2005.

The Department of Homeland Security's privacy office concluded that the Transportation Security Administration violated the Privacy Act of 1974 by collecting commercial data on passengers without proper notification for Secure Flight.

The department released a report Friday stating that authorities failed to publicize changes to the program, which included the collection of commercial data in 2004 and 2005. The privacy office report (pdf) said contractors failed to live up to DHS statements promising a firewall and collected information from data brokers on people who were not traveling by air. Its criticisms reflect those in a Government Accountability Office report released last year.

Congress stopped the TSA from continuing Secure Flight because of questions about security and privacy. The news comes as Homeland Security is under fire for the Automated Targeting System, another traveler-screening program for assigning risks to all travelers entering and leaving the country by land, sea, or air.

The report said that TSA made securing data a high priority, prohibited commercial entities involved from using the information for other purposes, and instituted real-time auditing for access to the data. However, it added that disparities between publicly released information about the program and the actual practices used could have been due to deadline and resource constraints, but "the end result was that TSA announced one testing program, but conducted an entirely different one."

"Whatever the causes, however, the disparity between what TSA proposed to do and what it actually did in the testing program resulted in significant privacy concerns being raised about the information collected to support the commercial data test as well as about the Secure Flight program," the report stated. "Privacy missteps such as these undercut an agency's effort to implement a program effectively, even one that promises to improve security."

The report included several recommendations and said they could serve as guidelines for any Homeland Security program involving the collection, use, and maintenance of personally identifiable information.

It advocated privacy controls before designing and implementing a program and the creation of a detailed data flow map for the information system's life cycle, which would help ensure compliance with the Privacy Act of 1974.

It also recommended effective communication and collaboration between operation personal, policy, privacy, and legal advisers to make sure all documents explaining information programs are accurate, fully descriptive, and transparent. It said that privacy notices should be written and published only after a program has been decided on by authorized officials and revised when plans change or new phases are scheduled for launch.

"Programs that use personal information succeed best if the public believes that information to be collected is for a necessary purpose, will be used appropriately, will be kept secure and will be accessible for them to review," the report stated.

Several members of Congress and European Union leaders are demanding answers about the latest publicized traveler-screening program, ATS, which would not allow people information about their risk assessments. Critics also complain that the government has not fully described the program or provided people with a means of disputing or correcting inaccurate information.

Homeland Security published a notice about that program in recent weeks, saying it would create profiles on all people traveling in and out of the country, assign risks, and store that information for years. Then, Homeland Security Secretary Michael Chertoff acknowledged that the screening had already been under way.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

New Storage Trends Promise to Help Enterprises Handle a Data Avalanche
John Edwards, Technology Journalist & Author,  4/1/2021
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
How to Submit a Column to InformationWeek
InformationWeek Staff 4/9/2021
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll