Government IT - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Government IT


Homeland Security Admits Privacy Errors in Anti-Terror Effort



 By: Matt Hines
2006-12-27
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Government IT story.


Rate This Article:
Poor Best
The Department of Homeland Security and Travel Security Agency say they inadvertently pooled sensitive information on U.S. air travelers that they had previously promised not to share.

The Department of Homeland Security conceded a potentially serious privacy issue that existed as part of an anti-terrorism program that combined personal information of air travelers in the United States with consumer database profiles, and compared those records with lists of suspected terrorists.

In a report posted on the agencys Web site, the DHS Privacy Office admits that it inadvertently forwarded detailed personal profiles of U.S. airline passengers to the federal governments Travel Security Administration despite promising not to do so when the program, dubbed Secure Flight, was introduced in September 2004.

At the time the effort was launched, as a replacement for the DHS Computer Assisted Passenger Prescreening System, the TSA vowed to steer clear of the records involved in Secure Flight in recognition of potential civil liberties conflicts that could arise from such information-sharing. A range of privacy rights groups had aired public concerns over the programs potential impact on U.S. citizens freedom to travel.

The individual files created for Secure Flight are considered particularly sensitive because they contain not only the personal information of all fliers traveling domestically during the month of June 2004, gathered from airline passenger screening systems, but also data aggregated about those same individuals from three major U.S. consumer database companies–Acxiom, Insight America and Qsent.

Resource Library:

Secure Flight was eventually shut down in February 2006 as a result of related privacy concerns, including a report from federal auditors that found some 82 security vulnerabilities in the software system being used to store and protect the data.

In the new report, the DHS admitted that it mistakenly included some of the Secure Flight passenger records in its updates on the program sent to the TSA. The individual profiles, estimated at roughly 42,000, included travelers names, addresses and birth dates, and an unspecified number of records also included Social Security numbers.

The latest report marks the second time Secure Flight has been singled out for potential privacy problems. In June 2005, as part of its routine oversight of the program, the federal governments Government Accountability Office reported a separate set of concerns it had over the handling of records sent to the TSA. Based on those findings, the Homeland Security Department agreed to alter its public statements about the work being done under Secure Flight to offer more details to the public about its overall privacy implications.

Under the revised parameters of Secure Flight, DHS first reported publicly that the contractor hired to aggregate the consumer records, EagleForce, based in McLean, Va., had purchased and held the data on the 2004 travelers, along with the information of other individuals whose names were variations on the actual passengers, for analytical purposes. The agency also admitted that data from the airlines and the consumer profiles was being combined into single files, dubbed PNRs, or passenger name records.

In the report, the DHS largely attributes the privacy issues to inadvertent oversight, such as having its contractor buy some sets of consumer records that came bundled with Social Security numbers, and the relative immaturity of the program itself.

The analysis specifically rebukes the agency for ignoring its initial promise to erect "strict firewalls" between the parties involved in the various aspects of the project to protect personally identifiable data, and singles out the so-called privacy notices sent to the TSA, which included the sensitive information, as the most significant source of concern.

To read more about data theft, click here.

"The inconsistency between the descriptions in the 2004 notices and what occurred in the actual test was clearly not intentional, but appears to be the result of either a misunderstanding of the test protocols or a change in circumstances between what was intended to be tested," the DHS report said.

In a second report, the DHS admitted privacy problems in another national security program, the Multistate Anti-Terrorism Information Exchange, or Matrix, which was shut down in April 2005 after coming under fire for privacy rights concerns from interest groups including the American Civil Liberties Union. Matrix, launched in 2003, involved information-sharing between some 13 U.S. states in the name of screening for activity by suspected terrorists but was widely criticized for having no stated privacy policy.

The Homeland Security Departments Matrix report cites the lack of such controls from either a national or state-by-state level as the programs primary downfall. The files collected under the project included detailed personal and financial data on individuals suspected of being involved with terrorist groups, but very few cases ever produced criminal charges, according to the summary.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.



