Security Agency Used More Passenger Data Than First Thought
At least eight airlines and reservation systems provided information, a Senate committee discovered.
The Transportation Security Administration's use of personal information to test airline passenger-screening technology was more extensive than originally thought. The Senate Governmental Affairs Committee learned Wednesday that at least eight airlines and airline-reservation services handed passenger data over to contractors working for TSA. The committee had previously been aware of only two airlines working with TSA: JetBlue and American Airlines.
TSA in 2002 contracted Ascent Technology, HNC Software, Infoglide Software, and Lockheed Martin to study how they could develop systems that would assess the risk a passenger might pose to an airline flight. The contractors, preferring to work with realistic data, acquired information about passengers who had reserved tickets on Delta Air Lines, Continental, America West Airlines, and Frontier Airlines. They also received information about passengers who had booked flights through Galileo International and, possibly, Apollo, according to a press release the Governmental Affairs Committee issued Wednesday.
The contractors violated the Privacy Act by not providing public notice of what type of information their screening systems would use and how individual passengers could find out if their data was included in the test systems.
The committee on Wednesday learned the true scope of TSA's efforts to develop its Computer Assisted Passenger Pre-Screening System (CAPPS II) during a public hearing to consider the nomination of Adm. David Stone to be assistant secretary of the Department of Homeland Security. Chairman Susan Collins, R-Maine, and ranking member Joseph Lieberman, D-Conn., had, prior to the hearing, posed written questions to Stone, who serves as TSA's acting administrator, regarding the agency's role in requesting passenger data.
Collins cautioned Stone not to "trample on freedoms" in the pursuit of national security. "I have been concerned with the efforts that the TSA has made through contractors in getting passenger information used as part of CAPPS II," she said at the hearing. She also pointed out that TSA has been slow to reveal its involvement with contractors that acquired passenger data from airlines and airline-reservation services.
Stone responded that he's committed to providing the committee with more information regarding passenger name records data requested for use in the CAPPS II system. "There will be no use of [passenger name record] data in testing CAPPS II without making sure all Privacy Act provisions are met," he said, adding that TSA has hired Lisa Dean as its privacy officer to spearhead these efforts.
Homeland Security chief privacy officer Nuala O'Connor Kelly in April launched an investigation into any potential privacy violations surrounding CAPPS II. The department at the time said it would report on its findings this summer. Kelly could not be reached for comment Wednesday.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.