  Reader Comments: Homeland Security Admits Privacy Errors in Anti-Terror Effort
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Government IT Articles          >>> More By Matt Hines
 


x}ks㶲*Q3CO#dKmXVi) S$IV˭_zPݙĶD th4I">41t33I}"I{(~0So92p!j9%G jY)a]̱]׫y(,Q  tjOt0]2xԴ;s:&ges/cߨ:`&`1Z!qF٤XC#: rסyO`nZN<QcѺ8QQw,sxLGH*'x8սi/DeOG^b&{Bq45;^7W;0Ba5w0vˡ黖>?"1CUVekVClvy!rs#gKݻHmH%;_qؓ:IuhlUD`iRi13<L5LÑcPp,ǃ) TQ3#}jZ3u-3G@ؾ!# 3EuL_FBԿ$f…0R̳X#vR0wcE[Uֶg5]q7=<"3z3 wZENX*o~c> c xz`:vxtTa_dY f42Mٰ5T:Ԫr\ˇJY0[={4q*sܼL3jt/irxٽj_HQPww@ږVa(.ۧ7nG:ZA\`'HH7&LT)Jj\(OLCajLlx^X}r\卒^7nJxXX+(.c#-bv=ӧ0F_8rrn򳹥uk\ߴ-kܴ[g>ߘekfy3?b Jg3B~7 VgkUs%gl}j Gt@C0\6:֪׷V1?!"A_$?\OIN©,7{M0o-Yn]H.)ލT|Y|ěa0̱n>@|sH`6dʩ$|ǺzNԎRl!o4f!`J̼NR49Vˡ蟉$Wm4@rYSl؅ Ro4x ~&,)|YB* brݢPP3nS%EI7#DD vx0~B(:pHqbNbO}Ɛs}zlNTVʒ0Wb{CoQ#L .ϱV$U.[n} 8^%g 5F8 ,heݴ%!8WG5MGR>M獯fz\CU95|Qnɐ2e8l ԰2>#}fywӾAkӧI|JlZ趝x>:AGAticŦh@7&&h`C=҉:L wF|hx: !a`Nr!FAтMx>tw&>l d $4)syp;LM)σ-HˋF0P 2/?>axşP}MrA=S9{ݴiǀxt83(.%w2J}cn.G))(P]HPw9J B!\0HV0(VF􎄰R1iJlRi gRTD;7 KŔ=*%nqR%a 934YIjL=?j1!UG,D`v9J,L.Y ϴjԭebQ9ִr>Ӥ75 K9bi]yOf5$ X&)# K8Y6fxF~OMM ݜ6,'1!&B~mLhH,io<`sYu-SN`cܑN86̜07ÚL ~Dg虉m>`4fs)wdm˴)T۪v39n(!+hWY 2cdRU 9:[ȭM7)\IYbTড়rH1g0dׇ Lz?qm/n$)LaV|\vLg˺z+fYF^ӛAt ~. B[+Y&&ےx A-ʘŗZZG"JMP>V "Cɣ($me6L?InQy{gO>7l`(`R55 )Ka4EsXjgܱ&P `*7`b\0 `NSy9tI?Xvl.n: )8yy4%2N?APt @IU5}끆7_ƅ/c%|o2rl\:|ꚺ8],- guaGjH s4&ME8` ;DzۣӜh2F ÑiHuߴIFʫ%u&-JrI)jLycl ԑq,YXTȱ,!0}6u{NPOK-KӞ@#@:"'ѠcD8r_(+ cG:3zam `'zpgI оhʰeh8`Zzq$KD(OB SK@'Z``ELs ǖYCǖbT۔Ђ;|T=OҶ@%ХCizi}~هF9#,!_%HHo?YDjP6SC+jr\T+ oV L3)' Sf|c N_ޝ?SokaaRz냩ܦ;pC9s㑏.S˰ c# ,c?` $̮$fG`Ó R*%)P׃4`TP9Ufj憡Q#8~0~Ɋh3 ClW16Mߘ_CS+!LΓuO#%cYd:@ݐ ?K;3]W< OQ: A\=< &`QtEa:NiI; PsEMz¿bRkEBZG ?cqm@ٰk@FMS؇Qcm/kR9Tښ5^,]hDQD h^p ZN:ӁZFB-š8k*_e7UEldB8NY HXL*r_ kRUF`"U!7TQ>cORzQrZ%7:ju[}$CPU]HmP*jIIz, :,h7xџVPVW`Zd&\%\{3i0(Q󩋗afD}R/)3nQ/ ~egm>Q?PG e[,r/鉚ĺRaf~d҇q'ZP`ӪV$,: 7Cwd,-BGI}7\&I'sSf﹮ tD0|7=>0FHΝ rQӊ5JR'04C: Gt@ ɢ\' WeR8]q,g$ ,$%,zF<C҇ps{(,3>C8}_u;WGA{Q~ZrXj\#-0MC~WֿHǫԾlo0.[-tJj2}m&A)`Q?rfWϋFپz/w᳋Y/`y BN׹p.7WKߧ ?wL.W-)^s-y0WNԸh:bIN*axո O8>m48Z&IEyD 5^6"B@ ˸tn,8;XKr!}&=C٠lkhMخ{+^WX* 5l~ I+U:=>   c@JA=Vohё{iD&-bT1J?_RJMQ=#ijfsLg '(^(/0[LӷoHW蘧YGD_q+5sz4~& \1Z9nl"B2^'68/]h)9ޏIB"a.A-H7ԺN="s8v)fTDSeoy0;Fp8쀒N1{7lOء F]nցGS9^)ŔN yux2Ƞ#%tBE[CT䵤 g[YUHN~D!qbwy~@0GW刜|1{~T=_mGoIM21ɘKԍ A/gh9[Q r0&xf"64Nlywy#+xESrkWTA vY?yxXnڈbivUG i\}&'-_ |2$?[н>5?y{lo&<)sǣAlu9obJgfnהŞ`4 ݥoV8i?{޽¾"CWq j[:i)`*9$XhHN d_"2NIJn/:L9zdM#}ӺJfz7ki^x̠t4 w{ ~}!.5?6/y+-R!EkEwWUK 㒏7ʢE'%:mחB}{+!bi4V3[T=}z÷5'|ȞF8^jYɼ=|yg>,d9a}430[ɱ=Ι2HB%F[euw+[S'gSc;/HF#%o&yS˱mG @|Ր;ar*|b \<eOBWc+YT>9bt0ͩg(dOg aM-O N?5fg~kDzN[: }~g>p&HoBMyz tᱫ>l_ a=Kr 4<7|_\e)Eu#PlVg?K8CX3"(ue"/ǃa'zw6S}2 w2g@\P )|XX?N:b(}IјN0_BdUdAWAgZu̬ zr qՄKL@-h rF{/6|p4uYD8f1EdأweZL:cuU6dAP~r wR۔JY,d|Kɒ+v>oWH\JCym"[P@s pLMՂZ35^$SӚl[MxE#̉P9it:H%uJoIB3G!,2<[ &0q޵q~BieZÅL"ZQJՊ}?(?nv{}d|#&N>ے?% j-vRMbS' [$eCEŴR0%r^ˊwVS{ `ѥpjt1ZhNF1f؛_%U"^%Յ(w%%")"_Ǎx7X`U~ JERTIM`,`iH<׺H8r FJ&̃xy;xpn#@tt=7@^qFjEI9ؖ! /=) Ba0Z$MQSAڽ873%`(u Q݈^}SPRUI+mŗb%rfk7\=>.P:P 6] lt HjeǹEX,8#u(``!$h׷;+۲Ru˵縎}Z,1޻"`U2v̲YHHp`ѼS wgWK$iڶU~%K7RDrF!7/=ۃ/a]gF-j%UOw2G~*OVDz/ ˹3ʌn/N7旒b0ݴR)]k p"Z:bf$RFk'J5Bnld=Ä׼*yĩ?x*,;X)"'c a\.kkkk˻5 AX_qqMzA#˶g+飠Y0[PLύ@d@c/m=InKݒ#Zb)*fێ\X=̒x]g/îX}CA0xئlzfpL/2|A%DԟꖜUxejc^Z&VV7p<cAԓ%5+8eç1g3 M"=E<s80RpמIْGK_G?P}=A5G_A|D*'a $X`MX׷%_  ^ {.c Fr< oR56.@I 2)0@rqa 5ϣXH׷ʋo4;q\) sYsGgm9")a}sk̓m0oY+دNRzJx-GܳKVpB\UE~Wцۈ20:~:nYE_Hޤ%T09rW|kofv}'1 {mXom9k3"A-[of56௶eul:7/r4݃~Oes`Gvxh/:TcZPhs| ךG3* I:nĽq4jݵnX 3LK?c" OYl /wLqìfo_`n3Ey+/1q-Ga(;u@ >OaRL:'Z "E <7"ȅ= C=m _O.=`ˊvךQN|l:nd*juۏos DŢW= )5|5XefSw&Z:<}Q-DR!&R<)' pr|w\׻5eI+lԮ=1W! Į20޻K{IV^YC92YtfG6HNWD ]%FR)͌t)6AP;f{1~"jsa s)b &ce~%MWlfmmIU+ ַg%.04%X tNu[M@&((Vץ</HkDax+nO5SrCu,?` ц]3#ZNHh5J3]|_!Ƅw)K}əxa*1aV eզٝ$7xgF u/xyB G=Nl~#& }*@4;-R7-ϢyOhoV0@ wA>po_ _!߰,VIm{7R[ ;Eꊍ\DQ;B p[F\n^uE@ܙ6 ^<yS]\E hs>(4~<ɲ4 ]'~l8;˝Y»?Do9fkH s);"|gZnʡR0F$u*̀ lZ=hLIED#ThbGB#&nI79k 4„0'ld Dps		uLQXj*!b3wȣ4ϓ/ <I&FKE T&}fAm??&­!Rjs# h_𮳙fJ :Lma`t.t>ѧqP{OnNt'فAf9p͒w\j:rtT(ʁ2|{` f> cw[7gΥiPDZ<& .ycI ^yN4xXX- o64| =܇>RXX_1[> MꪂOJBveX &zĉvKwy}7fY3{8~oBOz%ruW0`A-'i92bg4t\K= LC? &O=lFLn+q}}unHݴZ{zӾ;WuѹM֊_ԝNiYu}Ӿg&hT慾L۝%,C rvոl1;eFq(E1B*rK xU" /%Lqx&'Q]lE_VCĨҫS121[Sh6oZݮM֖C}@VՉt.110CE@Цk􀗣Jc>rN.Mʖp4ħEG:W\=4[EEF(Q Q~7Ow2ʑ{˛@f+Oח}2>?B\SgcJпvF?Ӿ(3f/E|s _f /}/3{ ̠%%e^^f'UWSF9gQ~ 0W{s!?W0~Wׁw2?/ r qu7?7wn=^Z_c}OYߧ >>eoʁo3ڿh6s$eCPȐ5.NpN2KIʠ/ޯVD=VbMdG,DlG\96baOd_#0ʛQǒGЬ]#=D~(sҗe&o3?`jE~@' @9_Ew[MAw/[/:)7.q{Z;\ڎvڝGf{ueeDb;w K췡^2TVl<-t&j\ẹf(+@J~@o>^-F?fze&HqѿnolZ+O>j*85ߜ:I<w RK,^ ,>O1 DTWCtJ# ۘn~o a߰L;H墦 V˕R;~O;aW9q@DP10U!UUEVro9 VVK D`q9#Tx|DemƫPs7B] p"O΁%vOj#śD VM+j`5) QSe~^ԄOf@L V8-8>/zchd1Ck+P<틒ՍP/tA0#˴qK6{Ns̄08=8G=Yf:2Ş_ mDbĹm&'NǞcӄ2+!`9ao5RFXk;MA5c;ql>9kupnNܕoM"mKvq)0cX =`?GcЁ2ASXNՂ[#r/.IDπjUMf@gQl)VxHDZ/'_ŔK ]'[٧3й?-{/ e;m"]I,{ QAbFA8u vAѪ V7"60^[xkjY˳3݁N5%*lr;=Vc:pSz4 vQmQ-N?X70(|Nto=v{@7* gvC%zp&%ı`=b^8qe QS|J)j裋Iȃgz^4}j}X`a_E@KE7`)UĔ&\RKnrmmSk )60MÄr"+poq-y[zЙJp8g0N^ZpTT/>%hw2b5_yROȅ^b\YBCnEkN ~g!gtָl_|>!UN'ώ7_Za}B=FBl4*ŷъE&nғ7WM)h,)ZNJ`XFپzC_%ȕ/g-F#xoUAÚJ"<&/(FҢΰe=9TV01{l~r[) 4K_hjJlxTʉ|Y3z[q;_d†[hh b7;a1Բ\g(